* Posts by ecarlseen

186 posts • joined 16 Jul 2013


Chip fab Intel said to be using better chip fab TSMC to make 5nm Core i3 processors, 20% of its non-CPU parts


Re: Single point of failure

TSMC is building a leading-edge fab in the U.S. so there will be some geographic diversity if China and Taiwan start fighting. Other than that there’s Samsung. GloFo seems to have dropped out of the bleeding-edge fab race.


TSMC yes. Leading nodes, no.

That Intel will be using TSMC to fab CPUs is not exactly a secret anymore. But why would they give a rival fab looking for an interim solution wafer starts on their leading nodes when their loyal and long-term customers are willing, able, and eager to fill that capacity? Intel is begging for scraps and that’s what they’ll get.

To plug gap left by CentOS, Red Hat amends RHEL dev subscription to allow up to 16 systems in production


Can't put the toothpaste back in the tube.

Announcing LTS for CentOS was a huge commitment that influenced a lot of behavior (including ours). To back out on it creates a significant reputation hit, but one that could have been managed if done in a halfway intelligent manner. To back out without notice for organizations to change their behavior is the reputational equivalent of dropping a thermonuclear bomb on themselves. It's complete annihilation. There is no coming back from this. RHEL is dead to us, because they have rendered their commitments have been rendered meaningless.

Taiwan’s silicon titan TSMC says three-nanometre tech is on track for 2021 debut and a 2022 flood of kit


“...and other effects”

Other effects like Intel hiring a bunch of drunk frat jocks to do their process engineering.

Geekbench stats show Apple Silicon MacBook Air trouncing pricey 16-inch MacBook Pro


Unsurprising results

Apple's A-series CPUs have been knocking on Intel's laptop performance door for a few years now, and that was from a position of dealing with the thermal and power constraints of a cell phone form factor. That they are blowing Intel away in a laptop should be expected. Let's start at the beginning - Apple's CPU team was recruited / purchased from companies specializing in highly-optimized CPUs. They got the right people. Their CPUs are now effectively two process nodes ahead of Intel (TSMC 5nm vs. Intel 14+++++++++++nm for their volume parts, which is most comparable to TSMC 10nm). They also have a simpler instruction set to optimize for, no 32-bit backwards compatibility issues, and they can hyper-optimize for one OS. Not to knock Apple - this is amazing work - but it's the amazing work we've been expecting when a company gets the best people and gives them a gigantic pile of money to work with.

With so many cloud services dependent on it, Azure Active Directory has become a single point of failure for Microsoft


Not all downtime is equal.

With private cloud services, we balance the risk of maintenance operations agains the impact against business operations and schedule accordingly. The impact of a massive system failure at 2AM local time on a Sunday morning is not the same as 10AM on Monday morning. This does not mean nothing ever goes wrong, but it means that we tilt the odds as far as we can in our favor and for the most part it works out very well.

With public cloud services, every site is servicing customers in every time zone and maintenance operations are performed at any time of the day or night (relative to us) with precisely zero consideration of specific customer impact and there is precisely nothing you can do about this.

Think your smartwatch is good for warning of a heart attack? Turns out it's surprisingly easy to fool its AI


Huh. That’s what Apple says.

The ECG and heart monitoring functionality on the Apple watch is overloaded (to the point of annoyance) with disclaimers saying “This product does not detect heart attacks.” Of course, actual facts like that never protect against cheap shots from El Reg, which is incapable of detecting facts when it comes to Apple.

Firefox now defaults to DNS-over-HTTPS for US netizens and some are dischuffed about this


It's straightforward to roll your own DNS-over-HTTPS

There are several Linux-based tutorials out there, and the overhead is minuscule. I'd imagine that pre-rolled containers will be popping up shortly. At that point you can control how DNS resolution occurs within your personal or business environment; what is forwarded upstream, filtered, etc.

The Nokia 3.2 is a phone your nan will love: One camera's more than enough, darling


Re: I updated to iPhone SE

You're assuming that the point is to have a highly functional phone at a low price, when the point is actually to hate Apple no matter what.

It's all in the wrist: Your fitness tracker could be as much about data warfare as your welfare


Sadly, if you want privacy then your only real choice is Apple.

Unfortunately, an anti-privacy tech economy has become pervasive and has conditioned people to free / very low prices for stuff in exchange for information about themselves. Apple seems to be the only major player taking a hard stand here, and they charge a very pretty penny for it. On the plus side, at least their products tend to be excellent so you do get something great for your money - but it's still an expensive habit. If you have to drink the kool-aid, at least it's pretty damned tasty.

Apple Watch must be used with an iPhone, no exceptions. But the health-monitoring capabilities are top-notch, and Apple is raining money into R&D to make it better. Allegedly they have about thirty research medical doctors actually on the payroll in Cupertino working on this stuff - normally this is outsourced because MDs are expensive. Data is stored on the iPhone, can be viewed / graphed and managed by the end-user (down to deleting individual data points), sharing is strictly opt-in, controls are nicely granular, permissions are easily managed and revoked, and Apple at least puts some effort into policing the behavior of app developers (if they're willing to start throwing ban-hammers at the likes of Facebook and Google, then these smaller fish have plenty to worry about). They give their customers about as much power as is reasonably possible over gathering and controlling their health data. Having watched these features evolve, it's pretty clear that Apple considers these to be strategically-critical capabilities for their product lines.


Re: Missing detail

Depends on the product. I use an Apple Watch (yes, I'm one of those people) and it's scary-accurate at detecting what activity I'm doing. If I'm starting a workout and forget to tell it to start tracking that, it alerts me to start tracking and suggests which activity to track. It's almost always right. Allegedly it even works well for people with physical disabilities (wheelchair-based exercises, etc.).

The biggest downside to the Apple Watch is that it *must* be used with an iPhone, period, no exceptions. It's also relatively pricey.

On the plus side, it integrates into Apple's typically excellent "privacy-by-default" health data management system (all sharing is strictly opt-in, with fairly granular permissions that are fairly easily-removed if you want).

The interchangeable bands are a massively overlooked feature. So far, all of the bands have worked between generations of watches - the bands I got for my first generation watch have continued to work perfectly through to the current generation. Changing bands takes literally five seconds - the mechanism is pretty ingenious, and the only issues I've had have been with cheap third-party bands. Why is this such a big deal? Because it means that I have one watch for all occasions. I can put on a plastic sports band and go running or swimming with it. I can swap to a metal or leather band and it looks great with a suit or business-casual attire. It can be color-coordinated with what you're wearing. No, guys typically don't care - but women tend to care and tend to notice guys that do (they also tend to notice shoes, big-time). Guys have been dressing for guys in the workplace for centuries, but with women entering more positions of power it's time to start paying attention to and accommodating the social cues that they look for as well. And this stuff doesn't exactly hurt outside of the workplace either.

Halleluja! The Second Coming of Windows Subsystem For Linux blesses Insider faithful


So what we're doing is...

... increasing the OS bloat and attack surface to accomplish a task that would be handled almost infinitely better in every possible way through ordinary virtualization that costs somewhere between nothing and close to it.

Got it.

Silence of the vans: Uber adds 'Plz STFU, driver' button to app for posh passengers using Black


Once you go black?

Wow. This may make the much higher price of the black car service worthwhile!

Where's Zero Cool when you need him? Loose chips sink ships: How hackers could wreck container vessels


That's it.

I'm hiring Penn Jillette for my NOC right freaking now.

Furious Apple revokes Facebook's enty app cert after Zuck's crew abused it to slurp private data


Popcorn time!

It's one thing to swing the ban-hammer at Facebook... Google is another level. Waiting to see how this shakes out.

Mozilla security policy cracks down on creepy web trackers, holds supercookies over fire


Re: Tracking will still happen

So your bet is that your pull with legislatures and their capacity to set and enforce rules over time exceeds the amount of pull combined with the legal and technical resources of some of the largest and wealthiest organizations on the planet.

That's adorable, but good luck with that.

In practice, even people with dynamic IPs don't change that often (mobile usage being an exception) - sometimes less than once a year, so as a practical matter we're all more or less in the same boat.

As a general philosophy, the most robust responses to things you don't like are responses that work unilaterally - things you can do where it doesn't matter what the other party does. There are always limits, but the more unilateral your focus the more success you will find in practice. This applies in most areas of life. As to this specific area...

I block certain domains at the DNS level. I avoid using the services and resources of certain companies whose practices I consider abusive - this really isn't as difficult as it sounds. I use a combination of VPNs, browser and / or VM isolation, onion routing, and pseudonymous accounts in areas where the above measures are insufficient or too restrictive of what I want to accomplish. And in some cases on some days I just accept that I'm giving up a little bit of privacy. You can actually accomplish quite a bit on your own with a reasonable amount of effort if you're conscientious enough.

In the long run, privacy will be a privilege of the wealthy and those who are both technically astute and disciplined. This can't be fixed legislatively (and arguably may not even be immoral - work with me on this), because there are a lot of people who will gleefully give up all knowledge of themselves for a few minutes of Candy Crush or whatever. If people *want* to make these choices then you really can't save them from themselves and even if you could you'd be inhibiting their learning to make better life decisions (assuming they're not the more rational ones - I personally prefer privacy but I'm not arrogant enough to believe that my choice "is correct" for everyone else on the planet. An argument can be made that for poor people trading privacy for entertainment may be acceptable - again, not my thing, but it's not like I can prove that I'm right).

You were told to clean up our systems, not delete 8,000 crucial files


Oh, it gets worse...

It's one thing to have users "store" old email and files in the Recycle Bin or trash folder or whatever. There's enough of this lunacy going around to where I would guess that it's a small double-digit percentage of people (frightening!).

But it gets worse. Much, much worse.

We dealt with a vertical-market ERP vendor (now fairly dominant in their field) who for years would store critical local machine configuration files and scanned document data in subfolders of C:\TEMP. They would then have pearl-clutching, screaming fucktard shit-fits whenever an admin had the temerity (oh my!) to actually delete stuff in C:\TEMP. Eventually they knocked this particular bit of stupid off, but to this day they still do things that make my head explode...

You think you're hot bit: Seagate tests 16TB HAMR disk drive


Re: Amazing advances

Even today, my digital music archive is littered with CD rips that need to be done over because they used a squealing MP3 codec.

I ripped mine to FLAC first and then transcoded to MP3. I’ve re-done the transcoding a few times since as the capacity of my portable devices increased...

NAND so it begins: Micron mounts head-on attack against 10K disks


Pathetic DWPD? No dual-port SAS?

These aren't so much read-centric as "they don't fit anywhere we would stick a 10K drive, and is generally stupid if we did"-centric.

With a workload of 4K random writes (worst-case), DWPD is between 0.2 and 0.05. Best-case scenario (100% 128K sequential writes) the DWPD is 0.8.

Scary stuff.

Boom! Just like that the eSIM market emerges – and jolly useful it is too


Apple is ramming this down the carrier's throats.

Apparently the carriers were blindsided (or at least claimed to be) when this feature of the iPhone XS was announced. Apple has been fighting over eSIMs with carriers for quite some time now. Making it the optional / secondary choice with a slightly delayed roll-out is both clever and insidious (in a good way) - it doesn't outright break device functionality, but it makes the carriers the assholes if they decide not to allow it.

This reminds me of Apple ramming DRM removal down the music industry's throats once they had the distribution power with iTunes to demand the end of music DRM. We'll see if we get there with video content...

Well-played, Apple. Well-played. It's nice to see a megacorporation use its leverage for good on occasion.

Microsoft claims Office 364 back to business as usual. Oh no it isn't, say suffering sysadmins


Re: Active reproduction?!?!

The ribbon would be a useful distraction from the pain of childbirth.

If I hadn't already set down my espresso I would have ruined my $700 MacBook Pro keyboard. :-)

That 'Surface will die in 2019' prediction is still a goer, says soothsayer


Microsoft should stay with Surface.

Several problems with this article:

1) The blame for the relatively weak PC (and Mac) sales over the last half decade rests squarely on Intel's shoulders. Outside of gaming and some corner-case multicore-happy professional applications there simply isn't a good reason to upgrade. My current desktop device is six years old, and if I were to go out and buy a top-of-the-line replacement I get maybe 25% more single-threaded performance absent any other bottlenecks. It used to be that you upgraded for a serious performance boost. Now you just replace machines that break.

2) Yes, Apple has low single-digit percentage of unit sales. They have a much higher percentage of industry profits. I recall some time ago that while their market share in laptops was small, their market share in laptops over a price threshold like $1000 or $1500 so was absurdly high (I forget the exact numbers, but something like 90%). Their philosophy remains "Why should we dilute our brand fighting over a tiny amount of additional profit and a huge amount of additional support costs?" It's a spectacular place to be if you can pull it off, and they have.

3) Microsoft needs a similar halo, even at a loss. Not just for their own brand, but to show they can actually commit to something outside of Windows/Office/XBox. What killed Microsoft in mobile is that nobody believes them anymore. They switched strategies every few years, breaking compatibility and screwing over their customers and partners at every turn. Now they're pushing into the cloud big time, and we still eye their new ventures a bit warily because of their long history of abandoning projects and product lines and leaving big piles of wreckage in their wake.

For my own devices, I live in the Apple ecosystem because I can get away with it. But a world with one top-tier vendor is not a stable world. Similarly, we need better competition in Mobile. Ideally, this would be Microsoft but they simply committed market suicide there. Unfortunately, I don't think it's possible to be competitive in the high-end mobile market on an anti-privacy platform like Android.

Does Google make hardware just so nobody buys it?


But muh headphone jack!

As someone who is probably one of the older and stodgier greybeards in this forum, even I'm confused about the bitter clinging to the headphone jacks. This isn't Bluetooth 1.0 anymore. There are plenty of Bluetooth headsets and earbuds that are so much better than their wired counterparts for use with portable devices - mainly because they have better DACs, amps, and can devote more battery to the aforementioned parts. I personally love my V-Moda Crossfade 2 Wireless over-ears and V-Moda Forza Metallo earbuds (I prefer V-Moda's sound profiles - nicely accurate highs and mids, and fantastic bass presence without being excessively boomy or distortive) and the thought of going back to corded ranks right up there with the thought of going back to a corded mouse. I mean, you could, but... why? Cords are tangly, ungainly, and always in the way. I've set up a few charging stations in my home with the various cable types (micro-USB, lightning, USB-C, etc) where we all just dump our chargeable electronics when we're not using them. It's reduces the amount of effort to keep things charged to pretty close to zero.

Holy smokes! US watchdog sues Elon Musk after he makes hash of $420 Tesla tweet


Maximum Hubris

In a way, it's sad. Musk is a bright guy, but with Tesla he bit off far more than he (or anyone) can chew - developing and producing products intended to be revolutionary... while creating new manufacturing techniques, sales channels, supply infrastructure (charging stations), repair services, etc. Any one of these things is dangerous for an established company to mess with. It's seriously aggressive to attempt even one as a startup. To do all of them... no way. If I had to pick two words to put on Tesla's gravestone, they would be "Maximum Hubris."

The worst (and in my mind unforgivable) part is how he's been bullshitting his customers, employees, suppliers, and investors along the way. Using Tesla's limited and rapidly depleting resources to buy out his imploding Solar City venture was outright corrupt and certainly sealed Tesla's already precarious fate. And you can tell Musk has known for awhile that Tesla is toast. The erratic behavior while dating a music star probably indicates he's been aggressively self-medicating (if you know what I mean, and I think you do).

TLS proxies? Nah. Truthfully Less Secure 'n' poxy, say Canadian infosec researchers


Unfortunately, there can be some good reasons for this.

As someone who occasionally manages such devices, we've run into situations where we needed to offer support for poor-quality encryption in order to enable business to function with outside organizations that are not up to snuff. And before the ZOMG screams for regulatory intervention begin, I would note that nearly all of the organizations we have to make accommodations for are governmental or government-appointed monopolies (exclusive rights to provide services for government agencies). We had one the other week whose Internet-facing web server was still running on Windows 2003. They plan to upgrade eventually, when they get around to it. As far as they're concerned, as long as browsers connect then they give precisely zero fucks (and this in an area where private businesses are tightly regulated due to presumed terrorism risks).

And here's the other thing: while solid encryption is critical for protecting many sorts of information, there are other areas that just aren't important. Ironically, the drive to encrypt everything to the eyeballs seems to be largely driven by Google who then hoovers up so much information about everyone which, in turn, is available to various governments upon request - and, if their Dragonfly project has any meaning, preemptively. Since encrypted transit across the Internet is mainly a protection against spying by nation-states (until non-state criminal organizations are able to tap Internet backbones) the whole thing seems to be immensely overblown.

In my mind a more rational response would be to have the browsers do a better job of indicating the relative strength of encryption on any given site. This should be done in a manner that is continuously obvious to the user as they use the site (frame the window in red or something), but does not require additional action on their part. If a site doesn't have encryption, then indicate it but go no further. Browsing some online brochures is usually not a secret worth protecting. We'll get further with shaming poorly-secured sites than we will with the current trend of giving users so many click-through warnings that they just ignore them all.

Salesforce dogged by protests, leaked emails, and guerrilla blimps on first day of Dreamforce


Is it just me, or does SalesForce suck ass?

I see more and more companies moving their support into SalesForce. Without exception, the user experience is absolute dogshit. Not just annoying or mildly dysfunctional, but breathtakingly awful. It's a combination of the worst of "the 90s called and wants their design language back" and "functionality designed by lazy interns with a attitude problems." It may do some wonderful things for the vendors' analytics and back-end CRM, but from the customer side there is literally nothing worse.

That syncing feeling when you realise you may be telling Google more than you thought


Re: ADD Another FYI

Google has partnered with Doubleclick for ad tracking.

Google owns Doubleclick. Has for some time.

Microsoft tells volume customers they can stay on Windows 7... for a bit longer... for a fee


Or, if your pockets are deep enough...

Windows 10 Enterprise LTSB is the least obnoxious version, but you have to be on a volume license plan and stay on Software Assurance.

Qualcomm's tardy chip upgrade leaves the Great Wearables Reveal to jokers and clowns


Re: "No notifications, no fitness tracking"

Given how poorly smart wearables have sold in the west

Not sure about where you live, but out here in Southern California (population around 24 million) Apple Watches are very common - I see them everywhere from baristas to boardrooms, employees, trainers and people working out at the gym, etc. - and Southern California sets a lot of trends. I wouldn't say that they're anywhere near ubiquitous and I don't have any real numbers to go on, but if somebody claimed 10% or 15% of people out here wore one daily I wouldn't argue.

What interests me the most is that I see financially successful men wearing them. Normally for guys like that watches are a form of dick-measuring contest (and the main reason I had stopped wearing a watch; those games don't interest me). I recall some time ago that one of the Swiss watchmakers scoffed that Apple would only be successful in their segment if they could find a way to get guys to stop wearing diamonds on their wrists. Well... they've made a dent, which I find a bit shocking. Or maybe I'm just not alone in my desire to not participate in the Enormous Gaudy Watch Olympics. It's actually kind of amusing that Apple has a product that's ostentatiously downscale in a particular market. In any case, it's nice to have a socially-acceptable watch to wear that doesn't happen to cost more than a decent car. I also see a lot more people wearing Garmins these days as well. Fitbits and other bracelet-style wearables seem to be losing their appeal.

Google responds to location-stalking outcry by… tweaking words on its BS support page


Re: Honest question:

Possibly true. But they do charge you several times the value of the product as protection money so that they don't.

That's a pretty big exaggeration. Apple's prices and margins are high, but that's because they refuse to make low-end / low-margin products. In the areas they do offer products, they're fairly competitive if you're being fair and comparing them with very similarly-spec'd items (say, Dell AIOs vs. iMacs). Even when they came out with the ~US$8,000 iMac Pro people found that if you built a PC with the same specs it would wind up costing slightly more - Apple's aesthetics and MacOS being a free bonus. In fairness, they do get a bit abusive with some RAM upgrade prices, but that is what it is. I'm also less thrilled about the inability to swap RAM and storage their laptops. That being said, they really don't screw around with their storage either - it is really freaking fast (from iPhones to iMac Pros and everything in between), which makes their devices quite pleasant to use. They also offer free annual OS updates that are nowhere near as noxious as what Microsoft shoves down people's throats, they provide free updates to their mobile device OSs for more than twice as long as any major Android vendor (and are making a major push to make older devices perform better with new OS versions), they never whore out their products with third-party crapware / bloatware, privacy and security are both well above-average and easy enough for a person with little computer literacy to use, they give you far more reasonably useful free software included than Microsoft does (Pages, Numbers, Keynote, iMovie, GarageBand), etc. There's some very good stuff there. They're certainly not for everyone - if I was younger and making less money I wouldn't be buying them - but in their niche they're just "very nice, and somewhat expensive."

Oh no, what a rough blow: Cosco at a lossco over ransomware tossco


Re: Nothing Capsized

As long as Penn Jillette isn't their NOC guy then they should be OK.

Why Google won't break a sweat about EU ruling


And the alternatives are?

Let me start out by saying that I am the first person to want more alternatives to IOS and Android. I use IOS, but I understand that other people have different priorities and preferences that put them in the Android camp.

That being said... what alternatives exist right now? Tizen is a complete dumpster fire. Microsoft had a semi-decent mobile OS, but they've so thoroughly trashed their reputation / burnt all their bridges with a decade-plus of flailing about with different mobile strategies, each incompatible with the last, that it's a really tough sell to get anyone to develop for them. Blackberry had some good ideas and then cratered.

So the question is, where will an alternative come from? To develop and build a flagship-class smartphone and OS, market it, and lure enough developers to have momentum is a 10-figure problem (dollars or Euros). Who has that kind of money? Amazon, Microsoft, Samsung, and Facebook all come to mind. Facebook won't do it because it would mean burning bridges with Apple and Google. Microsoft has a reputation problem. Samsung hasn't shown a lot of competence. Amazon is an interesting dark horse. But really, who else has the expertise to do this and a few billion currency units burning a hole in their pockets?

California lawmakers: We swear on our avocados we'll pass 'strongest net neutrality protections' in America


"Oops, we got caught."

Watching legislators legislate is like watching meth-addled chimpanzees trying to fly a spacecraft.

Security guard cost bank millions by hitting emergency Off button


I once learned why A/C equipment cooling capacity is rated in "tons"

We once had a dual cooling system failure (*really, one at a time, but the customer de-prioritized repairing the first because backups never fail, amirite?) in a mid-sized server room, and we had to keep things running for several hours while repairs were effected. This involved trucking in and lugging literally hundreds of pounds of ice into the server room in large plastic tubs (and blowing large fans onto the ice), removing and emptying the tubs when the ice melted, wash, rinse (literally), repeat. This actually functioned quite well - the servers stayed happy and we got paid overtime rates to get in a good workout.

And yes, "tons" in A/C equipment cooling ratings refers to how many tons of melting ice it replaces....

Things that make you go hmmm: Do crypto key servers violate GDPR?


This brings an unsettling proposition to mind.

There are two major forces being pushed in information regulation:

1) Unlimited transparency into online activity for government agencies.

2) Enhanced privacy for individuals as far as the general public is concerned.

The only way these two coincide is if the governments start either holding or mass-caching/backing-up much, much more of the data that's online. There are some fairly dystopian outcomes to be considered in those directions.

In huge privacy win, US Supreme Court rules warrant needed to slurp folks' location data


Re: Gorsuch's dissent FTW.

"If Gorsuch believes all that, then why did he dissent from the judgment? You're allowed to add a minority opinion even if you voted with the majority, you know."

1) Because a "win" is a "win." A 9-0 decision counts the same as a 5-4 decision. I strongly suspect that if the case would have gone the other way then he may have changed his vote, but...

2) He thought the majority opinion made things worse from a privacy perspective, and he's right.

Unfortunately, people tend to look at Supreme Court decisions through the lens of the case being addressed rather than the effects the decision will have on cases down the road. This was not a "huge win" no matter how many journalists claim it is. If you look at the reasoning of the majority - which is what will guide thousands of future judicial decisions in lower courts - they're saying they're completely fine with the concept of Third Party (with Sotamayor expressing some relatively mild reservations). They're just not sure how fine they are with it. As a practical matter, they set the tiniest possible limit and made it explicitly clear that nobody should read anything further into it in terms of weakening Katz (the original case back in the 1960s that started the Third Party mess). Best case is that maybe a very small number of people have their privacy rights respected. In the mean time, far more (orders of magnitude more) defendants will be faced with astronomical legal bills trying to sort this dumpster fire out.

From a privacy standpoint the majority opinion is a complete shit show, and Gorsuch wanted exactly zero part of it. He made it pretty clear in his dissent that he wants to burn Third Party to the ground and then piss on the ashes.


Gorsuch's dissent FTW.

As I'm assuming that most of the people here are on the pro-privacy side of this, I would encourage them to check out Gorsuch's dissent in this case - he disagreed because he thought the decision didn't go far enough and just muddied the waters to make the law even more confusing and unpredictable.

His analysis (coincidentally, often referring to the work of Professor Kerr whose Q&A on the decision I linked above), is basically that the Third Party Doctrine is a terrible idea that the Supreme Court pulled out of its ass, that's it's based on flawed thinking, incompatible with the letter and spirit of not only other parts of the US Constitution (including Fifth Amendment protections against coerced self-incrimination) but many modern regulatory requirements as well, is arbitrary in its limits and impossible to articulate in an empirical manner which in turn leads to endless judicial confusion, and even goes so far to lament that the way the case was filed didn't give the court a lot of room to broaden protections here while suggesting some ways that attorneys in future cases might structure their arguments so as to give the Supreme Court more room to make corrections. His snarky comparison of law enforcement to raccoons raiding trash cans is just a bonus. He even appears to shows some sympathy for a European-style ownership of personal data.


Re: something missed...

Yup, I'm reading Gorsuch's dissent right now, and he quotes Professor Orin Kerr (coincidentally, the guy whose analysis I linked above) as saying “third-party doctrine is not only wrong, but horribly wrong.”

I'm pretty excited about the long-term prospects of Gorsuch's influence on civil liberties matters in the US. He's been excellent overall so far - not just the individual decisions, but the reasoning behind them.


Orin Kerr is posting on the subject.

USC law professor Orin Kerr, a well-known expert on computer crime and internet surveillance law, has been updating a Q&A format post on this decision. He seems to be less excited (from libertarian / pro-privacy perspective) about it than most.


Personally, I'm most interested in Gorsuch's thinking in his dissent. It seems like he wanted to hold out for much broader protections - so the case may not be as tight as it appears. I find it almost ironic that Trump's appointee has been pretty solid on civil liberties.

Citation needed: Europe claims Kaspersky wares 'confirmed as malicious'


Re: You do not need evidence against Russians

Thank you. The more I travel and the more wonderful folks I meet all over the world, the one thing I've learned for certain is to never confuse the people of a country (who, on average, tend to be somewhere between OK and pretty cool) with the assholes in their respective governments.

Tesla undecimates its workforce but Elon insists everything's absolutely fine


Re: Undecimate?

Decimate comes from Latin "decimatio" - the punishment for groups of Roman soldiers who committed serious offenses such as mutiny or desertion - they would break them into groups of ten, make them draw lots (one loser per group), and then would those that lost (1/10 of the troops) would be executed.

At least Musk sticks to only killing people who use Autopilot.

Five actually useful real-world things that came out at Apple's WWDC


I thought browser fingerprint hiding deserved a mention.

Besides cookies and whatnot, the other big tracking mechanism is browser fingerprints. Safari on MacOS Mojave will present a "standard fingerprint" (plugins, fonts, etc., etc., etc.,) to all sites - allegedly making all Macs look the same (insert Apple Fanboi joke here).

How many ways can a PDF mess up your PC? 47 in this Adobe update alone


Use-After-Free and Heap Overflow in 2018?

The last decade called and wants its easy exploits back. Seriously, with all of the tools available to check for and mitigate these defects how do these make it through QA and testing?

BOFH: But I did log in to the portal, Dave


And then there's Crisco...

I'm currently experience the joy of dealing with a support portal that won't accept one of our device serial numbers. Licensing support can only assist with adding licensing contracts - not devices. Nobody can help you if you can't add a device, because nobody ever imagined that that situation could ever occur. And no, the device wasn't grey-market or used or anything like that.

Google Pixel 2 XL: Like paying Apple-tier prices then saying, hey, please help yourself to my data


Still with the removable storage thing?

One thing I never see mentioned with the MicroSD or whatever removable storage in smartphones is speed. A very high-end MicroSD card will give you data transfer rates of "up-to" 275/100 (read MB/s / write MB/s). The flash memory in an iPhone X is real-world benchmarked at 1213/536. This is not a minor or subtle difference - it's not just 4-5 times faster than any MicroSD card made, it's better than high-end workstation-class SSD storage like the Samsung 860 PRO lines (and don't get me started on endurance differences vs. removable). Using a MicroSD card in a high-end smartphone would be like buying a Lamborghini that arbitrarily has to spend most of its time in first and second gear. It makes literally no sense.

Exposed: Lazy Android mobe makers couldn't care less about security


iPhone X

"There's a reason why the iPhone X can retail for 250 pounds more than the Galaxy S9 and still get away with it."

One of them anyway. And Apple has been providing not 18 months or two years of updates, but generally at least four years from launch date. Without anyone having to bitch or whine or throw a fit to get them to do it.

How many times now has Google announced a security initiative with great fanfare (device encryption, etc.) only to step way back later because "it's too difficult?"

I would agree with other commenters that the mobile device ecosystem needs another OS competitor or three. I use Apple because they're the best overall tradeoff for me (strongest security and fast devices are what I care about, other people have other priorities) in a field of the problematic options. That being said, I think we've past "peak Apple" in terms of their software quality and more options would be welcome. Unfortunately, the only players with the resources and possible interest in delivering them would be Samsung and Microsoft and neither seem capable of executing.

Using Outlook? You should probably do some patching


Re: People STILL use 'Virus Outbreak' aka Microsoft Outlook?

MS Office is *really* tough to leave in a business environment. I've tried several times, but compatibility issues keep making it a "must have," and most third-party vendors expect it from an integration standpoint. It's not just the path of least resistance, it's the path of massively less resistance - even with the consideration that MS Office under volume licensing with software assurance is really damned expensive.


You're right, but...

"Who the hell configures a firewall that's not 'block everything by default'?"

Grievously, tragically, and unfortunately... it seems like damned near everyone.

And what's worse is that more and more cloud services are expecting this behavior, especially conferencing apps (unless you want to keep up with their myriad and changing lists of ports and public subnets). I get that they don't want the latency of tunneling through HTTPS, but on the flip side things start becoming farcical on the firewall management side - especially when there are standardized protocols like SIP that could be used (SIP includes provisions for video and text messaging) with far less hassle. But that would allow us to use generic gateways instead of *their* gateways and prevent vendor lock-in, so screw us I guess.

They're back! 'Feds only' encryption backdoors prepped in US by Dems


We need a name for this, and I'll throw one out there:

It has the same absurd, mindless-defiance-in-the-face-of-absolute-evidence aspects of the effluvia spewed by a more common and similarly-named mythical belief. Yes, we know that any jackass can build a backdoor into a crypto system. We also know that, as a practical matter, it's absurdly impossible to keep said backdoors from being abused. It relfects the sort of detachment from reality normally associated with the severely mentally challenged... although this should come as no shock as we're dealing with politicians.

So that's it, I'm coining it: "Flat-Earth Encryption."




Biting the hand that feeds IT © 1998–2021