Re: My frikkin' LG dishwasher does this too
Why do you let it?
5648 publicly visible posts • joined 20 Feb 2015
On the other hand, this is far from universal practice.
I've been working on enterprise security software for various companies for a long time now, and none of the companies I've worked for engages in any form of telemetry or phoning home for any reason. The security risk is too great. Instead, the standard practice has been to keep reasonably detailed logs on the customer's machines, and supply a utility that the customer can run to collect the data from the logs to supply to us when needed.
That way, the customer can review the data being sent, and must proactively engage in sending the data to us. This is an extremely important security measure, and I personally wouldn't trust any security software that does otherwise.
"For example, I read the register from my work desktop daily, or catch up on the news via typical news sites on slow days. I don't care if my employer sees that."
Fair enough. But you're still taking a risk -- it's awfully hard to predict what an employer may get upset about!
Personally, the less my employer knows about me outside of my work-related activities, the better.
In the US, if you're using company equipment, then your employer can legally look at everything that you do on that equipment. This is also usually explicitly spelled out in your employment agreement.
This is why you should never use company equipment (including the company network and internet feed) for personal use or communications, ever. I use my smartphone (on my own data plan) when I have to do any personal stuff at work.
"they do have a right to profit from their intellectual property"
Of course. But they don't need action by the US government to protect their IP. They voluntarily do business with a nation knowing that doing so means it's likely their IP will be stolen. They could protect their IP by not doing that.
What they're really demanding is the use of US governmental power to force another nation to do business in a way that US corporations prefer. That's amazingly unethical and abusive.
The only thing the tariffs accomplish (other than being a defacto tax increase for the nonwealthy) is to encourage the world to route around the US when it comes to trade. Trump's efforts can only lead to decreased US power and wealth, and increasing the poverty problem.
In my city, a local company (not Lyft) has littered the streets with similar bicycles. They aren't exploding or anything -- but they are a hazard, and it's getting worse, as people just leave these things anywhere they want when they're done with them. This is causing increasing problems for everybody -- pedestrians, cars, and even other bicycles (disclaimer: I ride a bicycle as my primary transportation).
I dearly wish that this program simply stopped. It's making my city worse. Failing that, I wish that the city would start levying large fines on people who leave these scattered around (it is littering, after all!) -- it wouldn't be hard to find out who paid for the rental, after all.
"Credit monitoring" is a largely worthless piece of BS that was invented early on when the first large leak of financial data happened. The purpose of it is to minimize the amount the company has to actually pony up, while at the same time attempting to make the affected people feel like "something has been done".
"That's why the convention was adopted, and the reasons for it haven't changed"
Yes, I understand why the convention was adopted. I just think that the reasoning for it is flawed -- it was adopted for convenience and expediency, not out of technical necessity.
"if you want to use a CDN or DDOS protection or a loadbalancer or any other enhancement by use of CNAME records"
This is a bit of a stronger argument, but the practice began before CDNs were a thing.
"By convention, www has always pointed to the host that serves the main website for a domain."
I remember when web sites first started coming into existence, and even then prepending the "www." was idiotic. There's no need for a special domain because there's already a special port. Many efforts have been made to get websites to stop doing that -- which is why so many will now respond to both "www.example.com" and "example.com".
We do need to just get everyone to stop using "www." for this purpose, but regardless of common usage, it remains a fact that "www.example.com" and "example.com" are two different URLs that don't necessarily resolve to the same web site. Hiding the "www" is a terrible UI decision because it means that the browser is lying to you by reporting you're at one URL when you're actually using a different one. Aside from increasing confusion, this can also be leveraged to engage in attacks.
"While the Chocolate Factory is still keen on axing "m." at some point, it is "www." that is for the chop now."
"Long ago, we chose to hide 'https://' for this reason, and simply show a security indicator (secure or not)."
Stop hiding information from us!
On the other hand, there is exactly zero chance that I would use Chrome, so that doesn't affect me. I've never used Vivaldi, but knowing that they're in on this "hide stuff from me" bandwagon means that I know I don't need to consider it, either.
"So you cannot stop the spying now. Personal security is dead."
That's seriously overstating the case. It would be more accurate to say that it requires greater effort to maintain security than ever before -- but you can have a meaningful amount of security if you don't mind putting the constant work into it.
"If users start asking their ISPs for ipv6 en masse"
But why would they? The only thing the vast majority of users would care about is if they can get to the internet. They wouldn't notice whether or not they're using IPv6 to do so. There is no reason why most users would demand IPv6 specifically, they'll only demand that their internet connection works.
IPv6 is really only an issue of great importance to ISPs and users of numerous IP addresses.
You are correct, and I never meant to imply otherwise. Here's why I need NAT regardless of IPv6 -- there is more than one box that I want to be able to contact from the internet, but I don't want the IP address of those boxen to be exposed to the internet (by "exposed, I mean both that it shouldn't be possible to contact it directly and that it shouldn't be possible for anyone outside my LAN to see that IP address is even in use). What I want is to have a single IP address that is used for incoming internet traffic, then my router directs it to wherever it needs to go.
NAT accomplishes this. I can also accomplish it with other router rules -- but in doing so, I've really just implemented a NAT via a different mechanism.
"when NAT is not used it would be far easier to map an internal network by observing the packets addresses, and if addresses are not generated with a good random algorithm, and changed after some time, each device has an observable unique ID."
This is really my only problem with IPv6. When I shift my LAN to IPv6, I see a fair bit of work necessary (including making sure I have a working IPv6 NAT) to ensure that I can both have static IPv6 addresses on my machines and that those IPv6 addresses are not visible to the internet (not just that they aren't reachable from the internet). That's enough work that I will put off making that transition until I have no other choice.
The GPL is viral in the sense that if you modify GPL code, then the modified code must also be released under the GPL.
However, there is nothing about the GPL that says that the code that uses it must also be GPL'd. You can use a GPL'd library in your closed-source project, for instance, without having to put your entire project under GPL. The requirement is that any changes you make to the library itself are also GPL'd.
Yes, I remember when Samsung had (maybe they still have) the ability to detect gestures that you make near, but not touching, the screen. I tried it out for a week or so but ended up having to disable it because of all of the times it thought I was gesturing when really I was just moving my hand nearby.
"Almost nothing on the modern Internet works without Javascript"
As someone who avoids letting Javascript run by default, I can say that this hasn't been my experience at all. There is a class of sites that require it, but fortunately they tend to be sites I don't care about anyway. The vast majority of the web I see run just fine without JS,
"Maybe Samsung's engineers were also testing the phones, but they had internalised some preconceptions about how to treat them"
That why when it comes time for testing your product in real-world use, you don't have the engineers do it. You have someone who is approximately representative of your target market. In this case, I'd say that should be secretaries, cleaning staff, etc. Anybody who wasn't involved in the design or implementation.
And when you do so, you don't give them a list of cautions -- if you feel the need to provide usage instructions or warnings to prevent damage, then your product isn't ready for this level of testing yet.
I honestly never understood why some people (outside of collectors of rare things) consider owning something worth bragging about. All they did was buy a thing -- that's not exactly a huge accomplishment.
Now, if they were involved in the design or manufacturing, that would be something to brag about.