Posts by doublelayer

Re: Have I understood this correctly?

No, but ICANN does and they will use that power if you give them enough money. You too can own your own new TLD if you have a large amount of cash that you wouldn't mind never seeing again. You can probably get some of it back from scammers, though.

Re: Speakin of .com

The ship has sailed on that. Most filesystems don't have a place to embed that data, and it's not just Windows. I don't have fields for that in most Linux filesystems, and when that is available, the system doesn't use it.

I'm also having trouble figuring out why that's better; just like a file extension, it's a free format string that anyone can change. If that was used to identify file types, the ban would apply to that one instead. This also decreases the extensibility, since there is a defined list of authorized types. I've checked out IANA's list, and it's missing several types that people like to distinguish. I see a few types that name a specific script format, but for example both Python and Rust files don't have a type and would probably be labeled text/plain. We'd either have to constantly apply to add types to that list, make up new type designations and hope that everyone figures out to use them, or just ignore the type and use a different indicator.

Several reasons. The first reason is what I already said above: the part they think they're reading is login information because it's before the @ sign. Incidentally, paths can be anything as well, no need for those to be ASCII. Only the domain part of the address might have a restriction against Unicode, but it might not.

As for mixtures, nothing in any specification prevents someone from having a username with multiple kinds of Unicode characters. There are many languages where that is common, where Latin letters are used so they're using some bytes from ASCII's English area, but there are other letters, diacritics, or symbols which are found elsewhere in the Unicode codespace. If they tried to make a database of languages so they could ban sequences not associated with a language, it would be a lot of work that would likely just annoy people whose language hadn't been inserted yet. I'm allowed to have a path or username on my system consist of mixed alphabets, and if the browser couldn't support that, they're breaking the standards that implement Unicode support.

Re: pointless

I don't do bans of large sets for exactly this reason. I wouldn't block an address just because it chose one of those TLDs. This is more about what I think when I see one. If I see a .com address, I'm thinking that it might be legitimate, if I see a .xyz domain I think there's a lower chance but it may be real, and if I see a .top or .buzz domain I assume it's a scam unless I have information that it's not. I'm sure some legitimate sites use those TLDs, but I don't think I've seen that many, which keeps me from using them either.

Re: What is this file extension thing

That introduces three problems. First, you have to open the file and read from it in order to know what can be done with it. You'd have to have a big database of magic byte sequences and an easy way of adding new ones. If anything did that automatically, you'd likely see performance dropping from extra reads, and that would get worse if there's a network link somewhere in the process.

The other problems are related, and they come because the user lacks information about what the file claims to be. The simpler problem is just inconvenience, since a user can generally understand what is contained in a file that uses a standard extension, but would have to read your file, hopefully with the same magic number database that you have, in order to figure that out using your method. The extension can also indicate something that your database probably doesn't, such as whether this file which your database correctly identifies as "plain ASCII text" is text, configuration, or source code, and if it's code, what language it's for. If you've sent a large collection of files, they may not really want to do that to every one of them to figure out which is which, and a good name that indicates the type makes that easier. The other side of the coin is worse: if the user recognizes an extension, they have a pretty good idea of what program will try to read the file if they open it. If I have a .zip file, I know my archive compressor of choice will try to open that. If somebody sent me a different kind of file with the .zip extension, the archive program will give me an error message. What can't happen is that the .zip file is an executable in disguise and will execute, since my software won't just execute a file without the correct extension set (admittedly, that extension is an empty string on my system, but it has to have a bit set so that evens it out a bit). The extension system is far from perfect, but I prefer that to guessing every file's contents and taking automatic action based on that guess.

Re: Speakin of .com

"The fact that the mime-type was "text/plain" mattered not one jot. Presumably MS looked at names, not actual information (standards - what are they?)"

Blanket bans may not be a great idea, but if you're going to have one, of course you'd use the file extension instead of the type. If the user saves the attachment and clicks on it, the OS is not going to crawl through the email database, check the type, and use that to open the file. It's going to look at the extension to do that. The type won't stay with the file, and Windows Explorer and many other GUI file managers have established years ago that they will use the extension for that purpose. Of course, your file wouldn't have executed, but people became worried after viruses, most famously Iloveyou, used a .vbs attachment and users who just blindly opened it, so they ended up using a big hammer to try to block anything that could execute just by clicking on a file.

Re: pointless

I will admit that .xyz is one of the new TLDs that has a larger proportion of non-scam users. Unfortunately, that's not quite the same as saying that scammers aren't very common there.

It isn't a TLD I would choose for projects unless I really couldn't find a viable one in an older TLD, and in that case, I'd also be checking who was using the older variants of my domain on those TLDs for fear that a name collision would work to my detriment. I'm wondering why you or your friend chose the .xyz domain? If it was because the name was taken in all the more typical TLDs, did you find this less concerning than I would? Unless the suffix has some connection that makes an interesting pattern, I'm not sure why else you picked it.

No, because in the example, the domain name only uses ASCII. The unicode part is not interpreted as part of the domain because Chrome has interpreted it as a username, meaning that this runs on any TLD, whether it supports internationalized domains or not.

Re: What's it like for making actual phone calls?

I have not used this, but I am still confident that I can answer your question: it's fine. I've used a bunch of phones in recent years, from my own devices to work ones and ones I set up for friends or family. Some iPhones, some Android, one KaiOS, and one feature phone. While some people don't make phone calls often, I am not one of them, so I've made calls on most devices. They are all basically fine.

While some may disagree that making phone calls is the "main purpose for a phone" nowadays, what's much less questioned is that phone calls are a pretty basic feature. It's using well-tested protocols and, if the phone can't manage a call, it's going to have problems with the other services that people who don't use the calls will notice. Unless you need something unusual, it's going to handle your calling needs fine. Of course, if calls are your primary use case for a phone, you might be better off buying an incredibly cheap device which will also manage calls just fine, since the extra money on this ridiculously expensive device is likely not to benefit you.

And this is based on all the consulting jobs out there for someone who wrote code that we're already using for free? It might work for some people, and it has worked out well for people who write most used components: the corporate involvement with Linux, for example. It doesn't work that way for every developer, and it certainly would not for the many programmers who work in the areas where proprietary software is more common than open source is. You don't have to hire the original developer to consult unless you need a lot of knowledge. If a bit of knowledge will do, you can have somebody else consult and have them read the code first. After all, if Microsoft Office was free and open source, would you be in line to ask the developers to work for you because you need their help to make Word do something, or would you just use the programs the way a paying user does today?

The same thing is true for creative workers. I'm interested to see the reports of an author who makes their money from paid performances of their books. How about the person who takes photos selling tickets to watch them display those photos on stage? How about the movie actors inviting people to watch them put on a stage performance of the movie, minus the special effects, scenes that don't fit in an auditorium, scenes involving too much stuff, etc. Your statement only really applies to music performers, and it doesn't necessarily work great for them either. What happens if a bandmember gets injured and can't perform for a while. What if somebody wrote the music or lyrics but doesn't play in the band? It sounds like you'd just hope their friends are generous and share the money, because without copyright, those people wouldn't benefit from their work, even when there is a source of money that remains.

I had a similar problem with it. I fully agree that free software, using licenses that are compatible with the FSF/OSI's definitions, is very nice. I use and donate to a lot of such software, and I view the license as an asset. Where I disagreed with the FSF was in the attitude that proprietary software was either evil or should be prohibited. As I understand some of the things that caused Stallman to start advocating for this, his problem was of theft of his work for inclusion into proprietary software, which makes a lot more sense as something to hate than the existence of the proprietary software altogether. And yet, a lot of the prominent people in the movement would frequently argue against something simply on the basis that somebody was selling it, with several proprietary companies being characterized as complete monsters (I think you all know the main one, but they weren't the only one).

Then again, he's not the only person to have taken such a view and there are people who take a much stronger stance in opposition to the existence of copyright. They usually fail to provide any explanation of how they think the free creative work will happen, which might be wise of them because, when I've seen a plan, it has never had any plausibility.

In MariaDB's case, I will not pretend it's open source, and I won't be picking it for its license freedom. I may still choose it as a useful piece of software, though, because I'm not opposed to buying some software if it's useful for my purposes.

"pointing the finger at one country or one of only 4 countries is what we call propaganda."

No, it would be if we just made that up. There are people who put a lot of effort into figuring out who did various things, and they know more than you do about the people and organizations responsible for attacks. They're not perfect, but your assumption based on nothing, or more likely some existing ideological point, is less reliable than their years of research.

"As I said you never know where it's coming from as it's untraceable once you start routing through hacked servers."

They sometimes think so too. Sometimes they're right. Often, they didn't do as much hiding their tracks as they should have and it really is traceable. And sometimes, they announce it publicly and provide proof, often in the form of stolen data that wasn't already out there. That makes it much more traceable.

"You can't even use reverse engineering and say oh it's like something previously used by x country because you have no idea if the previous one was actually used by x country.": Except, again, when it is announced by X country that they did something, either publicly for some propaganda purpose or, much more frequently, by accident. And in other cases, while there is no confirmation from the country, there's plenty of evidence for a reasonable observer to conclude that it's likely. While you are correct that there's always some chance that someone else did it, you are acting like it's a hunch at best when in reality it's so many clues that it's pretty obvious if you've read the analysis.

"The original comment was volume has dropped from someone wanting to sell solutions. They can't say efficiency because why would you want their solution?"

I gave you several reasons why volume will have dropped, from the loss of personnel, decrease in organization, and more difficulty making profits. That will have driven some away and caused problems for those that remain. I expect that their next step will be to increase the volume to try to make up from that. Perhaps I'll be wrong and their problems with efficiency will put more of them off, continuing to drop the levels. Given that Russia's economy isn't the best for people who can write code, I don't have much hope for that.

"What is exactly restricting them from exchanging bitcoin for USD in another country?"

Starting with the perspective of a Russia-based criminal. Some countries will require them to be identified before it can happen. Criminals don't like being identified. Those are out. Some exchanges in other countries will not require them to be identified, but will have some trouble transferring a bunch of cash to where they are. That makes exchanging there useless if the criminals wish to remain in Russia. Some exchanges are happy to transfer to Russia, but having been used to circumvent sanctions, they find it hard to quickly cash out large values because other exchanges don't do business with them. That works, but is inefficient.

"Do you have this weird idea that they only have Russian bank accounts? If they were Russian in the first place that is."

They may well have stolen accounts from other people in other countries, but they can't just transfer money from those accounts into theirs because sanctions restrict transfers, Russian government policy limits the viability of transfers, and criminals don't like announcing their identity in a bank ledger that any law enforcement can look at.

"Do you think all Russians live in Russia": No, but the people who choose to conduct ransomware from Russia tend to live there. They do it because Russia provides them protection from international law enforcement. Being Russian outside Russia doesn't give you that freedom.

"and if it was Russia they couldn't transfer it to someone they know in another country to exchange and spend?"

They could, and they certainly do to other participants who are not in Russia, but most of the time, criminals want money for their own spending, not to send to others. If your friend buys you something but it's stuck in a country you don't live in and can't travel to for fear that the police there know you've committed crimes, how useful is it? If you were very restricted, you might do some things that way, but you can't typically buy a luxury car in another country and just mail it over. You can buy one for cash inside the country, though.

"Bitcoins don't live in one country. That was the entire point of what I was saying.": The part you missed is that they want other currencies, and although Bitcoin is global and decentralized, the businesses that exchange it for cash are neither. If those exchanges can't handle the business or refuse to do so, then there are problems. For the same reason, I can give you some banknotes in a number of popular currencies and you can take and spend them anywhere, but if you have my bank card but you're in a country with sanctions, it's likely not going to give you any spending power because my bank won't transfer money there. There is value in the account, but if you can't access that value efficiently, it reduces the current value to you.

Re: "Cybersecurity" -- A Popular Meme For Our Time!

You could use WORM tapes, but probably the easier option is to use whatever medium you want, then keep it disconnected so it can't be modified later. It doesn't matter what hardware is used if it's stored in a box and someone has to physically take it out for it to be read or written.

Russia and countries around it have been a particularly large source of ransomware organizations. Agglomeration is common in a lot of industries, and ransomware is not immune to it. A lot of that also had to do with the fact that Russia never extradites and usually ignores a report of ransomware going on, so they feel safe there.

The war has caused a few problems for those organizations:

1. Many of them operated internationally in post-Soviet states. While a lot of core activity, especially financial activity, was conducted in Russia to take advantage of the legal assistance, there were technically-aware people without jobs in other countries who participated. Ukraine was one where a number of prominent players were located. Those players have a harder time operating ransomware when bombs are dropping, and some of them are not so happy to work with Russian groups that support the war. Other countries may also have taken sides. Statistics are hard to find, but several groups have splintered over political differences which weaken their ability to operate.

2. The ransom payments come in in cryptocurrency, but nobody wants cryptocurrency. It's not very useful to buy things, so most of the criminals who have some want to turn it into cash quickly. Some have more resources and can afford to change it into cash much later when people aren't looking, but that's still what they want to do eventually. To exchange cryptocurrency for cash, you need organizations that have access to lots of cash and people who want to speculate on the crypto for a while, and exchanges based in Russia have restrictions on both for a while. Other countries have exchanges that can be used, but many of them weren't willing to act in the anonymous way that criminals appreciate.

3. The people who can provide the exchange they need are not as nice as the ones they used to work with. Now that the private exchanges don't have the capacity that they once did, operators can still find some people who can exchange it, but they're likely to have significantly larger criminal organizations attached, in some cases the Russian government or another government (if North Korea isn't doing it yet, they're missing an opportunity). Those are riskier and more expensive for small organizations. Russian ransomware operators may be confident that their government doesn't plan on arresting them for other countries, but they are still breaking the law and Russia might want their services for other operations or might appreciate a chunk of their money. The lack of options does restrict them in some ways, though of course it also motivates them to make up in volume for the drop in efficiency.

Re: For non US readers re robocalls ...

Some scammers like to fake a number that's similar to yours, with a similar geographic code but a different number at the end. They appear to think that people are more likely to answer local unknown numbers rather than random ones. If your number starts with the same digits as your father's, or if there is some link between your number and the location of that landline, they might have hit your father's number because of the reduced option set.

A few years ago, I was expecting this would eventually happen to me because scammers were copying a ridiculously long prefix from my number and changing only the last three digits. By chance, I happen to know two people who have numbers in that set, although I'm only in contact with one of them, so I figured it was only a matter of time before they chose one of those. It didn't happen, and now my infrequent robocallers copy fewer digits of my number before randomizing.

Re: Acronym-Ignorant

"There is a place, perhaps, for tests that are well beyond the capabilities of any student to complete and score 100%. If that was the norm, then no child would be upset that they hadn't completed everything perfectly, (because that would not be expected) and there would be a scale for determining relative capabilities and progress all the way to the top."

I've certainly experienced professors who gave those, and I didn't appreciate them. That's perhaps not a big surprise given that getting lots of questions that are intentionally unanswerable with the education provided feels pointless. However, I think there are some big problems with doing that consistently.

It's not the way that many other things work. If you get several tasks at work, you will be expected to complete them all satisfactorily. If you can't, you need to go to some effort to prove why you can't and ideally that nobody can, or your boss will be angry with you. If you were faced with a manager who constantly asked you to do impossible or impractical things, what would you do? I don't mean the occasional request which proves untenable, or even a request where they first ask you to comment on its feasibility; I mean that almost every goal they provide you is presented as a straightforward task despite being infeasible to complete. I can't answer for you, but I would assume that it indicated they didn't have an understanding of what was practical and they were demonstrating their ignorance. I'd be concerned that pointing that out wouldn't be taken nicely, that failing to do all these things would make them angry, and I'd likely try to get a new boss. If it turned out that the manager concerned was testing me, I would find it disrespectful and pointless.

It also gives students a bad understanding of their success. Most of the time, they should be able to get 100% of the test completed if they put in enough effort to learn the material. If a test is set up where the best students are getting 35%, as some of my professors liked to do, every student leaves the test wondering if they've just failed the course. They'll be worried about that, and some of them will try to learn all the things covered in tests they were never expected to know. If that stuff isn't expected, it's probably either so advanced that the student doesn't have the basis to understand it yet or it's useless enough that it's not planned to teach them at all. Either way, they're likely to waste their time as a consequence of not understanding that they did fine.

This leaves us another option for how to make a test more difficult, one that I've personally seen infrequently but others have reported: just make the quantity untenable. Have a one-hour test with a hundred questions, and see what happens. Once again, a work parallel is useful here. We all know that you can get your work done well or you can rush through it and probably make some mistakes, but at least in that case, you'll be choosing between the options based on a situation you can understand and plan for. Not so with the overly long test, where you have to guess whether twenty perfect proofs and eighty blanks is better than sixty quick guesses and forty blanks. You're not really learning about whether the student can do the activity. Nor are you really learning about their time management skills. You're learning what their last-minute guess was and judging them on that.

I think it's mostly because companies want to spend rather little on the gift, and if they gave their employees a bonus of the amount they're going to spend, the employees might find it more insulting than getting nothing. If your employer gave you a £20 bonus, I'm imagining several people who would find that disappointing and would react with indignation. While getting significantly more in cash is best for everyone, there are cases where companies, or more often some group within them, can't or won't spend more on such a thing. An event with free food might be a better use of that amount of money, but it doesn't work for people who work remotely or if such things are just unpopular.

Re: AHH the good old USB

I've had some ones that lasted longer. The one I remember the most was a metal-cased 1 GB stick, mostly because it was small enough to be useless for most things. That turned out to be an asset because it meant that I never erased it for a temporary Linux or Windows installation disk, and therefore my system repair image could always be found on it. It lasted about a decade, and I think I lost it rather than it breaking.

Re: As usual, hire a female CEO when the company is collapsing

Probably in some cases, but for many countries, there's not a lot of chances to put a scapegoat in power since there's an election in the way. Unlike a company, where a small group of people can name someone CEO in a couple days if they want to, if there's a general election, then you can't just decide who the winner will be. For this reason, Thatcher couldn't have been a perfect example because a lot of people voted for her, and she's likely not to have been an example at all, since picking a scapegoat during a general election would nearly always be harmful to the party. Before it comes up, the situation about Truss fits this much better but is likely also not an example. If Truss had been named without a general election because something bad had been set in motion and she was intended to take the blame, that would fit the pattern. As far as I understand it, this was not the case, she had to campaign for the position, and the problems leading to her resignation were created after her appointment, not before it.

It has been seen before, though, and it can frequently not involve gender at all. For example, if a military wants to start a coup and to have an excuse, one tactic they have used is to put in a leader who will make unpopular decisions, so they can spin the removal of that leader as their duty rather than a power grab. This is not always the case in coups, as often the military doesn't particularly care about being subtle and, if they have the power to name a leader, they may skip the scapegoat process. A related tactic is to try to convince the existing leader to make unpopular decisions rather than replacing them, which has happened more frequently.

Re: Do you people really think she's that naive?

As a non-user, I'm not sure that's the case. It's been popular to say that the reason advertisers have been leaving is just due to extremists forming a lot of the posts, and I'm sure that's a major factor. Another likely factor is that a lot of Twitter employees that interacted with advertisers, providing them support and someone to complain to, have been fired. That can't have helped either. Another reason is that advertisers were uncomfortable with the ease of impersonation enabled by the buy-your-verification system, back when users still saw the mark as indicative of something useful. Those latter two causes aren't political; they're the result of stupid management decisions and are specific to Twitter. I don't know which have been the largest factors making people change their advertising budgets, possibly because I tend to think that most advertising spending is wasted anyway.

Re: Do you people really think she's that naive?

I agree, and on the surface, she would be the perfect person to serve as the new CEO. Twitter's driven away a lot of advertisers and Musk got in fights with several of the remaining ones, and advertising is the way Twitter makes basically all of its money. The pay for unverified encryption and a check mark plan isn't going to make a dent. I think hiring someone with knowledge of the advertising industry and relationships with advertisers is likely going to extend Twitter's life by at least a couple months. If she had a lot of power, it would have the option of being longer, but Musk is the guy who has done all the stupid stuff for the past few months, so I see no reason to believe he's just going to stop. As such, although she has the opportunity, she should probably look at this as a speculative stepping stone, not a long-term deal.

Re: So let the Open Source 'community' teach the European Community

That requires the copyright holder to be easily contacted and simply lands them with the responsibility for maintaining their license. Do they want to pay for a lawyer to sue a company that doesn't obey the licenses so that I can have access to a system that they don't even use? I'm sure their sympathies will be with me, but I'm not so sure their willingness to go to legal action will.

Theoretically, the GPL gives me the right to retain my own lawyer without even consulting the original copyright holder (assuming for example that the copyright holder is dead, didn't put a contact method in their documentation, or has gotten tired of emails and no longer pays attention to them. If I were rich in money and time, maybe I'd try it. I'm not, and in my case I and the company responsible are in different countries, so they're likely to get away with it if they ignore enough emails. Having talked to this company before, I know from experience that they're very good at ignoring emails.

The company I'm talking about is quite small, but it's not as if this only happens when someone hasn't been paying attention. Massive companies ignore their open source license requirements all the time. Only rarely does some foundation go to lengths to enforce them. Most of the time, there are no consequences for anybody.

It's vague, and I don't support it in any case, but I think there would be a difference. If the law doesn't specify it, lawyers will create it. Here's the argument I expect they'd use:

The Windows NT code has been updated. Customers have to install the update from NT4 to NT10, which is the currently supported version although the version numbers aren't the clearest. As of now, they have the option to run the version of the NT code contained in the Windows 10 or 11 products, which they can buy whenever they want, so we have protected them. That open source code, since it has not been updated, is not protected and its author is still taking donations for its upkeep, so they are more liable than we are.

Should that work? No, the logic is flawed and it produces bad results. I'm afraid you might get it anyway, though, which is why this legislation either needs to be written to handle this situation correctly or scrapped altogether.

Re: So let the Open Source 'community' teach the European Community

Or more likely, the European customers just completely ignore the terms in the license and nothing bad happens. I was recently taking apart a system image and found a library in it that is licensed under the AGPL 3.0, a license that requires that I be able to replace it and have the device on which it's running execute my replacement. It's not sandboxed, so if the company gave me the required access, I would have full root access which I don't normally get. I bet that if I send an email requesting they comply with that license term, it's not happening. Does anyone want to take the other side of that wager?

I have a feeling that the court will not accept that logic if you're still taking bug reports, feature requests, or donations. If you've completely orphaned the code and will not speak of it again, you might have a better chance. This is especially true if some company who wants to avoid their own liability is pushing you as the responsible party in court, because they have an incentive to find all the reasons why you should have been and therefore why it's not a problem that they didn't check for vulnerabilities.

Re: Cui Bono.......Again!!!

At least in that case, there are legal entities that agreed to use the products of another legal entity. It could still be a mess, but there are contracts specifying who needs to do what and there are specific people who can be targeted.

If I put up some code, and I get pull requests from people who don't have their names on their GitHub accounts, and then my code is used by a company who never told me what they were doing, might be violating my licenses or might not, and there ends up being a problem in the code that someone anonymous wrote, I reviewed and accepted, and the company swallowed without checking, who's at fault? I have a feeling that the court isn't going to accept me saying "It's GitHub user zcjue829, go find them". Even if they did, I don't want to unleash that on someone who probably just wanted to introduce a feature or bug fix and didn't know that a vulnerability existed.

Re: Honestly...

An alternative suggestion: people didn't like it. I'm not sure whether the original comment was intended as sarcasm, but you seem to think it obviously was and it certainly could be. Amusing sarcasm, however, is not really in the cards. Maybe people thought that, as a possible joke, it didn't really work. I didn't vote on it, but I don't find much value in the comment.

Re: I suspect a hidden agenda

They're easier than building a computer would be, but you can't just take a receiver, an old laptop, and a bunch of wires and build one out of it. There are some ways you can make a machine not intended for the purpose end up emitting a signal, but one that's very weak and hard to tailor for your purposes. Most attempts will end up with something that has worse range and fidelity than a cheap WiFi router. DIY FM transmitters aren't a solution to emergency communications.

Re: It isn't that they don't enable the FM radio

I like the headphone jack as well, but I must disagree with your estimated costs and lifetimes of headphones:

"a decent pair of wired earbuds is £15 and will last decades."

The way I use them, that's a reasonable price and it will last months. They tend to be made from the thinnest wires possible, and some part of the wire breaks after enough uses and movement. I don't tend to mind that too much since they are quite cheap, but I've never seen a cheap set that lasts very long if it's frequently used. More expensive headphones tend to last longer because they often have replaceable cables (and if they don't or the cable is custom, don't buy them), but that's a very different level of product and they are more expensive.

"A pair of AirPods costs £180 with "up to" 6 hours charge while the batteries are good."

Don't buy those. You can spend a lot less and get similar devices that have as good if not better battery life. Similarly, don't buy the cheapest possible pair either. In case you are interested, there is a person (not me, and I don't know them) who has reviewed hundreds of models of cheap Bluetooth headphones and posts those reviews on the website scarbir.com. I bought a pair for about £30 which have lasted over two years so far without noticeable degradation in the battery and get 7-8 hours on a charge. They do run out of power if you use them long enough so they're not for everybody, but as I tend not to use them for that long and they charge automatically when stored, it's rarely been a problem for me.