Posts by doublelayer 10319 publicly visible posts • joined 22 Feb 2018
That really depends how obvious things were, but it would have to involve a pretty low effort before you're breaking your contract or the law. I don't doubt that criminals have been captured that way, and I am inclined to believe that your story isn't a lie, but it certainly isn't justified for other snooping to occur.
Wrong question. It's not whether you wrote http.get but where it runs. Does http.get connect to another computer for that to do the HTTP work, or does it do it on your computer? If the former, it's an RPC and your program is not like anyone else's. If it's the latter, it's still a local procedure. No, an HTTP request does not count as getting that server to run your procedure. It may run some of its own, but it will not accept arbitrary calls and may not be performing a computation, for example if it simply returns you preexisting data.
RPC doesn't mean anything where you ask another machine to do something. RPC has a narrow meaning, where you call a function which is executed remotely. Calling a function that retrieves data from a remote location but runs locally is not an RPC. Next, you'll be saying that the 1000 count was right because look at how many RPCs were called to transfer the network request along its path. RPC has a specific meaning, and if you want to use it in discussion, it's useful to know what it means. The same way that "database request" and "database record" are not the same, that "byte code" and "machine code" aren't the same, that "Linux" and "Unix" and "Posix" aren't the same, and that "disk" and "partition" and "volume" aren't the same applies here as well. If you don't want to be wrong, you have two options: don't use technical terms you don't understand or learn enough that you do understand them.
I see you've never worked as a programmer. That's not how it works.
Here's an example. I have a task to do. The code we have that is involved is terrible. Nobody disagrees with this; we all think it's bad. I could overhaul this for a better version, completing the task some time in January. I could also patch around the problem that prevents the completion of my task, write the new stuff, and complete that next week. We're doing the next week plan.
It's not about needing the task completed. This isn't time-sensitive. It's not about disagreement about the overhaul being useful. However, they want me to be able to work on different things in December, and by patching, I'm not introducing any really big problems (no risk to safety, security, sensitive data, just the code being harder to maintain and significantly uglier. I don't have the freedom to tell them that I'm ignoring them and starting a redesign on my own, and if I did, there's always the risk that I discover around the beginning of January that there's a problem and it's going to take longer than we guessed, which wouldn't go down well. I have had lots of things I thought were good ideas, but when there's a team working on something, that idea has to be sold to them and to management before you can just do it. Even if you're in a senior position where smaller ones don't need anyone's approval, you still can't take out large chunks of time or make massive changes without notification and some kind of oversight.
And if you insult the workers based on your wrong understanding, they get defensive. You're right that the less respectful way you inform someone they're wrong, the more likely they are to punish you for it. My guess was that the person in this case was already planning on leaving and wasn't going to take any more public insults. Had he wanted to stay, his response might have been different. In neither case was he wrong nor was Musk justified in his statements (or in my opinion actions).
No, it's a rather important technical difference. An RPC and a networkk response aren't the same thing. If you have both, then you need to see whether they're both slow or whether only one is. If only one is and you do a significant amount of work to reduce the instances of the other, you've wasted a significant amount of work.
If Musk wants to play this game, he can amend his statement and start fighting with them about the number of requests they make on some other system. It won't stop his original complaint from having been wrong, and his second one might also be wrong if he doesn't try figuring out how it actually works. If he hasn't fired them, there are probably people whose entire job is profiling the system and understanding what causes delays.
The programmer did mention several problems. This wasn't attempting to hide bugs or inefficiencies, as they didn't seem to mind suggesting large overhauls. It was a fight about a specific technical issue, namely how many RPCs are there to perform the operation. Musk has a claim, and the programmer has a claim. I'm more likely to believe the programmer, given that, as you said yourself, "Musk isn't a programmer and it would be highly unlikely that he'd know all the ins and outs of Twitter's code base".
"I can't see how this body can operate without breaking national or international laws."
Quite easily, both in theory and in practice. National laws are easy: it's the government. When they pass a law making this organization, they give it an exception in the regulations that would otherwise apply. International law is a bit harder, but there are few international laws about hacking, relying on the old standby of extradition requests linking national laws. Since the national law has specifically allowed the action, that's not going to work for any country that wants to submit a request in defense of their local criminals.
Which brings us to reality, where that doesn't happen anyway. Sure, a few countries, especially Russia, allow ransomware operators and other cybercriminals to operate without prosecution, but they don't give them state protection or anything. If those criminals get harmed, their host government isn't going to act to defend them. It's akin to expecting a government to start a war when a drugs group loses a shipment to customs inspectors. It doesn't happen with drugs and it won't with malware.
I'm curious what you mean by crypto transactions, as most banks do not accept cryptocurrency or allow conversions. They do, however, allow you to transfer your own money to someone else who will perform that service for you. Do you want to block banks from transferring to any organization that converts cryptocurrency? If you do, that is unlikely to work, as users could withdraw on their own or use a different middleman to perform the transfer, and the infrastructure to ban that transfer isn't really a feature of the current system (if you put this in place without banning cryptocurrency outright, the law would be struck down almost immediately when a rich cryptocurrency platform sued).
Well, as it's not actually going to make programmers irrelevant, there's not much risk in it for them. But yes, people do that. Programmers have written lots of things over the decades to make their job easier, which in turn means you need fewer programmer-hours (less time, which means one programmer can do more tasks). That's a good thing for the people who use programs and indeed for programmers themselves. If we hadn't done that, the availability of usable personal computers would have been significantly slowed, meaning fewer jobs as there would be much less demand for software.
We don't strive to create artificial antiquity just to make things easy; we prefer quality and efficiency. I've seen arguments for not updating inefficient processes because the people who do them would need to learn to do something else, and such arguments are usually unfounded and futile (even when it's tried, it doesn't work out for long).
I don't copy obvious code. For that matter, I don't copy non-obvious code, because that's a recipe for it breaking and having me completely stuck. When I review others' code, I read it to understand how they did what they did. Then I apply the lessons from their solution. Sure, when it's a function call, my line will look like their line, but when it's a wider function, my version will look different from theirs because mine will be tailored to my problem and will omit things I didn't need. My variable names will be explicitly related to what they contain, rather than the shortened form common in examples. My functions will be divided where logical for my use case, not what makes for a clear explanation. I have learned instead of copying and produce a better result for it.
If they work like every other university I've seen, they have a computer science department with its own implementation of nearly everything that avoids as many of the systems from main university IT as they can. I've seen that structure quite often, and while every other department uses the main systems, CS eschews them all for homebuilt alternatives that, although they're a bit uglier and not as organized, also don't go down or lose data. I think the CS faculty both know how to build things well and that they will be happiest if they only use their product but don't open themselves to supporting the rest of the institution with it.
Curiously, someone was complaining last week about a company being identified as from Bavaria rather than Germany, so it seems that the writers can't please everyone no matter what level of regional names they use. I have a feeling that pointing out that neither statement was incorrect won't convince people, but I've done it anyway.
I'm guessing they probably took a while (if ever) just to fix the error they found, if their company works anything like every place I've worked. I think the only thing about the Agile Manifesto that was understood by companies was the part where they say "We value working software over documentation". Usually, the policy ends up being "If the documentation bothers you, you change it. You can put whatever you like in there. Nobody will review your change until the new starter tries to use it for something.".
Where do you live? If it has privacy legislation, you can contact them and request them to take it down, and when they ignore you, you can file a report about it to hopefully steer a regulator in the right direction. If you know a good lawyer, you could also try suing them for copyright violation as you almost certainly didn't release that picture under a license that permits this, but you'd have to do the work for that one yourself. I won't do these things as I don't want to upload any pictures of me, but as you've already done it, at least the first suggestion is feasible and not too difficult if you live in a location that facilitates it.
Only if the system is written to associate names with photos. This system, on the other hand, appears to do it the other way around, so posting photos of other faces with your name attached won't prevent them from connecting two photos of your real face and correctly naming you if there's enough data. Their database would just think there are a lot of others sharing your name who look different. Theoretically, you could upload a ton of photos of you each connected to fake identities, but that requires giving them a lot of data and the creation of the fake identities isn't as easily automated.
No, it means the code was probably written wrong without having to store it in cleartext. The following workflow would accomplish this bug without storing a cleartext password:
Enter old password
Enter new password
If old password doesn't match hash, report error.
If old password doesn't match rules, report error.
If new password doesn't match rules, report error.
Hash new password and store it in database.
It just has to run the rules against the user-entered string, which it already has because it will check it against the hash. For all we know, the coding error could be even more basic. My version has a statement run twice when it's only needed once, but it could also be that it was only being run once but on the old password instead of the new because someone mistyped a variable name. That version could in turn be changed into my version when the "Isn't checking new password against rules" bug was fixed by a lazy developer who put in the necessary statement without removing the erroneous one.
I could see it happening for a few reasons.
First, it wasn't "just because of a personal disagreement", though that definitely didn't help. If the change needed to be sold to someone else, it could be done as "failure to make repairs specified in the contract, necessary to continued functioning of the equipment, and after repeated requests". That sounds a bit worse and can get others to accept it.
Second, it's a big figure, but that's about 35 laptops. We're not talking a massive company here. The person doing this could already have been at a high enough position that cancelling the contract could be in their authority. If they couldn't find anyone else to provide replacement laptops at a comparable price, there could be problems, but they're often interchangeable and with multiple available suppliers. They may already have planned for multiple suppliers and the change just involved switching some orders from approved supplier 1 to approved supplier 2, which would likely have gone through without issue.
It usually involves choosing a username that looks like it might be correct but isn't, such as replacing characters with ones that look similar or padding it with something that would be logical, then relying on people who previously associated the check symbol with the account having been verified as correctly representing the person or organization it claimed to.
That stuff has been decentralized. You can set up lots of turnkey open source services that do those things. Take Zoom, for instance. I have a server running Jitsi, an open source videoconferencing system. Mostly because when I set it up for 2020, I never shut it down, but it does still work. That's not the only option for that service. All you have to do is use one of those instead of using the free services that have some degree of support, don't require technical people to set up, and don't charge you for bandwidth. Is it that surprising that the average person isn't rushing out to copy my Jitsi server? When there is a person who wants decentralization, the software is often there for them to use.
Also, do you really think Musk has the knowledge to write an RFC and protocol at all, let alone one that is designed well and scales correctly? I wouldn't count on it.
"Content producers using twitter to reach customers would find $8 a month to be a huge bargain to promote themselves."
You appear not to understand what the $8 is for. They already have a program doing what you suggest. It's called advertising and it costs a lot more with more controls. This program doesn't do the same things and does not offer the possible benefits that posting ads does.
It can be done legally, both in the U.S. and elsewhere, but generally with a lot of agreement. You can't legally require someone to work that many hours, but you can require them to do enough stuff that they would have to and specifically indicate that they're earning a salary and it's not about hours worked. If they didn't know that was coming, don't expect them to put up with it for too long, especially if the law specifically says they can quit with no notice at all.
As for advantages, there are no advantages. Two people working normally accomplish a lot more because they don't spend a quarter of the time looking at the clock and thinking about how much they hate the person who hired them, then burn out in a few months. The only time where it helps to have one person paid really highly for really long hours is when they have especially rare and needed skills and you can't find a second person who knows what they're doing or if you do, it would take too long for them to ramp up on things. That's not Twitter's situation, so they're just going to get a slight performance increase for about three days before their engineers start slowing down for survival and to make time for the many interviews they're undoubtedly on.
You're going to need to better define what losing means. Since Twitter's now his, the only ways he couldn't survive at Twitter is if he sells it (good luck finding anyone who wants to buy it now), gets it taken off him in legal charges (not likely and they would take forever), or dissolves it (which also takes a while). However, he could easily destroy it within a Truss. He'd still be the owner and operator of a thing called Twitter, but depending on how badly he manages to screw this up, it could be unrecognizable. I wouldn't have expected it to be that fast, but the number of things he's broken in a couple weeks suggests I gave him more credit than he deserves.
"Does the app refuse to operate if it can't grab your contact list?"
That'd be an easy way to do it. Anyone who installs this in the first place is willing to accept dodgy software in return for getting into the events, so how many will cheerfully install and activate the app but balk when it demands access and won't work without it? They might not even know about that until they install it in preparation, having already paid for their Qatari lodging and whatever tickets you need to attend.
You're correct about it continuing to spy on you, although I'll point out that you wouldn't need a full rootkit unless the user did a factory reset of their device and a lower-level exploit that doesn't change the system partition would withstand an app uninstall. I don't think they will use either, though. Still, they will be able to collect a significant amount of information while it's running, so even without a beachhead on the device, there's information about you which can be used to drive further attacks if they're motivated to do so. If I scrape your device's common storage and any data I can get by making the user accept permission requests, that's useful in targeting users later or selling to interested parties. I'm not really sure what Qatar would actually do with it, but it's not likely to be good.
I think Microsoft should and probably will lose this fight as well, but some of your accusations are a bit weak.
"At least now we know it [the acquisition of GitHub] was simply to make the theft of all those resources easier for them..."
Come on. It's publicly available. I can clone all of that. It doesn't take an expensive ownership and operation to point a downloader bot at the site and start cloning all the repos meeting some criteria. If that was their reason, not only did they start their evil plan years before they started using it, but they've come up with the least efficient heist ever. This suggests their reasons were probably unrelated, given that they can and did get training data for copilot from locations they don't own.
Why, though? I think it's aged well, with modern articles still being relevant and enjoyable. If you don't like it, I'm curious what you see as changed since you appear to have been a fan for quite a while. The most logical complaint I can guess is that it got repetitive, but I find that the articles are a lot less repetitive than certain comments advocate (those people who think someone needs to be killed in every episode, for example). I could see some ways it could be taken in a bad direction, but I don't think those have happened or are likely to as long as Simon remains in control. Your question implies that you have critiques, and I'd be interested to hear your views.
The solution to this is to have the tech people from both sides do a preliminary examination of what will be needed. Don't let sales just write a contract without knowing what work needs to be done or what money needs to be paid.
It's an issue in either direction, although the example in the article is usually worse because it indicates that the business is one of those whose business plan is hiding charges from customers until it's too late to change course, which is justifiably hated. I presume there are contractors who use that as their business model (I've not had to run a transfer like this, fortunately for me), but I've certainly seen other businesses who take advantage of this tactic. The ones who quote you a price, and you find it acceptable, and the legal paperwork that you get to see doesn't mention other costs, but when you're just about done with that, they bring out the other fees.
That is probably more common than not, but I am a fan of open-ear designs for some cases. When traveling outdoors, I prefer not to obstruct my hearing when it could be important for safety. When working closely with a small group together, I like being able to hear if a discussion starts so I can take part (although this is less common than working next to people who I don't want to hear). There are also other occasions where having the ability to hear the world around me and the feed from my device simultaneously can be important or just desirable.
I imagine the loud music does get people to drink more given that all chance of useful conversation is annihilated, but in my experience, it also deters repeat visits as conversation is one of the nice parts about going somewhere with friends or colleagues. If I'm enjoying myself, I'm more likely to want to stay and keep ordering things.
They're not likely to leave the baby in there after it's born, you know. As for the mother, it is a place for them if they're convicted criminals, and she is. Pregnancy isn't an escape mechanism. If the prisons don't have the ability to look after someone with those medical needs, then they're either not intended to and she'd be sent to one that has the required facilities, or the prison isn't fit for purpose, but in both cases, that's a possible problem with a particular prison, not a reason she should be exempt from anything.
You won't get any arguments from me about the people who gave her money being dumb; there's a reason she got no investors who knew anything about the industry. The rest of your claims, however, are complete rubbish.
She was a student when she recognized the existence of a problem. She didn't have any knowledge of how to accomplish what she wanted. It's like me saying "I've discovered that it takes a while to fly on planes and faster ones are really expensive. I know, let's build a cheap faster plane". That's all well and good, but I don't know how to build a cheap faster plane and she didn't know how to build a blood testing machine that worked on smaller samples. After trying to build one and recognizing that she didn't have a clue what she was doing, she started lying about it and submitting fraudulent documents to investors to steal their money, knowing the goal was not being achieved. Until that started, she was just stupid, not a criminal, but it only took a few months to make the switch.
"Cybercrime losses are exploding because of the ease of transmitting ransom payments across borders."
This is your problem. You see cyber insurance as paying ransoms, which sometimes happens, but that's not what it's mainly for and that's not what causes most losses. That insurance pays for a lot of things other than ransom payments, and some policies have been sane enough to prohibit paying those at all. They pay for recovery from damage. They pay for investigation of an incident. They pay for losses like having to pay for credit protection or liability for people whose data was stolen (theoretically). These things will not be stopped or shrunk meaningfully by stopping ransomware, and banning Bitcoin also won't prevent the most damaging ransomware either. You are looking only at one aspect of the problem and come to inaccurate conclusions on your limited understanding.
Not exactly, though there are parallels. As the comment was written, it was a "we should ban assault rifles and there will be no more violence" argument. That is false, and using a lie to make an otherwise functional point harms an argument very badly.
I'm not going to argue a position on guns, as it's not relevant to this conversation, but the point with guns is that there are uses for them other than committing murder, and one has to balance those uses against the benefits from banning them. That can result in "no guns at all", "all guns at all times", or somewhere in between with specific types allowed and others not. The same applies to cryptocurrencies or anything else you name, since every item will create harm to somebody in some way. The general point is not viable (we could prevent the need for cyber insurance much more effectively by banning computer networks, but if I argued that we should, you'd reject it as the unworkable plan it is).
The argument was based on a fallacious statement, suggested a plan that is not viable, and did not attempt to address the ramifications the plan would have if implemented. I contend that it is simplistic to the point of incorrectness.
I disagree. They definitely need to mature. Insurance has to calculate risk. That means that, for example, many insurance companies won't insure a property that's been smashed by the same natural disaster several times, is at high risk for another one, and has no precautions taken for when that happens. They've calculated that they're likely to have to pay for a very expensive repair and that nobody will pay a premium that would pay for a new house every three years. This doesn't please the owners of that property, but the insurance companies can decide whether they're willing to take the risk. They need to apply similar logic to whom they'll insure for cyber risk and what they'll do for them.
The most famous occasions have been ransomware, so I'll use that as an example. If the insurance company plans to insure a place for ransomware damage, they should probably check whether there are backups isolated from potential attacks, what restoration would look like, and the likelihood of damage that the backups won't handle. That makes a major difference to how much recovery is going to cost. They also have to look at the attack surface and internal security standards to at least estimate the risk of a successful attack getting started and spreading. Maybe they can also consider that paying a ransom is a bad idea which only increases the risk and stop doing it. This is how you do insurance-companying, and if cyberinsurance can't do the calculations that most other companies have, they deserve nothing from the rest of us when their acceptance of stupid risks lands them in bankruptcy.
Yes, if only we knew that doing that would prevent any kind of cyber incident back in 2009, we could have stopped it in its tracks. After all, there was no computer-based crime in 2008. Criminals also have no way of exchanging money except for cryptocurrency, so that's another ill of society that didn't exist back in 2008. I'm glad you're here to tell us the easy answers.
Cyber insurance covers (or claims to cover) a lot of things. Eliminating cryptocurrency wouldn't even stamp out ransomware, but if it did, there would still be problems.
You misinterpret the law. Sending stolen money over a wire isn't wire fraud. It is theft. Wire fraud is transmitting messages related to a scheme to defraud someone, whether successful or not, and other crimes may be in play if you successfully get something from them. The wire fraud charges are related to using false pretenses to get a system to send money you aren't entitled to, and they would apply even if the system didn't send it, for example if a manual review caught it.
Usually, they mean that all the interfaces are on the one board. Even if you don't have a graphics card sticking up from your motherboard and you're using only a M.2 disk that's mounted directly, you probably have an external power supply needed to convert voltage for the system and at least some of your ports are external to the board. If I'm being particularly picky, your RAM also probably runs perpendicular to the device and those look like boards too. The SBC label is less "there is no second board" and more "everything is on this one board".
"That much cash will buy you many, many, new friends."
That's probably true, but I don't think I would want many of the people who would participate to be my friends.
"And how many of your family would visit you in jail anyway?"
Well I was thinking that the alternative was to not steal the money or to do a better job of laundering it where you want to live, so I wasn't suggesting a life hiding from extradition is worse than imprisonment. There are a lot of cases where the restricted but luxurious life would be better than the expected alternative, but I imagine the restrictions to be annoying enough that people don't want to jump to it as their first plan.
But do you really want that life? Yes, you can afford a life of comfort and luxuries in the place you found, but you can't go back to where your friends and family live. You can't go to many countries because they could extradite you. You are limiting yourself to a few countries, and you don't even tend to have the freedom to travel between them because they're spread out. Many such countries tend to be unpleasant (sure, Russia is a place where you can probably hang out without extradition, but your ability to buy all the stuff you wanted wouldn't have worked out too well as sanctions were applied and Russia started limiting transfers across borders).
I'm curious why you think downvoting a post about Google Play's organization has anything to do with Microsoft. The correction was accurate about what could be done, although not very useful to the greater point about removing malware that Google didn't bother to do proactively, but whether you think Google is terrible about malware or the best source of software is independent of your views about Microsoft.
Intel is pushing you to other vendors exactly how? The article suggested cutting NUCs, but Intel didn't say anything of the kind, so if it's about wanting future supplies, you have no reason to think you won't be able to get more. In addition, the benefit of using a NUC-style device using X86 is that, if they did cancel them tomorrow, you only have ten other companies making small devices that can boot the same OSes and run the same programs.
You also suggest that you don't have much experience with alternatives. For example, considering Raspberry Pis for, in your words, "running VMware and any other Hypervisor solutions". That's not a workload for which the Pi's going to shine. And that's if I'm charitable and assume that the VMs you want are light on resources and don't have any CPU emulation required.
You can think that, but it won't be right. Contracts are complex things. Signing a contract that has a non-transferable clause means that, if you want to transfer it, you're going to pay some more. Double payment isn't in the law as forbidden, especially as any lawyer could easily argue that it's not double payment, Nuvia paid for the restricted license and Qualcomm has to pay to remove those restrictions. Similarly, if the judge decides that ARM's in the wrong, the judgement would be that Qualcomm gets to use their license and likely that ARM has to pay for Qualcomm's legal bills, not that ARM's IP is stripped from them and their business model is now effectively illegal. Courts and contract law don't work like that and they never will, no matter how much you might like the outcomes if they were.
"Qualcomm are alleging that Arm are intending to change the way they do business. That's got to have been a decision made by Rene Haas. Why would that be a difficult thing to admit or deny?"
Maybe because they're big complex contracts tailored to the specific parties each time. They probably change them often in negotiations whenever they expire or need adjustment because a signatory wants to do something the contract didn't cover. If ARM made a statement like "Yes, we are going to change the contracts, but not like this", someone would be there to argue that they're clearly planning to do exactly that. If they say "No, we're not going to modify the contracts in that way", then when they make some other alteration, people would accuse them of the same thing. They have to respond quite specifically to the things they're accused of, and since their response is to a document submitted as part of a legal case they're in, they're not likely to be quick and careless with that response.
I like the idea, but the risk is that people start trying to claim that reward for things that don't deserve it. These incentives have gone wrong before, so you have to have a measured and well-tested approach before you do it. Also, you need to assess enough fines that there is something to reward them with.
For an example of the way this ends badly, several religious trial systems, where people weren't guilty of any real provable crimes (witchcraft, a religion the government didn't approve of, etc.) were run on the basis that the accuser would get some of the property of the victim if they were proven guilty. Since such trials were performed using the "torture them until they confess or die" tactic, they got a lot of guilty verdicts which meant that accusing someone who didn't have an unusual way to hit back at you was likely to earn you a chunk of their property after they'd been tortured. When this incentive was removed, there were a lot fewer accusations. I don't expect governments to run reports of criminal activity like that, but still where there is an incentive, someone will try to get it without having the requirements and the system will have to plan for them.
I'll bite.
"It's not 'spyware', they're completely open about their data gathering."
No, they're not. They're completely open that they collect data, but what and how and what you get a choice about, they're not clear at all. They've gone to lengths to hide their data collection and circumvent or ignore methods users use to block them, including methods Google put in. For example, the fact that they included switches for location tracking to imply you could turn it off but only respected them if you turned off all the ones in different places.
"And, obviously, there's nothing wrong with giving them the data that means you get a much better experience."
What better experience? I don't get more useful search results. I do get ads tailored to something they think I want, which just means that I get the same unwanted advert instead of different ones. The only thing I can claim to get is free or cheaper software, and I don't buy that in many cases, such as when they put Android on phones and get paid well by the manufacturer for their API licenses.
"What on earth is the downside?"
The downside is that I don't want them to have and sell it and I don't want others to. These are separate issues. If they have it, there is the possibility for them to get breached and then others have data I didn't want to have. Not giving it to them prevents that option. I also don't appreciate information about me being sold to other companies who might have other motives for having it, and none of which I agreed to. Even if they don't use it at all, I just don't want them to have all this information they don't need, for the same reason that you'd probably get a bit annoyed if I stood in front of your house filming it and taking pictures of you every time you left the front door. Sure, it's not doing any harm as far as you know, but it's creepy.
"It's a bit like complaining about your accountant wanting all the details of your earnings and expenses: they can't do the job you employ them for without it."
No, because as you pointed out, they need that to do what I asked them to do. Google does not need my browsing history to perform searches and show me ads, but nevertheless they will collect it if I let them. Since I don't even use Google search, they don't need my data for anything, but nevertheless they try to collect it.
"Right to work" in the US is a legal phrase that actually means "right to fire you"
For example, Florida is a "right to work" state as well, meaning they can pretty much fire you at a whim, except for narrowly protected things like age/race/gender discrimination.
I think your mixing up two terms. Your definition applies to "at will employment", which means that there are fewer restrictions on why an employment contract can be terminated. "Right to work" isn't the same, and generally means that a company cannot require its employees to be members of or financially contribute to a union, as opposed to states where employees can choose not to participate in union activities but are still required to pay for union representation if they are employed at a unionized location. You can have one of these without the other, so it's useful to know where one ends and another begins.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
