Posts by doublelayer

Re: We know it has no future

Power in El Salvador is neither cheap nor always environmentally advisable. Perhaps fortunately for them, a lot of Bitcoin mining isn't done there. I will grant that they do generate a large amount of renewable energy. Unfortunately, that is not enough for their demand. They burn hydrocarbons for a lot of their power generation. They use hydroelectricity, which like most countries in the region is seasonal such that in the dry season, there is often a need to limit power usage as the hydro plants aren't generating as much. They are also a net importer of electricity by a large margin (imported about 11.9 times the power they exported), opening them to the environmental consequences of the methods the countries around them use to generate the power that they import.

"BTC is unique among "cryptos", in that it's limited, decentralized, unconfiscatable."

Come on, there's a whole bunch like that. Not all of them, certainly, but if you want to sell the benefits of Bitcoin, lying about its uniqueness is not a good start.

That's true, but it's going to happen anyway even if everything was open source and free. People just don't agree on what the best thing is. We have a lot of languages that are freely available, for example, but that doesn't prevent people from rejecting them and making more, or for that matter rejecting anything released after 1990 and complaining that anyone who doesn't hand-code everything in assembly is just lazy. We could do a lot to create a unified standard for basically anything, but it's not going to be universal no matter how much effort we put into it.

For a direct military response, where would you have them strike? A lot of ransomware is individual criminals working remotely. Would you have their houses destroyed from above? Their neighbors would not approve. Even when a country ignores their actions, they aren't hosting them in a location that can be targeted. If they did and someone attacked it, that would be an act of war. Since they don't, it would be an act of war and a war crime at the same time. Perhaps a bit extreme.

For a hacking response, I don't think there's anything preventing someone trying to hack the systems used by criminals. The authorities are unlikely to arrest someone for doing it, in large part because the criminals are unlikely to report the crime to them. Providing support for such privateering, on the other hand, would lead to similar complaints that the supporting government is also helping criminals.

I think some harsher responses are justified, but these ones are risky or unethical.

Re: Touch is enough

If it hadn't been the broken one, I would have asked why they left something really tiny and sensitive somewhere where anybody could pick it up, and therefore any accidental movement by people, objects, or even the air could cause expensive damage.

"thus /user became /home ... except in the appleverse, where they "simplified" it to /Users (Caps in a system directory name? WTF‽‽‽)."

I have to ask. Why is that a problem? I distinctly remember you defending the case-sensitive filesystem a while ago (I was too), so you don't seem to mind having capitals in some filenames. So why must a system directory be lowercase if other ones can be uppercase? When I use Mac OS, it's a little annoying so I would prefer lowercase, but I don't think that's a firm rule. It also allows them to use PascalCase for multi-word names, which is probably why they're doing it.

Re: From memory...

It depends on the contract. The employer had turned it down, so most likely, they have waived their rights to have that project (if they had those rights in the first place). So on the face of it, you're probably fine. This is contract law though, so that's not good enough. Here are a few reasons you could still be restricted:

1. If the project competes with their products, they could have a clause restricting competition. You couldn't distribute the project without angering them.

2. If it used information they considered proprietary, from common code to knowledge of an algorithm, they could claim that your project was violating IP rights they held and sue you for that.

3. If the contract says that they get ownership or first right of refusal over your external ideas, then you have to make sure that the right person turned it down. It's not enough for your manager to say they don't want to use it. Often, there will be a separate person who needs to agree. You really want to have the acknowledgement that you can develop it without them taking it in writing, stored on your own equipment, and unless really obvious, reviewed by someone at least familiar with contracts.

I suggest three alternatives more plausible (to me at least) than that the NSA and its ilk outsourced something we know they like to do themselves. In increasing order of likeliness:

1. Israel supports them (obviously), so asked for a few countries to be left off the list unless they do an additional review.

2. When they were claiming not to do any business in the U.S. to avoid a lawsuit, they added it themselves to use as an argument.

3. They're lying and no such exception exists now or ever. These are criminals who aren't in court, so nothing prevents them from tossing out falsehoods.

Re: Why wasn't THE major problem mentioned here?

This is very true. I have no doubt that there are people who think renting is a great way to handle every asset, but the comments alone make it clear it's not 52% of people. However, I can explain how the vote got that way. Here's a list of what not to do next time:

1. What hardware? Some people interpreted it as only servers, and therefore being a debate on cloud versus on prem. Since some articles mentioned desktops, this wasn't the only argument. This is a basic detail of the premise that the debaters didn't agree upon, so how could the readers know what the topic was?

2. What's the actual disagreement? Renting hardware is just bad in general? Because the debaters covered lots of different reasons, most of them completely ignored by others. A narrow debate like "Renting hardware is better for the environment" is clear, but a general one works well enough if you make the debaters talk about it in general. As it was, only Tuesday's article mentioned the environmental impact, and it didn't mention anything else, so it makes it seem like that debater was addressing a different proposal than everybody else.

3. One short statement on what the debate was. As it is now, the proposal is a paragraph of background that doesn't necessarily state an opinion. The debate proposal should be a simple, non-compound sentence that clearly states a point. Ideally, the sentence is so simple that the insertion or removal of a "not" clearly indicates what the against side thinks. In my opinion, you should also replace the for/against voting buttons with this sentence and its negation. In this case, the proposal could have been "Renting desktop equipment is a bad decision". The negation would say "Renting desktop equipment is NOT a bad decision". Unless it wasn't desktops, see point 1.

4. A little less necessary, but have the debaters respond to one another. We heard four speeches and now have to vote, but a lot of debates allow the debaters to make their addresses, then ask one another questions, then summarize what they think best supports their point. I think that's helpful.

5. Either allow people to change their votes or hold voting back until the arguments have ended. Again, this is more an opinion, but I think it helps make sure people are reading more than one article before casting a vote. When I vote on these debates, I tend to wait until Thursday to do it because sometimes the against side argues a point that I didn't think they would, so I no longer support them. If I disagree with Monday's article and vote against, that doesn't indicate that I support Tuesday's point.

Re: Er what?

"There's no need to break it [Nextcloud] on purpose, it will get broken anyway just by updating the APIs without telling anybody."

No, because Nextcloud runs their own service. They don't emulate OneDrive, so if Microsoft does change those APIs, Nextcloud will be unaffected. Windows does change, and it's the duty of any company making software to run on Windows to read the updates and deprecations so their software keeps working, but as companies go, Microsoft is pretty good with backward compatibility on such things. Can you point me to a single example where Microsoft broke Nextcloud's integration, intentionally or not?

"Microsoft breaks their own products all the time, so I don't understand the responses here that they wouldn't break a competitor's product, because they wouldn't do anything illegal, because it's not the 1990s anymore, because ... oh shut up."

Break your own product and your users are grumpy. Break someone else's product by accident, and people are still grumpy. Break a competitor's product on purpose, the competition authorities that care (which does include the EU's) can hand out a fine in the hundreds of millions, which they have done before. That's why they try not to break the law.

"What NextCloud wants is an open and stable API as a contract between Windows and client software that doesn't favor Microsoft's own client software."

And does what, precisely? Because most of the Windows APIs do that already. They have to be specific about what they think Windows is doing to negatively affect them. The only thing I can see at the moment is that OneDrive is present on all Windows installations, which they can argue is harming competition, but it's pretty minor. If they did something to prevent Nextcloud from working, the situation would be different, but they haven't and no APIs exist which give OneDrive powers that Nextcloud can't have.

Re: Two unmentioned benefits

Both those benefits are real, but I don't think they really work with this debate. Those are reasons that the cloud product could be technically superior than physical servers you run. These articles were talking more about rental or ownership of hardware. Some of the articles only talked about desktops, and even when they were talking about servers, they didn't say they would necessarily be running in a cloud provider's DC. While the debate isn't clear, I'm taking the arguments as including desktops issued to staff--three of four articles have unambiguously included mentions to them. In that case, the topic is much broader than "Use cloud" and I must answer the poll accordingly (I voted for because I think desktop rental is in most cases inefficient).

Re: Debate scope is vague

Exactly. It really changes the point of the debate what hardware is included in this. For example, renting some infrastructure, such as servers in a cloud provider's DC, can make sense because it's easy to change how much you have. If you need more servers today, you start renting them then, and when you don't need them tomorrow, you shut them down and stop paying immediately. The article, however, seems to focus on desktops. Those are less likely to have such a spiky profile and renting could come with a variety of complications. If you have a rented desktop, who puts in a new disk if the original fails, who images it when it changes hands, and who decides when it's old and will be replaced? I could see it working somewhere maybe, but there are so many ways I can see it failing badly that I would be very cautious.

Re: Disappointing

I disagree. Look at the article. Yes, it's fiction, but the person was not dissuaded by logical questions. That happens in real conversations too, although often in a different way. They don't see how illogical it is to assume every doctor is secretly on board with an evil plot, so asking them why they do it, what the goals are, how they possibly manage the logistics, all lead you into a loop. Worse, if someone else is watching the conversation, the idiot is stating all nature of lies to bolster their point, and I'm not allowed to point out the inaccuracies because it makes me too smug, then the observer sees a knowledgeable person with all these anecdotes and the stupid supporter who can do nothing but ask for details. The liar is happy to keep providing those; their original anecdote was a lie, so they won't mind piling on some more.

Take your own example. If Galileo had decided to counter the prevailing theory only by asking questions about it, he would have gotten answers. The geocentric model wasn't only supported by stories from religious books. It also had a lot of work put into understanding it. For centuries, people had been observing objects' movements and making models to explain those movements using a really complex series of geometric orbital paths around the planet. Those models could correctly predict the movements of the objects quite well, until they couldn't, when they would be changed to account for the problem.

Had Galileo asked questions, he and any observers would have been presented with thousands of pages of rigorous, precise, meticulous, and mathematically accurate calculations showing how everything circled the earth. The only problem is that all that correct mathematics didn't work with the real physics going on. It would have been one questioner against centuries of provable effort and he would have been ignored with ease. He had to say "This model is wrong, I can prove that it's wrong, and I can prove a replacement". Doing that meant that others could verify that the inaccuracies he found were real and that they could similarly verify what he thought. That is what he needed to do and he did it.

Re: how about "Cryptography means Cryptography"?

The cryptography is both integral to the concept (not bolted on as with many other systems) and differentiates it from the previous currencies. This was an intentional design decision in the initial cryptocurrencies to make it impossible to have a central authority, and the initial designs and arguments for it indicated how important this feature was to the concept. It's really quite different than some other system that uses SSL for security of communications.

Re: I sense this is not going to be a popular opinion...

If you're still uncomfortable based on your points from the first comment, then your discomfort is based on a misunderstanding. Apple never said what you think they did. Maybe you will also dislike the argument they did make, but you do have to understand the argument they're making so you don't assume they have exerted an ownership or control right that they haven't done. When they have implied that elsewhere, most recently in their App Store monopoly case, I have agreed with you and opposed them. That's not what's happening this time.

Re: modified COTs equipment

"So if the testing requires less blood wouldn't this be mentioned to the operators, if not then it's just more blood being flushed out at the end of the cycle."

That's what they were going to be selling. Unfortunately for them, it turns out the original machines used more blood for a reason, and their attempts at diluting it made the results unreliable and worthless. They didn't like that, so they lied to pretend it worked anyway.

"Admitting in court that secret changes were made will likely bring the FDA into play with whole new set of charges"

They never got FDA approval. The FDA kept telling them they needed proof, and never got it. More lies were told about that though.

Re: There is a big difference...

I am observing the legal concerns of the half of the problem this discussion is about. The malware affected user's devices, not data in transit. If you want to discuss something unrelated to this discussion, maybe here's not the right place.

No, they wouldn't be. Most standards do not have the weight of law, so holding an election for the technical expert who will cast your country's vote is just stupid. Even for standards that do have a connection to laws, the local country should make those on its own--we allow each country to decide what it will view as crimes rather than letting the biggest countries decide it for everyone. Nobody is arguing that China should be excluded from making standards but instead that it should be done with caution because some of the attempts are organized for reasons other than technical superiority.

Re: Questionable value for money?

People generally don't choose whether to follow a link based on its TLD, but when they're selecting the domain they're going to use for their project or organization, they try to get a memorable one. We all do this when setting up our own domain names--we want something easy to remember, relevant to the service, easy to type, etc. .tv is popular for doing that for video services, and often because a lot of .coms are taken by squatters. The people using the TLD would care if they knew, and given that .tv accounts for a healthy chunk of Tuvalu's GDP, their population should also care.

Re: Keep him please.

Point 3 is classic victim blaming. People don't know that SIM swapping is so risky. Maybe the technical systems should be changed so it's safer, so it's not their fault. Maybe we need to tell more people about it. As for keeping millions that way, it added up to millions, but you don't know who they stole from. In order to get there, you can bet that they were taking large amounts from each victim, likely most or all of what they could. So it really is the same as "Cf. a doddery pensioner being bilked out of their meager life savings through phone fraud."

Point 2 is irrelevant. This crime stole cryptocurrency. If there wasn't any, they would have attacked other investments or bank accounts. SIM swapping attacks go after those all the time, using similar methods, with similar effects, cryptocurrency absent.

Re: Boot … reboot … dual boot …. FFS what year is this?

"conceivably with multi-cores, SOC’s etc. the BIOS could be written to allow 2 OSes to run at the same time accessing different SSD’s on the same machine flicking from one to the other with a keystroke."

They could, but that's basically putting a hypervisor in firmware. You could just run a VM platform on a normal OS and then you have less hardware worries since it has the resources of the host OS to use. It's done quite often on servers at the moment. You could boot natively to your main OS and run your others from VMs on that, or you could run something lighter as the host and run all your OSes on that.

Re: Not saving money?

"Lock in" means that you are in some way forced to use it, or at least that changing to something else is painful. If, for example, you use Microsoft's cloud services, you very well might be locked in because their database config can't just be immediately shifted onto your own equipment (if you only use their infrastructure, then you don't have that problem). Nothing of that nature exists with Office.

If you have an IT department that likes Office, and that's your reason for not switching, then that's not at all Microsoft lock in. They are using it because they like it and want to. If you have a problem with that, tell them not to or replace them. Microsoft didn't put them there and do not have any mechanism to force you to listen to them.

Re: Why are they even holding "passwords"?

Specifically how the passwords were stored. The article and their statement does not make it clear whether they hashed the passwords or not. Hence, they could be doing it wrong, but there is a chance that they did that part correctly.

Their broader security though, that they're definitely doing wrong.