Posts by doublelayer 9408 publicly visible posts • joined 22 Feb 2018
I don't think the cybercrime community cared all that much. They want to avoid a situation that seems dangerous, but a delay might be all they need to forget about that danger, assume it has gone back down, or remember that more ransomware operators means more chance that they'll get to collect part of the proceeds.
I don't know as I'm not in the UK. I was using the numbers the article talked about as quoted in your original comment. Even with the lower range, it's still somewhat to significantly more than the £20k-£30k range with which you've equated it.
IR35 sounds restrictive to contracting roles, but starting a business doesn't just mean taking contract work. If you want to take the risk related to a business, you could make a business that sells products or services in a more general way--as I understand it, if a business buys your service rather than you tailoring your service to their contract, IR35 isn't related. It sounds as if you only plan to start a business in order to take a contract role, which is fine, but then your complaint is squarely on IR35 and not on the level of pay.
Your numbers don't really work, and your conclusions are extreme. If you're in the £100,000 to £150,000 range, you earn a lot more than £30k. It's not just filling up pensions, which those earning £30k will not be able to do so well, but all the extra you have afterward. That is the kind of money many will never get, and I'm guessing you haven't lived on lower wages for a while.
As for starting your own business, you have options other than contracting. If you open a business that does something other than look for contracting roles, IR35 won't restrict you. Your savings from the higher salary should help ease the start of such a business. I'm not in the UK, so I'll leave the discussion of how restrictive IR35 is to others. You have the freedom to change roles whenever you want, the money to make changes in circumstances easier to handle, and skills which earn you in a high income bracket. Whether or not you feel the large and wealthy employers are paying you enough, you have a lot of power that others don't have and you could use to your benefit.
That is only creating a false equivalence between three options which in all respects are very different from one another. Apps which do not currently track their users could be sold, but not all of them will be. WhatsApp was built for easy communication, not privacy and security. Signal was built for privacy and security. Therefore, it's much less surprising to see WhatsApp sold than it would be to see Signal sold. Facebook and Signal, although both being apps, have very different privacy records and are likely to have different futures.
As for decentralized methods, you're correct about some of them being too technical for the average user, but not always. The average user knows how to email, and from a phone too. They can also download a frontend and log in; when using decentralized Jitsi as a videochat platform, people didn't have a problem searching for Jitsi Meet and logging in. Not all alternatives will be unfriendly to users.
The history issue is why I prefer to use apps that don't store history. I don't think Signal, which was founded by people interested in privacy, is about to sell out to Facebook or someone like them. If they do, I will drop the app. For a similar reason, I dropped WhatsApp when Facebook started announcing their plans to take it over (though I didn't use it very much beforehand).
There's other options which can't be taken over. Email, for example, is just a set of protocols. You can communicate worldwide using it and Facebook can't buy the system. Facebook is in no way required to communicate internationally.
It's context: evil was the shorthand for being risky to use. It isn't risky to use for the reasons I explained in my post. Your idea that the U.S. might use it for extortion doesn't make any sense; if they deny exports of chips, then all China needs to do is start using their own manufactured chips (or those manufactured in countries other than the U.S.). Which ISA is used is of no importance in it. Encouraging local chip production because the U.S. could make chips more expensive is at least a logical plan which they have done. Invent a new ISA because somehow the U.S. will restrict them from understanding or implementing X86 is poor reasoning.
"The US is restricting technology exports to China, so I'd say "CPU architecture as a means of control" is a completely accurate statement."
And how did you get from accurate clause 1 to proving opinion clause 2? Because they're really not all that related. They're not related for a few reasons. First, if the U.S.'s architectures are evil, then what's so wrong with ARM, designed in the UK (and a lot of other places)? Chinese manufacturers have been designing and using ARM chips for years without the U.S. controlling them.
But that's assuming there's something wrong with X86, which there isn't. The U.S. has been denying various technology exports, but chips are not among them. China can buy all the X86 chips they want. The export restrictions have not at all slowed the Chinese implementation of X86, most notably the efforts of Zhaoxin. Other companies can also do that. The U.S.'s export controls have had an effect on China's chips, but it's been in getting chips manufactured, not in their design. That issue is just as limiting for a Chinese-built architecture as any other.
The existing ISAs are basically open. While there is a technical license requirement for X86 and ARM, it can be violated without much difficulty; nothing blocked the use of MIPS in this architecture, after all. It's as if China tried to develop their own programming language because using C was too American; they can do it if they want, and it promotes competition so there's a mild benefit there, but their reasoning doesn't make sense.
I wouldn't count on engineering getting long-lasting credit for things. Especially if the people telling engineering what to do aren't engineers themselves, because they don't know when something the engineers have succeeded in doing was a real accomplishment obligatory XKCD. Some may be able to frequently remind others of an achievement and turn that into lasting reward, but let's face it, doing that is boring and most of us would rather do good work or interesting work than spend time and effort trying to remind others of good work we once did.
Oh, April days can be cold in the northern hemisphere too. Especially since the date isn't specified, so April 1 is entirely possible. A lot of places haven't really gotten into spring by then.
If you're asking though, it's the opening sentence of 1984. Not a very illustrative sentence for the rest of the book, but famous enough that people recognize it.
I think it was less obvious at the beginning. With their successful search engine, a non-evil advertising concept was available to them: target advertising to the search query, collect lots of data about how ads appeal to different types of searchers, and make money from that. Without having to collect the personal information or histories from people, they could still have used it to their benefit. I don't know whether they were hiding that from everybody or if it was their intent at one point, but an observer could expect them to take that approach until they unveiled their more invasive version.
I'd like to believe that, but there are three major objections to it working.
First, companies are often quick to ignore whether what they think works actually works. A lot of this data goes into advertising. Well, if we give them junk data, their advertising should be less successful, right? They will run a study and find this out. Except companies mostly don't like to do that and when they do, the advertising they already get loses a lot. If you like podcasts or are willing to read transcripts, these might be of interest. It demonstrates what happens when researchers try to analyze the success of advertising. Part 1: television advertising, Part 2: Online advertising
Second, creating fake data isn't easy. In order to have a fake location report, you have to set up several things on a device which ordinarily tracks location, then set up tracking, then hide other information which can show that you lied. If you report a fake location in Michigan but you're actually in the UK, your local time zone, IP address, and path you took to the reporting server will all indicate the data's wrong. Fixing that is expensive and complicated. And that's if they don't think about the fact that a device generally moves and your fake location probably doesn't. Getting your fake location tracker to make the reporting device appear to move without phasing through Michiganian walls is quite a bit harder.
Third, while the results of the data collection may be unreliable, the companies have an interest in collecting it for some reason. I don't know if they have found an evil plan that really benefits from having it, but if they haven't, they're working on it. They can hire some people to clean the junk out of the system. Unless everyone is doing it, there will be signatures they can follow and a lot of software can ignore the small amount of noise we can create for them. They probably won't be courteous enough to tell us that our fake data has been rejected, so we continue to use methods they can filter. Doing it in the hopes of slowly bringing their data collection down is probably a waste of our time and resources.
In fairness to them, these for/against labels don't always work very well for the statement. In this case, the opposite statement appears to be "The pandemic improved the status of IT workers, but only while the pandemic stresses continue". However, other possible opposing statements are available, including "The pandemic did not improve the status of IT workers" or the much less interesting "The pandemic improved the status of IT workers for a moderately long time but not forever".
Other debates using this structure have at times either posed a statement that the debaters didn't argue, or used a compound sentence only part of which was covered. The poster is not the first to have found them vague.
"That was their point. What's yours?"
As both of the original posts have now been deleted, I can only guess at the differences. From context, I'm guessing their point was that, as a contractor, the poster should expect temporary work and therefore that losing the position when a task was complete is not reflecting disrespect on them, but rather a typical contract expectation. If the contract was dropped at a renewal point, as opposed to being terminated unexpectedly, it is an easy point of separation for all parties which they can all expect and plan for.
And system state files which the system needs to modify during operation would go where? And updated images would be installed how? If this bug was in place, it wouldn't mind about signing because the script that was executed would be signed, the payload would not be in the signed image but would get executed anyway, and once executed it could disable the signing check because it has control over the system image.
In fairness, those are two different things. VR is taking a videoconference, making it full screen, and blocking out the rest of your vision. AR is keeping your vision but adding stuff. I can see a few potential uses of AR to add information to a physical location, whereas VR is just a screen in a different shape which doesn't sound very useful to me.
It's a class action, meaning that if they win, all shareholders can elect to receive a chunk of the settlement. That chunk will be worth less than the postage to deliver the communications about it, but everyone has the option to get it. If I was a shareholder, I wouldn't like it very much, but as someone who doesn't like Facebook, I'm happy if it causes them to lose some money.
The point is to add performance for concurrent tasks. Consider AMD's chips. They're showing much higher benchmark scores than comparable Intel ones. Why is that? Individual cores don't run a lot faster than Intel's cores, although in some cases there is a difference, but one major difference is that AMD's chips have a lot more cores available than the comparable models. AMD laptop processors can have 8 cores/16 threads, whereas even the highest-end laptops using Intel usually have 6/12 or 4/8. The same is true with desktop chips.
Having eight fast cores is expensive, and if the user doesn't run compute-intensive things all the time, they may go unused. Intel's thinking in this case that many users will benefit from extra cores, but mostly so the compute-intensive stuff they do run has less competition. Instead of having to provide a lot of fast cores, they could instead provide some fast cores as they have done and add some slower ones to take background tasks. That would give people a similar level of hardware parallelism while keeping the manufacturing price lower. Whether that convinces manufacturers is yet to be seen, but it has been demonstrated as useful in mobile devices and by Apple, so it's not so unusual an idea. If it works, likely AMD will do similar.
Depends how much swap space you had. The Pi usually doesn't want to swap at all because a lot of them just have the SD card, and using a section of that for swap is likely to kill it. You can of course use something more reliable for swap or override the configuration and take the risk, but most users will stick with the normal configuration and therefore can only count on the RAM on the board.
"It'd be great if it had a standard male HDMI header (to just plug it right in to whatever)"
If it did that, they'd have to move it to a different place on the board because otherwise the screen you plugged into would block the power and data ports. They could move it to a short side, but then they're just making a TV stick and not everyone wants that. If you use a short HDMI cable, you can get the same thing and have it flat against the back of the screen (standard thermal problems apply, but the original zero doesn't run very hot).
You can try, but as I have no clue what you're talking about, it probably won't work.
For that matter, what are you talking about? Extending software support harms safety? Allowing people to use repair parts harms safety? Recycling electronics harms safety? Generating waste electronics helps safety? Generating more revenue for manufacturers helps safety? Talking with you harms safety? What argument do you think you're nullifying, and does it even have a safety element?
He's quite correct: it could be crowdsourced. It wouldn't work and would be even worse than the alternative, probably, but it is at least a possibility.
Wikipedia's great, but not every article has correct and up-to-date information all the time. He should know that, but based on the various other things he's talking about, I'm guessing he has more expertise in authoritarianism than in how the internet works even from a user perspective.
You are correct. Bitcoin and many cryptocurrencies like it are not at all anonymous. They are only pseudonymous. Law enforcement and private companies have systems for tracking transactions in it. There are some cryptocurrencies which use more complex mathematics to be anonymous, but they are often less popular.
"What I never understand, is that if this is true, how can entire bitcoin depositories be raided (digitally) and they lose millions of $ in Bitcoin. Surely if this is all traceable then stolen bitcoin can be identified, and then treated/recovered as stolen goods."
Here's the workflow. An exchange stores its coins in a wallet. A good exchange uses a bunch of wallets, just as a bank uses multiple vaults in different places. A bad one may only use a few ones containing all the value. In order to transfer coins for the customers, the private keys for the wallets need to be on a trading system; if you use humans for security on each transaction, the exchange doesn't get customers because it would take hours to start a transaction.
If an attacker steals a private key to one of those wallets, they can authorize any transaction from it. They do that and transfer all the coins to their wallet. The problem now is that, although the blockchain tells you where the money has gone, it doesn't tell you who controls that place. A wallet address is just a cryptographic value. Setting one up is anonymous and takes a few seconds. Anyone can watch that address to see what it does, but they can't just take the coins out. If the thief uses the coins in some way that identifies themselves, law enforcement may locate them and force them to turn over the private key. If they take efforts to hide where the coins are going, they may not be located.
Stolen cryptocurrency may be converted into other types which are harder to track. It can be tumbled, which means that a system will chop up the value from multiple people and distribute it into a bunch of new wallets so you don't know who has it. It can be used to purchase things which won't report to law enforcement (E.G. buying stolen credit cards in order to use those to fund purchases). In those cases, the problem is identifying who has the currency.
I doubt that very much. Some social engineering helps in penetration, but you still need to know how to do the various other things involved in testing. For the media understanding of pen-testing (hey look at this story of a security procedure failing) he could probably do it. For the actual job of pen-testing (identifying the security failings which are most dangerous for the institution and finding ways to start to solve them) he would probably not have the required skills yet.
That will stop them (if they haven't already done what I'll say next) for about two days. Since they already have a bunch of victims, if you find their C&C, and it could easily be outside Russia and if they're Russian it probably is, they could make their bots do it. By distributing C&C across several bots and giving each one a few options, they prevent their whole system, worth quite a lot to them, from being disabled simply by disconnecting one key point.
Placing C&C servers outside the country in which they operate is quite common. If the attackers are Russian, they have a lot of choices of cloud or colocation providers elsewhere who won't notice if they host a simple server which occasionally gets uploads from a Russian IP.
People could block certain recipients quite easily. Especially when the gaps in the analog system became better known. There were tricks to get resources that you didn't pay for, often by finding someone else's resource unprotected. You could then use that to tie up one of the victim's lines. If you could get enough independent connections to close all of theirs, you could lock them out. Eventually, they would terminate your connections and you could race to reconnect before someone else did.
As for taking down the whole network, that wasn't as common. You couldn't call through all the lines available because they had different capacity in every area. Something to cut through wires would be more effective for a single area.
"Something else that has troubled Emsisoft, when it comes to ransomware publicity, is decryptors."
As a company which makes money from providing services to people who have been infected, it's unsurprising that they don't welcome free decryptors. They have a point that, if one gets released, it's likely to stop working when one of the criminals locates it. However, if the flaw exists in the code but the person who found it doesn't release a decryptor, then a user has to hope that the company they go to happens to have it. If they go to someone who doesn't, they will think their files can't be decrypted locally and are more likely to pay the ransom. That funds criminals when the reasons are even weaker than usual, and it incentivizes companies to find decryption options and hide them from others so they can get more clients.
This would make for an interesting debate topic. What do you think?
"WeChat's biggest risk is probably China's recent crackdown on "too powerful" tech companies."
We interpret that in different ways. I see that as an asset for them, in that if China knows it can subsume their operations, either explicitly or through threatening its management, they can use its monopoly to augment state power. A competitive market would mean that they would have to integrate several different companies, increasing the chances that something doesn't work or someone actually tries to make it hard. The operators are in their position because China effectively marked out a monopoly for them to enter, and they know they have no ability to resist, so they will likely remain valuable enforcement arms.
Apple, Google, and Microsoft do not run my financial system. Apple and Google offer payment systems, but they just provide the payment method, not all the other financial aspects. Also, I can easily avoid them, and I do. Similarly, none of those companies runs a transportation system; I use someone else's app on their platform for that. Each company does have a monopoly or oligopoly in a few places and each abuses it to some extent, but not to the level that the apps covered in the article do.
"The web goes through standards bodies of very hard working people from many companies,"
Many of whom come from Google and do whatever Google says. That's why we have, in addition to the open standards of HTML which don't change very often, Google's proprietary DRM system as a W3C standard (well, technically, a standard that Google implements, but it goes the other way). This despite several things:
1. It's not a standard. Google wrote it and doesn't give out the mechanism.
2. Google decides who gets to use it, and if you don't have their permission, it's illegal.
3. It's not even very good, but nobody can improve it, because Google doesn't allow modification.
They do the same thing with a lot of other ideas they come up with. They shove API suggestions through the W3C all the time, and then they usher those through after they've already created them in Chrome. This means they can say that other browsers aren't adhering to standards rather than that other browsers don't immediately adopt all of Google's code.
The standards bodies try to work on solutions, but they don't have many resources and nearly everybody there is there because their employer wants them to change the standard in some way for that company's benefit. Google doesn't control it, but they influence its direction and the others there are not there because they want to protect the standard, so Google doesn't have to go to pains to get them to agree.
Yes, that use case works well. My comment was about the uses from a browser as that's what changed and what some here dislike, and you can't do any of those checks from a browser. You could of course download the file with a browser and see whether encfs likes it, but I'm guessing you're using an automatic system which does it more efficiently and therefore don't rely on the browser for any FTP tasks.
Entirely true. Few attackers would go to that effort when they have other mechanisms. The only reason I brought it up is that it is a case where the data itself isn't sensitive but can still produce a dangerous result, and you'll note that it only is needed if two conditions which don't always hold are met, and if either is not met, it's a lot easier to inject malicious data.
You are sort of correct that almost all FTP traffic in use doesn't come under the use case I suggest. However, that's most of the traffic using FTP for transfers between known machines for known purposes. Most traffic from browsers is users downloading stuff, where the risk of an attacker is larger. Since this article was about the inclusion of FTP in a browser, not an FTP client, I was talking about that use case most of all.
"If someone has the skill, and most importantly motivation to hijack one of the routers between an Internet server and an end user then it's pretty trivial to also insert their own TLS without that user noticing, making the extra layer pointless."
People do have the skill and motivation, observed in ISPs and dodgy public networks alike. And no, it's not always easy to inject TLS. TLS certs are verified against CAs and associated with specific names. Unless the attacker succeeds in redirecting the user to a different endpoint without their noticing, they will find impersonation a bit harder.
"Literally any anonymous download from the Internet. There is zero reason to encrypt publically available information,"
There are several. Here are a few of them:
1. "encryption does not help with file verification.": It does prevent a listener from modifying the content and it still being valid. Most edits will break the encryption and alert the user rather than corrupting the file, and even if they can corrupt the file, they are unlikely to be able to inject new data into it.
2. Privacy: If I'm downloading a file which anyone can download, but it's encrypted, then an attacker doesn't know exactly which file I'm viewing. This may be of interest to me. The degree of privacy still depends on other factors, as they can usually get the domain I'm downloading from, but there are some plans to encrypt that as well.
3. It prevents meaningful injection of other data, which means that, for files which can't be verified (never an SHA1 hash for a standard page), you're not getting an attacker's replacement instead.
4. If you do have a verifiable file, but the hashes are also retrieved unencrypted, the attacker could replace the file you're downloading and the hashes when you retrieve them so they do match.
If you need something which can talk to something old or something that really can't do encryption because it's so weak, FTP is tested as a protocol. Otherwise, there are reasons to want something that protects the user.
And thus it failed. The line was intended to be impassable, or at least very difficult to pass, and it probably would have been pretty good had someone tried to assault it directly. However, because it was possible to bypass it, it ended up not doing what it was designed for, and being effort wasted. Its only benefit was delaying troops by a few days, and it used resources which could have been used in making a more vigorous defense against them.
"So rather than implement the secure protocol they abandon the facility entirely in favour of a certainly proprietary and almost certainly opaque tool."
You're telling me that you can't find a single open source SFTP client? I can. Lots of them. CLI or GUI. Linux, Windows, Mac OS, all included. They're not new either. Most seem to support unencrypted FTP if you need that still. They're not proprietary. They're not opaque as the standards are well defined. And, unlike browsers, they support uploads as well. Use them.
"None of them seemed to mind that the stability they enjoy is being paid for with mounting national debt. Nor that the stimulus keeping venerable companies afloat also subsidizes bad management and keeps younger companies out of the market."
I fear you may find many who don't care or even don't know about those things. It's not at all limited to migrants. In order for a country to end up in that situation, a lot of its citizens must ignore or support the actions that cause it.
"The Indian EE just laughed when I told him that some Americans would rather work harder on something excellent than be paid well for a career that will be forgotten before they've even retired."
And once again, I'm sure you could find many Americans with the same attitude. In most cases, it's quite reasonable. In computing, we have the chance to make a codebase that will be respected and built on for years. In most other jobs, that's never going to happen. For the millions who work in a position where they won't get to change the company or the product very much, they may prefer to do their job well enough and reserve their profound enjoyment for the rewards of that labor. The number of people who use their pay to work very hard on a hobby, for example, is surprisingly large.
"Any new roles should be filled by US citizens where possible, so again failing to advertise is misbehaviour. [...] there's also a moral obligation to recruit and train people so that they can do those roles."
The problem is that one could argue that there's a moral obligation not to fire people out of the country they live in, albeit into a country they lived in before, just because you've done a reorganization. They aren't doing that to the Americans they've hired and want to keep, after all. You might not think that obligation exists, but a lot of companies don't think they have any moral obligations [whatsoever] I mean to only hire people from one country. In that case, it falls down to what the law requires, which includes neither obligation.
"What about the employees? About 150,000 of them."
Well, it's too bad for them. They'll have to find new jobs or pay their bills with the savings from the pay they already received. Facebook doesn't stop being evil just because they pay some people to implement the evil and some other people to coordinate the evil plan. I'm sure some of them could rebuild some of the useful stuff that gets shut down because the original version was breaking privacy law.
But there's no chance of those consequences happening, so those people will be fine.
I think it would have several features not in the emulator. For one thing, you should be able to run several things together, rather than just your one project. You can also run things that you don't have the source for, which also helps. And it should integrate better with the local system, for example by letting you share disk space between Android apps and Windows programs.
All that said, I can't think of why this is useful. I'm sure I'll download it when it's available in production because I have some time I don't mind wasting, but I can't think of any Android app that I want running on my computer. Most apps either have better versions for desktop which work natively or benefit from the features of a phone (my computer can't provide a GPS receiver or mobile connection, and it isn't pocketable). I'm more interested in trying to run desktop apps on the mobile device, to be honest.
"Actually, that raises a point about John Deere itself, where their software comes from. Truly proprietary, or Linux-based? And, if Linux-based, their entire stance against right to access their software for right-to-repair completely falls apart."
Unfortunately, depending on what software they're talking about, it might not. If the software is only given to the repair people they authorize, then the owner of the equipment doesn't have license rights because they didn't receive copies. The GPL only gives the right to source to those who already have the software, not to those who come into contact with someone who uses it. That allows you to use GPL components if you only use the program internally. For the same reason, they could use a proprietary stack on Linux and similarly avoid having to give up things they don't want to. A copy of the kernel source without the bits that run in userspace won't be as useful.
If they use something under GPL3, you can request installation information. You probably won't get it, but the license gives you a right to it. That wasn't in the GPL 2, though, so just having the Linux kernel won't give you that. That may be a source of more legal action to come, but a lot of the projects concerned don't use GPL3, so it will be harder.
"I see "adverts" in the UK for heart disease foundations, cancer charities and other diseases and I feel that if I add up the risk of dying from all of these "advertised diseases" I'd be dead three times over :-)"
The reason for this is that at some point you will be dead (spoiler alert), and the chances that one of those things will be the largest cause is quite high. Various numbers are used, and they can sound high, but things that cause hundreds of thousands of deaths each year are kind of dangerous. How much your particular risk is depends on a lot of other factors. They certainly do advertise using statistics that look extreme, but the brevity of information may lead you to think the statistic is stating something it's not (E.G. your risk of dying by cancer in one year given your age is a lot lower than your risk of dying from cancer some time in the rest of your life, which in turn is lower than your risk of dying from something which you could have dealt with had your system not been weakened by cancer and cancer treatment). Other diseases work in similar ways.
The scanning tools are of use in detecting known malware, but not so useful for finding the new stuff. If it's a method for providing a basic CDN for delivery, most of the content is likely unknown to scanning, and it can also be obfuscated if the initial vector can decode it on the victim's machine. Those two factors make scanning less useful.
It's a feature, sort of, in that it allows someone to link to a translated page rather than its original. Instead of requiring each user to know that you can go to translate.google.com and put in a URL, you can directly link. For example, this article translated to Spanish gives the following URL, which doesn't have google.com in it because they have their vanity TLD and they're going to use it:
https://www-theregister-com.translate.goog/2021/10/18/microsoft_malware_brand/?_x_tr_sl=en&_x_tr_tl=es&_x_tr_hl=en-US&_x_tr_pto=nui
This format is more obvious about where it's going, but the old format did all of it with query parameters and probably still works. The user needs to know that something starting with translate.google.com doesn't mean Google approved the content.
"why the hell would you buy a Mac laptop to run Linux?"
Here are a few reasons I prefer my computers to run Linux, whether I intend that to be the only OS or not. This includes the Macs I have bought.
1. I use Linux, so if I can run it on my hardware, then I have that option. If I'm using Mac OS, then I'm fine. If I suddenly find that I want something Mac OS doesn't have, boot to Linux. I find that convenient.
2. In case of damage to the operating system, I can boot to Linux as a convenient method of investigation and recovery. I can mount the Mac OS filesystem read-only in order to copy off files I don't want to risk losing during a repair, and I can also poke around to see what went wrong. Using the built-in recovery system can work for this, but it's running from the same storage device and it has some tools which write to the local system, so I like starting with something I know will not before using the recovery to repair the system.
3. If Mac OS drops support but the hardware keeps working, Linux can be a replacement OS. I like having that option.
"But, FWIW, there are projects to put Linux on M1."
I wouldn't trust those. For one thing, we haven't yet seen whether they work at all on the new chips in these machines. Undoubtedly some hardware and firmware have changed. The only question is how much those changes will impact the existing efforts. Apple isn't, to my knowledge, trying to actively stop those efforts, but they certainly aren't making any effort to keep to a standard that Linux can follow, as they did with their Intel laptops.
I would not buy an ARM Mac if running Linux on it outside a VM was important to me. If you're fine with Mac OS being the only native OS you can run, then it's still an interesting option.
"Amazon slurps all the data and does with it what every web giant does, it makes MONEY"
It's astonishing to me how bad their advertising is. When Google tries it based on some browsing data, especially since I stopped using them for search, they don't have that many data points. Amazon knows everything I ever purchased from them, which I also try to minimize, but it's a lot more useful data. And yet, they don't seem to know how to extrapolate from that. Maybe they would be better if I bought everything from them alone, but that's never going to happen and I somehow doubt they would improve.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
