Posts by doublelayer

Re: I, for one, welcome our power spewing* algal overlords...

Two problems. First, at-home generation is great, except the methods available tend to be inefficient. You can have your own generator without spending too much money, but you'll be wasting a lot of fuel that generates power you don't need right now. There's a reason they tend to be used only in emergencies. The really big ones tend to be a lot more efficient. Solar panels are a bit better, but storage systems so you can use power at night less so. Again, it's out there and can well be used, but there's a reason many with home solar setups put excess power into the grid during the day and power on something else at night.

Now for the less important problem: "Apart from large hadron colliders, football stadiums and cryptocurrency mining, who needs massive amounts of electricity on a daily basis ?"

Server farms. Factories. Industrial kitchens. Hospitals. Airports. Skyscrapers. Any place with a lot of people. Any place with a lot of machines. My home usage is tiny, but there are a lot of nonresidential users out there.

Re: Fixing the civil registry would have costed less...

"Data are already there, but mismanaged so badly they become useless. If that's what you want because you "fear the State", you don't understand that you are the State, so you're actually fearing yourself."

Let's get the most wrong part done first: I am not the state. I am a member of a state, which one is not important right now. The state can still abuse one of its members, and many have been known to do so in violation of the laws agreed upon by the state and me as a member. Thus, I wish to avoid those abuses. If I was the state, then I would have the power of the state and I would eliminate those abuses (though making me a dictator is probably not the best way to fix things, I at least promise to be a better one than usually seen).

The whole point of privacy isn't to eliminate the existence of data. It is to avoid the misuse of that data, including collection by people who should not possess it. Disorganization is basically the goal. I'm in favor of avoiding organizing data when it is not warranted and approved. My ISP does know my name and payment details, but they did not need my identity paperwork to plug in a wire. I think it is possible to pay some of the utilities in cash, so if I wanted to avoid giving them my name, I could do that with extra effort (it's not worth bothering, but it's possible). Facebook probably does know a lot about me, and this is exactly the problem I want solved, so pointing out that it's true is not going to change my mind. A record of property ownership is not the same as a centralized repository of every utility connected to every resident. If I'm renting, my landlord can know who I am and collect documents to prove it if they want without having to record this for government usage which has already been specified to be illegal.

Re: Offensive and poorlt thought through

I'm not sure about that. Both groups have different ways of being annoying. I think your descriptions are accurate, which leads to the following interactions:

I know everything guy: Argues with you for a long time before you prove what needs to be done. Embarrassed that they don't actually know everything, they will eventually back down before they get extra proof. Next time, they will do what you showed them so they don't need to ask for help.

I don't know how to use computers guy: Much more humble, asks for help, you show them what to do, and everything seems fine. Tomorrow, they're back asking you how to do the same thing, or something similarly easy. They can also get less humble later on if they think that not learning is an appropriate course of action. This can end up taking a lot longer and giving them the impression that it's fine to waste your time with basic questions because you're always happy to help so why should they figure it out?

Neither kind is good, and depending on the specifics of the situation, either kind can end up being much worse.

Re: The Real Problem

You have two problems, both large.

"Why isn't Windows secure? That is the question we should be asking."

Why do you assume it's Windows? You can run programs on everything else as well. Those programs can read, write, and delete files which is all you need for ransomware.

"It shouild not have been possible for any unauthorized programs to install themselves without seeking permission from the user."

Why do you assume it did? Maybe it got permission from a user who didn't understand what it was. This is quite frequently the mode of initial infection. Alternatively, it could exploit a hole left by a user, such as an open SSH or RDP port with insecure authentication. Do you assume that every infection requires an OS vulnerability to succeed? That happens, certainly, but it's far from the majority.

Re: Not an easy area of law

No, the constitutional argument is clear. I have the freedom to decide whether you can say things when you're using my property to do so, as in I can tell you to leave if you're doing something I don't like. That freedom applies to the people who own the company, thus the company can exercise it if those people choose to let it. This is not a new argument and has been used successfully. It also happens that, if that law continued to exist, there would be negative consequences, but even if there wouldn't be, it would still be invalid in the U.S.

Re: Exam technique ruined?

Yes. It's worse with some interview-related tests I've had, where there is a time limit for all questions but the system will not allow you to see any future questions or go back to ones. You have to judge when to stop working on question 1 and hope you've left enough time for questions 2 and 3. If you did and you'd like to improve your answer to question 1 in the time remaining, too bad for you. I've seen this too many times, given that not all interviewers even have take-home timed tests.

"I think we need new battery tech before that becomes reasonable."

You're correct, we need it not to kill batteries in no time. Unfortunately, we don't need new tech for it to sort of work, so it's being sold by many phone manufacturers right now. The selling point is that it can charge your phone in twenty minutes if you forgot to do so. That you have to buy a new battery (or phone) when doing that renders it unreliable is somewhere between not their problem and one of their goals.

Re: Ol' (mostly) reliable

On the only device I had with RAM as the primary storage (though a PDA rather than a music player), you didn't. You recharged the battery in the device, and if that battery was in need of replacement, you hoped it would work while you copied anything you weren't planning to lose over to a computer. There was a reason I stuck with devices with flash, even if it was removable flash, after that.

Re: powershell command missing

"Excellent example thank you. The brevity and elegance of Bash shines."

No, it doesn't. What shines in the bash example is the power of the du command. Delete that from /bin and try making bash do it for you. The result will be a lot longer and uglier than the PS commands written above.

There is also an alternative in PS: get the source for du, compile it, and put it on your path. You can use the one that Git for Windows has. Cygwin probably has a usable one too. Then all you have to do is pipe its output to a sorter of your choice. The thing that gives you all the power, clarity, and brevity is a platform-independent executable designed for the task. Bash does not deserve the credit for that.

Re: Messaging > Email

It's called read receipts and there's a reason I turn it off. If this is critical to you and you have the authority, you can make people enable it for anything. If you don't and some people are like me, then they won't turn it on because it is unreliable and annoying.

I scan over your mail and see that it exists, mentally adding it to my list of things to deal with. Since you only see that I have seen your message but you don't see that I have twenty other ones on that list, you might expect a quick response that you're not going to get. Alternatively, I scroll over it quickly enough that I've still registered its existence but I haven't triggered the threshold that informs you, so you think I have ignored it. Either of these can lead to people (probably not you, but they do exist) being angry that I'm ignoring them and complaining about how I choose to do my work. Those who complain, in my experience, never care what else I might be doing or why I do it that way. They complain less when I don't give them extra unreliable data and their first communication from me is either a reply to their request or an automatic response that I've deliberately created for requests such as theirs.

Re: Typing is not a good idea.

The password would be vulnerable in the buffer, but malware that is scraping that can use various other tactics to scrape it as it's typed as well. If you have malware that can read your input, then that's the larger problem and needs sorting first.

As for password managers, they allow you to have much longer and truly random passwords when you have lots of services to log into, which is often the case. When the choice is between a password manager with a single, good, long encryption password and using the same password on everything, the password manager is better. Remembering unique random passwords would be superior, but I know a lot of people who don't have the memory or patience for that approach.

Re: It costs just $7 to rent DCRat to backdoor your Windows network

In this case, yes, but that's just the target the author of this tool has written for. Unless your saying that it's not possible to write and deploy a similar program on a non-Windows network, the statement doesn't contain much meaning. I know that's not what you're saying because that would be wrong; RATs for Mac OS, Linux, BSD, and less-often used OSes have been written and deployed with ease and are also available for purchase.

Re: What??

Microsoft likes Linux as a developer and server platform, mostly from their Azure people, but they're not going to put all their effort into it, not when some people still pay for Windows and products that run on it. Teams on Linux might not be great, but I have a secret to tell you: Teams on Windows is ... also not great. Their developer-focused stuff is generally better, though it is still young compared to tools that started with Linux as a target.

Microsoft is never going to decide to be Red Hat. They'll do some of the things that Red Hat has done, but they'll do it when it suits their business. Stuff that makes Linux VMs in Azure more popular will get done. Stuff that attracts developers to coding that will also work well on Windows will get done. Writing software that runs on servers so that it can also be used by the millions of people using Linux servers will get done. Writing Office from scratch so it runs on Linux, when they already have a web version that will run and they know most Linux users are perfectly happy using LibreOffice instead, won't get done. This doesn't make them an adversary.

Re: Good is good

"That's what the question should be - would my country be better off with such a law?"

I'll analyze that, probably too much, in the next paragraph. Before I do, I must first state that you have to ask one additional question: "would my country be better off with the ability to create and enforce such a law?". There are things we'd all like done, but some of those that haven't been done have been left without legislation because there is too much risk of abuse should the required powers be granted. That also needs to be asked.

Let's turn our attention to this specific law, though. I have a dim view of "influencers", and I don't particularly care when they don't have success at influencing. If they all decided tomorrow to quit and do something else, I would consider it a positive. Let's see what this law does to restrict them. The first thing is that it tries to stop them asking for money, one of the more annoying things they do. Yet why should this be a problem? I know, for example, various projects where the creators ask for donations, from podcasts to open source software. If I don't like them enough, I don't give them money. Why should it be illegal to ask for or receive money for something any user can avoid at will?

Next up is making the services liable for refunds when a child uses an adult's credit card to pay. This makes perfect sense, except it's in the wrong place. It's always an issue when a child uses money that isn't theirs to buy something, no matter what they bought. Parents can deal with this themselves by not giving their children access to payment methods or by having rules about their use. For instance, they could do what my parents did: I knew how to spend their money, but if I did it, I would have to explain what, why, and how, so I only did so when it was necessary. I don't have a problem creating a regulation that clarifies what happens when a child spends the parents' money without permission, but the important thing is the payment, not the payee. If a child takes the parents' credit card and pays a streamer, it's the same problem as if they chose to buy a ticket or donate to the Linux foundation; it still wasn't their money to spend. As such, putting this regulation in a law that's targeted only at streamers is doing this the wrong way.

One more aspect to discuss is the curfew on watching this stuff. They're right that children can stay up too late and have negative results, but that's not really a thing they should legislate to fix (and also not something they can). Children can stay up late doing any number of things. In my childhood, it would be reading books. If the government had tried to pass a law banning me from reading books at night, even if it would have made me more alert, it would have been a bad idea. The right approach is for parents to decide what restrictions to place on their children or to let the children make some of these decisions. In my case, I simply noticed how I felt when I had read too late and decided I'd have to change my schedule to not have that happen next time. I also noticed that, sometimes, my teachers would assign homework all at once and I'd have to stay up late to complete it all, but somehow I'm guessing China doesn't consider that cause of late nights to be a problem.

So to answer your question, I do not think my country would be better off with such a law. It has one useful element that's misused to target one group when it should be generic and it has two aspects that give the government power over something it has nothing to do with. I can say this without liking the targeted group. I can say this while agreeing that, if I had children, I would prefer them not to pay streamers, stay up late to watch them, or use my money for it. I can even say this knowing that, if I had children, I'd set rules to prevent them from doing some of that. That's a decision for parents to make, not government leaders.

Re: Root cause

The known holes have been patched in IOS and Android, but NSO makes money by selling this exploit kit to some very wealthy people (governments, only governments and dictators, definitely believe them). With that kind of incentive, the company really doesn't want to lose access to that income stream and pays well for more zero days. We will never get a mobile OS and mobile apps* that never have bugs, so there will always be a way for someone sufficiently motivated to launch an attack.

That said, there are things that the OS providers haven't done that would help. Some vulnerabilities exploited by NSO have been patched in Android, but because it's Android, there are a lot of phones out there that never got the patches and remain vulnerable. Google could have prevented this. The OEMs could have prevented this. On that matter, I think recrimination is entirely justified. IOS has had a better record as Apple went back to OS versions to patch devices that couldn't update (and because they maintain software support for longer).

*Some of the ways that NSO's malware has been known to infect devices have used vulnerabilities in third-party apps, most often WhatsApp. That target was so often used that Facebook has sued NSO directly, the first and likely only time I support Facebook. In some cases, the vulnerability didn't even let them out of WhatsApp's sandbox. That's a problem the OS writer can't do anything about.

Re: 6.9bn

There was an "at least" in there. The real number is probably higher. Some cybercrime won't have been accounted by the FBI, which mostly starts caring when a U.S. entity is involved as scammer or scammee. Some won't have been reported to any law enforcement. Some won't have been counted as cybercrime and counts as a different kind of fraud.

But even if it's the right number, that's a big number. Individuals can face losses in the thousands and companies in the millions. That's enough to cause lots of problems. If we decided that Amazon could pay for all the losses due to crime, we'd be fine, but since we can't, individuals have to deal with the cost. Consider how a $10k (or local equivalent) loss would affect you. If you have savings for that now, consider how it would have affected you when you didn't. It's a problem for those people.

Is that the only context that rings a bell? I first think of graduation or graduate. Then of gradians. Then grades. Then of gradation. Then of Russian city names (other countries also use it, but the Russian ones are the ones that I think of). Only then do I not really know what comes next meaning we can be charitable and call the rocket the sixth thing that comes to mind. Somehow I don't think Google was picking an unusually insensitive acronym.

Re: 16 years ago

"When was the last time that you saw either a floppy or an optical drive on a new laptop?"

Floppy: it's been a long time. Optical: last year. A few large laptops still include them. I avoided those models as it's a lot of weight for a feature I'll use once a year. I understand that there are people who use them more often, but for the rate I use them, a USB one is fine. I'd prefer another drive bay, larger battery, or just a smaller laptop.

Re: If I owned a piece of equipment?

No, I'm afraid it is you who is not listening. I have specifically acknowledged that JD have not implemented the feature in the way I recommended and I have also specifically said I don't like it that way. The post to which I responded spoke of remote bricking features in general being antithetical to the right to repair or the right to real ownership. I disagreed and provided methods. I've stated in my original comment that it was a possibility, not already granted. I stated in my previous reply to you that it was general. I stated in this one a method by which it could be accomplished, using words like "could" to indicate that it wasn't present.

Re: Defence

Here are instructions for using the tool developed by Amnesty International's forensic people. I cannot promise that it produces perfect results or that you can't do something wrong and create a problem, but it looks straightforward enough for the technical user.

https://docs.mvt.re/en/latest/index.html

Re: So you wrote it, and it works

Yes, recompile the code, reconstruct the package, presumably change at least a couple pieces of metadata so it's not byte-for-byte identical to the last package, and republish. This has done nothing for your users. It may have taken you some time to do. Now it has to go through Apple's verification system and all your users will have to download this app that's no different than the last one. If you fail to do it, new users won't be able to use your thing anymore. Why is this needed, again?

Re: There is an argument

The UK military has hired people for computer-related jobs, including offensive operations. They're predictably not keen on telling us how many people are working on offense rather than defense and exactly what they're doing, but they exist. Other parts of the UK government have had offensive uses for computers for quite a while. If a country used cyberattacks to cause significant damage, they also have conventional weapons available to them. The UK and many other countries already have what you're asking for and have announced plans to expand.

Re: How friggin' tough could it be to just print the words?

I don't think this is a country thing. If it is, my country's system is to do it at random. Admittedly more often with up being on, but I can find examples of both in a lot of houses, and of course any circuit that has two or more switches will do both. I've seen a few left/right switches, but they're less common and usually control something other than lights. For example, I've worked in a lab where the safety circuits had left/right switches, probably so they'd look different from the lights and hopefully have fewer accidental flips.

Re: Doing my bit for the little guy(gal)

This is exactly what I was saying. The benefits to society of the new tech are usually greater than the costs to the person who was automated, so even if society has to fully pay for one of them, it's better to help the workers than artificially keep automatable jobs around. In addition, the automated worker can decide to do something they like to do more, which means even more reason to go with that option.

Re: We live in a free market economy

"Instead, companies rely on the government, via mechanisms such as patent and copyright, to prohibit people from doing what they want with their private property."

In this case, that's not what's happening. If we eliminated every copyright and patent that Apple owns today, the problem of repair is exactly the same tomorrow. Apple's serial locking code and whatever keys they use to make it work aren't out there, so it doesn't much matter that it would be illegal to copy them. Eliminating protections on IP doesn't help you when they can get what they want by not releasing information. The only ways you could prevent them from doing it are forbidding it outright, increasing the cost to them so they choose not to do it anymore, or forcibly breaking into their systems, finding the internal code, leaking it, and continuing to do that every time they update it.