Posts by doublelayer

Re: Shop Stores and iCovid

Yes, but they've decided that they still want to be operating. You can move people out of an office and have them still work, but you can't move the store staff out and still get anything from them. They want to reduce the risk, but they don't want to lose money while doing so.

It depends what the product is. I've seen a couple display control systems using the Pi as a controller because they need a full stack and reasonable display speed which the Pi's GPU is good at. I've heard that these aren't unique though I wouldn't know. There are several types of products where the Pi's peripherals and power are already sufficient for the task and the manufacturer doesn't need much additional hardware so they don't see the benefit of a custom board.

Re: Online exams do not seem like a good idea in general

In many cases, not having to memorize everything in the textbook. If, for example, I'm writing a program and I've forgotten all the possible magic numbers for a system call, I can find out those options from that call's documentation. I shouldn't have to memorize every system call and every option on every different operating system just to do that, because the information is available conveniently. The textbook can serve two purposes. First, it teaches the theory and provides useful techniques which the student will remember and apply later. Second, it provides reference information which the student can look up later. A good student will remember the former because they use it frequently, and can memorize those details which they use most often, using the book to recall those rarer examples.

Re: Its not really AI, is it?

And the preprocessing done to the training data, the preprocessing done to the production data, the specific model or models in use, the output type of those models, the thresholds for consideration of those results, the algorithm to deal with conflicting results from different models, and changes made to all of those since last time it was clearly broken. They don't want to tell people details about any of those.

Re: They never should've used it in the first place.

"What you are proposing would result in a deluge of technicians and engineers who hold little knowledge in their supposed area of expertise, thus diluting the value of a real certification."

In my opinion, if that is true, it means the certification wasn't much good in the first place. The easy methods of cheating are where you look up answers online. That's kind of normal now for most jobs, because if you've forgotten something, it's better to just refer to the docs and therefore not make mistakes. If you're analyzing someone's experience with technical skills, then it makes sense to let them access those reference materials, because if they can successfully obtain the goal in the time limit, then that proves they know enough to find the information they needed and apply it properly. If they know very little, then they will most likely not be able to find the answer or tailor it to the situation in time, so they'll still fail. A test based on rote memorization isn't much use when you need quick analytical or problem solving.

In other classes, there's a better case for such restrictions. A student doing a math test shouldn't be able to just type the questions into a calculator. If you have an environment where the person really can't access the reference materials, then you might want a memorization test as well (but really, that's not many places). Most tests, however, aren't so basic.

Re: Ransomware

"Except ransomware can "hit some of those" in a way that they will still verify and restore and run just fine... right up until you hit a certain date when the self encryption locks down."

I'm no expert, but I'd imagine that's rather harder to do with basic tapes or disks. Unless you can reprogram the firmware on a tape reader or disk controller, then it can't encrypt itself on a schedule. The closest I can think is that they would bother to deploy something to the restore system just to hide that the individual tape was encrypted, but that's a large risk because that would have to include the decryption key which they don't want the user to recover. Also, it's a lot of extra effort. Your prevention suggestions are good.

Re: Ransomware

Not as effective because the attacker might attack the backup server during the backup rather than trying afterward. If they're the type who waits around watching things before they launch their assault, they could figure out that it's only online some of the time.

Re: Ransomware

That's just an argument for cold backups. Whether disk or tape, as long as you don't have it online, it can't be encrypted after the fact. Also a good argument for frequently testing such things, as a ransomware operator who recognizes that you have cold backups might hit some of those first so they're unavailable when you go to restore. If you can catch it when your most recent cold backup is encrypted, then you might be able to cut off the attack on the hot systems which are targeted later.

Re: Apple are hypocrites

The difference is that this technology could be removed, and then it can't be abused. It still exists as a possibility as it always has, but it doesn't exist as an available exploit. If the code is not on people's devices, an abusive government cannot make use of it, and the user is therefore safe from this avenue. That is why it should be removed.

Re: creepy idea of the day

"We could get to the situation in the future where having a JPG on your pc is a hot potato."

No, we couldn't. There are so many images used by programs and websites that there's no way of figuring out which of the thousands of images you care about. No, they're not going to make an expensive, likely cryptographic, format for your desktop icons and video game assets. Oh, and video frames too, because if you don't stamp each of those, people will put their pictures in one and have users run it like a slideshow. That adds complexity and size to anything that reads or writes image data. You might as well ask for mandatory KYC on all text, which isn't going to happen either given how often you use the same text as other people.

"Think how much easier that is to detect by outsiders"

It's really hard to detect. You have several existing formats to detect, which requires a full scan of the user's disk, which the user is likely to dislike. When you've done that, people will immediately invent new formats to get around that. It is a 2D array and disks are big--it's not hard. You're now playing whack-a-mole with format designers. That's without considering pictures embedded into programs which display it when run (if you just set pixels, it will look like text). Then steganography to hide it in something else. Then programs to retrieve the correct bit pattern from another file which isn't signed.

In order to reach step one, you already need something a lot more invasive than has ever been tried. It's not practical. In your title, you left out two words. It didn't win the prize for creepy idea of the day--Apple's got a monopoly on that whenever they open their mouth lately. It won for creepy and useless idea of the day.

Re: Image Container Licensing

I think this wins a prize for simultaneously useless and creepy idea of the day. Congratulations.

But really, was this meant to be a joke? Is my sarcasm detector not working today? That's an honest question. If it was serious, do you know that wouldn't do anything for this scenario--if there's an untracked format for images, which there is, then people can continue to use that when providing images of crimes. They're already using Tor hidden services a lot. They can figure out how to download an old version of a program so they can open the formats, and they would only have to do that if the new format was actually made mandatory.

Re: Notice how quite Samsung is?

So they decided not to run their own cloud. That's not a surprise to me--I've purchased phones from many companies who didn't run their own cloud service. That doesn't make them responsible for Microsoft because they gave people choices including not using the cloud at all.

Re: Banning is effectively meaningless

I agree, but looking at the globe, I can't think of anywhere which will do it. Every dictatorship will be thinking of the potential uses for them. A lot of democracies may be thinking the same and haven't stopped privacy violations before. Those few democracies which tend to be forceful about protecting their residents' rights might think about it, but they don't want to be described as "those people who defended child abusers" so they will probably let it slide.

Many would disagree with you. Existing police investigations with limited warranted surveillance have a higher approval rating than this does. Hence, a different method which works and isn't by its nature evil.

That's an option, so for lots of people, yes. Another option is to automatically backup the system to iCloud, so that's another way it could happen automatically. Both probably have to be disabled to prevent it.

"So the situation is. Do nothing about the problem of child sexual abuse because whatever you do will be wrong."

No, the situation is do something else about the problem of child sexual abuse because what you're currently doing is wrong. False dichotomy rejected.

Re: Tank Man

No problem. If the group finds a thousand images which have been widely shared, that gives them thousands of targets who took the pictures or stored them. Let's say they only succeed in finding a hundred of them. That's enough people to achieve several goals:

1. At least a hundred people who took pictures and shared them is a hundred dissidents who can be removed.

2. Those hundred can be questioned to find more. Some will comply with questioning.

3. A hundred is large enough that people will notice that the government was able to track them down. That's a good advertisement that protesting can end badly for you.

Even if there are more pictures, that gives them quite a large head start. If there are, they can add them to the filter later when they are found.

Re: Look, Squirrel!

"Can you come up with a scenario where what you suggest would be harmful?"

A repressive country, the Democratic Republic of Tyranny, has a protest. People take pictures during the protest and share them with those in other areas. People in those other areas see that they are not alone in their displeasure with the government, and the government feels that protests are likely to occur there. The DRT government tasks a group with collecting those images wherever they have been shared. It tries to block those images in their censorship system, but at least it can't track down those who have it. Enter Apple's system. The DRT government sends the hashes of those images to Apple and gets a report including the identities of all people whose devices contain that image. That would include the person who originally took it (was at protest, definitely guilty of high treason), the people who sent it to others (promulgated information contrary to the government, also high treason), and anyone who received a copy and retained it by choice or chance (just normal treason).

The DRT would have several ways to add this into Apple's system. The easiest would be to call them up and tell them they had to put in the image. If they called the wrong number and got someone who would complain or, it's imaginable, refuse, they threaten to confiscate Apple's assets and cut its business; Apple quickly caves. However, there is an easier method. The country likely has some police system which investigates child abuse, or at least a police organization which can pretend to investigate it. They submit the hashes saying that it is abuse material. If Apple includes it, the DRT gets what it wants. If Apple doesn't include it, the country can go out in public and accuse Apple of being biased and failing to protect children when given information to track; Apple quickly caves.

Re: Great Data Purging Revolution

He's certainly useful in this, but he doesn't get to fine the large companies who violate GDPR all the time. The organizations which have that power seem to take a very long time to do anything. It's certainly better than before when they had no power, but it could be even better if they started using their authority often.

Re: Great Data Purging Revolution

Really? That's crap logic.

"If you noticed people accept GDPR terms without reading which gives companies who use that data legal protection."

If you noticed, they did that before. The companies have no more protection now than they used to, and now there are terms which they can't legally put in there.

"Then one of requirements was data portability which forced many companies into implementing data export facilities. This means they can more easily pull the data from the system and sell it, even companies who didn't think about that."

Yeah, so? They had the ability to sell the data at any time, but now, it's illegal for them to do it. How did GDPR help here? Just like the last one, this law gave them no new rights and restricted a few they used to have.

Re: Sadly, there were divorces and broken families and bad things

In this case, that's rubbish. Had Microsoft not written a browser, their OS would have been fine for at least several years while people used someone else's browser. Only if their competition had all decided to include browsers would there be much of a risk, and their competition was very weak at the time. So if they had spent a few more months completing their browser, there wouldn't have been any negatives from it.

Some places have that need for survival, but even then, there are many reasons not to mistreat the workers. Getting something done with unmotivated workers is hard, but getting something done when your workers quit because you're making them work all hours is impossible. Your company's survival, even if that's at stake, is not what the workers most care about. They're focused on their own survival, so it would help you if you tie the two together. If they benefit as you do, meaning that neither group is completely ignoring what is best for both sides, then you'll get a better result.

And tell me, where would someone have learned how to do that and obtained a command line browser that ran on Windows 95? Perhaps by connecting to one of the online systems?

Re: A solution looking for a problem

"All autopilot does is take a flawed driver, and add in the technical flaws created by flawed software/hardware designers to get the worst of both worlds."

No, it doesn't. What it does is to substitute the flaws in the software for the flaws in the humans. Depending on the quality of the software, this could be worse or better. In existing tests, it's often better.

Consider a human who is paid to calculate mathematical answers. They are going to make some mistakes. Now add in a computer which solves the same problems. Every once in a while, something will break and the computer will mess up, but it will get a lot of right answers first. Is it the case that substituting the computer will worsen accuracy because you've combined the worst of both approaches? No, because the human is no longer doing the calculations and thus doesn't make their mistakes anymore. The software running vehicles is more complex and has more problems, but it doesn't stop the human's fallibility being removed from the situation.

It may be that the software is too flawed to allow, though existing tests are not showing that. Even if that's the case, your argument still isn't the problem.

Re: A solution looking for a problem

"You know why they don’t let Mars explorers go bombing full-tilt around the Martian surface without human oversight at key points?"

Because it's really hard to teach a dumb computer how to decide on its own what you find interesting when all the robot sees is a bunch of rocks? If I were there, I'd need remote control too; I'm no geologist.

Re: Really, now?

No interest. It's supposed to be like gold. You store it then spend it. I have not seen any exchanges offering loans, so they're acting more like brokers or storage than like banks.

Re: Is that $500k in cryptocurrency, or hard cash?

"If it is that easy to steal, it isn't worth $600m."

No, that's not it. If it's that easy to steal, then the holder isn't worth your trust. For example, if it turns out that your bank holds your savings in one place without security, then you shouldn't entrust them with the job, but your savings aren't worth any less.

Re: Really, now?

It can take some time to transact in cryptocurrency, especially if the original thief wants to ensure they're returned safely. Merely reversing the original theft could mean putting the tokens back into a system which is now known vulnerable, and so someone else could steal it soon afterward. So, assuming the thief is honest about their desire to return the funds, that could explain it. That is a very big assumption though, and there are other options available which are less favorable to the intent of the thief.

Re: Capability

"BUT (and this is where I'm probably being somewhat naive and too optimistic), if they can present a mechanism that satisfies the feds and gets them to back down from pressuring the law makers into weakening encryption... then that's a win, no?"

I'm afraid your adjectives are quite correct in this case. If they put a spy on the endpoint, then the debate over encryption could get dropped. But that's because they won and we lost. If they can force all users of encryption to turn over the cleartext so they don't ever have to decrypt, then the result is the same: repressive countries do whatever they want, criminals have an attack vector to get the data, all of the reasons we want encryption are neatly circumvented. True, that wouldn't necessarily apply to everything, and a few people who already know why and how to encrypt could use open source software to do so, but if that ends up happening, they just start the encryption legislation again. If we lose 95% of our goal, that's a pretty clear loss already, especially as nothing in it prevents them from later taking the remainder.

Re: Capability

"missing the point that the 'something more sinister' never required this step to happen first."

It did though. They could implement it at any time, but in order for the sinister consequences, they needed to. Before, they had the option to take that required step, then become sinister. They have now taken the step. Yes, they could have implemented this in secret years ago, but the fact remains that they did not.

"Honestly do not understand how they [Google] make money."

By lying. If they collect thousands of datapoints, which they can prove, and hire a ton of machine learning experts, which they can also prove, then they must be able to use that to send ads to those who will most benefit from them, right? In the meantime, they just use the same crap algorithms based on browsing history and search term if applicable. Who knows what all the collected data is for, but eventually the guy who's responsible for thinking up the evil plan will come out and they'll do that.

This works for three reasons:

1. Google runs the ad system as a black box, so it is difficult for someone who pays for advertising to figure out who is really seeing the ads.

2. Companies are really bad at figuring out how useful their advertising budget is. Here's a good two-part summary of people who tried doing the research and all the problems they found, both in advertising itself and in advertisers' approach. It's a podcast but the pages contain transcripts for those who prefer to read text: Part 1 (mostly television advertising) Part 2 (online advertising)

3. Google has purchased almost all of their competition, and the others are either basically the same (Facebook) or didn't claim to be that smart in the first place (Bing ads). So you can't try out other advertising platforms to see if they can track better or don't need to, because you have no choices. Google's is biggest, so they get a lot of business.