Posts by doublelayer

If a system is airgapped or subject to similarly secure procedures, then it's done for a reason. The issue wasn't what they were copying onto it (probably), but rather that they did so at all. Failing to protect a sensitive system is a problem, and when that's your job, giving you a new job has to be considered. Had they been doing something similarly risky with a more obviously dangerous machine, I'm guessing you would agree that it was important.

Re: OK but...

The early ones did have the decentralized and uncontrollable aspects as goals, but newer ones, including anything a government comes up with, have dropped it. It's likely that governments wishing to maintain control over their monetary system will attempt to regulate or prohibit those cryptocurrencies that don't continue to have them at the helm. I don't know how successful that will end up being, but I'm in the position of disliking every side of it. I don't much like the cryptocurrencies, but I also oppose governments thinking that they should have a monopoly on exchanging value.

It's unclear writing, but here's what it means:

1. People who write regulations for financial things are usually prohibited from investing in the things they're regulating to avoid conflicts of interest.

2. Some securities that people invest in are so common that many will invest in them routinely. These are specifically excluded from the previous requirement, meaning that people working on regulations for them can still invest in them.

3. Cryptocurrencies are not in that list, so point 1 applies to people regulating them.

4. They're allowed to invest up to $50k in them, but only indirectly through a fund they don't control. Owning them directly would disqualify them. Owning more of a fund would also disqualify them.

5. People who don't regulate cryptocurrencies don't have to care about these restrictions unless they're trying to transfer into that role.

Re: WebKit, anyone?

I can answer that one for you: they wouldn't install it. Since this is a user-decidable switch, Apple could even add that to the features: turn on the lockdown mode and non-WebKit engines get blocked. This wouldn't be a problem because a user who wanted a different engine could disable it. The issue about engines is with choice. If you don't want any engine other than WebKit, then don't install one and you'll be just fine. You'll probably be in the same group as many others, including me, as I don't have a need for a different one given the tiny amount of browsing I do on the device. Others choosing to do so won't force us to.

Re: Nokia 3310

The article listed the restrictions. That list didn't include turning off all applications. They would still end up being very different products.

Re: Commission isn't even the biggest issue

The point is that, to get the XCode needed to build for the latest IOS, you need the latest Mac OS which means quite recent Mac hardware. To get the tools needed for the latest Android, you click a link which runs on basically everything, even equipment a decade old. The big GUI stuff might grow in system requirements, but you don't have to run it, so your app can still be built on lots of computers.

Re: How did they come up with that value

"And if 15% is fair, we need the same everywhere. Microsoft store, Epic store, Playstation Store etc."

No, we don't. What we need is choice, and limits only if there isn't choice. If the Microsoft store charged 99.5% (and they don't, it's 12%), that would be fine. Why? Because you don't need to get apps from that store and most commercial ones aren't there at all. If they wanted to charge that much, all commercial apps would leave and they'd have to decrease it to compete. Apple's is different because they've denied other choices. I agree that, if their commission is too high, anyone else with such a monopoly on distribution should have the same action brought and their commissions reduced as well. It would probably be better for everyone, including Apple's profits, if they allowed different installation mechanisms instead.

Re: Commission isn't even the biggest issue

"how are you going to test/maintain the app if you dont keep up to date to a reasonable level?"

By testing on the latest version of IOS, the platform they appear to be compiling for. Running a very new version of Mac OS will do nothing for you if you're testing on old versions of IOS, and staying on an old Mac OS will not harm you if you're testing properly. For developing Mac OS applications, your statement applies better, but they're developing mobile apps.

They have some writers in the U.S., with their U.S. office in San Francisco. One of them can call Apple any time they want. I'm guessing it's been tried and didn't work any better. They probably got a response this time because it's a boiler plate and some PR employee was told to send that to anyone who asks about this case.

These bots are not understanding the world any more than I would demonstrate understanding of something by rephrasing a Wikipedia article. I could take that text, written by someone who understands it, and use my knowledge of language to move the words around in a way that seems natural. Hopefully, I'd do it without making the facts incorrect, though AIs fail to meet that requirement all the time and somehow you don't appear to think that counts. In any case, any correctness seen in the result was generated by someone else. The chatbots we've seen the workings of don't read text to understand its meaning, but instead read it to copy chunks that are hopefully relevant.

Re: The sales patter is good - just wondering where the holes are.

I think the encrypted phones you're talking about were either things like An0m which were created by law enforcement, or Encrochat which was compromised by them. In both cases, those were mostly comms services, not hardware manufacturers. There is always a chance that someone set up Librem as a front, but if they did, they'd have made better hardware that didn't take five years to get to this buggy state. You can also review the code and designs that go into the device. Nothing can give you perfect guarantees, but those make it unlikely to be compromised.

Because it's running a mobile Linux distribution, it can be compatible with apps being written for others. The standard distro problem exists where an app may be written for a different mobile Linux in an incompatible way, but many will work. There are devices like the PinePhone that can be used by developers to port their app to a cheaper device. That doesn't give you U.S. assembly, so if you care about that you're stuck with the higher bill to buy this one, but if a developer writes for one of those, it can probably be used on this too.

Re: Asterisk @sergio

Well, sort of, but it depends why you value the USA-based assembly. If you think that it helps you with the security of the components, then having important components made elsewhere (the CPU probably being the most obvious) isn't great for that use case. If a Korean-made CPU is satisfactory, maybe they should try making the whole thing there. This all depends on whether you consider a US-assembled device to have advantages, because if you don't, it doesn't matter much.

Re: 3GB a day huh?

If my IOS devices sent 90 GB per month, I'd see that in my WiFi stats. They don't. They track, and it's really important, and it's an issue that needs solving. Had they just stated the fact of tracking, they'd have been fine. When they decided to state a number, they did something wrong, because it led to this discussion about whether they're accurate while leaving it out would have prevented it.

Probably more that the developers of this tool were at GitHub, not the main Microsoft organization, so didn't have access. While I entirely understand the SFC's complaint and think that Microsoft/GitHub's excuses are stupid, I'm having trouble caring because the tool they've built seems so useless to me. There's no way that Copilot can understand what I want the code to do, so no matter how much good code they've ingested, they'll not have anything to fill in. At least when an IDE suggests parameters or the like, they have a reason for doing that, but I also turn that off too.

Re: 7 Zip

Microsoft didn't say that, and the complainer in that case didn't list GitHub as the only "acceptable" location. In any case, it's the raving of someone who doesn't understand a lot of things, from open source to security to Russia's war in Ukraine. I wouldn't take that complaint as representative of anything in this debate.

Re: Great responses tho

There's a balance between "we designed it this way and it's not changing without good reason" and "we designed it this way and it's not changing".

That's very true, but that balance is often more obvious to the developer who read all the requests rather than the kind of user who doesn't understand that "good reason" doesn't automatically include "I want it". I've had to deal with users who figured that demonstrating that they would benefit automatically meant the request was high priority to change right now. For that matter, I've dealt with users who figured just stating the request meant that, not even bothering to work with me on explaining why this was a good thing for them.

Re: Eh?

We have no guarantee that the person saying this was one, and even if they were, it doesn't change the situation. If I sell products, I may be open to user requests, probably more than when it's open source, but it doesn't mean I automatically take any request a customer has. I evaluate each request for the benefits I expect the users to receive, the effort required to develop and maintain it, and many other issues. If I get a suggestion that I decide won't be beneficial or won't be worth doing given the cost, then I'm afraid the customer will be disappointed. If the product is worthless to them without it, they can try either encouraging me more to change my mind or find a product that better suits their needs.

I've refrained from buying many products on the basis that it doesn't do what I wanted. I don't expect the manufacturer to receive my suggestion email for changing their product and hop to the task of making something for my specific use case. They might read it and take my suggestion if enough other people have also suggested it, but usually they will not. If you do, please send me your email because I have about twenty ideas for products I want but don't have enough time to make myself, so I'd be happy to take advantage of very cheap design and engineering work. I'm guessing everyone who values their time isn't much interested in that proposal.

Re: Eh?

We interpret their comment very differently. You took this from it:

"Sounds to me like somebody knows a better way to do something, and yet is being forced into doing it in a way that drastically slows down the entire process."

I doubt it on both points. First, if they know a better way, they could implement the better way. Proving something better often gives clearer results if you have working code to demonstrate the advantages. This sounds to me like they have a preference and they're unhappy that the authors didn't go make it. It could be better, but just because I think it's a good idea doesn't make it the best course of action for all users and doesn't guarantee the developers will do it.

As for being forced to do anything, no, they're not. You are not forced to use a project, to refrain from forking it for your purposes, or to care what the developers think. If they disagree with your idea, they are not forcing you to abandon your idea. You can try selling it more, usually by taking more initiative because they have already said no to the level you had. You can fork their project to take it in your direction, optionally bringing it back if you turn out to be right and they want to merge. You can make your own alternative. You may be able to make a plugin or overlay adding your feature. That they didn't take your suggestion immediately without reservation does not constitute forcing you not to use it. It just means there's a bit more work involved, and it's your idea, so it's not surprising that implementing your idea may take work.

Re: "legalized the import of products without the authorization of the trademark holder"

"is this an open invitation to steal stuff and bring it to Moscow ?"

Yes. They are getting tired of companies no longer selling to them, so they've given up on trying to convince them to change their minds. It won't help much; they already had piracy, and all the problems it had remain.

Re: "the 50 per cent premium"

"Nice but more limited in terms of IO, memory and processing power"

With I/O, you're right, or at least the I/O is different with each having some features not supported by the other. You're not about the others; the ESP32 has at least 320k of RAM, and often more depending on which module is used. 520k is common. The Pico only has 264, which may not sound a lot less, but when you're doing things like using TLS encryption and caching web requests, it can be. The processor runs a different ISA, but it can be clocked at 240 MHz, providing more power than the Pico's. You may not need either of these, but characterizing them as more limited is incorrect.

Re: I can't see this working

"While I think there should be range of trusted identity providers, I expect my own government should be one of them."

Don't give them ideas. Do you think the legislators will understand the requirements to identify without recording details or knowing the service requesting the identity? Let them start down that path, and they'll create a government account that you have to link with every site you use.

Re: Not my problem

I would if I wanted the functionality. I wouldn't if using it funded murder, but it's open source, so I'm not paying anyone. The current developers of it (there appear to be some occasionally pushing changes) probably aren't murderers, so as long as donations went to them, that would also be acceptable.

"95% of the time, deb or rpm can be used and it will run on virtually all flavours of linux which use the appropriate packagers."

Not always. Dependency management on Linux can often require distro-specific packages for some things, mainly depending on how many shared objects they're going to use. Yes, some people statically link everything to get around this, and small programs probably don't need that many dependencies and will be more portable, but making one .deb is usually not enough. Having said that, Flatpack is often a very poor solution to this problem.

Re: first: "Reset CPU."

I disagree for two reasons. The first reason is the wording. If the instructions say "first", they mean there is no step before it. He shouldn't go looking for one, and had he performed a shutdown when the instructions didn't call for one (and didn't need one), there's no doubt he'd have been blamed by everyone, including the posters here.

The second reason is that, especially when the procedures are thoroughly documented, it's reasonable to think that the process might have been automated. I'm not sure what "reset the CPU" entailed in this situation, but if it was a command, it wouldn't be unreasonable to assume that running that command would perform operations like shutting down. The format of the instructions would imply that was likely. If I'm told to run this command to perform a reset, I'm more likely to trust the people who have done this several times and could have made the command perform an orderly shutdown of all services rather than assume that I should perform my own basic shutdown instead, because there's always a chance that the scripted shutdown does more than just telling the OS to halt.

If the policy is that I always follow the procedures to the letter and it's plausible that the procedure I'm reading is exactly what needs to be done, I don't think there is any blame due to him.

Re: Check you can complete before you start

I see you appear to be a person unable to understand that XKCD is intended as humor. If you're going to take advice on how to handle a situation from one of the characters, picking the exclusively evil guy is probably not the best choice. The point of the strip is still valid in this situation.

Re: Check you can complete before you start

However, it structures it with an unclear warning and puts the safety instruction in the wrong place. This is along the lines of having a label on the front of the machine reading as follows:

Follow all safety instructions at all times.

Do not disconnect any panels unless the machine is shut down and disconnected from power.

and another one on the back, hidden by cables, reading as follows:

Before shutting down, open panel 5 and disable switch 2.

Then getting annoyed at the user who performed the normal shutdown procedure without seeing the note in a place where no operating procedures should be written. Other people here have already explained how the instructions are designed in a misleading way. Basically, it's not a great test of this, as instead of checking common sense, it's checking whether they've seen this test before (I have had someone try it on me, so when it was mentioned here, I already knew the twist).