Posts by doublelayer

Re: Not just that

Please tell me what disability means you can't press a button, but you can still load cups and pods into a device the button is on. If the device had an automatic loader so they could advance it without touching it, then you might have a point (though in any case you still have to have a method for them to retrieve their coffee when it's done), but it sounds like this doesn't have an industrial new cup supply belt.

Disability is a good example of the usefulness of a lot of this tech that's often mocked, but it doesn't always apply.

Re: Disappointing

Be careful what you wish for, because they have struck here before on serious articles. It might seem beneficial to correct them, and it might seem fun to troll them, but it doesn't take very many of them ignoring your correct points and not caring about your jokes while making it clear that they are putting others at risk to make the exercise a lot more frustrating.

In addition, I have identified a pattern of argument among those who argue against the vaccine. When they think they have an advantage, they'll use all these stupid arguments in the hopes of convincing others. When they know they're talking to someone who is smart enough to recognize those as the rubbish they are, they go into defensive mode. That means they will use a lot of vague arguments that you can't immediately dismiss (the vaccine has reported side effects which can be dangerous, and you have to acknowledge that it's technically true while most of the ones they're talking about never happened). They'll also do the very specific lie, the kind that takes thirty seconds to make up but takes you fifteen minutes to research in order to disprove. This tactic isn't limited to vaccines, but it is popular with that group.

Re: aguynearphilly - If I'm not mistaking

It doesn't encrypt, but nobody said it did. SHA256 is in a category called "cryptographic hashes", as opposed to hashes that can be used for storing and retrieving data but are weak on uses for security-sensitive operations, and therefore it still counts. Cryptographers decided this.

Re: @Paul Hovnanian - But it is crypto

The difference in this case is that cryptocurrencies use cryptography as the only verification step and have no central control. Your communication with your bank uses cryptography to throw off a listener, but it doesn't use a cryptographic key to establish your identity and it doesn't use a cryptographic system to ensure your money is only controlled by you (for example, if you pay your bank fees, they'll remove them without you having to authorize it).

The same distinction applies to email. Normal email uses cryptography only between you and the servers involved. Cryptographic email, not usually called cryptomail but you can if you want, uses something like PGP to secure and authenticate the messages themselves, and it really is a different thing.

That doesn't mean that you have to call cryptocurrency that, or if you do that you have to accept the "crypto" abbreviation as applying to it, but there is a reason the word was used that is valid.

Re: how about "Cryptography means Cryptography"?

They might not think of them as digital, but they are. If we decide on a name because some people don't understand one thing, and by doing so we're inaccurate about the thing we've renamed, we're doing two things wrong. Hence why it isn't a proper use of digital.

The things called cryptocurrencies really do have distinct features from all currencies issued by central banks and from purely digital currencies that didn't have the same goals in mind. It is not unreasonable to use a different term to limit discussion to that type of currency. If we used "digital currency", we would constantly have to add qualifiers to our statements to ensure we weren't talking about someone's SQL database with account numbers and amounts in it. As such, "cryptocurrency" is easier to say and understand than "digital currency, specifically a decentralized one using a distributed blockchain and cryptographic access mechanisms" so nobody will use it. If we dislike "cryptocurrency" as a term, it's a good idea for our replacement to have similar exactness and simplicity as the term we want to replace.

Re: how about "Cryptography means Cryptography"?

"Shirley a simple 'Digital Currency' more than covers it?"

No, it doesn't. Any of our currencies are digital currencies, as are tokens stored in one company's database like the virtual currencies used in videogames. Cryptocurrency or blockchain currency, I think either works, is quite distinct because it is decentralized by use of a blockchain and secure by use of public key cryptography (hence why it can use crypto in its name in my opinion). I think from the suggestions that blockchain currency is probably a better name for it, but digital currency is insufficient.

Re: A bit Streisand...

You don't need a lot of technical knowledge to realize that the marketing on more security doesn't mean perfect security, and that you'll never get perfect security. All Apple's marketing means is that you get the security updates they make faster than their competitors (no waiting for device manufacturer and possibly a carrier reseller to release the patch as some Android devices do). They're also happy to praise their App Store review which keeps out more malware (though not all), but as NSO didn't post theirs to the App Store, it's irrelevant in this case. You are asking Apple to produce effectively bugless code and claiming that, when they don't do so, it invalidates every security claim they've made. It doesn't work that way.

And whatever your insurance contract may say, if I walk through your unlocked front door and take your stuff, I've still committed a crime and can go to prison for it. NSO didn't attack a device with no protections; they had to break some protections to get what they wanted, but even if they didn't, it would still have been illegal for them to do it.

"the very fact that they allowed this software to be installed means that they are jointly responsible and should compensate their customers."

They did not allow it to be installed. They didn't know, so didn't allow or deny. They do not have the responsibility to police everything you do on your device, and when they take a few steps toward even thinking they have the right to do that, we complain about them and they get sued for limiting user choice, actions I emphatically support.

"OK mate so what you're saying here is that Apple phones are vulnerable to malware installation? Something that Apple keep on denying."

No, they don't. They call out security fixes in literally every IOS update. That indicates that IOS was in need of security fixes then, and they've never said it would now be perfect.

"You're also effectively admitting that you can't do anything to prevent this without resorting to legal action?"

No, he didn't. He said that the abuse of security holes was illegal, so they were justified in bringing legal action. He did not say that was the only method available to him, and Apple's patching of NSO's exploits proves that it is not.

Re: I sense this is not going to be a popular opinion...

Please read the article. They didn't say that they're entitled to damages because "You ran code on devices we made and those are ours". They said that NSO used Apple's services, the ones that run on Apple's servers, that you have to agree to a contract to use, and that you can choose not to use, and that NSO broke the contract in their malicious use of those services. Entirely different.

You have objected to an argument they never used, and your conclusions are entirely built on your failure to follow their claims.

Re: A bit Streisand...

Ah, yet another call for perfect code. I like this site as a news source because most articles assume a degree of technical knowledge, and most participants on the forum seem to have that. Sadly, not always. If I come to your house and determine that I can break in without you knowing, it's still a crime if I do it. You should know this.

Re: Apple & C. want the information control - and power to decide who is under surveillance or not.

They may not have been, but I will. Yes, those are courts I include on the list, which is why I take a dim view of NSO and companies like them facilitating the penetration of technical defenses. The U.S. may not be using them; I have not seen them on any of the lists of NSO clients that have been released so far. However, the U.S. develops similar exploits and I want them to stop. I want everyone doing such things to stop committing these crimes, and if NSO is the low hanging fruit on the issue, then start there.

Re: There is a big difference...

Rubbish. I'll make it simple: search for exploit, allowed. Have exploit: allowed. Use exploit to invade a device you don't own: not allowed. That's all this would do, and that's what the laws currently say anyway. If you think the only way that security researchers can make money is selling their findings to malware creators, you're wrong. If existing security researchers do that, they've committed a crime.

Re: Offensive Researchers

No, it couldn't, because you already have all the legal rights you need to sue the U.S. over Stuxnet. The problem is that they will deny that they did it, and it's hard to provide sufficient proof otherwise. You would also have to prove that you were damaged by Stuxnet in order to have standing. If you can do both of those things, you don't need a new legal precedent for it. If you can't do both of those things, you still don't need one but you're likely wasting your efforts.

Re: No excuse

"It just puzzles me they all are subject to extradition proceedings, what they did is criminal under English law and that’s where they (allegedly) committed their crimes."

Extradition usually applies when the victims are in another country. The UK can of course turn down that request, but it's not unusual to be asked when American victims are involved. For the same reason, if someone steals your money from Russia* and you're in the UK, the UK has the right to charge the criminal, may request extradition from Russia, and may request extradition from somewhere else should the criminal travel there. The U.S. is doing the same in this case.

*Russia used as an example of a country that rarely extradites.

Yes, it could do that. And it could do that already. If you let your Windows image see the partitions your existing Linux is on, they have the access they need to modify them. The malware concerned would need to have some extra code in it to write to the unfamiliar filesystem, but any malware sufficiently advanced to detect your Linux and inject a Linux service could bring Ext4 with it. Most malware isn't going to bother doing that, but if you want it prevented, you'll have to do more than just not having the OSes sharing a partition.

Re: Not saving money?

"And that getting ready would involve a lot of running around in blue-arsed fly mode. Far better to be there ahead of time."

I didn't say they shouldn't, just that there's no lock in mechanism available to Microsoft. Microsoft benefits by having lots of subscription customers. I wouldn't be surprised that they try to get everyone to use that licensing method, but an inflation rate that ends up forcing customers out is stupid and they have enough people to recognize this. Lots of organizations have shifted to using Google services including Docs even though it's painful, so Microsoft should be well aware that their dominance in office software is fragile.

Re: Not saving money?

"Potentially, MS could increase their subscription fees by 35% a year every year for 20 years, and those users who are locked in would have no choice other than to pay up."

How do you plan for that to happen? Let's assume for the moment that Microsoft would want to do something that stupid. They currently have standalone licenses, so I'm assuming this requires that they stop selling those first. With subscriptions, they do have a method of cutting people off if they stop paying, but they don't have a method of locking them in. The customers could choose to stop buying a subscription as soon as they were ready to use something else, and Microsoft wouldn't have any leverage over them. The data would still be available, in an open format, and can be downloaded off Microsoft's cloud storage if they put it up there in the first place which is unlikely for government documents. LibreOffice supports the current and older formats used by MS Office, so it can be dropped in for most users.

If Microsoft did use the license inflation algorithm you suggested, people would switch somewhat quickly-. By ten years in, the licenses would cost twenty times as much, and that would be all the price shock a lot of users would need, many of them having jumped ship long before that.

Re: Why are they even holding "passwords"?

They could be doing it wrong, but they might just mean that the properly hashed passwords were exposed. However, if I remember correctly, Word Press uses MD5 without salting for the passwords. That's a lot better than plain text, but not good enough.

Re: Not surprised

Educational/experimental could mean a lot of different things. For example, educational system could mean the Pi foundation's original dream of a desktop used in a school for ease of maintenance. The original Pi was almost entirely incapable of that, and the newer Pi, while it can do most of the tasks you might expect of a school computer, isn't always capable (running some bloated online learning platform which is a memory hog on a 4B 1GB, for instance). Experimental system is even more vague, as you can experiment with a lot of different things. Experimentation with administering a system, using a lot of server-style software, etc.: a Pi is great for that. Experimenting with machine learning where the instructions recommend a minimum spec for the GPU: think again. Therefore, it still depends on the use case, and a quite detailed one.

Re: Not surprised

"It's as strong as it needs to be for an educational/experimental system, and that's pretty strong."

This depends heavily on the goals you have in mind. If, as the original post suggests, it is meant to represent the power that Linux brings, there are several places where it really isn't there, especially for a nontechnical user. For example, put any nontechnical user in front of a Pi running a desktop environment and they'll quickly notice a few problems. For example, they might try to watch a video online using Firefox, something the cheapest of machines can do easily, and the Pi won't handle it. We as technical users familiar with the Pi understand that Firefox doesn't have hardware video acceleration support enabled by default, it doesn't work that well when turned on anyway, and that, if you want to use it, you have to use Chromium. The average user doesn't already know this and might well ask why that problem hasn't been fixed.

The Raspberry Pi is a great machine, and in comparison to the original comment's old processor, it is much more efficient. It must however be acknowledged that while what it does is more efficient, it also does less. Someone who used the resources of a desktop processor may find that the Pi's IoT-class SoC is not sufficient for their needs. Nobody expects to make an urgent cross-continent trip on a bicycle, and nobody expects to use a Pi for something processing-heavy.

Re: Speedbump

No, you couldn't rebut the point because you have ignored the one I used. I said outright that this user had the ability to update to Catalina and hadn't yet used it. However, there are OS releases where some hardware is cut off, and XCode doesn't keep compatibility with the old release then either. Whenever OS releases stop for some hardware, XCode releases stop too. In other words, exactly what the original complaint said: some hardware still works but can no longer run the latest XCode.

You can easily argue that this doesn't matter. You could argue that the support lifetime for feature updates (which is what you need for the latest dev tools) is long enough. You chose to argue that they were wrong. They weren't wrong.

Re: Speedbump

"Google for Xcode MacOS compatibility."

Why not? Let's see what pops up. I'll start with DuckDuckGo, though, using your suggested search term.

First result is a person who can't compile for IOS 14.2 because the XCode that can do that requires Catalina and they're on Mojave. I.E. a required Mac OS update in order to support something which is entirely ordinary for a different platform. True, in this case, they can update, but they could have the same situation and be unable. Your score: 0/1.

Second result doesn't really mention it, so we'll call that a draw.

Third result is a user who doesn't understand how this works, and the answer to their question includes this statement: "Basically, there is no current Xcode that will work on your mac and know what to do with your phone." Sorry, 0/2.

Fourth result is the Wikipedia page for XCode. It has this sentence in it: "the latest stable release is version 13.1, released on October 25, 2021, and is available via the Mac App Store free of charge for macOS Monterey users." This means that non-Monterey users can't install it. 0/3.

Do we really have to continue? Apple cuts support for XCode to their latest OS, and that is required to compile for modern mobile devices. They don't want the support costs; I get it. However, it does allow them to be compared unfavorably with Android, which doesn't do that.

Re: Speedbump

"I don't think it's feasible to develop anything Apple related on gear older than 4 years"

Oh come on. A lot of these developers are building apps for IOS or Mac OS which do one thing and are smaller. They're not building the kernel. If they were, something five years old would be slower, but they could wait that out. However, they're probably building something which can be fully compiled in a matter of minutes and their changes can be compiled and linked for testing in seconds. The newest machines could perhaps do that in fewer minutes and fewer seconds, but it would still be the same order of magnitude.

Re: Opening up the M1

You're correct that Apple won't give others the designs for the M1, but why should they? The original point is that the ISA executed by the M1 is known, so other manufacturers have the choice to design and manufacture a chip of similar specification and therefore similar performance. Apple doesn't have to give up all their work for ARM to be open. Some work on a standard bootloader would be appreciated, but I wouldn't expect them to do that either.

"Apple only uses ARM ISA (which ARM has developed for Apple specifically),"

I'm not sure if I'm understanding this phrase correctly, but if it's what I think it is, no they didn't. ARM designed it in many steps, some of which were before Apple was using it, and they designed it for licensees including many who compete against Apple.

Re: Speedbump

You are missing or misconstruing a few of their points and drawing incorrect conclusions from them.

Them: "Which contains workarounds for at least some of the bugs in its processors."

You: "So having "some" workarounds is supported or not supported?"

The thing here is that the OS provider, Microsoft, is not the processor provider, Intel. Microsoft made some fixes to Intel's problems, but they cannot make Intel change the firmware. Intel has done that in hardware back to the sandy bridge models. Microsoft has used software to deal with those Intel chose not to do.

Them: "Even Windows 11 installs fine on older PCs (the oldest one I have it running is from 2012, and that's only because I have no PC that is older to try) without any hacks."

You: "So if it installs but does not meet ms minimum requirements, and MS says they do not support it, is it supported or not?"

Good question, and it's subjective. I would say it is not supported. However, it's not supported under Windows 11. It almost certainly is supported under Windows 10 (yes, the latest version of it), so it counts until 2025.

Them: "Pretty much everything starting from Sandy Bridge and later has seen fixes for these issues"

You: "Sandy bridge is 10 years old, so older processors are thus not supported. This is from your statement. This means the oldest supported PC would have to be *at most* 10 years. [And Apple has ten years also]"

Wrong. Intel has fixed a security vulnerability in their hardware for ten-year-old chips. Microsoft has patched it in software for older machines, thus supporting them. If we say that support must include fixing hardware security vulnerabilities, then Apple has a zero-year support lifetime because they have not made any effort to fix their T2 security problems. And that chip, they made themselves. Blaming Microsoft for a thing they had to work around because Intel chose not to fix it is a very different proposal and much less reasonable, most particularly because Microsoft's fixed theirs and Apple's done nothing. In addition, you have AMD chips which didn't have Intel's problems, and they're also supported.

You: "Intel themselves declare EoL for their products well before 10 years.. [reference link] So how is your PC "supported" after Intel has declared EOL?"

The OS is supported because it can run and it provides security fixes for OS problems. The same reason I don't automatically count an Apple machine as unsupported when they say they won't fix some problem as long as they do continue to provide updates.

You: "What you really are saying is that on PC you can run newer OS even if you end up with a buggy/insecure system that has actively exploited and publicised vulnerabilities. This I agree, it is more difficult with a mac, as Apple clearly state that they do not support the HW, as for eg, Intel has stopped support. You as a mac user are informed of the EoL and can choose to run older HW, with awareness, rather than the PC world through ignorance."

Rubbish. If I run the latest Windows on insecure hardware, I have my hardware's security problems, which I can look up, but I don't have the security problems fixed recently by MS. If I was forced to use an older version of Windows, I would still have my hardware problems but now I'd have the OS bugs too. That is the difference. Apple does continue supporting the OS, but not as long as Microsoft does.

Re: Speedbump

There are some systems that stall on Windows updates for some hardware reason, but that's really not that many. Until Microsoft decided to change their policy with Windows 11, you could try to run the latest Windows 10 on basically anything, and most of the time, it would work. In order to prove that, people have been bypassing the system checks on Windows 11 and showing it running on really ancient things. While some computers from 2014 have had drivers dropped, there are a lot of machines from 2008 which indeed can run 21h1 Windows 10 (21h2 is Windows 11) and are being used that way right now. Those will continue to get security updates until 2025.

Apple has entirely earned praise on software support for their mobile devices, as they have supported their devices much longer than any competitor, even as some Android manufacturers have been extending theirs. They do not have the same credentials when it comes to desktops. They support their desktops for a moderate time, less than Windows is supported (unless MS's Windows 11 policy continues to obsolete more things, in which case they could pass them in the race). This is entirely without considering Linux which leaves both well behind. Apple still has a large edge over Chromebooks, but unfortunately, they have not earned the praise you are giving them.