Posts by doublelayer

Re: almost certainly prevents me writing down the list of names myself and going from there

Except for some mistaken copying of a few lines, what Google copied was a list. A list of functions. Just like my list of functions. Oracle claims that this code, the declarations of the API they own, is theirs to control. Whether someone copies the file containing the list or writes down the list, it's still a list and contains the same items.

Oracle claims that copying that code is a violation of their copyright rights. They're not hinging it on the nine lines accidentally copied; everyone agrees that wasn't allowed and the lines were removed. They're basing it on the 11K lines that remain. Here's the problem with the argument you're making. Either those lines are copyrightable or they're not. If they are, then it doesn't matter whether I reorder them or make slight modifications, whether I copied them with a clipboard or typed them manually, I'm not allowed to copy them without permission. Oracle owns the text and I'm only allowed to use it if they approve. You are arguing that Oracle can copyright just those declarations, but that it would have been just fine had Google somehow written the list themselves. Not only is that impossible, but it is directly contradicted by copyright law; copyright law doesn't care how I duplicated work, whether I ran a book through a photocopier, got a bunch of blank paper and copied it out by hand, or had someone else play a word game to give me each word in sequence.

There are two logical ways to resolve this. The first method is to state that APIs are too basic to copyright, being lists of names. In this case, Google can keep using their file. You seem to disagree with the legality of this option. The alternative is to say that they are copyrightable, and therefore to copy the essence of them without permission is forbidden. In this case, it's not possible to take the steps you suggest to get around that. The two APIs I wrote above are the same. They're reordered a bit and I dropped some comments, that's all. But copyright doesn't care about this. If I dropped every second page from a book and randomized those pages before publishing them, I still committed copyright infringement against the author. Even if I rewrite those pages without reading them myself through some complex arrangement.

Re: but reimplementing them is what Oracle thinks they can forbid you from doing

Yes, that is exactly what they think they can do. It's simplified, since they think they can prevent you from doing it if you haven't complied with one of their licenses, either the GPL or one where you pay them, but they think they get to set the terms under which you can create functions with the same names and parameters. They think that, if you don't follow the terms, you aren't allowed to create those functions. They might end up being right according to the legal system, but all we're discussing in this thread is what that could mean later.

Reimplementing an API doesn't require copying code, but it does require writing very similar code. If the original API reads like this:

int factorial(int n); //returns -1 if n is invalid

int fibonacci(int n); //warning: negative numbers means undefined behavior

There's only so much you can do to create a reimplementation. You can change lots of things, but probably the most you can change and have it still work is this:

int fibonacci (int x);

int factorial (int x);

The person who typed that may never have seen the code specifying the previous API, but their code necessarily looks very similar. If copyright prevents me from copying a list of function names, it almost certainly prevents me writing down the list of names myself and going from there. No matter how I change the comments, spacing, or parameter names (and I probably shouldn't be doing that), it's going to end up being basically the same.

Re: Nine Laypeople

Judges don't live in isolation, but some things are sort of hard to understand if you've never learned about them. How does one operate a phone? They know that. How do you manufacture a phone? They have a fairly good idea. What is the difference between an API, a language, and a functional implementation? They have no reason to know that.

It's not that they live in isolation but instead that very few people know that kind of detail. Things we assume everyone on the comment board understands are things the general public has never heard of. I present you the following challenge: find ten random people who don't now and haven't before write code or administrate complex computer systems. Ask them the following questions, which I'm sure we could all answer in an instant. One point for understanding what the terms mean, one additional for getting the details right.

1. What does an operating system kernel do and what does it not do?

2. What is the difference between ROM, RAM, and nonvolatile storage?

3. What does compiling code do?

4. What is the difference between little endian and big endian encoding?

5. What is an API?

6. What is the difference between an IP address and a MAC address?

7. What is an ISA and which one or ones are you using?

8. Identify a piece of software you use. What language or languages was it written in?

Run this test on the nontechnical public. I'm guessing you'll see a lot of zeros, the occasional one, and maybe a two. Not a sixteen. You don't need to be isolated to not understand points core to the topic.

Re: The devel is in the details

"* OpenGL is under a pretty liberal BSD-style licence. There is a trademark licence treated separately, but that isn't involved in the Oracle vs. Google case."

This one probably holds. Worth keeping in mind that the person you're replying to specifically stated that they hadn't checked, so while this one's choice of license makes it unlikely to take advantage of a precedent, it could have fallen into it had the developer made a slight change to the license chosen.

"* Octave/Matlab; languages, not an API."

A language and an API are very similar. Both take creative effort and specify a way of running things, the implementation of which is provided later. I would not expect them to be treated differently.

"* SQL is an ISO standard and a language, not an API; anyone can buy a copy of the standard."

Anyone can read a copy of Oracle's Java APIs, but reimplementing them is what Oracle thinks they can forbid you from doing. Someone who decided to license SQL could allow you to purchase a copy and read it, but woe to those who try to reimplement it without receiving permission. This is not unusual with standards; if I try to reimplement the LTE specification from its standard without purchasing licenses to the components, they would be very grumpy. I also contest your language-not-API distinction here. I don't think it matters anyway, but I think it's also incorrect in this case. SQL may be both, but it provides a series of functions with parameters. That's effectively an API, it's a list of possible functions which exist. SQL also includes a language in which the functions are called.

Re: Status quo?

To clarify, it's the legal status quo in this case because it's what the previous judgement is. When cases go to the Supreme Court, it is to either uphold or overturn the ruling of a lower court (simplification, but close enough). The opinion of that lower court is therefore considered the current approach unless it's overturned. This is why, for example, the opinion of the lower court stays if the court has a tie vote. This is smaller than it sounds; it mostly applies to one case. As a case rises through the appellate system, what the status quo is could flip a few times before the case is finally over. Once the case is over (taken to the Supreme Court and decided there or one side concedes defeat instead of appealing), that decision could become a much larger status quo that applies to lots of other cases and people.

Re: Alternate use...

Could you specify the questions that aren't being answered? In an attempt to inform myself, I searched for the blog posts that were deleted, but I couldn't find them. At the time of writing, the official blog contains nineteen posts from 2020. Going to the Internet Archive, I've searched through their historical captures of the blog and I have not found any posts in those captures that don't currently appear on the blog from Pine64. I only looked at posts in 2020, so if they only deleted years-old posts, I didn't search that far. They do bring up phone-related things from time to time, so I'd be curious to hear the things about which they're silent.

Re: A suggestion for a long life

Possibly, but even when 5G does happen, it isn't going to make 4G obsolete. It took a long time for 2G and 3G to die, and that's only in some countries. Europe especially has kept these around for several more years yet. Therefore, I'm not sure it's that important to include it since it's not core to the device continuing to function; by the time 4G isn't being used anymore, the biodegradable back cover will probably no longer exist.

Re: Alternate use...

You might want to look at the PinePhone. While its specs are worse than this one, it is designed to run a variety of Linux distributions and provides the resources needed to easily port things that aren't yet in the list of thirteen working distributions. It is also easy to repair (Youtube video demonstrating disassembly. If Linux is what you want, this might be a more reliable way of guaranteeing that you'll get it. One note, I don't have one of these and can't vouch for its quality.

Re: Thingies cat

You hire people based on a diligent attempt to establish their abilities and responsibility. Only if you made that effort in good faith can you start deflecting blame. It's not enough to find a person, hire them without checking, and blame them for anything that goes wrong. Similarly, if you hire someone to do a task, it becomes your responsibility to get enough information to determine whether they're doing what they were hired to do. Sometimes you may hire someone else to help you manage that task, but this just increases the size of the tree which you still have to monitor. If you didn't do enough to validate that the people you hired were capable of the job and were actually doing it, you still take the blame for things when it turns out they weren't.

Re: "AD requires a CAL which means its not financially viable"

Yes, you can. Manufacturers get to choose how they go about it, but some have chosen to sell some of their products with Linux instead of Windows with a corresponding reduction to the price. Dell and Lenovo have done this, but only for specific machines in their lineup. You can of course purchase from a company that specifically focuses on Linux machines, of which there are several.

Re: Give the FTC more power?

While I'm not aware of Joseph Simons having done anything to bring on ire, it's possible that the original poster was instead referring to the person who currently has the power to remove and replace commissioners should they wish to mess with something. Maybe the post was intending to call for increased oversight of a bureaucratic entity should its powers be increased. Or maybe it was just an acronym confusion. I'm not sure.

Depends on the state of the office. Put me in an open plan office without restrictions about noise levels, even requiring me to stay there and looking at least a bit productive for all my allotted hours, and I assure you I'll be less productive than at home, where things are quiet, even if I take breaks more than they'd like. The same can be true for lots of environmental differences, from noise to equipment to socialization.

As it happens, your comment is correct for my current home and office setup, because my office had full walls and also gave me an easier way to quickly check things with others. When my team members all return to the office, I'll be there too and I'll be cheerful about it. It could definitely go the other way for lots of people.

Re: Classic techie mistake

I don't think that's the correct response. I have not read his account, although I've just put it on my reading list which is a LIFO stack so I will have soon, so I'm going with the summary outlined above, but in that case, it was a terrible response. If the comment I'm referring to is correct, the reason he could break in was that people were using a small set of combinations and the locks were shoddy enough to take several possibilities. The second problem is expensive to fix, but the first is not. Ban the default combination and require people to change it, with an explanation of how to do so randomly. That should dramatically worsen the chances of having a code which unlocks all the safes or brute forcing a small number of possibilities while distracting the safe's owner.

In addition, this was a government project with a massive budget holding state secrets; if security isn't relevant there, what is the point? Blocking one person from accessing safes protects you against that person, who already proved he was on your side by reporting this instead of stealing the information and choosing his next nation of residence. It does not protect you from anyone who read his report, heard it from him, or figured out the same thing. If they're not on your side, you won't find out until after they've exploited the problem. This is what happens to the least sympathetic of data breech victims; they know there is a problem, know why there is a problem, know how to fix the problem, don't fix the problem, and people suffer as a result. Don't do it.

Re: The Waste Makers

The article states that the company concerned also operated in the United States at the time, to say nothing of the possibility that phones were shipped to the Canadian recycling facility to take advantage of a good recycling rate or cheap electrical power. We really don't know how many devices were recycled by Apple at all, given that we don't know how many companies they use to recycle for them.

You are trying to prove that Apple's devices are unusually bad, which is going to require extra levels of proof. Their repairability scores aren't great, but their competitors' aren't either. If you want to ban Apple devices for sustainability problems, which they have, you should also prepare for most competitors to be banned as well. Only a few phones I know of are easy to repair, including the Fairphone, PinePhone, etc. so you might be left with only those.

"not sure: if Apple handed them to the recycling firm, then the recycling firm owned them."

Almost certainly not. Apple could have done it two ways:

1. "Here are some phones we don't want. You can buy them and obtain value from them. You have to be environmentally-focused if you get rid of parts." Results in the recycling firm owning the devices.

2. "Here are some phones we don't want. We want them recycled, you recycle, so we'll pay you to recycle them." Apple still own the devices.

I think Apple chose option 2, in which case they are paying the company to do something with the things Apple owns. Since the recycling company didn't own them, they can't cancel the contract on right-to-repair because the devices are not theirs to repair.

I would prefer that the devices get reused when possible, but it's helpful to recognize what legal rights Apple has in this situation if only to suggest ways to make it less likely to happen next time.

Re: Google has short life cycles...

Depending on the history of those drives, the total destruction contract might have been more relevant. If they previously held sensitive information, the destruction could have been to eliminate that rather than to push demand for newer disks. I would be very angry if I gave disks to someone for destruction but they didn't do it. Then again, such concerns shouldn't apply to Apple devices since the internal storage is flash and encrypted with a separate location for key storage, so an erase should be nearly impossible to recover from.

Re: Mobile is not laptop or desktop

Almost certainly the laptop processors will be as good or better. However, there's a reasonable argument that the phone-level processors won't really work well enough for laptop or desktop use cases. It depends what they're being asked to do, but some people use their laptops for more intensive tasks that people don't do on phones or tablets. I expect that Apple's laptop chips will be more powerful than their phone ones, but the question still remains: how will they go about it? They could just design similar cores to run under higher power to get performance improvements, which would probably be helpful, but they could also just try throwing more cores into the mix, which will only help some of the time. Depending on what they do, they could have a performance dip in laptops where they've stuck too close to the mobile chips. This probably isn't a major factor since they can quickly change their plans for the next iteration of machines, but if they make that mistake the first time, people might have less confidence.

Re: Is this the same HP... @A.Coward

"Really? Guess who owns Thinkpads - not IBM - think Asia - think Red...."

That's the point being made. IBM doesn't make Thinkpads anymore, Lenovo does, so if IBM does something wrong, it's wrong to punish Lenovo for it. Substitute "HPE" for "IBM" and "HP" for "Lenovo" and you've got the point they were trying to get across.

Re: When will I get what I want?

You can get most of that, but you'll have to resign yourself to some restrictions. The primary one is the operating system involved. There will not be Linux. There mostly won't be Android either. What there will be is mostly going to be KaiOS. It technically has the Linux kernel and a lot of open source code from Firefox OS, but the top layer is closed source. It meets most of your desires:

"I don't want a camera - with one, two or three lenses": There will be one, it will be bad, you can ignore it.

"I don't want a 6.5 inch display": How about 2.4 or 2.8 inches (6.1 or 7.1 cm)? That's what you'll get there.

"I don't want a non-repairable,": Battery is replaceable, expect the rest to be hard to repair.

"I don't want limited use": Not sure what this means, but it has fewer features.

"₤600": Did you mean to use the Lira sign? ₤600 Turkish is €65 or so. Whatever you mean, the basic phone will be much cheaper than the one mentioned in this article..

"I just want a bloody phone: flip design,": Check.

"4/5G,": I don't think anyone has a 5G one out, but 4G is definitely available (some exceptions apply based on your country)

"keyboard,": I don't think so. Numeric keypad, but no qwerty ones as far as I know.

"a week's battery life on idle, five hours talk time,": Yes.

"a bright viewable screen": Not sure about this one.

"and proper way to sync to whatever I want to with a cable,": Depends what you want to be syncing. It can sync some types of data that way.

"Wi-Fi and Bluetooth,": Yes.

"Linux OS preferred,": Kernel only, no shell, not much else from it, apps are written using HTML and Javascript.

"Android grudgingly accepted.": No.

"And no 'apps' unless I want to install them myself.": They'll have basic ones, but they're easily ignored. Other apps are available, but not many and with few features.

Probably not what you're looking for, but it's almost certainly the closest you'll get for quite a while if ever.

Re: A 600£ or 700£ price is now considered not hard to swallow? For a phone?

There will be some improvements, and undoubtedly someone cares about each one of them, but for most people several will be unimportant. This device will have a faster processor. I don't need a faster processor, so not a factor for me. If you want the fastest available processor, you can't get it without paying something in this range. Similarly, the more expensive device probably has slightly faster internal flash, more cameras or better ones, a screen with a higher refresh rate, faster charging, and/or waterproofing. Of this list, the only one I care at all about is waterproofing (and I don't care that much) and you can get that at a lower price, so it does nothing for me. Still, if you care about most or all of the features listed above, maybe the more expensive device has benefits.

Re: Hmm...

They're also used for different tasks nowadays. In decades past, normal users might do most of their work by logging into that from their basic terminals or terminal programs running on relatively weak computers. They'd do standard work on that system, which was also running the important software since the mainframe was the only large system available. Now, the mainframes are still used to run the large software projects (some of the time), but users usually don't have to log into that mainframe to read their corporate email or access intranet-type services. This means that a lot of users probably don't get accounts for the mainframe, and therefore the worries that an unprivileged user will find a way to attack it or allow someone else onto it to do the same are reduced. It doesn't make it perfect, but it does make it easier.

Re: Hmm...

You are correct about that, but even the mostly secure Unix and other multi-user operating systems weren't designed for situations where one user would need very strong isolation from others. Random examples still exist of this; it's still possible, for example, to read the command line commands another user enters. This is usually not critical, but it's an example of one of the previous parts of the design where security really wasn't a factor. Other examples exist, such as when passwords were really stored everybody-readable or the ability to have a file exist with permissions inconsistent with those of its containing directory. These all are small and relatively unimportant, but compared to now when we're trying to limit processes' disk access inside a user account, they look a little anachronistic. The main reason that we don't care much about the few of these that remain is that multi-user systems are used less frequently; our personal machines usually only have one user account logged in at any time (assuming they even have more than one) and most other systems use VMs for small sets of people rather than one big system with open login for the whole institution.

Re: Hmm...

There's another problem, which is that some of the old operating systems you mentioned or could mention were never subjected to the attack landscape we now force our operating systems to undergo. Early operating systems basically ran themselves and one program, so they didn't have to care about multiple programs running together. Even when they did implement this, the major concern was making sure those programs didn't crash or modify the state of each other, not securing one's operations against another one. Memory protection came along and we took steps to insulate one process's memory from another one, but again this was more to make code correctness easier rather than a primarily security-focused decision. Even in the late 90s, Windows gave every user local admin, with the concept of user accounts only serving to help organize things. Now we expect a secure system to do so many more things that make it harder. We expect a hypervisor to run VMs with total privacy between them (sometimes between them and the hypervisor). We expect that a multi-user operating system will only allow a user and root to access any of the resources of that user. We even expect that processes run by the same user will be sandboxed from some of the resources available unless a separate permission is granted, and it is the OS which has to provide for and ensure that. The operating systems we used to have were not only much smaller, but they also were not expected to provide the kind of security we need today.

Re: Digital Ocean?

Malicious bots will find somewhere to host no matter what. As far as I know, DigitalOcean does respond to abuse requests and does take down people's servers when needed, but if malicious people find it easy enough to set up servers there, they'll still do it. Block those IP ranges and you'll find that others also attack. Block everywhere where attacks come from and you'll mostly eliminate the internet from accessing your site. I run a server there (almost all of its traffic is to provide services on request, it's not generating much), and if I scan my SSH and web logs, I find attack attempts coming from at least eight cloud providers and twenty non-cloud countries in the past week. Blocking all these ranges isn't a good answer to attacks because you'll at best reduce their quantity. Instead, make sure that not even a good attack will work and ignore the noise as the price of having a publicly-accessible system. If you're getting something like a denial of service attack, you have to worry about the source, but if you're getting automated login attempts, let them try a few times then ban their IP.

Re: An honest question...

You could easily do this, but only by buying and powering extra hardware. From an environmental and cost standpoint, having the electricity provider which already knows some of this just tell you what they know is better. If you have devices you think will do something worrying, by all means set up this system to have realtime data and the ability to automate. If you just want to know what a spike was, you don't need to do that to every device in your house.

Re: Hold For Me?

My concern is what happens when a person picks up. If I have the phone near me, it still has to inform me of the person so I can pick up. That could take five to ten seconds, and an impatient or busy person on the other end might decide that my silence means I abandoned the call. If this feature makes someone hang up on my call, it won't be very useful. What would be more useful is a function where the automatic system could call me back when a representative can be allocated to me. The benefits of this don't seem to have gotten through to most big companies I've called.