Posts by doublelayer

Re: "Open Source software was never meant to be used the way AWS use it"

"Why GPL didn't make a provision stating that if you rent the use of code to others, or anyway use it commercially, you have to publish your changes as well?"

Because they didn't envision a world where code is run for users rather than sold to them. However, that change would not fix the Amazon payment situation. Amazon already did release their changes. They just made money from the use of it and weren't generous about giving back financially as well as with code.

Re: "I don't know how much AWS gives back to the ecosystem"

"Rent seeking? Are you saying it's unreasonable for Amazon to throw a few coins into a few hats to support all that open source software they copy and paste wholesale and make billions from?"

No, I'm saying I don't agree with someone who demands it when they chose an open source license. Just as I don't agree with someone who makes something GPL and then complains that they can't make it noncommercial use only. You choose your license and it gives others freedoms, including the freedom not to pay you. It's reasonable to be unhappy about this and to complain vociferously, but to unilaterally change the license terms is something they have the right to do but I don't like.

Re: "I don't know how much AWS gives back to the ecosystem"

Not to praise AWS here, but if you're talking about Elastic,, that's not exactly the way their decision got made. They didn't like the fact that open source means you're allowed to use it for free. I get why someone at Elastic might be annoyed at AWS for making use of something that was given away, but that's part of the calculation when you use a license which effectively says "no support and you can use it without limitation". AWS didn't pay them very much, but they did upstream patches. Elastic wanted to rent-seek on their code and switched the license, and AWS chose to use the freedoms they were given. When you consider that Elastic got assistance from many external developers and didn't pay them for that, you can see why not everybody is on Elastic's side.

Re: Fine advice, but not relevant to the article or browser

That is unfortunate, and as you probably already determined, I don't really like this. Even so, it doesn't change my original point. If the web browser is displaying a document which is effectively an application, then someone else can with great ease implement an SSH client that runs on it. There is still no reason for that to be integrated into the browser.

Re: Cleanliness is next to godliness

I don't think it ever supported uploads over FTP. I think that was just for downloading files or browsing the directory tree. FTP clients exist for that purpose, and they'll probably do it better than a browser does.

Re: Fine advice, but not relevant to the article or browser

"And yes, they should have added support for sftp/scp/ssh to the browsers decades ago."

Why should they do anything like that? SSH is a control protocol, which has very little to do with browsers. Why should a browser do the job of an SSH client when you can go get an SSH client? At least with FTP, the browser's job of downloading files is part of what FTP is for. Similarly, I don't think a browser should implement the uploading features of an SCP/FTP client, because that's not its purpose.

A browser, to me, is a tool for getting files over certain protocols and displaying them to the user, and shouldn't try to do much more than that. Opinions vary on what documents a browser should display (run scripts in them, have a PDF viewer in them, etc), but I would hope that we don't also have to shove every other kind of program into that.

Re: Yes, but let's miss the point and argue about trifles

These discussions aren't as pointless as you think. We all agree that ads are a nightmare, probably useless, and that we'd be happier without them. Well, probably some people don't, but I think most of us here do and I'm prepared to skip the people who don't for now. The problem is what we do about this belief above the ad blocking systems we have running. The stated solution in this case is PDF, which isn't really a good solution because, if it was used by others, ads could be integrated in it as well through JS integration. This guy has simply decided not to put in any ads, which is great, but he could have used lots of formats to do that.

Since many options are available, it's worth discussing what format is optimal. Let's say I wanted to kill adtech so I decided to send you all my pages as image files of the rendered text, and to prevent possible bugs in decompression software, in an uncompressed format. That does technically solve the problem of active code in documents--you're not getting any scripting in a raw array of pixels. However, that's a terrible solution and you should tell me that before I waste my time on it. PDF is not that bad, but it also has problems that make its use suboptimal in this case. Hence it is worth discussing what would be best for a format without advertising or tracking.

Re: There's a lot of truth in what he says....

His complaints are true, and his reaction doesn't do anything about it. You can write very ugly pages with HTML, you can have lots of ads and trackers, it makes a lot of the internet a pain. His solution, however, is just not to do that, which could be done as easily with clean HTML as with PDF (better in my opinion). It doesn't change the calculations of the ad-supported business model, nor does it really fix problems. Not only that, but he also has to use some HTML so users can find the PDFs; they do hypertext badly. The complaints aren't original, and the solution isn't an efficient way to resolve any of them.

Re: re-sizing and re-wrapping text

This implies that feedback forms are necessarily wrong. I don't have them on most of my pages mostly because I don't want to deal with the readers' feedback, but if someone does want to give that ability, why should they be limited to writing an email address for someone to copy and paste over? It can be done without JS, it has been done for as long as the web was a thing, it doesn't prevent archiving, so what's the major problem with it?

Re: re-sizing and re-wrapping text

"BUT, if you don't allow scripting, how are you going to do"

"slippy maps (Google Maps, OSM, etc)?": Well, you could have a client program which you download and run so you know what is running what code, but at some point you either have to let a complex program run on a browser or not.

"Editable forms?"

With the HTML tags form, input, etc. They've been there since 1990. That's what JS pages use too, they've just got extra junk around them.

"Spell checking?": Your browser does that. It sees a texttarea tag and uses its local spellchecker on it. It works pretty well especially because you control the dictionary and it doesn't have to send the typed text to a remote server to check against their dictionary. Most sites where you see spellcheck in action are doing that. Try turning off scripting on this page and writing some misspelled words in the box and I'm guessing it will be the same. It certainly is for me.

Re: "If" - Context

It all depends on the size and quality of training data and the effort of the developers. If you start with a nonrepresentative sample that hasn't been cleaned up, pump it through the training process until the percentages are high, then sell the result, you'll get something inaccurate most of the time. If you're selling a product though, the number of photos and high test scores are all you're quoting, so many companies do that.

With rigorous attention to detail by data scientists and machine learning experts, you could get something which is significantly better. However, it would be a lot more expensive and it would still be wrong often due to unavoidable problems like poor cameras. At this rate, most people have either concluded that they don't want to do something that will never be even close to acceptable or that, if they're going to be inaccurate anyway, no use spending a lot of time trying to improve. And there we are today.

Re: exhibit ingrained racist assumptions in the design

"Physics isn't racist, it's simply physics."

Sort of. Physics isn't racist and nor are these cameras racist; they have no ability to change what they were programmed to do. Two things in this situation are racist though. First is the AI algorithms which have been inappropriately trained such that they're more likely to be incorrect about certain groups. That's not the program's fault as it's just performing mathematical operations, but it is a fundamental inaccuracy. The larger thing, however, is the use of all this stuff. If you use a camera you know won't capture people correctly and feed that information into a model which you know won't judge people correctly, that's a racist act. You are using tools which have the result of creating unjust circumstances, whether that was the explicit goal or not.

Re: Country of origin

If you get found out, that's a serious crime and you go to the prison the government concerned thinks you'll dislike the most as an example to the others doing it. In reality, you get ten bitcoin. A zero day is a zero day because nobody's got good information about who knows about it, so it's easy to tell someone about it without generating proof that you did so. Not only could they have found out about it themselves, but it will take long enough for someone to find out that they have it that, when that does happen, the exploit isn't useful anymore.

Laundering the crypto without getting found out and landing in the first sentence is an exercise for people who like committing crimes.

Because the people they've seen the malware used against are definitely terrorist material, aren't they? Stuff like this gets sold to governments which don't value their citizens' rights (or anybody else's for that matter). It's not a law enforcement tool. It's a tool of dictatorship, which can be proven by watching who ends up a victim of it.

Re: Attempting real privacy while self-promoting is difficult.

That depends. You can find some information about me if you do research because I published who I worked for. I did that because other employers seem to be confused if they can't find it. That doesn't prevent other aspects of my life from being private. I didn't publish my browsing history, my financial details, or my communications. I don't post photos of myself or places I go. Privacy can mean a lot of different things, and some information can be public without all of it being so.

Re: Shock

"So you have to pay for these services (which are not required to use) in some way or other."

That's simplistic or just wrong. A lot of services are effectively required even though we once did without them. Yes, at one point there were no telephones, then they were luxuries. But try having no telephone now and you'll find some things won't work. Getting jobs, for example, can be difficult if they can't contact you. Phone may die and be replaced by email, but if you want to have neither phone nor email, you'll have trouble getting employed. It's subjective how inconvenient a lack of something can be before it becomes a requirement, but there are many things quite high on the inconvenience scale which are privacy risks.

Re: What really grinds my gears.

"Amateur space cannot be used for commercial purposes, period. Furthermore, amateur space is not "assigned" to any one licensee."

And good things those are. The bands which are assigned to a single licensee are operated by businesses which sell that access to the public. Allocating more space for a private user's ownership when we have a suitable public space in which that user can already operate is not benefiting anyone. If you have WiFi crowding problems, then you can use a wire or you can expand into the new frequencies allocated for it. 5 GHz is significantly larger than 2.4 GHz was, and we now have new bands for version 6. This doesn't solve all your problems, but it's not the responsibility of spectrum regulators to solve everything for you by taking things away from the rest of the public.

Re: What really grinds my gears.

You have suggested the plan for a restricted WiFi band. That means that you have an idea about who should be permitted to use it. I'm not asking you for the exact writing of the exams, but for its general intent. What things would you tell the person writing the exam? How would you establish whether a given person is deserving or not.

This is your idea. You proposed that a restriction be in place. You have to have some idea about who gets access, and even if that's just a baseline of some things that they'd be required to do, it would help elucidate your point. Without that, I only have your vague statements about the "unwashed masses", a phrase which I must tell you isn't helping your point in my mind. It sounds as if you're saying "There should be some people with the special access and I can only tell you that I'm one of them". So far, I have heard no beneficial result from such a plan other than you would get private space and you want it. All this seems to do is to take even more bandwidth from what you've admitted is an overcrowded band for the benefit of an elite class which you can't even identify. I'll vote against.

Re: With 5G, there's no longer "work" or "home" or "mobile"

Using any wireless connection opens up the risk of eavesdropping, but if you let users use WiFi, that's already a risk you have to handle. In fact, if you let your users use a wired connection that's not the business network, you already could have that problem given the places where traffic could be captured. This is a known problem. Acceptable solutions are not allowing any external networks, allowing external networks only with a secure layer like a VPN on top, or deciding you know the risks and you'll take them. Changing from home ethernet to mobile doesn't change the calculation there, as by the time you got to allowing home network you probably needed an encrypted connection already.

Re: What really grinds my gears.

"An exam and enforcement, to answer points one and three, respectively."

Slow down. That doesn't answer point 1. What is on the exam? Only people who can answer electrical engineering questions about radio equipment get their private WiFi? That's like the amateur exam. In that case, there are already amateur bands, use those. I get that you'd have a mechanism for proving whatever it is you're proving. I want to know what the qualifications would be.

Re: This months of work from home showed too....

"Long term I expect WiFi and LTE to converge."

I don't know exactly what you mean by this, but in most of the possibilities which come to mind, I don't expect that nor would I want it. The main reason that merging is impractical is that they're run by different people and connect to different networks. I can't just start setting up my own LTE equipment without licensing it, and if I did, I'd have a nightmare of access control. LTE and 5G standards are great for their purpose, namely having a few open internet networks for large area coverage. WiFi is great for its purpose: having a radio connection option for an existing network. Having LTE which connects through a private network is a recipe for never being sure whose watching your data or whether you're on the secure one.

As for the standards themselves, there's a lot more similarity, but this doesn't mean merging makes sense either. What does make sense is sharing stuff between standards, which can already happen. If WiFi comes up with an interesting solution to a radio communication problem, I have no doubt the next 6G standard will implement or enhance it. However, I don't think they'll ever change the two standards for public and private approach.

Re: What really grinds my gears.

"I kinda wish that that there could be a WIFI equivalent to GMRS (at least here in the US, it requires a license to use)."

Tell me, if you were placed in control of the regulator and implemented this, how would you set it up? Specifically:

1. What does a user need to do to prove they deserve a license?

2. How do you, if at all, get device manufacturers to keep that band in their products rather than just drop it and only support the unlicensed ones?

3. How if at all do you restrict people from operating on licensed WiFi bands if they don't have a license?

Point 1 is the most important to me. I can't really think of anything you would do to deserve the license over others. "Educated WiFi users" is not a category that makes much sense to me, and it seems like you're just paying for the privilege of a private band, which seems to have no public good at all since there is limited capacity in that area. I get that it's better for you, but I don't know why the regulations should be changed for that.

"And once again: Is it worse than what has basically always been there?"

Yes. It is very much worse. Mostly because the computer has a lot less data. If you put someone in a line, the person can take their time looking at some people and try to be honest. No guarantee, but they can do it. The computer is attempting to do the same from a moving crowd, possibly getting only a few frames with moving subjects in them, and all without the instinctual visual knowledge about human faces that is learned to some extent from infancy by all humans with functioning visual organs. It's been tried, repeatedly, by different people in many places. It doesn't work.

I think that's 3.6% in the first six months, later increasing to 16%. Hong Kong therefore has greater uptake at six months. I don't think they'll have any problem increasing the number--riot control equipment can do wonders when you want people to do things.

It has 64 million points of color on the inside surface to give you a wonderful picture from the equally-sized sensor underneath it. Unfortunately, those points make the lens no longer transparent, but you are guaranteed to get that one nice picture no matter how you point the camera.

I wanted to include a second joke here, so I tried to find a unit whose symbol is P. Do we really not have any scientific units doing so? I thought we had used up most of the Latin letters for that purpose.

Re: You keep using that word. I do not think it means what you think it means

The manifesto is indeed very different from its application, but that doesn't necessarily mean it's good. Here are a few parts of it which I have seen go badly:

Through this work we have come to value:

Individuals and interactions over processes and tools

Working software over comprehensive documentation

Customer collaboration over contract negotiation

Responding to change over following a plan

Sorry for the repetition, now I have to take some separately.

"Working software over comprehensive documentation": Yeah, everybody seems to love this. You know what happens? I have to be your comprehensive documentation when people email the developers asking for help (I don't know if not having any support staff is part of the company's agile plan or just something they do). I'm not calling for a weighty manual documenting every line or giving a paragraph on each option, but document what it does and how and keep that up to date. If the software works and nobody other than the devs knows how to use it, it's about as good as it having a bunch of bugs.

"Customer collaboration over contract negotiation": If you have a good customer, of course. If you don't, get that away from me. A bad customer can ask for lots of things that aren't going to work. Whether that's just adding useless features, complex extra requirements at the last minute, or even asking for the impossible, it always happens when you've already done the core stuff. The requirements should be set forth at the beginning, so you can decide whether you can do them. Asking for some minor changes halfway through is fine. Asking for a major feature halfway through is painful but sometimes there's a valid reason. Asking for an overhaul about 90% of the way through is something from which the devs need insulation. Which brings us to

"Responding to change over following a plan": Again, it depends what the change is. Maybe something previously required isn't needed but a new thing is. Respond to that change. Maybe someone had a good idea and you can implement it without pushing out other important things. You can respond there too. But in general, you should have planned for most of the likely changes and you should follow that plan. In that case, you don't have to respond to change every day, meaning you can give the appropriate consideration every time an important change happens. The way management usually messes this one up is to consider anything they decide to be a change to which the developers need to respond. They started caring about something on Monday, so now the devs have to drop everything for it. On Tuesday they don't think it's as critical as they used to, so now it needs to be dropped again. That attitude is appropriate only for bugs which have been newly discovered or found to be more damaging than previously thought. Otherwise, it's a method of moving very fast and going nowhere.

Re: "the same old type of business calling themselves Agile"

"For companies, there should be a certification to call oneself Agile. Sorting the wheat from the chaff."

I'd like to see some suggestions on how they'd do that. The main problem is that nobody knows what "agile" is. I've theoretically been "agile" for a while. It's not much different than not being agile. It comes with a variety of words which replaced other words and means the same. A meeting is now a standup meeting. Sometimes they're really short. Sometimes it's an hour long and I'm wondering whether I can fall asleep. Sometimes it's an hour long because we actually have an hour's worth of stuff that needs discussion.

To me, any business is going to write the code using the internal habits and culture. Announcing that they'll be doing this in an agile way just tells me what the various things will be called. It doesn't mean that anything is different for the people doing the work, and it certainly doesn't mean anything useful to preventing burnout. An agile company can still demand that someone write something impossible, stay up late to do it, or handle support requests without assistance. A non-agile company can still look at what their workers are feeling and try to prevent things. This is up to managers paying attention to the needs and status of their workers; we're all doomed.

Re: Umm...

"Am I missing the USP (for the customer, not MS) here?"

Well, sort of but it's not a very big one. The theory is that, in March of 2020 when everybody was being sent home, some IT people had a conversation something like this:

IT1: Everybody here was on desktops because they were cheaper five years ago. What can we do to keep them connected now?

IT2: Buy laptops?

IT1: We don't have the budget for that.

IT2: Have the users come in and take the desktops home with them?

IT1: They might not be able to store them and all the peripherals. Also it would be convenient if we didn't have to deal with all that physical security.

IT2: Have them remote in from something cheap?

IT1: That's a larger support cost if we send a bunch of people something like a Raspberry Pi and they've never seen Linux before.

IT2: Well, I'm out of options.

IT1: You know what would be convenient? Having something where the real computer runs on servers elsewhere and the users connect to that, assuming nobody ever runs into connection issues. That solves the physical security issue without having to keep a bunch of offices with desktops in it.

IT2: We can do that on our servers. Running VMs is possible.

IT1: It would be better if Microsoft did it.

IT2: No problem. I'll just call them and give them the idea, then activate this time freeze device and we can continue our conversation in sixteen months when everyone has gone with one of the other solutions already.

Had they done this in 2019, people would have used it. By now, most perspective users have figured out some other way to deal with the problem.