Posts by doublelayer

Re: Trustworthy?

"Forced? Were they holding a gun to the head of your firstborn or something?

Or do you mean 'I had to because SHINEY!!!!1!'?"

Well, I wasn't that person, and I haven't been forced to run browsers for a while, but maybe it was one of those services that it's not that easy to avoid. For example, services where you have to submit paperwork that your employer or government is asking for. Those sites have a distressing tendency to demand one browser, and while they sometimes work in other ones, sometimes they just don't. You could hope that the system concerned has a mail or fax option (if you don't mind printing things and waiting a week for the post and two or three for someone to pick it up and process it), but otherwise you're a little forced to use what they're asking you to use. Not deadly force, but force nonetheless.

Re: Amazon screws it's business customers every day

"Whats the harm in a tiny payback"

Well, if you use Amazon, you've probably had to pay a little extra so they could handle the costs of the fraudsters' payback. So, in effect, the frauds got some payback but you were the one paying. There's the harm. I figure you already know this, but you felt the need to ask and I felt the need to answer.

Re: Full fledged consumer desktop environment?

You are entirely correct. They included enough storage to give me more of my utilities, but they have chosen not to. Similarly, they have chosen to fry logs on shutdown (or they've hidden them really well), which is making my job tricky as I'm trying to figure out why it keeps shutting down and all the log I have is the one from the last time it rebooted. I found a list of all the utilities available to me, but I keep typing the ones I don't have out of muscle memory.

Re: Rocket science or crash

To be fair, a request for a FSCK doesn't necessarily mean drive failed. It could have been a power or software problem which caused a shutdown without syncing everything. So that could possibly be down to an OS error, although it could also be one of two hardware failures or a non-OS software failure.

Re: Not quite thought it through

If I squint at it, maybe they're hoping that children will have some other device which picks up contacts over BT, then that syncs with their parent's phone to do the tracing. Which would actually work perfectly if not for the fact that most Bluetooth devices never get software updates, most of them don't have the storage to keep logs of their own identifiers (which change somewhat frequently) let alone identifiers for every passing device, children probably don't have many such devices, and most devices you could hope to put this in wouldn't serve their primary purposes unless they were linked with the phone the users don't have. Unless they're planning to design a custom device intended only for this purpose, they have little chance of success. If they are planning to help create custom devices, they don't need to modify the specification to do it. So I have no clue what they want to do.

Re: Lets see ...

It has nothing to do with your server. That's as secure as it was before. It's your users who might have the problem if you decided to alter the content of the pages you are pushing out. Specifically, if you modified the link, they clicked the link, their mail client didn't block your change, they didn't see your modification, and they sent a message, you could get them to divulge a file from their system.

Re: How is that possible ?

Original: "Primary keys are they to help you find things, if you don't need to refer to a table using a foreign key there is no real need to have it."

Reply: "Um, if you don't need to refer to a table in a relational database, then what's the use of having it ?"

The operative part there is "using a foreign key". You need such an identifier when you have a table refer to rows of another table so you can quickly find them. In various cases, you don't need that. For example, there are these:

No selects between tables option 1: Table is used as a method of data storage. Like any other data structure containing only primitives, it is read in in some custom way by the program without necessarily meaning specific records or single rows that need to be found alone. Quite possibly, it's only used to maintain the data on disk, meaning only writing operations and a single set of reads are performed. No specific selects are run.

No selects between tables option 2: The database contains a number of rows, but the rows aren't important on their own. Therefore, there's rarely a need to refer to a single row. Instead, users filter based on columns, which won't get sped up at all by having a key for each row. For example, this would apply in many cases where a database's primary interface is a big page with a lot of possible filter and search options. Keys are still used on a lot of these, but it's only to make selecting rows for editing or deletion a little faster. If people don't edit or delete rows very often, this is less important.

Re: Competing with Apple

"The original SE was based on the iPhone 5S platform, so it is still receiving security updates for iOS 12.x despite being left behind feature-wise by iOS 13 last fall."

Not exactly. The SE was put into the same case as the 5S but includes the internals from the 6S, so it has continued to get support for new versions of IOS including IOS 13 and 14.

Re: Bit harsh

"Why should there be a "call to arms" if the prospective contributor has put (charitably assuming) minimal effort into preparing the contribution to be usable, and better alternatives already exist?"

Do better alternatives exist? Ones that run quickly and support a lot of functionality? Ones that don't require complex installation or configuration for distro devs, one of the main reasons short of performance that stuff gets put into the kernel? I haven't seen that.

A call to arms doesn't mean that everyone drops what they're doing and starts focusing only on this. It could be much more basic than that. For example, a call to arms among a couple of people who could read some of this code and give advice to the original developers about how to modify it to more easily connect with the kernel and get through a review. Unless the code is worthless, it would seem like there might be some benefits in doing something like that, especially as the original developer claims they're planning to continue to support it. They might be liars, but if they didn't care at all, they wouldn't have donated this in the first place. Maybe it's worth believing them and allowing them to prove it by helping them to make it kernel-worthy. If they don't bother, we're only a few emails down.

Re: Clearly run by dummies

"Why isn't a mailing list set to provide emails to each person in turn, or to a dummy address with everybody else stuck in BCC? I'd be pretty pissed off if a school was willingly sharing my email address with all of the other students..."

Almost certainly, it is set up as you suggest and they aren't giving out addresses. It's just that they forgot to change the all-important setting of who can send to that list and have it operate for them. Usually, there's an address which sends the message to all the addresses in the list without showing that list to the original sender, but if anyone on the list can be a sender you end up in the same place.

Re: Paying El Reg

They would have you log in, which we already are, and then if you had purchased a subscription they would delete the ad frames, the Facebook share button and secret pixel, the various other buttons, any other third party scripts, etc. They could do that and I would pay for it. No tracking doesn't mean they would be blocked from having a log in system, but that they would be blocked from collecting information based on it or letting someone else do so. I already trust them, so the only important bit is "letting someone else do so".

Re: Sad to see the end of Firefox

And how often do you make new accounts? How often do you completely erase Chrome, including those secret tokens it stores somewhere (or maybe it doesn't, but try proving that). Because unless the answers are "every twenty minutes" and "every five minutes", your efforts are likely not as useful as you think they are. If you create new accounts but use the same Chrome installation, then it could just link those created accounts together. Eventually, it will create not only a profile of actual information you've entered (for example, any time you made a payment it has a reasonable chance that you entered trustworthy information), but also a comprehensive list of pseudonyms and dummy accounts to which you have access.

Re: Like to have an expert check the privacy statement & app

I believe your downvoters (for the record, I'm not one of them on either post) are concerned that the app will collect or retain data not specified in more readable statements. It is possible to do one's research by reading the published source, manually build, and attempt comparisons between that and published binaries, but it's not easy. I'm sure it will happen. If I was in the U.K., I would probably spend time doing so. Depending on your level of trust in the government, you may disagree on the need to do such research anyway.

Re: The old laptop killer

That's annoying. We should see if we can get all the boot encryption systems to have a timeout after which they power back down. At least one I know of does that--if I don't enter my encryption password within two minutes or so, it shuts down again.

Re: Does it run Windows?

Out of curiosity, would you want it running Windows? It's running Android, which well I'll admit I don't like it very much, but at least it's open and compatible with other mobile devices. In addition, Android has been designed for mobile devices with touchscreens as the primary or only interfaces, which is what this has. Windows has been adding that support, but I don't think the Windows tablet experiment worked very well given that I haven't seen any of the cheap tablets still around and every Surface I see has a keyboard connected. Then again, they're also working on a Windows-based thing that's shaped kind of similarly, so maybe you'll want that when they get around to releasing it.

Re: Upgrades not replacements?

If the business bought it, it's probably a Thinkpad so it's easier to standardize and repair. I think that was probably most of it, as Lenovo is better known to businesses than to the average home user. Home users may have gone out to buy new machines to some extent, but they probably buy whatever is available at the local shop, which probably means cheaper machines from Dell, HP, or Asus. Also, home users are more likely to slow their purchases while businesses which previously used desktops had reason to buy lots of laptops at short notice, so that might also contribute to a primarily business-oriented buying spree.

Re: It really is time that anything included in a standard is royalty free.

Updating my comment immediately above: I wanted to provide more information on a topic more relevant to this case. My example on radio broadcasting still stands, but since it's not mobile telecoms, let's instead look at OFCOM's regulations on mobile telecoms. On the above page, there are documents describing frequency bands which can be licensed by providers for use in a wireless telecommunications network. Below this is a list of standards documents that have been regulated into use by EU directives, the U.K. government, or both. These include technologies known to us under the headings 3G and LTE. They do not include a do-anything-you-want provision. They also include a requirement to interoperate with international service providers. In my opinion, this counts as government endorsement of specific standards.

This endorsement is a good thing. This allows phones to be in use worldwide, assists the development of better communications technology, etc. I feel that this endorsement also gives governments a good reason to have more control over the standards they are using in such ways, up to and including extra powers to increase requirements for FRAND-style IP regulations. For all I know, the ones in use here are entirely fair; I'm still not knowledgable about this case. In the case that a standard is created and given assistance in a similar way, and the terms are not fair, I view the conditions to which these standards are often put means that there is adequate rationale to restrict what licensing provisions can be applied to the IP.

Re: HTC Korean

Samsung and LG are Korean, and they manufacture a lot of their components there, but they've been known to use Chinese assembly and even sometimes Chinese components. Should they be forced to move out of the Chinese supply chain, they're better suited for it than most. HTC is based in Taiwan. I'm not sure where all of their stuff comes from. It looks like they have manufacturing capacity for assembly in Taiwan, but that might not be all of it and I don't know where they get components. So they might not have such an easy time if China's components become unavailable.

Re: Passwords Everywhere

That's weird. I'd have thought that you wouldn't need very much code to implement it. I would think that the following offline code should do it:

on event UserRequestsPage(string url) {

if "http:" in url {

UserReallyRequested(url.replace("http:","https:"))

}

}

It should only need access to the address bar, not the page itself. Maybe it's browser permissions looking weird. If it's doing more than that, maybe it's time for us to write a replacement.

And why do you do that? A disk failure can happen to any of your disks, so you're no safer your way than the other way. If you're concerned about software writing over the files because it's on the OS disk, you could create a separate partition on the same disk. If you have enough data to use seven external drives, more power to you. If you want duplication so you use seven drives, that's fine too. Some people either don't need that or are happy to have that on their backup system. For example, I use multiple drives to store backups, but I use a single disk in my laptop to do everyday work. It is faster to compile a bunch of code if it's read from inside the machine than if it has to be pulled off a RAIDed set and over a USB cable or the network. Worse, the original post suggested that this would be happening with cloud storage--retrieving from RAID on my local network isn't great, but retrieving from I don't even know what the hardware's like from the nearest data center is going to add plenty of problems while I'm trying to get work done. Back up there for off-site media, certainly. Read production media from there every day for performance-sensitive tasks, not a chance.

Re: Hmmm, how the hell?

"better still to have the kids cameras disabled unless absolutely necessary. Not least the privacy aspect"

I agree entirely, but I have recently heard that many schools are requiring their students to keep the cameras on to enforce the attendance policy. I'm not sure how I feel about this other than glad I don't have to experience it. If it happened to me, I might have to try the "my camera doesn't function because it got damaged" gambit. Fortunately all of my current meeting members don't care in the slightest that I don't turn my camera on because most of them don't either.

Re: Walls

"Try getting Outlook to talk carddav and caldav, and you'll see what I mean."

I think you'll find that, if Outlook won't do it, Thunderbird might, or one of various other programs. Openness doesn't always mean that the included tools do everything, but instead that if they don't, you can replace them with something that does. On Windows, you can. On Mac OS, you can. On IOS, you can't.

"As for browsers, I have seen Brave and Firefox on iOS, and I doubt they're the only ones."

They're not. There's also Chrome and the Duck Duck Go browser and Edge mobile and they all run the same engine so it's still not open. But you knew that already, saying this:

"That iOS isn't open, well, duh. That wasn't the point."

Maybe all of us are pretty stupid then, because that's what I thought your point was. You* started by saying "One of the original reasons you'd use iOS or MacOS was because it would at least interface with Open Standards so had choices and could use a back end that was Open Standards compliant (aka nothing made by Microsoft other than by accident)." Openness seemed to be somewhat important there, at least the openness of choice, which is what all of us were talking about. If your argument isn't about that, could you explain what you are talking about and why you used the term "open" twice during that argument?

"Also, it now DOES have file management (it had it before as apps, but there's now a file manager as part of the standard build), which suggests you haven't been near iOS for a while."

It didn't before and it only sort of does now. Apps that did file manager things before were doing that within their own sandboxes. Moving files into and out of apps was painful to the extent that you basically needed Dropbox to do it as they were the only service that had good integration into most apps. What is the situation now? Well, it's much better. Why? Because Apple made iCloud Drive, which is basically Dropbox. It got integrated into more apps, but not all of them. I can't use that file browser to retrieve my document from any app, only apps that support it. Going into it now (latest IOS 13), there are several apps that store files but I can't read them; I can only get those by using the mechanism built into the app, which in some cases means iTunes file sharing and in other cases means weird web server thing. There's also one app that stores files, I can read them, and I can't find anything because the app has stored each one individually using directories with random hex string IDs (presumably the developer just connected their file system to the IOS one without giving me the database the app uses to associate files with these strings). It's also tricky to open a file in another app. Sometimes, I have to use an internal app button to do it. Sometimes, I have to use the file manager to send the file to the app. This is the difference between a file system and an open one. With an open file system, I'd be able to know exactly where the file is, and the apps would as well.

MacOS is open, at least for now. It has been since NeXT days (a little ironically), and it's one of the things that drew me to it. Despite the fact that IOS has a lot of the same code running its lower levels, the fact that I can't run or change those means IOS is not open. I'm using open here to mean openness of choice, standards, etc.

*You: Technically, there are two posts by an anonymous poster. Based on the similarity in points and that they are in the same thread, I assume them to be the same person.

Re: Ah IT 'managers'

If it is considered important enough, the law can be modified to clarify that paying money to someone else knowing that they will be paying the ransom means you are equally culpable. In fact, I'm surprised that's not already what the law says for cases like that. It won't stop it entirely, but by driving it underground there will be fewer people who will pay and less reason for other people to create similar malware.

Re: Who in there right mind would...

Usually, someone without a lot of extra space, such as someone on an old 1970s-era computer. I don't know what the disk situation was like on that, but I'm guessing it was not easy to find twice the disk space to make a backup of the database file and that, if you did, it would take quite a long time to make the copy. Now depending on the size of the file, it's possible they could have made an extra external backup onto other media, but that also might have taken a while. When faced with a situation so seemingly easy (a single SQL statement does it in modern times) with a backup requiring nontrivial effort, someone might trust their intuition for proper coding, which probably worked just fine the last hundred times. Then uh-oh.

Re: Why do us customers bother?

It didn't, but nor is the AMD64 architecture responsible for Intel's many failings. It's not the architecture, but the design. I believe the original post here is responding to comments of the type praising the benefits of ARM when Intel security vulnerabilities are discovered. Those comments, while technically correct in the sense that ARM is not the same as Intel, are making two large mistakes. First, they make an apples-to-oranges comparison between Intel's design and ARM's architecture. Second, they ignore the possibility that an ARM manufacturer might do a similar thing. I interpreted the original post as pointing out these errors and cautioning the writers of such comments that nothing is foolproof.

Re: Or more likely ...

Really? Amazon offers advertisements too. They want to sell things, but they don't care whose things they're selling as long as they don't make one of the items concerned. In order to get you to buy all those things, they need to advertise items to you, meaning data collection, and in order to maximize their profit, their advertising arm will be happy to sell that opportunity to the most motivated merchant. Your description of Google's usage of the data applies to Amazon in every particular. You may have underestimated their appetite for data or how they will be using it.

Re: Do end users have standing to sue over this?

That may be, but although we knew it was very likely, I don't think we had proof that Google had that level of spyware in their code. It would make sense that they did given their previous attitude toward our privacy, but it's also not a very useful method of violating our rights. If their code does provide them enough information to identify apps to compete with and tactics to use when doing so, it also offers the proof of what we assumed. Given that proof, it's time to use it to attack Google for their privacy problems from all fronts.

"It's the attitude towards the person they have asked to fix the problem that matters."

A thousand times this. I have no objection fixing things for my friends or family, even if it's an annoying problem and it's all a result of their actions. I may get a little annoyed if it takes hours to fix it, but my grumpiness is directed at the machine, not the user. That is, I don't have a problem fixing that if they understand that my efforts are helpful and they are benefiting from my work. It's when they complain about my help when I consider saying "not my problem". For example, when I need something from them to finish my recovery and they just don't want to provide that right now because they're doing something else on their weekend, I consider informing them that I too have some ways to spend a weekend so maybe they can find someone else who doesn't mind performing IT work for free. If someone requesting help doesn't do that, they usually get dedicated assistance from me.

Re: Victim shaming

"As for victims the way I see it (my view) is that the victims are the ones who lost money and the people who had their accounts hacked."

You are correct, they are. There are a few crimes with which this could be pursued:

Obtaining access to a computer system without permission: Victim is Twitter.

Accessing protected data without authorization: Victim is account holder.

Theft and fraud: Victim is person who submitted bitcoin.

So all of these crimes can be pursued, including by other countries. The one currently being discussed most by law enforcement is the first one, so that's why the U.S. has gotten into it. That doesn't stop other countries requesting to charge the perpetrators on the others though. Probably the reason for the first crime to receive more attention is the value of the crime; the damage to Twitter is valued highly, while individual victims who lost some money is a smaller thing. I would expect that to also get handled in the upcoming trials though.

Re: other excel woes

"Still no easy way to cycle thru sheets via keyboard (hint CTRL-TAB would be nice)"

In mine, CTRL with page up and down does that. it isn't great if you're at one edge and want to go to the other one, but otherwise it's pretty useful. Maybe that will work for your situation?