Posts by doublelayer

Re: In re tracing cash...

Sure, that can be done, and it is done to detect known theft of bills with sequential serial numbers because such lists can easily be passed around. However, it doesn't provide you the same kind of information that bitcoin does. Cash can be spent several times before it ends up in a bank, and so even if you know that a criminal obtained such a banknote and it returned to a bank via a deposit from a retail store, you don't know that a criminal was the one spending it at the store. If the criminal doesn't steal it from the bank, but instead steals it from somewhere else which probably doesn't catalog serial numbers, then even when it ends up in a bank, you don't know that it was ever connected to a crime. Meanwhile, we may not know who spends each bitcoin, but we can track an individual one through every transaction short of just giving the wallet key over to someone else.

Re: The problems continue

"Pedantically, for something to be a "zero-day" it has to be actively exploited in the wild, before researchers discover it, or the provider is informed."

Even more pedantically, that's not it. The zero-day doesn't start counting up until there is a solution--something we know about and it's being used but there is no patch is still a zero-day. Now you may be correct about requiring an active exploit; the researcher claims that a zero-day exploit can be something that could be used but isn't yet known to be, while something that is known to be used is a zero-day attack. I'm not sure I buy that logic. Either way, if he is correct about these being exploitable and someone starts to exploit them while the Tor project hasn't accepted and patched them, they would become zero-days.

It may be, but unless there's someone else doing the real work on it to make sure it stays working, some of the students might get caught in the trap while it's still in operation. An environment through which students must submit work is a very important thing in education, and when it breaks there can be large problems.

I am young enough that I've used such systems during my own schooling, and two events of problematic failures come readily to mind. First, there was the time when the system simply refused to accept uploaded documents. Every week, starting around 10:00 in the morning and ending at midnight or possibly later. The homework was due at midnight. I don't know how many students were thrown by this, but I had to email my professor with the documents and promise to try again later and that the files would be identical (fortunately this was accepted). The second time concerned a system for automatically detecting plagiarism which reported, on our class's final papers, nearly universal plagiarism. In fact, we had all committed exactly the crimes of which it was accusing us, namely we had copied, with only slight modifications, large chunks of other documents. Those other documents were our drafts for the same paper, which also got submitted into this system's big database. Worryingly, it seemed we had also plagiarized smaller sections from certain works which all seemed to be between quotation marks. Funnily enough, I don't remember that system being used for many other courses.

From the reports, it sounds like it's only LAN-accessible unless the user has done something really stupid. Still, there are too many ways of getting LAN access and too many worrisome ways of exploiting root access to the network device, so it's still important.

Re: Flash is dying, why not e-mail?

That is true, but unfortunately most of those things are worse. Email may have too many security problems to count, but you can pretty much guarantee that an email sent from one place will get to another one, and if it doesn't there are only a few reasons for it. More modern communication apps require a lot more configuration. Ones designed for companies often make it hard to communicate out of the company. Those designed by big companies require sending unencrypted data through their centralized system. Those designed by hardware manufacturers lock you in. And some others require phone numbers or email addresses and essentially provide an overlay; while the features are good, you still need the other mechanism for that one to work. Email and to a lesser extent phone calls and SMS are global and compatible. Most other things aren't.

Re: I'm a bit confused by this.

Because the code is developed in the U.S., meaning that they're not allowed to supply it, even indirectly, through any entities they control or which control them, or through an independent entity which they know will be used to violate the sanctions. If they do, they can be penalized by the American government for trying to break their regulations, which is investigated on a when-they-want-to basis. This means that Google would be handing ammunition to cause them problems to any U.S. administration which has some reason not to like them.

Re: Why I love the Right to be Forgotten

Google is not allowed to collect and store such information from other parts of the law. The fact that the right to be forgotten had to be enacted as a separate section, rather than coming organically from other sections, clearly indicates that it is a separate thing. Among some of the details that make this different is the fact that Google's database does not specifically say any of this; it simply knows that a certain page happens to contain those words; the entry for a page stating "Person X declared bankruptcy", "Person X presided over a hearing for declared bankruptcy", and "Person X fought against creditors who declared bankruptcy" look rather similar. In addition, if they are required to remove access to the page, they are not required to remove it from the database. In fact, they are required to put it in another database so they know not to link to it. The parts of GDPR regulating personal information would have required deletion, which this does not.

And there you have the problem. If you know you will always be working from home, you would probably enjoy doing exactly that. If you knew you would be coming back in six months, you could try to liberate yourself from your agreement to rent and find somewhere nicer to be for those six months. If your workplace might bring people back, but nobody knows when or whether, then you don't have as much freedom. And the worst possible outcome: your workplace might bring people back and hasn't committed to a specific time by which you have to return. Google has done a good thing here just by giving a date well into the future. People can actually make some decisions based on this without fearing that they'll have to cancel plans at short notice.

Re: Bazaar?

Yes, but given that the sentiment, phrasing, and timing was so similar between the posts, I figured it was likely. Especially as the idea was both wrong and rather unrelated--after all, Apple doesn't make devices like this, so they're not that relevant to the discussion.

Re: "Slapping a "Personal Edition" label on a product implies..."

"Sorry, there are sentences like "Slapping a "Personal Edition" label on a product implies you can only use it for personal use, which would be against the license." which are utterly wrong."

Maybe you would accept it if rearranged. Here's what I think it is trying to say:

If a project said that you can only use it for personal use, that would be against the license. Slapping a "Personal Edition" label on a product implies but does not really mean that.

The sentence occurring immediately after the one you quoted makes it clear that they understand that the implication is not true. They are not claiming license violations. They are claiming user confusion.

Re: Did he not

Comment was written somewhat tongue-in-cheek, hence things like claiming he knew what he was doing and recommending that criminals pay attention to environmental considerations. However, it is good security practice to erase disks even when discarding the hardware, so I only had to joke about what his intentions were, not what is a good idea.

Re: Sitting Ducks

Exactly. If you can have enough weapons to be able to take out satellites with a 12-24 hour lead time, that's pretty good. Preparing a ground-based attack might be able to go faster if you rush things, but it's not markedly so. Also, if you attack a satellite from something near it, you can do so in such a way that relatively little damage is caused to other things. If you have to fire your offensive weapon from the surface, you don't have as many options--either you launch what is effectively what you could launch already, or you go for a blast it to pieces approach. If you do blast it to pieces, there's always the chance you might damage something you didn't intend to damage, either causing problems for you or angering someone who was formerly neutral. Even if you still think surface-based attacks are useful, it doesn't hurt to have both options available. If you can stand to wait a few hours, use your orbiting disassemblers. If you can't, bring out the big laser.

Re: Is dropping your phone common?

I've dropped mine a couple times, onto wooden floors, onto concrete, and onto a cat. The phone never seems to mind these drops, but mine is older and has a case on it to be careful. The case isn't designed to provide massive levels of protection, but I've seen other people with cracked screens, so I figure it's not hard to use the basic protection option. So far, this combination has resulted in no problems save for a short meow and a contemptuous look.

Re: Why is the IT manager deploying HA Proxy?

The culture of having managers and nonmanagers, where managers are defined as people who don't know how to do any of the things that need doing but direct people to do so is harmful. A good manager understands what the people they're managing do, and they understand how to do those things in a pinch. The team members themselves may be better at doing it, but if the manager doesn't know, they're not competent. In addition, the word manager can be applied to people who manage things other than people; it's pretty generic.

Re: Choice, not Charity

So, your suggestion is? If your suggestion is "you should have taxed him more a while ago", well, it didn't happen. If your suggestion is "take away his resources now", don't expect that to happen either. If your suggestion is that he should donate his money to a fund controlled by the government rather than a fund he controls, don't expect that to happen either, because he and probably various others will have more confidence in his determination rather than any national government.

In addition, there are different goals between philanthropists and governments. Do you think the public would be very interested in curing a disease that never affects them, in an area far away with which that country doesn't interact very much? Would a government that is beholden to its voters, lobbyists, and businesses but not to people on another continent spend a ton of money on a comparatively small project to help the least powerful there? It sometimes happens--there is foreign aid--but it's not their primary concern and arguably shouldn't be (I wouldn't argue that but I've heard enough people do so that it does have an effect). It is his choice to spend his money on people outside his country, in a way that might not be the priority of the people who would get the vote on it if he had to turn the resources over. Unless the people decide that, for some reason, he needs to have his money taken away, that is his choice to make.

No, they didn't. The claim is that apps expanding to fit the available memory is good. The reply states why having free memory is good. If the apps expanded to fill the memory, then there is no free memory, and the benefits listed there are lost. If a system can run in a gigabyte but has two, you have a gigabyte for caching. If it can't run in one and needs two, then you have less or zero for caching.

"I'd prefer not to be tracked all the time, obviously, but I've never worried that so being would fit me up for a crime I didn't commit. Does anyone here really worry about that? If so please can you explain why in rational terms?"

Here's one short but good reason. It has already happened. Look at arrests based on facial recognition. There have been several in the U.K. and U.S. In many cases, the person arrested doesn't look like the person identified; the cameras got it wrong. And yet, those people have been in police custody for far too long before they were released. They do get released at some point, with no charges, but do you think they get any recompense for spending some time in jail? Any way of proving to people whose meetings they missed that yes, the police did arrest them, but that they didn't do anything wrong nor was there any reason to suspect they did? Similarly, some police organizations have been known to treat some people without regard for justice. It hasn't affected me. It might not be in my area of residence. If it affects others, it's still bad and it is part of my responsibility as a citizen of a democracy to ensure there are protections for those people. One of the most useful protections is requiring warrants for accessing potentially abusable information. It has been done for decades in many countries; it can keep happening.

Re: why aren't postal votes considered a fraud risk in the US?

"For the benefit of us folks in the UK could you please explain what a hanging chad is and why it matters."

This applies only to the 2000 election. Chads are small round pieces of paper that are meant to be punched out of a paper ballot. The voter selects the choice, the corresponding hole is punched, the chad falls away, and the ballot with its hole can be counted automatically. The problem occurred because some machines failed to completely punch through the paper, meaning that the selected hole was not fully opened. The chad remained partially attached to the ballot, hanging there. This caused problems because the counting machines sometimes failed to count those ballots correctly.

Re: Some unwarranted paranoia.

"all the engineers involved in the working groups will be rather glad their every word isn't being recorded and scrutinised by strangers with an axe to grind"

According to your description, I can already scrutinize any words I want because the minutes are being recorded. You mentioned some alterations during fast discussion, not cutting out. Given that that's your primary reason, it seems like your objection isn't valid. You are worried that people will do something they are already capable of doing. The only way people couldn't already do this is if minutes aren't accurate, public, or comprehensive. You have claimed that they are all of these things.

I don't believe there are massive conspiracies they need to keep hidden. Nor do I really care about whether recordings or minutes are released. They don't mind publicly announcing standards that were obviously created by corporate interests and not considered by much else, so I don't think there's very much they might want to hide. However, despite this, your claims don't seem to make sense. You claim that recording isn't necessary because text minutes are kept, that audio or video recording would lead to unneeded scrutiny of every word while claiming that nearly every word is written down and made public, that publicity of data is potentially harmful and that in the interest of publicity minutes have been standardized and organized. In each case, the claims appear to contradict.

Re: @lglethal

I believe you are correct and that there is some community involvement in choosing the board members in this particular case. I haven't looked that hard yet, and don't know for certain. However, the boards of charities and nonprofits are very powerful and very unaccountable. The reason for this is that a charity (most countries) is not owned by anyone. It's just controlled. There is therefore no check on the board other than laws governing what a charity is and isn't allowed to do.

I have never worked at a charity for my main job, but I have some close friends who have and I've volunteered for one small enough that I have met their board. These people are volunteers who get to decide lots of things. Their decisions cannot be appealed. If someone leaves the board, the existing board members get to replace them. The only way to get rid of someone on the board is for the rest of the board to vote them out. The board doesn't get any money for doing this, but of course you can always find a way to get use out of some money without paying yourself, and given that the board decides who runs the charity, they have a lot of power. If it is necessary to completely remove and change the board, it can be done only by suing the charity and board for violations of some law, which are pretty forgiving in most locations. The charity is allowed to use their resources to defend themselves in that lawsuit. So unless you already have a bunch of money or are a government, you face a tremendously difficult uphill battle.

The model mentioned measures 129 by 65 mm. Even if there were no bezels on a phone, it could only have a 5.68-inch (144.5 mm) screen and still fit into those dimensions. The iPhone SE 2020 has made that 3 mm wider, and it's one of the smallest options out there. True, the growth in screen size doesn't mean the same increases in case size, but it has been accompanied by increases in case size. The phone mentioned in the article, for example, is still 9 mm wider as well as being 39 mm taller.

Re: A few things

""once I've bought a new shiny and finished configuring it, I dig the packaging for the old device out and slap it onto Ebay. It helps to offset the cost of the new device, reduces clutter, and in the event of anything going wrong, I'd rather just buy a replacement"

In my case, if I'm replacing something, it's likely in one of a few conditions:

1. It's broken. Physically. Bad enough that I can't repair it. Resale value next to zero.

2. It has gotten so old that someone might want it, but they won't find it. I've waited months hoping that someone would buy old devices, and now I try to be more realistic about what it's worth, usually next to zero.

For case 2, if I can't sell it but it continues to work, I try to find someone who can use it. I have found several places that would like phones that still are capable of making calls, so I can donate those. Sometimes, I can do the same with laptops. For other devices, I keep them around in case I need a disposable device or a victim for potentially destructive experimentation; after all, it's better to reuse when possible.

I have an old phone from 2012 which was not reliable enough for the place I donate phones to. It has been a potential casualty in a number of tests so far. Still works, well sort of. If I need a cheap device that might suffer during the experience, I'll draft that into service rather than paying for something new.

Re: "pre-installed Facebook app"

In that case, perhaps you could enlighten me to the point I missed? Your comment seems to have left that out.

As I understood it, the comment from which I quoted was under the impression that there was no data available to be stolen by a possibly malicious app. Their comment seemed to indicate that, since the phone couldn't contain a lot of information Facebook would like, it must have no data of value. I listed various types of data that would be entirely obtainable from this device and that it would be undesirable to give to Facebook. Again, if I missed a point, and you understand the point, it would be nice for you to explain yourself. It would have been nicer for you to have done so when you felt the need to tell me; I find discussions work best when people say what they think.

Re: The point of the EU

"The USA wants privacy for its own citizens."

No, it does not. It doesn't want privacy for any other citizens either, but don't think its own citizens are getting consideration or extra things. As government policy goes, it would like for privacy to be deleted from the dictionary and everyone's brain so people stop complaining about all the violations.

Re: Wireless FM radio

Update: Several months after this article, a review stated that a wire was needed for the radio. My assumption of earlier seems to have been incorrect.

Re: Do you ever change your mind, based on data?t

I don't think that's necessarily true. While most devs don't have a need for the kind of processing that graphic designers do, their workload is often heavier than text entry. In my work, I enter text for a while, then I compile and test locally. This may not require much power (it doesn't do any GPU-accelerated work at all, for example), but if I had to wait five times as long for a really low-end processor to compile some of my bigger projects, I'd be rather irritated. It's true that, when I'm done with my code, I push it to a remote server which compiles again and runs a bunch of automatic tests, but that doesn't liberate me from having to test locally. Most of the time, the automatic unit tests are sanity checks on things that could have broken inadvertently, but if I'm adding new functionality, I not only have to unit test myself, but I also have to run more thorough tests to verify that, not only do the small bits work, but they are put together in such a way that the big goal happens too. I don't push that to a server primarily because I don't want to wait around for my test data to be uploaded (sometimes medium-sized files) a job to be queued, eventually run on a new build environment, a log to be produced, the log to be put in the files section, download the log, then open it to see whether it worked. Instead, I can run the program locally right now, specifying to print the log to the terminal, and see what happens in real time. If the program I'm testing is one that needs substantial processing, and some but not all are, then having a better CPU means I can do that more efficiently.

Re: @doublelayer - Brave

Of course, it can be removed. The point is less that and more that a proprietary blob which is controlled capriciously by a commercial entity got itself adopted as a standard in a supposedly open and independent standards body. Because that happened, users are having that DRM pushed into their browsers, mostly not knowing this. That may have been somewhat harmless because relatively few places use it (I don't have it installed either), but it is not a good sign for things to come if we let companies interested in forcing their will on the standard control the creator of the standard. Whether those are really big or medium-sized ad companies doesn't matter; it should be for internet users and developers, and it should be open.

Re: It doesn't need to be runnable

If I was going to put 21 TB of data somewhere for the benefit of historians, it wouldn't be code, or at least relatively little of it would be. Code may tell some how a few of us thought, but it doesn't show much about how we lived except for the readme files. Similarly, if there are translation files in there it might help as a sort of rosetta stone, but that's getting to the goal by quite an inefficient path. A lot of code will look like all the rest of code, moving data chunks around. It won't help historians very much to have driver code for fifty open source hardware platforms that no longer exist. Here's what I would include instead:

Translations of various texts into most languages, trying to ensure that most subjects are covered (technical, legal, scientific, narrative story, and the most important basic description of something likely to continue to exist later on such as the water cycle). This helps with the inevitable language problem.

Dictionaries of all the languages we've included, which helps with extra words when they've figured out the basics.

Books on geography and astronomy, which help clarify what the planet was like when we were around.

Textbooks for most subjects at various educational levels which provide a summary of what we knew or at least what we thought we knew.

Descriptions written of everyday life by people who have been instructed to provide every detail, and most likely to ensure this, describing the life of people who live quite differently to the describer.

And, since I've probably missed several important things, let's just throw in the entire contents of Wikipedia in there.

There's my suggestion, and that probably fits just fine in a single terabyte; at least text-only Wikipedia certainly does and that's probably the largest chunk in the set. It's not perfect by any means, but if I had to figure out what life was like a thousand years ago, I'd rather have had their encyclopedias than a library written in an invented language that reads from devices implementing an arbitrary communications protocol to read chips with another arbitrary protocol.

Re: Is it Time?

If you'd like an opinion, here's mine: No.

Cutting countries off the internet is bad because it's hard, it gives them extra power, and it harms us. I'll take each point in turn, but these are short summaries. Also, I've used China as an example below for two reasons. First, it's annoying to write and to read "Russia, China, Iran, and countries like them" all the time. Second, the problems I detail get infinitely worse the larger the country and the more activity links them and us, and on that basis China is the most dangerous.

It's hard: In order to disconnect China from the internet, we have to disconnect their lines and/or drop all traffic coming out of them. If we try to cut the lines, we will need to reconnect other places which currently use China's lines for transoceanic communication. Mongolia is going to be the worst hit since they're entirely enclosed by China and Russia, but you have some other countries in southeast and central Asia whose lines are going to need to go through India, meaning getting Pakistan on board and going through war-torn areas. Then, you have to imagine that China will try to work against this, for example by using existing lines that go into Vietnam and masquerading as Vietnamese traffic. Do you really expect Vietnam's government to take drastic action to stop this with one of their closest allies and one with a massive army quite invested in it continuing to work? Of course, any espionage would be much more hidden than that, perhaps starting by going through Myanmar but quickly bouncing to servers in the west operated by agents in some other country.

It helps the countries we are trying to hurt: China spends a lot of money protecting itself from terribly dangerous network traffic containing things favorable to democracy. By cutting off that traffic, they don't have to bother anymore. The important government services will still run on local systems through local comms, so the citizens shouldn't be that affected. And when they are anyway, there is a perfect target: the west. "The west has cut off your internet. They do not like us Chinese. They are the enemy. We didn't do it; they did. Why would you support them?"

It hurts us: Currently, we rely on China for various things. It might be better if we didn't, but we do. We buy from and sell to China, collaborate with Chinese research institutions, all that. If we cut off the communication between us, we have to stop most of that and don't expect what is left to continue for long after the governments start looking for revenge. This means that we cannot get things from there, make money there, or do anything to help the people living there get some rights.

It hurts us even longer: That was what happens in the first month or two, but let me prognosticate a bit further. If we decided to cancel our business relationships in China, which we really might like to do, people interested in human rights might be pleased. People who used to make a lot of money in China, however, won't be so happy. It will be in their interests to bring back their profit stream, and they will try. The easy way to do that is to lobby for new politicians who will restore the ability to trade in China, in return for which the Chinese government will demand various assurances from said country. If Singapore, for example, reopens its internet to China and starts buying things from them, do we give up on this exercise, cut off Singapore too, or wait for the same to happen to us? None look viable to me.