Posts by doublelayer

Re: No binaries over 100KB

It's basically Gentoo everything. First, you retrieve the source for an operating system, Linux for example. This needs various libraries, so you find those too. These need to be compiled, so you retrieve a C compiler. Then you realize that you don't have anything to run on and the compiler's also written in C. Then, you write your own language and compiler for whatever computer you have found, or you use whatever programming language is on the surviving machine available. So basically it would only be useful in a very weird catastrophe. Maybe we should have someone write a book called "How to build a computer out of rocks that knows how to execute some instruction set we designed for computers built with lasers" and put that in the archive too.

"How do they expect to set up a home lab, test software and generally be productive with just a consumer phone or tablet? They sound a bit like frauds to me."

Why would they be expected to do any of those things:

"set up a home lab": In normal circumstances, why would I? If I need a lab, there's probably one in the office I'm expected to use. If I have to work from home and keep using the lab's type of hardware, I will either do so from a remote terminal if possible or take the equipment that's already in that lab home with me. If the company doesn't want me to do either of those, they can pay for the lab equipment that I use for them. If I want to have my own home lab, maybe I'll have some of those devices. If I don't want one, my company shouldn't care.

"test software": Why? If I'm testing software for work use, I use work machines. That's the machine in my office, my work laptop, the machine in my office via the work laptop, or one of the servers I have access to. So all I need is the work laptop.

"generally be productive with just a consumer phone or tablet": I don't expect to do that. I expect to be generally productive with work-provided kit. If I need more kit because my job requires it, then work has to provide that. If I happen to have replacements at home, I may volunteer to use them instead of having my work buy and send me them, but otherwise, it's their problem not mine. I'm currently expected to be productive, and I use my own peripherals because I like them, but the computer they're connected to is work-issued. That's all they should expect me to use.

Re: "Slapping a "Personal Edition" label on a product implies..."

You may have read, but you're doing quite a nice job misconstruing all the points. Let's look at your comments and what they came from:

LDS: "I read the comment. The comment implied LO has no freedom and just they want software from LO they have not to pay for."

gobaskof: "Slapping a 'Personal Edition' label on a product implies [note implies here] you can only use it for personal use, which would be against the license. It is technically legal. But it is wrong [opinion]"

So the original comment demonstrates that they understand that any organization can do as they please with the code, including providing or refusing to provide binaries. That comment disagrees with it.

"RedHat doesn't make the Fedora and CentOS builds - those are "community" projects."

From the Wikipedia article for The Fedora Project:

"The project was founded in 2003 as a result of a merger between the Red Hat Linux (RHL) and Fedora Linux projects. It is sponsored by Red Hat primarily, but its employees make up only 35% of project contributors, and most of the over 2,000 contributors are unaffiliated members of the community.[6] [...] The Fedora Project is not a separate legal entity or organization; Red Hat retains liability for its actions.[15] The Fedora Council is currently the top-level community leadership and governance body. The Council is composed of a mix of representatives from different areas of the project, named roles appointed by Red Hat, and a variable number of seats connected to medium-term project goals.[16] The previous governance structure (Fedora Board) comprised five Red Hat appointed members and five community-elected members."

There's some external community, but Red Hat controls a lot of the code and the organization that owns it. You can argue definitions if you want, but I consider this as having a significant connection to Red Hat.

Original: "But it is wrong and misleading and should not be allowed"

Reply: "Really? This is the mindset of people who think Open Source is 'hey you, work to give me the software I need for free!'"

I don't think that's really true, as the code would exist anyway. It's not that hard to compile most open source projects, so if you don't want to give back, the policy is simple. The original comment was expressing the opinion that labels like "personal edition" imply something that might put off users. Not that they actually do, but that users may believe they do. The opinion was that this belief might dissuade people from adopting it and therefore lose the developers the income from support contracts, extra features, and similar.

LDS: "Again, nobody forbids anyone to take the LO code and make all the builds they like and distribute them. But you can't think to force a company to make the builds you need for free. Otherwise, where's the freedom?"

And once again, the original comment clearly states that there is no requirement forcing anyone to make specific builds, but that if the proposed specific builds were made, they believe that decision to be a bad one. I think part of the reason that leads to this opinion is that it wouldn't be the core LibreOffice team making those decisions, but instead a commercial company, Colabora. It could be considered misleading if someone other than the LibreOffice control organization made software calling itself LibreOffice but with restrictions. It would be legal to do (and again the original comment says as much), but it could sound bad to some people, including the one you replied to.

Re: One reason only

KaiOS is using most of the code of Firefox OS (global effort) and is continued by an American company. While I think the most effective sales effort for those devices has been in India, it's not an Indian home-grown OS. Incidentally, Google has been one of the most prominent developers of apps for that platform and has invested in the developer. I assume they're preparing for the possibility that they don't keep their chokehold on the low-end smartphone market.

Re: "The lack of corridor diplomacy affects participants’ ability to network"

The problem with that feature is that the main meeting is still going on. Separate small conversations work when people are between meetings. For example, if my team has a meeting, I pay attention to it, and after it ends, I find the person I wanted to talk to separately and we have a chat while we walk back from the meeting room. I'm not ignoring the others.

Existing videoconference software is perfectly capable of doing that, but it doesn't happen very often for a number of reasons. For example, I used to have conversations with the dev nearest me in the office. Some of these were pointless to productivity but I enjoyed them (I hope and think he did too). Some were useful to our project. Neither type happens very often, even though we have the ability to chat or call one another. I tend not to send messages because I'm not sure whether he's busy, something I can determine by looking at him in the office. I think it's similar here, with the added complexity that previous corridor conversations at a conference like this probably occurred between people who don't know one another very well.

Re: Computer misuse act

The article told us what happened. The counterfeiters wrote a bootloader so it would bypass some protection code. Cisco's update had a new bootloader. Cisco's update knew how to install the bootloader and that it would work on their gear. The counterfeit device didn't think it through and installed the new bootloader, wiping out their custom one. Their custom one being required, that didn't end well.

On a legal basis, it's not Cisco's responsibility. If they knew of counterfeit goods, it would have been easier for them to just call law enforcement. But they are not under any responsibility to ensure their updates work on equipment they didn't license the software to run on. Sadly, they often aren't required to make sure their software works correctly on the devices they do build either, though you can sue them for lost productivity if that happens.

I haven't found charging quickly to be that important. My battery is showing its age and sometimes needs an odd time recharge, especially if I haven't plugged it in the night before, but my solution to this is easier. I have a collection of USB batteries. Some were given to me as presents, and they are large capacity and well-built. Some were given to me as methods to show the company's logo, and those are available if I am ever concerned about losing one. Either way, I can drop one into my backpack and be assured that I can charge my phone should it need it, assuming I haven't borrowed the cable I keep alongside it. These mean the battery doesn't die, extend the time I can be away from power if I ever need that, and can also be used to power other devices in a pinch.

Re: Bad timing, sigh

You can, and I have, but that only works for some of the use cases of VPNs. In my experience, people want VPNs for one or more of the following reasons:

1. To provide a secured tunnel to a known endpoint.

2. To access other machines without having them be openly available on the internet.

3. To have anonymized traffic that's difficult to track.

A VPS handles use case 1 easily. It can handle use case 2 with some work (for example, I have mine set up so I can VPN into it, then follow a previously-established tunnel to a device which is on another network). It does not handle use case 3 unless you allow others to use your VPN as well so you can hide among them. That's usually not a good idea because you will use up a bunch of bandwidth and may be responsible if someone uses yours for illegal actions.

Re: Free/Libre and Open Source advantage

"I made an Android app that reads the clipboard on startup without asking. It does it to see if the clipboard contents is a URL, in which case it pre-populates a text field with that URL"

That's your choice, but I think it's not that useful for a few reasons.

"I could have added an extra Paste button, but then I'd have to worry about issues like "would the button take up too much room on small displays" (or if it's hidden, would users be able to find it)"

This is why consistent UI decisions across apps are so useful. In most operating systems, there is a typical way to copy and paste and any app supporting those actions does it the same way. If your paste function was available and followed a convention, most users would know how to use it.

"and "would users be confused if pressing the button causes an error message because the clipboard contents is not something we can handle—would it be better to simply not offer the option in that case?"

As I see it, this is a nonissue. If the clipboard contents are not text, you just don't paste any contents into the box. If it is text, you put it in when they paste and let the user decide what to do then. After all, you already have to have some control for a user entering an invalid URL, either a typo or testing you, so if the clipboard contents are invalid, you just report them as invalid just like you would if I mistyped the URL as "https;\\".

These are subjective decisions, and everyone will probably have their own opinion on what is best. For what it's worth, mine and yours differ.

Re: Local sellers can't avoid much taxes

There is a good solution to the problem of large multinationals using tax havens, which is to clarify and reenforce national tax laws so it's harder to use the haven to protect taxable income in each country. There is a bad solution, which is to name the people who are avoiding, which of course these companies do, and specifically target them. Both solutions function in as much as getting some money out of the entities concerned, but the first solution means you don't have to readjust your law when a new egregious offender turns up and the second solution makes you look as if you just have some companies you don't like. I am not here to defend the tech companies; we all know very well how they juggle things around to avoid any taxation or accountability. I come here to recommend a legal solution that is more likely to be accepted and more likely to work in an objective manner.

Re: Why wouldn't Tim Berners-Lee have 17 years experience designing websites?

I did not read that far down; thanks for bringing my attention to it. That said, I'm not accepting that; it sounds like at best a pedantic distinction without a difference or at worst an excuse for getting the number wrong. Designing something can happen in many ways, as long as you make decisions about how a thing will look or function. It's pretty broad. When I made students write "design documents", they neither wrote the code nor used imaging software, but they still designed their programs when they wrote up some text. You can design a site in the same way, and you can also do work on making the site look exactly how you want it to. That sounds like design to me.

Re: Am I the only one

"My thoughts were the opposite. PWA's don't have as much access to the hardware as native apps. Even when they eventually do, how is this different from native apps now?"

Let me count the ways. Um ... sorry, lost count somewhere around twenty three and I should keep working. Fine, here's the short version:

Current mobile operating systems have put a lot of work into sandboxing apps. They don't all do it right, but they mostly try. Users can generally block certain permissions and it isn't trivial for an app to circumvent a denial and get the data anyway. Similarly, it's usually difficult to have one app suddenly start reading the resources of another app. That's unlikely to be the same for a web app, if only because all the sandboxing would have to be started again. Of course there will be protection from accessing the location permission, but will the permission system be as granular? Will it be secure against circumvention attempts? Will it include any sneaky access methods because Google is building it?

In addition, a web app has a very different security profile to a native one. Web apps tend to use a lot of libraries. Those libraries come from really nobody knows where, or sometimes we do know and we might feel better if we didn't. Each of those places can get modified to introduce new code. Since these are progressive, update frequently, move fast and break things apps, our devices would be pulling this new code down and starting to execute it. At least with a native app, the library has to get tampered with, pulled down for the build, and released to the traditional channels. That might not be a reassuring shield but at least there's a shield.

Another issue is with privacy. Theoretically, analyzing network traffic from a web app isn't more complicated than with a native app. In practice, it's trickier. If you are able to intercept apps' traffic to block it, a web app can more easily disguise itself as a browser. Since the app needs to stay up to date, it must ping a server all the time, and because devs are lazy, there is a reasonable chance that it will require a server to function properly. While any app can require a server, it's more likely that a native app which cannot pull libraries from a server will function without one than one which requires a server pushing libraries for installation.

That's the short version. I should probably stop writing now.

Re: I can hear the conversations already

The problem is that, unless they operate the nice kind of call center, you are liable to finally get an operator after an hour of the same two advertisements on a loop to have this discussion:

Client: I am trying to activate a new phone online, but it says that the eSIM requires me to call for activation.

Operator: I will help you resolve this situation. First, may I have the phone number you are using to call us so we can call you back if needed?

Client: Sure. Here it is.

[...]

Operator: So you don't need help with your SIM card then?

Client: No, I need to activate a new device.

Operator: Well, I'm in the troubleshooting call center, but fortunately I can forward you to the activation call center. It'll just take a second.

Client: Thank you.

Advertisement starts again.

System: Good morning and thank you for calling Verizon. How can I help you?

Re: The real news

That's not true. It happened. It really did. It was nine months ago in a private test somewhere in Europe. And they detected this guy entirely correctly. Well, he wasn't the guy they were looking for, but he was an identical twin with that guy, almost. I mean we put this guy in a lineup, brought in some people, and asked them to look at a picture and point out which of the people in the line was that guy. Everyone pointed at him except for a few of them, but those people didn't select anybody so they don't count.

Re: Another non-event distracting us

Exactly. That's why trust in the base app is such an important detail. The only relevance to the "pull down arbitrary code" possibility is that someone else could get the code inserted, either by forcing the company to do so, stealing the mechanism, or discovering a vulnerability. The new code would not be released as a potentially detectable update either, making it easier to hide.

I think the best example of such an issue is the vulnerability discovered in WhatsApp a little under year ago. Said vulnerability wasn't intentional (unless you are paranoid), and it allowed arbitrary code execution by crafting an invalid video file. That code would not be able to exit the sandbox of the app, but WhatsApp's sandbox is really big so it proved to be a useful exploit, weaponized by at least a couple groups. If TikTok had a similar mechanism intentionally or through a vuln, it could prove dangerous even if a user trusted the original app. Obviously, I do not know that such a thing exists, but if it did, it would be bad.

Re: 5v/12v ring

I suppose the question would then be why. Let's assume you could create secondary circuits at lower voltage. What would the benefit be of doing that? If you still provide the main circuit at normal voltage, your secondary circuit means extra installation, extra possibility for breaking, etc. without removing any of the cost associated with the main one. Meanwhile, providing the ability to use higher voltage may be useful in a limited number of circumstances. For example, most places could probably use LED bulbs at lower voltage (although how low is in question, see the other reply for details). However, some may wish to use a different type of bulb. I know some people use bulbs that release more ultraviolet light to promote vitamin D creation. I don't know if those have a higher power requirement. Most importantly, I don't know what other unusual types of bulbs people use, and I don't know if it's a good idea to make it more difficult for them to do so.

Re: Late 2000s?

Why do you assume that "the 2000s" by default refers to a century? Because for all you know, it refers to a millennium. The only significant figure there is the 2, so any smaller chunk that still includes multiple years is valid, including 2000-2999, 2000-2099, 2000-2009, or for some pedants the 1-offset century and millennium as well. I choose to believe that this happened in the late 2000s, sometime around the year 2978, but the various changes in human culture since now have made it not as funny. Fortunately, they also invented time travel so someone could report it to us.

Re: Simpler than I expected

When you purchased your iPhone, did the manufacturer indicate that the contract for service was a component of the product? When you first got your iPhone, did you set up the contract on it as part of the process, or did you set up the contract with the mobile provider and connect the iPhone to it? Both of those things were different for this case. There was one other thing that was different, and that is that there wasn't any contract. This has been clarified by the original source several times above this in the comments: there was no contract, and the charge that TomTom sent out was not a valid charge.

Re: Alternatives?

If you go to your lots-of-items-selling site of choice, you can almost guarantee that you will find various budget mechanical keyboards around and even below your price range. I have experienced good results with some of these, but with each you will have some drawbacks. There are those who will not accept any switch type other than the well-known manufacturer they have used before, for example, and budget keyboards tend to use some manufacturer you've never heard of. I tend not to care, but if you do, the budget might not satisfy. Similarly, at that price range you are unlikely to find keyboards with extra features like Bluetooth, detachable cables, or extra ports. If one does contain such a feature, it's likely the only one.

Re: Got one of these recently

I found a couple low-priced options with removable batteries. I don't know if any are good though. Here's a search with the selected criteria being removable battery, 3.5 mm jack, 2019 or later, and at least 32 GB of internal storage to get rid of the "Go Edition" useless things.

Re: So, IPv4 addresses are like petroleum

Yes. In many ways they are like petroleum. There is a limited amount. Nobody is really sure when we will hit that limit but we have gotten far enough that there can be problems with the supply. Some groups control a massive amount for no good reason. Large parts of the world have next to none compared to their populations. There are replacements that might be useful if more people were to use them.

IPV6 has many problems, and making any change is difficult, but it is already chaotic to try to find and keep IPV4 addresses. This block may have reduced that pressure for a little bit, but in only one region of the world and only for so long. Given the aggressive CGNAT used in some parts of Asia, I imagine demand for these addresses will be fierce.

Re: Something about motes and beams...

"Are those dates in American MM/DD/YYYY format or UK DD/MM/YYYY format?"

Yes, indeed they are.

Sorry. I thought the question deserved that answer. I'll go now.

Re: States

Basically, you have a good understanding of the issue. Nothing is very clear. In general, if a state makes encryption illegal, then it is illegal for you to use encryption if you are physically in the state, to provide encryption to people in that state if you are not there, or to provide encryption to others using systems in that state. How much you care about each prohibition depends on what your state thinks about all this, your likelihood of going to the affected state, or whether you have money or other assets that state has the ability to go after. Federalism is weird sometimes.

Let me let you in on a little secret. The world has a thing called time zones. It means that it's not the same time everywhere on the planet. As a completely random example, imagine that you are going to take an exam which starts at noon and lasts for two hours ... at the university's default campus on the eastern coast of the U.S. Since the university doesn't want students to record the exam as it shows up on their screen and send that to others, everyone has to take it at the same time. If you live in the eastern U.S., you take the test from 12:00-14:00. If the western U.S., it is 9:00-11:00. What if you live in India? It's 22:30-00:30 (10:30 PM to half past midnight). In China, that's 01:00-03:00. In the most populated time zone in Australia, 03:00-05:00.

Since university schedules tend to include morning and evening classes, anyone outside the Americas is virtually guaranteed to have to completely mess up their sleep schedule to take their classes if there's any real-time component (including taking tests, asking questions, participating in discussions, and many other very normal things for studying). For this reason alone, students may wish to take online courses in a similar time zone to the ones they're recorded in. And that's the most obvious pain point about trying to do a virtual education from the other side of the planet. There are many others.

Re: It Could Be Made to Work ???

"But nobody from government has stood up and said why they've just spent half a billion on something out of the blue."

Well, technically, several people and documents from U.K. government did say exactly why they bought it. It's just such a shame that basically none of them agree on what that reason was. This article quotes someone who says the reason is broadband. The article from a few days ago links to a report that says it's mostly navigation. Comments sections for both articles link to articles saying any number of other things.