Posts by doublelayer

Re: Liability

Yes, you can switch an image in such a way that you are in the wrong. It's not because you switched the image. It's because the image you switched to is illegal, meaning you are guilty of possessing an illegal image and of trying to distribute it. You can claim maliciousness on any switch, but the fact remains that it's not their image to retrieve. It does not matter what it was or what it switched to; they have no legal claim.

For example, let's consider part of your comment:

"unless you switched the file with malicious intent, meaning to cause harm, inconvenience, punishment."

The most open of those words is inconvenience. The problem is that, although anything I change is inconvenient, they don't have any right to convenience on that basis. They are using my bandwidth without permission. It is similar to if they ran their corporate network off my WiFi from next door without permission. If I found out and changed the password, they would be inconvenienced. However, they would not have the right to recompense for that because the inconvenience they received was a direct result of their doing something they do not have a right to do. I did not guarantee that I would keep my WiFi up, nor did I guarantee that my server would stay up, nor did I guarantee that I wouldn't change files.

The same argument applies to harm. If they connected a device to my WiFi that would cause harm if it lost network connection, and when I changed the password it did cause harm, that is not my responsibility. They exposed the victim to harm by making it rely on something they didn't have a right to use. That is, at the very least, negligence. I don't think most courts would stop there either.

Re: Liability

"Lets say you were hosting a copy of (say) jQuery. Then, you notice that Barclays have hotlinked it into their own site. If you now come along and stick a crypto-miner into that file, you're opening yourself up for a world of hurt."

If I want to make a script on my page with a cryptominer, I am allowed to do so. If I call that file JQuery.js, I am allowed to do that. If I edit JQuery, I am allowed to do that (MIT license). So the only way they would have a legal claim is if I agreed to host it for them. Otherwise, I have never made any guarantee that the file would remain what they saw at one point. I can argue that I did not know they were linking to the file, and they would have no proof that I knew that. I can argue that they were violating my terms of service by linking to the file, and if I did edit my ToS accordingly I would have a better case than they would. I don't need to claim either of those things in order to have the right.

The issue of a powerful place using legal might to harm people they don't like, even when they have no legal basis to their attacks, is accurate. However, it's also possible for them to do this for anything else. If they hotlinked to a file and I changed it to indicate they used without permission, they could get angry. If I blocked their request, they could similarly get angry. If they felt the need, they could have their lawyers sue me for breaking their service. However, if I blocked, edited to print a string, or edited to introduce a miner, I have the same rights to do what I have done and they have no basis to win the case.

Re: Liability

If they have hotlinked to your site because you are providing them a service, then there is a terms of service document describing who is responsible and potential penalties in various situations. Under GDPR, your site would be a data processor and both you and the original site would need to ensure legal handling of the data provided to you. If you violated that, data protection authorities can go after you, even if it was through another site that the data came to you.

If they link to you without permission, then you are not responsible. Well, that depends--if you log information you know to be personal information when you know you have no right to it, data protection can still go after you. But for most other things, you don't have any responsibility. If you want to host scripts that nobody else would want on your site, you are allowed to do so. For example, cryptomining scripts are not illegal, so you can put them up if you wish. If someone decides to link to a file and you switch it to a different file, that's their problem. Any liability would be on them because their site, not yours, was the one deciding what the user gets, and it was their choice to include a script their users don't like.

Well, many businesses want someone's head because it's an easy way to make it look like they've done something: "The employee responsible was fired [and therefore the person who should have detected and prevented won't be]". But there's various times when it's the right response. I don't know how or why this particular error happened. However, if it was somehow done intentionally, it's a very obviously bad thing to do. Someone who decides to use a compromisable third party without any guarantee of security or functionality might not be the best coder out there.

Yes, there are lots of things that can fall into that bucket, but this is worse than most of them. For example, although pulling code directly from NPM is similarly dangerous, people at least expect that it happens and do some types of automatic security checks on new releases. Nobody's going to do that for the Internet Archive. Also, most places from which external scripts are retrieved at least expect that to happen and have made statements about keeping their server up. I don't think the Archive has ever indicated they are willing to be used as a CDN and they can delete files or edit them at any time without notice.

So, if you have a sufficiently worrying practice being intentionally used, you have to wonder whether you will catch them if they do something like that again. That isn't necessarily a reason to immediately fire someone, but if you have alternatives, and the current job market means you probably do, it's a thing worth considering. A good company won't fire people for honest accidents, but negligence or intentionally doing something stupid are potentially worth it.

Re: It Could Be Made to Work ???

Phone chipsets rarely support additional services that weren't around when the chip was designed. No matter how a new navigation system is implemented, whether almost identical to GPS or entirely different, a new chip will be needed to receive from it. The only exception would be a system which augments an existing one, similar to how QZSS overlays upon GPS for Japan. As for the clocks, that would be a problem. While they could put the clocks in the new satellites and reprogram them, they could have also put clocks in their own satellites without buying this company. While a navigation system isn't impossible, it would seem to be a strange step to take if that was the primary goal. Given their discussion of broadband, perhaps they have other goals in mind. Whether those goals make sense or are in any way useful is another question.

Re: Pre-orders for the Librem 14 opened today priced at $1,199.

I checked out their specs page. Base RAM is 8GB. Increasing that to 16 GB costs $79 and to 32 GB costs $219. Base storage is a 250 GB SATA M.2 SSD. They have various larger and faster options.

For those outside the U.S., there are some limitations there. You'll notice I quoted all prices in dollars, because they don't seem to have prices in any other currency. They note that, while they ship, taxes in other countries are the buyer's responsibility so I can't tell you U.K. prices with VAT included. They have power adapters for U.S., U.K., and EU sockets. Not Australia, though it is a USB-PD one so that doesn't have to be a problem. Also, they only seem to have English U.S. keyboard layouts right now. If you can touch type your language on that layout, you're good. If you have an attachment to the U.K. layout, maybe they'll fix that sometime.

Re: Why Intel?

You can get a thing like this with an ARM processor at the core. I think there are a few like that, but the one I know about is the Pinebook Pro. It is very open, has hardware designs, firmware source, hardware killswitches. The only downsides are that, using conventionally available ARM SOCs, it is a little limited performance-wise. It maxes out at 4 GB memory, and has six relatively slow CPU cores. If you can handle the reduced performance in a laptop and want a lot of privacy and security, that's probably a good option. Otherwise, we will have to wait for more easily obtained fast SOCs or stick to X64.

Re: Severely endangering national security

"the Chinese government (indeed, its people) may prize stability more than "flourishing" or 'progress.'"

Rubbish. The Chinese government prefers that because stability means the previous status quo, I.E. they have all the power, stays in place. The people don't get to decide because 1) the government has done everything it can to mislead them about the benefits of their rule and the dangers of its removal, 2) the government has done everything it can to indicate that, should you have opinions, it is wise not to tell anyone lest they be forced to give you some vocational training, 3) the government has also indicated that, if you don't have opinions or even if you do, and someone asks you for your opinion, you should state one fully supporting the government, and 4) the government has demonstrated the capability and willingness to back up items 1-3 with violence.

I am tired of the arguments that a dictatorship is suddenly acceptable because it is desired by its victims. It's simply not true. Cultures may have different ideas about what they view as logical, but similar cultures in places like Taiwan and yes, Hong Kong, prove that there is not some Chinese acceptance of authoritarianism. No, you cannot base it off the writings of east Asian philosophers who preached the same, because I can find Thomas Hobbes and many like him and throw him back at you. Democracy as it is currently practiced is a relatively new concept, and it is not restricted to some subset of the world's cultures.

Everyone is capable of deciding how they want their government constructed. Nearly universally, when people are given that choice, even without experience with all options, they have chosen democracy or something they thought would be democracy. The democracy practiced in Japan and South Korea is differently structured than that in the U.K. and U.S., just as it is different from that practiced in Chile, Sweden, or various other clearly democratic countries.

Re: What's wrong with standard unix user-group-world and access control lists?

Android has lots of problems, and it's not because of their SD card format. If they wanted to, they could sandbox the SD card easily without doing anything to the format. It's already set up to have directories where apps write by default. They just block access to those directories based on the app, allowing the user to override that. Problem solved. Except that's not the problem. Android's problems run a lot deeper than that, and the choice of format and decision not to sandbox the SD card too is somewhere between inconsequential and slightly positive.

Re: What's wrong with standard unix user-group-world and access control lists?

On most consumer computers, everything is run with the same user account. Try explaining to the general public that yes, we know you are just one person, but you should create multiple users to run different applications. It sounds ridiculous. That's because, in most cases, it is ridiculous. I have done it with a few applications I have reasons to limit, but most of the time, I have no reason to and I don't. With this, you can take one of a few approaches to solving this problem:

1. What problem? Everything in the user's directories can be read or written if the permissions say so. This is generally fine if malware doesn't get into that directory. Not so good if that happens.

2. Create various areas where applications can write which are sandboxed away from other applications. This actually makes a lot of sense, because user documents can be stored in general-purpose directories.

3. Throw up warning screens whenever a new application wants to read or write to a new area. This will probably generate user annoyance and high blind click-through rates.

4. Warn the user on each file an app loads. The users will soon throw the computers on the floor.

Apple went with a combination of options 2 and 3. Option 3 is the more annoying, whereas option 2 makes a lot of sense. Unfortunately, we now know that they failed to implement option 2 correctly, became aware that they failed, didn't fix it, and ignored the problem completely. So we're essentially back to options 1 and 3. If you're sufficiently confident that you will never have malware running on your user account, you're fine. If you think that's a possibility, you're less fine.

Re: Is this an open check for the registrars?

Registrars can already do that; you don't need a domain to be trademarked for that domain to be valuable. If one registrar decides to extort a user, they have that ability. Regulations try to prevent it, but not all of those regulations work.

As for ownership, things that are trademarked are never owned. Trademarks apply to things so small that you can't own it. Apple, the computer people, don't own the word or concept of an apple. Their trademark rights say that they can prevent people from using the word to name other computer products so people don't become confused about who actually made the thing. That right isn't perpetual or unlimited, and it in no way means they gain ownership over the word. Similarly, someone using a domain name as a trademark doesn't need to own a domain name, which of course they can't do anyway. If they don't have that domain name, their trademark application would likely be rejected because someone is already using the phrase; that would be a good thing to make explicit in law. That's why we have trademarks: to clarify who is using a thing that can't really be owned.

The decision can be made based on a survey because the law is about what users think. The law considers, for example, whether something is likely to confuse consumers, which you can't just encode into legislation. It also allows for trademarks to be removed if consumers have come to think of the term as generic, which likewise means that you have to find out what consumers think. The means to do that is to ask them.

Re: So many gaps in this...

Logically, this decision should have benefits for that. Someone trying to trademark "Booking" might have problems with holders of booking.*, assuming they managed to get past the generic term test. Someone trademarking "booking.com" would not overlap with someone with booking.[something else]. Of course, there's also the issue of trademarks in other countries which could go in a very different way.

Re: Gets my vote...

"USB C is the right connector to force as a common standard (until some new super feature comes along that needs something different)."

I am happy to go along with that when we force a common standard on USB-C. This means no display-only cables, no everything-but-display cables, no Thunderbolt-only cables, and while we're at it, no power-only cables and every cable at least capable of delivering 5V 1A. I already have functional but very annoying power-only micro USB cables which tend to turn up every time I really want to move some data to a device with a micro USB port; I don't want to repeat the experience with even more options for a not working cable. When every USB-C cable either carries all types of data or is broken, we can force its adoption. Until then, I don't think we should force something on people that is unwilling to adopt a standard itself.

Re: "quantum compass technology"

QZSS is intended to provide navigation in densely-populated cities. Japan has a lot of those. It also provides increased service throughout Japan and the surrounding ocean, but a lot of that is because QZSS works with GPS to provide extra information. If all the GPS satellites were to be shut off, QZSS would be difficult to use though theoretically possible. Presumably, the British military will want coverage over the U.K., the various bases in the Mediterranean, Atlantic, and Indian ocean, and in areas where they have fought recently such as southern Asia. You can't do that with a few satellites. If they're willing to do U.K. and surrounding ocean only, they can do so more cheaply.

Original: "Wrong orbit, wrong clocks, wrong radios."

Reply: "But only 12% launched so far, so clocks & radios are very changeable."

If they're going to design completely new satellites that work now, they don't need to pay this company; they just do the design and launching. The only reason to pay this company is to use what they already have, possibly augmenting it with additional launches for that constellation. They're not going to buy this company just to do something they could already do.

Original: "Even if it could be repurposed, which isn't a given, it would do positioning very badly."

Reply: "Why is why it's being considered primarily for comms & broadband, with positioning a purely speculative application."

It was discussed as a replacement for Galileo. Navigation system. It might be useful for other things, but the U.K.'s stated interest is for navigation. Maybe they know what to do to make it do navigation, but if they considered buying it for communications purposes, it would have been better for them to say that rather than call it an alternative to Galileo. It's not hard to type "For increased communications potential. The system may also be of secondary use in a proposed navigation system". They could have if they meant that.

Re: Re assume...

If you don't know what the plans are, because they are not apparent, how do you know they so obviously exist? Has someone told you of additional plans, so you know of their existence because you trust that person? Have you seen the big cabinet with "Extra plans: Satellite Navigation System" written on it? What evidence do you have for there being additional plans other than that it would make sense if there were some? There are many things that would make sense if they existed, but that doesn't create them.

Yes, they need engineers and designers on that report. They need them to answer questions like "What is needed to build a system like this?", "What do we already have that we can build on top of?", and several rounds of "How about this instead?". You need to pay the engineers. Sometimes, they need to run some models or simulations. They don't, however, need to build satellites or receivers for them, nor build new computers to run models on. Their purpose is to come up with some possible designs for a system and expected costs in time and money to build them. It's mostly thinking of designs and writing about them. Their remit is not to build prototypes; their remit is to write about possibilities. At the end, their product will be a large set of writing, hopefully including useful answers to all those questions. Or in other words, a big report.

Re: Better late than bleeding edge?

If you are already willing to generate a cert, get it into the trust stores, and build a device to MITM your traffic, you might as well just disable encrypted DNS queries on the devices instead. I don't know of anything that prevents you from using cleartext DNS. Finding and switching those settings will take less time and processing than building and running an HTTPS-interrupter.

If you also want to block encrypted connections, you can find the addresses of the existing (not very many) DoH servers and create firewall rules that drop traffic going to ports 443 or 853 on them. If you are concerned that some piece of software will refuse to honor your DNS settings and will also use a secret resolver, you probably have more to worry about than how it resolves URLs.

Re: NFC

"Now consider that neither the iPhone 11 pro nor the Xiaomi have 5G, which means that in reality the iPhone may be a paperweight in 2-3 years, but with the Xiaomi you don't care."

Oh come on. 5G isn't even really implemented yet, only being present in small quantities in a few cities. While they may have completed a worldwide roll-out in three years, it's not going to be that fast. They'll have to keep 4G running throughout that process and for a while afterwards, much to their displeasure. While I have no doubt they'll try to get that shut down as soon as possible, it's not going to happen before most Note 9s or iPhone 11s are broken or replaced.

Re: Really?

The GUI thread mention above is a good one. There are some other ones you'll want to keep in mind. Here's a good one: lazy web scriptwriters. A lot of web JS is single-threaded and not all of it is efficient. If you've ever been on a large page with an inefficient JS system, you'll probably have noticed that certain operations are slow. For example, a page with a large table doing a filter and sort operation. Users will notice that and will be happier if the core running that inefficient code is faster. Similar things are true of things written simply, such as spreadsheet formulas, which various types of users rely on. And of course there are operations that aren't parallelizeable that code needs to operate; even when you have multiple threads, there may be a few using most of the CPU time while a lot of others wait for disk, network, or user input.

Re: New Intel Macs in the pipeline?

I'm not sure that's true. The earliest Intel models were made available in January 2006 (iMac and MacBook Pro). By May 2006, just four months later, the last PowerPC laptop was discontinued. By August, the PowerMac line was discontinued. The only remaining models were rack servers, and they only made it until November, just ten months overlap.

The only way your figure might work is with software support--Apple didn't drop support for PowerPC machines until they released Snow Leopard in August of 2009. Still, that's only 3.5 years after the first public availability of an Intel model, and I think that's not the right figure to use. I think the seven to ten month number is closer to what we're discussing.

Source: I used the database from the Mactracker app.

Re: Keyword here is "maintained"

I'd add a few other groups:

3. People who have used Macs before and gotten used to them. Now they'll keep doing so because they don't like change. This applies to Windows too.

4. People who use Macs because they already have one and it works fine. They might decide to switch if theirs breaks, but they'll think about it then.

5. People who have some specific application that's Mac-only. Similar to people who have some application that's Windows-only, these people are mostly attached to their device because the program runs. If an update doesn't work, they'll probably just stick to the old version.

Re: It'll work.

With Linux, you're likely to see few if any problems. For most Linux applications and components, source is available with changes needed for ARM already implemented for several other devices including ARM-based servers, Raspberry Pis, and everything in between. A lot of binary-distribution package repositories already have ARM-compiled versions stored, and things you build manually will likely also work fine. A few old closed-source components exist, but a lot of those are drivers for things you won't have on the new machine. If you're using unusual legacy hardware or something, maybe you'll have some difficulty, but that's basically it.

For Windows, things are probably less rosy. Windows on ARM should work fine, but I don't know if Microsoft has any limits on what you're allowed to run that on (I don't know that you can just go out and buy an ARM-Windows installation disk; I think it's all been preinstalled versions on specific machines but I might be wrong). Microsoft probably has an incentive to facilitate that as soon as the new machines get released. However, ARM Windows can only emulate X86 (32-bit) internally, so trying to run X86-64 on it is probably going to be tricky. There are three solutions to this problem, each with their drawbacks:

1. Don't run ARM Windows. Instead, let Apple's emulation run an X86-64 VM host which runs X86-64 Windows and X86-64 applications. If there are bugs in Apple's emulation, you'll probably see them here. I'm guessing it will work, but it will be terribly slow.

2. Wait for Microsoft to get emulation for X86-64 on Windows on ARM, then things should work well. That should be fine, but it will probably take a while.

3. If you have tasks that require running X86-64 code on Windows, don't buy an ARM device. Wait for compatibility to be improved on Microsoft's end, and stick to an AMD or Intel processor for the time being. Since existing Macs will continue to work and new ones will be split between ARM and Intel, you can still use one of the Intel models if your preference is to use a Mac as the main machine. In a couple years, I'm guessing the situation will have improved for this use case, or at least if it hasn't you'll know not to expect an imminent change.

Re: Really?

In many desktop use cases, having a lot of cores will be less important than having some really fast cores at single-threaded tasks. Not that ARM couldn't do that; with the freedom of higher power draw and extra space, they can probably do that rather well. Still, it'd be worth the time of chip designers to keep in mind that a lot of cores will at some point not be so useful as a moderate number of fast ones. I'm curious how the single-threaded benchmarks of Apple's new chips will compare to those of comparable X86 ones. Given their confidence and using them in the MacBook Pro at launch, I'm expecting impressive things.

Re: "Canalys reckons the wireless earbuds sector will deliver over 200 million units this year"

Basically all of them will; consumers aren't great about bringing tech to recycling places. The same argument could be made about most other types of tech though--even with replaceable batteries, consumers discard their devices all the time and don't always recycle properly. The amount of ewaste from these specifically is not that much compared to all the old smartphones currently sitting in landfill, or even to all the cheap earbuds with broken wires that are also in those landfills. While it's a major problem, you can't really blame these any more for it than most other kinds of tech.

Re: Fax will never die!

"2. Unlike email, it would be difficult for a third party (who doesn't have physical access to either facility) to intercept the communication."

That depends on a lot of things. If you're referring to malware installed on the recipient's computer or the mailserver, you might have some point. The problem is that malware usually isn't on the mailserver and malware on a computer could catch any information entered from the faxed document anyway. If you're referring to intercepting the communication by tapping a line, email is probably better. It is possible to wiretap both types of lines, and in most cases such a tap will be sufficient to collect the message, but in the case of email there is some chance of encryption, whereas a fax cannot do that. In most cases, the connections between sender and sender's mailserver and recipient and recipient's mailserver are run over TLS, meaning the easiest place to attack is between the sender's and receiver's mailservers. Depending on the system, this too may be encrypted. If the message is secure, you can encrypt the message independent of any other encryption on the connection.

Re: I called the cops

A quick public service announcement: if you do call emergency services by mistake, don't hang up. Quickly inform the person who picks up that you called by mistake and apologize. Then they'll hang up. Otherwise, you will waste their time as they call back to confirm, and that's if they don't decide to send someone to your address just to make sure. You will be doing yourself and everyone else a major favor.

Re: Emulation

Virtualization may be tricky, but it isn't impossible. It would require the VM companies to recompile their applications for ARM, which probably isn't easy but it is what they do so they can manage it with time. Most VM hosts do not in any way emulate a different processor short of disabling a few things for older OSes, so ARM-specific builds of Windows or Linux will be needed. In the best case scenario, the VM host is recompiled, the application running in the VM is also recompiled for ARM, and everything runs the same as before. The worst case scenario is ARM-compatibility layer virtualizes X86, VM host runs in X86, tries to run another OS in X86, and probably screeches to a halt before the application can even be started. It will depend a lot on the companies producing VM software.

Native booting, on the other hand, is likely to be problematic. It's not so much the OS itself--someone can compile a version for the architecture. It's the rest. ARM devices tend not to have a standard boot mechanism like X86 does. That's why, although we can compile a mobile OS for any architecture we want, we have to manually rebuild it for every phone in order to run it. There's also the issue of hardware drivers. If Apple doesn't consider natively running another operating system to be important, and their customer base is probably mostly in agreement, they may not bother to compile drivers for ARM Windows let alone Linux. Linux might have some chance of finding suitable replacements, but that will likely take some time. If you need native booting of something else, I'd advise caution about getting an ARM-based product for quite a while until someone else has figured out the details.