Posts by doublelayer

Re: ID10T error

Helping the user understand what went wrong and how to have it not go wrong next time is very useful. However, even if the tech was busy and just wanted to do a quick solution, let me show you how the workaround would have gone.

Tech: "Right. Now instead of using this email, I want to try loading the program the normal way."

User: "But I'm supposed to use the new version. It's coming out now."

Tech: "Let's just try it."

User: Opens old program.

Old program: Works.

User: "This one works, but it's the old version. I'm supposed to use the new one."

Tech: "No, use that one. The other one isn't ready yet."

User: "The email says it's ready. They sent it to me because it's ready."

Tech: "No, they want you to use this one. They're just showing you what it will be like."

User: "I don't think that's right. You don't write this program; you're tech support. Trust me on this one. I use this program all the time."

Tech: "Trust me. The program you can open normally is the right one."

User: "Maybe you should discuss that with my boss, but he's not here. I'll get his boss."

Tech: "No, I don't need to talk to"

Tech: "Wait. Come back. No, really, it's just a minor"

Door: Closes behind user.

Minutes: Pass slowly.

Customers in line: Look angrily at tech.

Door: Opens. User comes back.

User: "This is the manager of my boss. She will tell you about the program update."

Manager: "What's the problem?"

Tech: "There will be a program update but the user thinks it was released now. They're trying to run a screenshot."

Conversation: Forks here. If manager is clueless you can end up in a loop. We will proceed on the fork where the manager knows what a screenshot is.

Manager: "I see. Can I see the message, please?"

User: Shows message to manager.

Manager: "Ah. You see here where the update is said to be coming out soon, but not yet?"

User: Yes.

Manager: "And this attachment is a picture ..."

Manager: Continues to explain situation to user.

Manager: Now annoyed at tech for not doing this themselves.

Isn't it a lot easier just to solve the situation well with a useful explanation that will probably prevent it in the future as well? Workarounds only work if the user understands why they're doing the workaround. They can cut out several contingent explanations, but if you provide no reason for your alternate suggestion, people will think you're just winging it and you don't really know what you're doing.

Re: Yes, Daily, or even hourly!

In all fairness, they did read that screen and they did what it said. Apple didn't say anything about why the app didn't work and told them to go talk to you. They did that. There's little the user could do at that stage; either you would have to update your app, Apple would have to reverse their 64-bit only decision, or they would have to downgrade their OS. The latter option isn't really an option because that's a lot to ask, plus the error message didn't tell them to do so.

Re: Market +30% = wages -30%

All of that is going to have to balance itself against the profound distrust our employers have for us. I think the main reason that hasn't become much of a thing so far is that a lot of employers are afraid we won't be as productive or as conscientious when not in their office. Let's see whether this period at home is enough to kill that idea or if they are eager to get us back there. Either way, it will be a disappointing option for several. I would prefer the office, but I also prefer that people have the choice if feasible.

The problems are email and people. Email can be modified to do some things. No impersonation is a good start. Wouldn't help in this case--they didn't impersonate, they used a valid misleading domain. Showing link contents before going somewhere would be nice. Probably wouldn't help in this case. Subsetting HTML so it's harder to do visual tricks would probably annoy a lot of people, but some of those people are the people who send multimegabyte messages overloaded with logos, so I'm fine with it. Probably wouldn't help in most cases because if everyone can't do it, and scammers can't do it, then they still look the same.

In the end, someone has to decide whether to click the link or not. The email system can try to point out potential problems, but automatic means can't block everything malicious. While email needs some updates, it can't and won't fix stupid user syndrome.

Re: Not bad? Users? Policy?

I disagree--HR is HR, and whether it's tech or something else, they're going to have knowledge of HR matters and probably not much else; HR doesn't really need to know anything about the product as long as they can understand when people are doing something wrong. What I don't know is who these people were who received the messages. If only fifty went out, it could be basically any subset, as wikipedia estimates they have about 1200 employees.

If it's fifty people in HR, sales, and finance, it's regrettable but not that surprising to me. If it's fifty developers, we have a major problem.

I doubt that. If they did the translations for Windows usage, they would have all the data needed to keep up translations for IOS too. It doesn't take much effort. If they're dropping it here, they're likely dropping it everywhere where Outlook is run. Even if they split up the decision, I can't see them leaving IOS untranslated but all other platforms functional.

Re: Apple is going to write off all ...

It sounds like the interface will no longer be translated into those languages, but you can still type in them. Similar to how I can type any language I want even while my mail client continues to use its previous localization. While I can well sort of, no actually it doesn't make sense. I was going to give them some leeway on a few languages that aren't spoken by very many people who almost all speak another language anyway, but they've got some very large languages on that list. They were able to afford that before, they can continue to.

Re: Telekom

I've definitely found that with corporate versus personal sales. At a very basic level, the amount of information and control about the product or service is significantly higher when it's a company buying it. With corporate internet service, I get information about the type of line, the expected bandwidth, the expected latency, firewall rules and how I can turn them all off, IP addresses and what I need to do to get statics, full manual for the supplied or suggested modem if I use it, freedom not to use their equipment. With the exact same company, home service looks like "Up to 100 MB/s" [I'm not sure if "MB" as opposed to "Mb" 's a typo or a deliberate lie). I've had a home ISP who had unremovable firewall rules on outbound traffic, and they were one of the best. I think it happens with nearly every other product as well. Oligopoly power is fun, isn't it?

Re: So it's actually more of the same

I'm not that knowledgeable about this band, but I've just done some searching about who currently uses it. Sure, there are emergency services on the list. It seems mostly to be extra capacity needed in urban areas, but not their main bands. However, I note one other user, American UHF channels 14-20. Maybe it's me being paranoid, but I'm wondering about that television company that has been so linked to this director before. I wonder how many stations they have using those channels and how expensive it would be to move them. That will probably require more research, but it might explain some of the vehemence.

Re: Scammers are an infamia

While I tend not to actively interact with their call by pressing a number to talk with one of their agents, I frequently leave the call connected and wait for their automatic system to hang up. Depending on how complex their setup is, it may have a limit to number of concurrent calls (or better yet, they may pay by the minute). Since incoming calls are free on my plan, I am happy to let them keep talking. Back when they had an Eliza program handling the first stages and would call me once a week to test it out, I used to have it play against a simple program I wrote to read out random sentences whenever the bot stopped talking. Sadly, they seem to have stopped and now the only calls I get ask me to press one and hang up after two or three repeats of their recording.

Re: If you are desperate for Mountain Views spyware

I'm glad that works for you. I've used it as well, although not that often. My experience has been less reliable. Some apps work perfectly. Some are tagged as GSF-dependent but also seem to work fine, but I'm just waiting for a problem. Many others that have been tried work only to request their permissions, then keel over. For me, that's almost always fine. I rarely need an app urgently, and I can usually find an alternative. Also, I know what is happening. I don't think the general public is in a similar situation. If their experience of using a client such as this, assuming someone installs it for them, is that half the apps they want* crash immediately, they won't be that impressed. That would restrict the market for Huawei devices outside of China to two small subsets of the population: 1) Technical people who probably don't want Google anyway and know how to get around it and 2) people who just don't use many apps.

*The estimate of half is quite rough, but I think it's actually higher. Many in the public are big users of social media apps or games, and I think both are likely to make heavy use of Google's APIs. I haven't done a test because I use neither category.

Re: Flashy

Oh, it looked like that to me too. I prefer my phones ungoogled, which I mostly get via Lineage OS. So having a manufacturer that doesn't include the Google layer...it sounded like quite the helpful approach. I wouldn't have to wait for a device to become supported. I wouldn't have to build the image myself. I wouldn't get the choices I get with Lineage OS. Uh-oh.

There's the rub. I want Google off my phone because I like the certainty that I'm not being tracked by software I don't have control over. Huawei has removed the Google-specific layer. They have instead added their own layer, and I can't trust it, and I can't remove it. All I have now is two choices for whose untrusted and unverifiable software is preloaded. I will have to go to similar lengths to get rid of it, but unlike certain phones that ship with Google's apps preinstalled (Xiaomi's devices, for example), I have little hope that Huawei will ever let me reflash it. Why should I consider this a benefit? Code that I didn't want and can't trust, but would be generally useful if I had to use it has been removed and replaced with code I still don't want and can't trust but is by most reviews less useful.

Re: Bugger AdBlock, it's Internet advertising that's theft.

That point is relevant, and I imagine you'll find many who won't accept it, but the analogy still applies. In the case of a collect call from a telemarketing system, they are undoubtedly paying for the line capacity, the phone, the person talking, and for any call where the other party doesn't accept the charges. That fact doesn't make the theoretical practice any less odious. In occasions where the data usage is very extreme, I think there's reasonable grounds for complaint. Not that it would do anything, but nonetheless reasonable.

Re: Worse than that

That's great. But that's because Xiaomi has decided to be nice. The point being that neither Google nor the carrier (I'm assuming this was not associated with a carrier) care at all about providing you updates. Any credit there is for maintaining the phone this far goes to Xiaomi. There is such credit to go out, but not because this is a very long time. Just because most of the competition is lamentably bad at it.

Re: In all honesty

"I would rather no one knew what i was browsing or buying and i definitely do NOT want targed ads. Infact i do not want ANY Adds."

I don't like ads either. You and I are perfectly within our rights to try to avoid ads. However, it's quite a hard argument to make that advertising itself violates our rights. If we get everybody to agree, we can try, but I am not going to put much effort into an anti-advertising push. I will put that energy into anti-tracking policy, though, because that causes a lot more harm to everybody and is already legally dubious. The result may be that there are still ads, but they are tailored only to the current environment or to small amounts of data you've knowingly decided to let the advertisers use. Should we get that, I would view it as a profound victory.

Re: In all honesty

I agree, and I think my previous restrictions implement that. Namely, the retailer can record the shopping history of people and associate it with the account, but they cannot release that information and they cannot further track. It would be nice for them to offer accountless purchases, but even if they choose not to, a person can get anonymous shopping by setting up multiple accounts. Well, they can get untracked shopping; buying online is almost intrinsically attached to some identifiers because you have to pay and cash doesn't work and you have to get delivery of anything physical.

Re: In all honesty

I'm well aware that phones do a lot of tracking. My point was that they don't need to, and we don't need the alternative to be a subscription price for the use of the phone. Most companies make plenty of profit on the phone purchases, and then they are willing to make extra profit off the user data. If one is made illegal, they'll be fine. Even those few who sell their phones at a loss will just have to increase their prices to deal with the fact that a predatory practice of theirs isn't allowed anymore. I am fine with that.

In all honesty

In all honesty, everything you said is wrong.

"governments need to decide if targeted advertising is legal or not [...] All of this grey area crap is just vacilliating around the real question. Should you be able to gather data for people for the purposes of monetising them."

There is a grey area, and it's important. Gathering information about what someone does on your platform so you can make recommendations to them on that platform usually doesn't draw much ire. For example, I don't care if Amazon records a history of things I buy and uses it to suggest products while I'm logged into the same account. The problems occur when that data is released or when collection isn't obvious. I'm not happy for Amazon to start selling that information to others, nor am I happy for Amazon to collect information about my browsing elsewhere or when I'm not logged into an account with them. It's a control thing. If Amazon only collects things I do on their platform and connects it to the logged-in account, then I can stop them doing that by not using their platform or anonymize it by using multiple accounts. If they do other things, I have no certainty about what is happening and certainly no control over any of it.

"If the answer is yes, then accept that it means companies hold data on all individuals if they use devices or services offered by those companies"

So if the answer to a very generalized question is yes, we basically give up on all controls? Because a lot of the question isn't about something that clean cut. A lot of the concern is about what the companies do with the data, how they collect it, and how much information and control the consumer has. These are the important questions, but you fail to mention them at all.

"if not, then we've got to be prepared to pay monthly for phones, email, websites etc."

Wrong. We pay for phones. It's called the purchase price and it's quite high. The software comes on those phones, just like there's firmware on your microwave. You don't decide you have to pay a subscription for your microwave, nor would you accept it monetizing you. The same applies to phones. While removal of some of the profitable ways to monetize users might mean more sites have to switch to a subscription model, it isn't guaranteed. Advertising wouldn't be made illegal--advertising tailored to the content or of a general nature is fine. Collecting information in an open and transparent way about what is collected, how, and what is done with it likewise would work. What you're serving us is a false dichotomy, and a very popular one among people who violate our privacy. You're telling us that having our data strip-mined is necessary to an internet of free services. Well, that's not true for all free services, it may prove false for many others about which we have no information, and for those that are left, we might be willing to pay that price.

Re: "[they] argue that the case needs to be moved back to 2021"

They've basically admitted that they lied. They're not pretending all that much anymore, and those minor things they still lie about aren't convincing anyone. I really don't know what their current mindset is, but they're smart enough to realize that crowing about their impending vindication won't help them with anything, and it's time for them to stay in the shadows and protect anything they still have.

Re: I know they were a bit fraudulent but.....

This is not an overhyped claim. It is a false claim. Consider the following two strategies for getting investments in a company that does a certain type of test. The example will be a brainwave scanner. In both cases, the company doesn't currently have the ability to do what they want to do, but they think it will be possible.

Claim 1: We have been investigating FMRI scanning and have plans to produce a portable model, approximately the size and weight of a helmet. We're confident that this is possible. We also have several interesting research programs that can take FMRI data, currently from the big lab-type machines, and produce interesting insights into neurological health and user focus. We think this will be a successful product when it's available at a similar price to a smartphone. Imagine all the people who could benefit from it. Our potential customer base could be massive.

Claim 2: We have created an FMRI machine the size of a helmet. We can show it to you but you can't buy one because we need to do some certifications first. Also, we have a program that can determine whether someone's at risk for Alzheimer's or Parkinson's, as well as more consumer-oriented information like focus patterns. We've tested that program on lots of people, but we're also developing new programs as we speak. The device can be sold at the price of a smartphone with a 12% profit margin, but that can be increased with cheaper manufacturing. We already have preorders from a couple retail outlets for a hundred thousand units pending that test.

The first claim is an expression of hope. It may be overhyped. The execs may think that it is a lot more likely than the techs think, but they didn't lie about having something they don't have. An investor who hears that sales pitch understands what is intended, but also that the development isn't finished. They know enough to be aware that there is risk and to ask for more details before they invest. The second claim is a lie. An investor who hears it will think the company can do things that it can't do. It's not hype, because hype is a method of saying true things in a way to make them more exciting than the raw facts. An investor wouldn't know that, and might make decisions based on that lie. There's a really big difference.

Re: more of a neat trick than infosec Armageddon

Well, sort of. However, it does involve quite a bit of work to access the data, which means that it won't get used all that often. If it's a government doing the accessing, you end up in XKCD 538 territory. Similarly, it won't work unless the person has put the computer to sleep while the attacker has access to it. If it has been shut down or the battery died, the exploit produces nothing. So this also limits the viability of using that attack after the user has run away. The attack is also only needed if the user has encrypted their disks but hasn't done anything else to protect the data--if they also encrypt the file, the attack cannot get the cleartext of that file or the password, and if the user didn't encrypt the disk, then there is no need to do this.

While it's not useless, it only works in a relatively small number of cases, and in many of those cases, there is a more direct method of getting access. It's a good reminder to those who are concerned about an attacker of that level of skill and determination to avoid suspending to memory, but that has been known for some time.

Re: Correlation and causation

Well, at least those happy workers working forever. However, I generally prefer a job that is not paid by the hour over one that is assuming that I know how much time I'll be putting into both. The reason is that those jobs I've had that are paid by the hour have always involved an annoying filling in of timesheets with pointless levels of detail about when I came in, when I went out, what I did for every five minute section of the day, etc. Filling those out involved a healthy amount of trying to remember what I was doing several hours and ten intensive debuggings ago, then putting in some generalities and going home. Meanwhile, non-hourly jobs frequently just care whether the job got done, and if I work weirder hours or do one long and one short day instead of two normal-length days, they don't care and I don't even have to tell them.

Re: Cue the lawsuits in 3, 2, 1...

That may be the case, but there are still resources they can use to pay the judgement, or rather there are resources that could be given to the lawyers after bankruptcy is declared. All of their code and systems would be a pretty good haul, assuming you could find a way to profit from them. For example, you could release the code to the devices as open source so someone else could build an open services stack around them. Fine, that was wishful thinking. But you could sell the same subscription to the users, and it would be legal for someone else to do it as they never sold the products in the first place.

Alternatively, there is probably more money to be gained by a successful lawsuit than there is in the company at the moment. I'm guessing this subscription system wasn't a spur of the moment decision. It would almost certainly be found illegal. Therefore, it could be expected that doing this would lead to bankruptcy. If these facts are agreed to, then payments made to executives after consideration of the subscription idea could be seen as attempts to syphon remaining resources from a sinking ship, and could be clawed back. Getting those points accepted in court does involve quite a bit of effort, but given that one of the executives in this company is somewhat wealthy, the lawyers may consider it worth it to try.

Re: Best option, cheapest option

Warning. Potentially incorrect causal relationship detected.

"In Russia for example, everyone is encouraged at the first sign of symptoms or suspicion of them to get a test, that brings both early isolation and treatment helping to reduce the impact." leading to "So far the percentage of deaths compared to infected seems to be lower than the majority of other countries."

This could be caused by several things. The easiest one is that more people are getting tested, meaning the number of people who we know to be infected in Russia is closer to the total than the number we know to be infected elsewhere. If we acknowledge that there is a significant chunk of the population that is now or has contracted the disease but didn't get tested and either showed no symptoms or thought it was a standard cold, we could also have a higher denominator leading to similar death rates.

There are other methods for arriving at similar statistics. It could be that our lockdowns are being more effective at blocking transmission, meaning fewer people get infected, but those who do are more at risk of dying from it because they are more often elderly people in close proximity. Or that Russia has a test that produces reliable results faster, meaning people are caught earlier in the progression of the disease. Or that Russia has a worse test that produces a lot of false positives, but they are willing to live with that because overactive isolation can't really hurt. Or the thing you said. All are possible. None have been proven.