Posts by doublelayer

"It's not possible to set up arbitrary email accounts in exchange server...? You know..... for testing...?"

I'm sure it is possible, but there are far too many caveats to want to do so. First, in order to trigger this, you need to set up five thousand such accounts. I don't know whether it's possible to run a batch setup process for that many accounts and then run a batch delete once testing is completed, but if it is at all painful I'd choose not to. Second, having that many test accounts puts a strain on resources. Five thousand mailboxes would take up a lot of disk space, whereas five thousand aliases going to the same place might not be counted as separate recipients for testing. Third, at least some systems are charged per mailbox, meaning you would pay a healthy sum for the privilege of testing.

Re: Yes the users are bad

At some point, the world in general must have come to the (incorrect) conclusion that I prefer technical terms babbled out basically at random by users who think they know what these terms mean, but don't. For example, I was helping someone get some remote working up and running when this lockdown got into view, containing the following interaction:

Them: I know the VPN you set up and I'm connected to it, but the network doesn't work.

Me: Do you mean you have no internet access, no access to local resources, or both?

Them: No, the internet is working, but the server isn't.

Me: Ah. Local resources then. Can you go to [internal address deleted] and tell me what it says?

Them: No, that thing works. It's the server that doesn't work.

Me: The server doesn't work?

Them: Yes.

Me: The page you said works is on the server.

Them: I know that. The server is working, but the router isn't pinging the network when I ask it to.

Me: What specifically are you trying to do?

Them: I'm trying to access the network protocol.

Me: What is the end goal for what you're doing?

Them: I have to open the accounting data.

Me: How do you do that?

Them: I open this program and use it to open the database.

Me: And where is the database?

Them: It's online, but the firewall isn't letting me open it.

Me: You read that with an accounting program, right?

Them: Yes. That is working fine.

Me: What happens when you try to open that program?

Them: It crashes with an error message.

Me: What does the message say?

Them: It says the network driver address was invalid. [When finally read verbatim, it says the file couldn't be found]

The issue ended up being a configuration problem in client-side software. I helped solve it. If they could realize that server, router, firewall, and network aren't just catchall words that apply to any kind of technical thing, we could have skipped that and many other sections of that particular conversation. The most useful thing that I think would improve my impromptu support calls would be that error messages are only ever read verbatim and are read fully the first time I ask, without the typical response of "It isn't important" or "That's not the problem". It's surprising how many of these I get given that I don't work in support. These experiences and the many stories here have convinced me to stay away if I can.

Re: What I'm not clear on ...

Sorry to be vague. I was also referring to ownership in an IP sense. Apple doesn't have any ownership over the word "apple" because that would be ridiculous. Also, there are generally limits on how original and thus long you have to be to have any copyright ownership. So in general I think things getting a trademark don't have any other ownership, physical or intellectual, attached to them. Just using it for some purpose and having nobody else use it for a similar purpose is sufficient to ask for one, subject to some extra restrictions about what you'll eventually get.

The reason I think this is the other things that people have trademarked. As the article points out, phone numbers that are attached to a brand can be trademarked, but they don't own that either. Though there are various reasons to balk about granting their trademark request, I don't think that is one of them--if they relinquished the domain name, then they wouldn't be using that trademark anymore (debatable, but almost certainly), and trademark rights expire automatically if you stop using them.

Re: Have some Mint instead!

"small form factor to me means cheap and cheerful and while this one is certainly cheerful....it ain't cheap"

Out of curiosity, why? Sure, you can get much more powerful if you get a large tower, but machines like the one that started this thread and the one reviewed in this article prove you can get really fast with small profile devices. Assuming issues like heat management aren't problems at that profile, and the reviews don't complain about it so it at least can't be overheating all the time, why should small profiles be limited to the lower end of the price and performance range? I think powerful and small devices have some interesting niches, including local servers and those who need more power portably than they can get in a laptop.

Re: Uber and Lyft have yet to show a cent of profit, right?

They'll probably have even higher losses. The only profitable thing they do is to arrange these rides, as they earn more from the customer than they pay the driver. They use all that money, as well as plenty from investors, to pay for projects that don't make any money now but theoretically could in the future, such as their self-driving cars. At this point, they have fewer rides making a small amount of profit, but to the best of my knowledge, they're still paying the engineers on the self-driving project, and they're of course continuing to pay the lawyers and managers. They're going to be even farther from profitable now.

Re: It is your duty ^D^D^D^D obligation to install the app

"I'm sure app 'green' screenshots won't be hard to find."

And that will work well for about a week. Then, there will be an emergency addition to the spec:

The QR code on the main app screen must contain the following information:

* The personal ID number of the user.

* The latest test date and result.

* The current health status of the user.

* A compressed representation of the user's criminal history with regards to health testing and app usage.

* The current date and time, using the UTC time zone.

This information must be signed with a device-specific private key whose public key has been registered with the server. Scanning devices must verify this signature. Those that lack sufficient internet access must be frequently updated with new lists of public keys. The suggestion is that this process occurs while charging those devices. Should a signature fail to validate, the attempt to scan must return red.

Re: Never Learn Anything from History

It is still the default in a distressing number of GUIs. Mac OS does it. Some Linux desktop environments' file managers do it. Many Android file browsers do it. Why did this nightmare get so popular in conjunction with automatically opening files based on their extension. The latter makes sense, but if you're going to do it, you have to be really careful.

Re: Apple have lost it

If you're connected to a bunch of desktop equipment, you have other cables you could also use to drag your machine off the desk if bumped improperly, but fortunately you have more space to place them where they're not in the way. The usefulness of a magnetic connector is for those times when your computer is plugged in in a location that would make it easy for something to put force on the cable, so mostly when you are working portably. The suggestion of magnetic USB-C connectors is good, and I'll have to look at them. My main concern is whether they work well with high-powered devices--for example, I really don't want to end up melting something into my USB port by running 87W through a £5 adapter, so I really hope they've been tested to that level. Similarly, the cable that connects to that magnetic adapter should also be capable of such power levels. If I can find positive test results of that, I think I'll be buying a few of those.

Don't count on that. There are two major reasons to want to look at the tech in a craft like this:

To steal it for your own drones: On this I agree with you. The Russians almost certainly have better and don't want that.

To plan for what you would need if you ever wanted to evade them. This the Russians might want to do. If they want to invade the Baltic states, they can't risk a very rapid NATO response (assuming that could even happen). They can hope for delays in contact to other NATO members, or they can try to do as much as possible before detection. Evading aerial detection would be a good first step. If this drone is meant for combat rather than detection, you could learn to identify and catch it.

All that said, we currently don't know the Russians have stolen it. I'd buy it, but there's also a possibility that the communications system crashed and they have a plane flying off into the middle of nowhere with nobody controlling.

Re: Hang on there a minute

Also, their argument is just not true. There have been and still are plenty of publishers who write content and then sell it to other places so those other places can have the right to distribute that content. In fact, it applies to pretty much every kind of content. Wire news services, syndicated television programs, music played on radio stations, movies shown by theaters, plays put on by acting groups, the list goes on and on. Now I understand Google's argument that this is a little different, as they're not placing the ads themselves and thus aren't making any money off the content they distribute for free, which was already basically released for free by the owner, except that most of those parts aren't true either. The search page has ads that never benefit the people listed there. The news pages may have ads that benefit the publishers, except that most ad scripts are forbidden based on Google's technical restrictions so it's mostly Google ads and that they still make plenty of money on those. Also, placement in search results results in visitors to a publisher's page to read the content and possibly continue to read more content by that publisher, which the Google News page doesn't tend to do. I tend not to fully support the news organizations when this argument starts up again, but I don't support Google because they offer these transparently false arguments.

Re: oh, id checks, welcome back!

""As a thought experiment, consider a hypothetical government that demands that every citizen wears a biometric bracelet that monitors body temperature and heart-rate 24 hours a day. The resulting data is hoarded and analysed by government algorithms. The algorithms will know that you are sick even before you know it, and they will also know where you have been, and who you have met."

And nothing bad can ever come from that. For example, if someone with some power, or a criminal organization, want to track people who they don't like, they only have to read from that database to have perfect tracking information for their soon-to-be victim. And if they're worried about that victim having given information about them to someone else for prosecution or publication, they can use the "who they met" section of the data to get a shortlist and find any possibilities. If the one doing the tracking is a little further up the ladder, being a government member rather than a hacker or a corrupt cop, the person can also be arrested because you can pretty much guarantee that they forgot to charge their permanent tracker sometime, and it would surely be a crime to go about without your monitor in working order. I can solve lots of current problems for you if you don't mind me creating much worse ones.

Re: Bit like Amazon at the moment

Are they different hits? If so, they're probably beating Amazon. My searches often go like this:

Enter search terms: Random things that don't match what I was looking for because the descriptions specify what something has but not what it can do.

Retry search terms: Some actual results pop up. Well, three things. These must be three very good things because they each appear at least four times in the results list. Sometimes this is because there are four different colors and the sellers don't understand how to use the item color selector on one product page. Sometimes, they seem to be identical including identical prices and I have no clue why they're listed multiple times. The rest of the list consists of sponsored unrelated things and refurbished items, which often are not very desirable for many of the things one might want to buy online. Often, the three possible results are all overpriced, which leads to

Sort by price: I think that, for every possible set of search terms, someone has made a product to show up first on a sorted price list. The most frequent tend to be cases or straps. If it's electronics, it can at times be components, but never the kind of component you want to have extras of. Even when there's no real need for a case for something, somebody has made one and published it on Amazon. I don't know if anyone ever buys them, but I wouldn't recommend it as I have no proof the case will actually fit the thing it's being advertised for, assuming they actually tried to advertise for a specific product rather than a class of products. So I realize that I'm just going to have to use the price filter until I am at the lower end of possible prices and see what those look like, which leads to

Price filter: I don't know what Amazon's frontend office looks like, but I know it must have someone there (I imagine it as two laughing interns) whose job it is to monitor my searches and make sure there is never a price filter option on the page when it would be useful. I've seen it on other searches where I didn't need it, but for some reason it will disappear off the page from time to time, and that always happens when I've reached sufficient frustration. I try to find the set of parameters I can append to the query string to put a filter in place, and if I can remember it, it tends to work, but often I give up around now and go elsewhere.

Re: so what *is* the solution?

I appreciate this clarification. While I haven't used the quote before (at least I don't remember ever having used it), I've heard it used many times and always assumed it to have been meant in the typical context. I learned something today. Have an upvote.

However, I must point out that the sentiments, different though they are, still have parallels to this. The liberty being spoken about in the quote were about a government, sure, but they were about a government against an effective power broker, not the people. Meanwhile, the government concerned was democratic. So to some extent, it was still the people (via representatives) against less representative power (big landowners). The same logic can apply with the people against those who have power over them.

Re: But..

How is it any different? Well, they're too different bad things. Facebook's collection is unwarranted and should be illegal everywhere. There's a good case that it is illegal in some places based on how the GDPR specifies they're supposed to do this stuff, but that hasn't yet been tested. Elsewhere, it's legal though extremely odious. NSO's is clearly illegal everywhere, and there is no openness about what they're doing, which we at least have a little bit for Facebook. They both deserve to be fixed. Ideally, my schedule would look like this:

May 2020: NSO finally brought into court.

June 2020: NSO found guilty, made to pay a heavy bill.

July 2020: NSO goes bankrupt.

August 2020: Facebook simultaneously pursued with legal action by those who never agreed to data collection and by data protection authorities.

September 2020: Fines build up to catastrophic levels for Facebook.

October 2020: Facebook files for restructuring bankruptcy.

November 2020: Judge rules against petition to restructure because of illegal activity.

December 2020: Facebook starts dissolution bankruptcy process.

Unfortunately, the legal process doesn't go that fast. I can still hope, can't I?

Re: This is more than a little disturbing...

Xiaomi has some positives and some negatives. Among their negatives are that their variant often comes with a lot of bloatware and has advertising throughout most of the included apps. This tracking would be another one to add to that list, and it wouldn't surprise me all that much that one of the bloatware apps they installed is doing it. I usually consider Xiaomi because I'm planning to put Lineage OS on it, rather than for the included software.

Re: Missing the point

I'm afraid your comment misses the point more than does the article, and although your comments lead to the same conclusion, they're well off the mark on how each step got there.

"ICANN org is strictly constrained. The ICANN community would cry bloody murder if it tried to make policy."

The community was informed because that was required, and the community immediately cried bloody murder. ICANN tried to ignore it, then rationalize it, then downplay it. Even though that didn't work, they soon hid any further comment from the public to try to keep the yelling down. And they eventually released the required document to move the approval process along. You will please note that community pressure against the sale started strongly right at the beginning of this fiasco, and yet ICANN only stopped when under legal pressure.

And yet, you say "In this case, it listened to the community.". No, they didn't. They didn't at all. They eventually did what the community wanted, for now, but they didn't do it because they listened to us. They tried to ignore us and they would have continued to cheerfully ignore us had we not gotten legal assistance from someone outside the community.

Your comments about ISOC, though, are completely accurate. They also deserve to be under a blade that neatly sheers off the topmost layers of any organizational chart.

Re: And google/android will get the flack

I'm usually quick to jump on the bandwagon of complaining about Android's security model and the way Google has delayed any improvements, but in this case, they really can't be blamed unless they fail to find it when someone eventually pushes it to them. An app using this functionality will have at least five security warning screens. The screens can't be bypassed. The screens are very clear what is going on, with no technical language or waffling. At this point, the users have quite a lot of responsibility if they read this and click yes.

If Google lets this into the Play Store, they will have blame to take. There are other things we can attack them about for which they are completely blameworthy. In this case, there's little more they can do other than block it from their store--there is pretty much no change to Android that can cure stupid user syndrome.

Re: I splashed out on a Keyboardio, and love it

When I read this, I was quite excited as I have recently been attempting to find a keyboard that has a programmable firmware layer (as in I can write code in a complete programming language to run on it natively*). This sounded perfect. Then, I went to the site and read this:

"The default layer is where you'll find your letters and most of your standard punctuation. Tap or hold the Fun key and your Atreus will shift to the Fun (Function) layer, where you'll find numbers, arrow keys, and the rest of your symbols. From there, press the Upper key to get to the Upper layer, where you'll find media keys, F keys, and other similar stuff."

Uh, no thank you. I'm out. I want my arrows and numbers right where they were before, because I'm planning to write things like "for (int i=0; i<10; i++) {" a lot. Then, press shortcuts using the function keys to run the build scripts. The search continues.

*I want to run a complete program on a keyboard because I'd like to have it read certain series of keystrokes and pass characters along, but not on a one-to-one relationship. For example, intercepting certain strings and replacing them with characters less traditionally found on keyboards. A macro keyboard can do that, but in a less convenient manner than can one where I can upload and run Turing-complete firmware.

But that smartphone doesn't have to be a new one. You already basically had to have one for many services in the cities, so this is not really a driver of more smartphone purchases unless the battery on an old one keeps dying. Maybe it will sell more backup batteries, but probably not new phones.

Re: all they got to do now is....

Well, the Pixel is larger than the iPhone. The case is only a bit larger (14 mm longer and 3 mm wider), but for people for whom the original SE is good, that's still large. The screen is much larger because there are smaller bezels, meaning that this device has a 5.6-inch screen (142 mm) as compared to the iPhone's 4.7-inch one (119 mm). If someone desires a small phone for a small screen (for example, to use with one hand), that might be a feature. My personal requirement for smallness only concerns how small the physical device is, although this is probably as large as I could take.

In other details, there are various differences. The iPhone is water resistant, while the Pixel isn't at all. The Pixel has a headphone jack, as you've noted. The iPhone's storage can go up to 256 GB, while the Pixel's is stuck at 64 (no card slot on it). If you want to shoot video, the iPhone can record 4K at 60 FPS, while the Pixel can only do so at 30 FPS.

For nearly any user, there are probably only two of those specs they care about. It really depends which two. For me, it's basically only size that matters, so these both seem basically fine. I'll see what the market looks like when my older but smaller phone finally breaks.

Re: HP printers

There might be, but if I had a printer, I wouldn't trust it. I'd figure that that option would be similar to the "don't collect my location" option for Google Mobile Services (where there are several switches in different places without documentation and only one combination actually results in the requested behavior). Alternatively, it could be one that flips itself back when power fails or the cartridge is changed. It only takes one firmware update from demonstrably untrustworthy manufacturers to render a stock of cartridges useless. If I had to put it online, I'd have a Raspberry Pi attached to do that part, with the printer's own network isolated. Manufacturers, this is what your untrustworthiness does to us. Cut it out.

Re: An open letter to Google

You are correct. I don't own a Pixel. And I evidently misinterpreted part of the article. But not the part where random code was pushed to all Pixels, without an icon, for one company's devices. Do other manufacturers push their device-control apps? No, they don't. They make sure to tell their users to install those apps. It works great.

Re: end user

Well, this needs some analysis. We'll start with the easy part:

"Your original post makes no mention of NSO, only knives, nukes, and exploits/malware."

Well spotted. I was referring to spyware. The article referred to spyware too, wouldn't you know. And the group making it was NSO. The original comment in this thread was making an analogy about holding NSO responsible. My reply was making a counter-analogy to that. I figured that link was obvious, but evidently not. For clarity, the rest of this comment will be discussing NSO and the legality of its spyware.

Now, let's talk about tanks. Lots of considerations. The first one is easy: making a tank causes no damage to anybody. Operating it might, but creating one is not much different from manufacturing some other type of vehicle. Malware creation often involves finding vulnerabilities in a system through penetration, which happens to be illegal. So manufacturing a tank has no intrinsic criminal elements but manufacturing malware does. For the analogy, manufacturing nukes or nerve gases may not in themselves be dangerous activities, but they would be contrary to various laws in most nations, including, for the nerve gases, the Geneva protocols.

Now, when tanks are made for militaries, they are made at the specific request of the military, under a contract. Sometimes it's a contract from an international military and the laws permit this. This means the production of the tank can be attached for determining responsibility to the manufacturer and the military that is on the other side of the contract. If the manufacturer does something illegal that the military has the right to allow them to do, the military can essentially make that legal. NSO did not create their products under contract, and they can claim no such immunity.

Certain countries may modify the laws allowing them to create and use malware. That does not make it legal in the way you're arguing. If Israel wrote a law allowing their government to create malware, which they have done, it doesn't give NSO the permission to do so unilaterally--only places controlled by or under contract to certain parts of the Israeli government have the special permission. If Israel's government did allow NSO to make the malware under that special legislation, which they don't appear to have done, it wouldn't make it legal for them to sell it to other governments or individuals. And if Israel's laws allowed NSO to do anything they wanted including break into systems to create malware for any purpose, which is not at all the case, it would not stop those actions from being illegal in other countries such as the U.S., which they are. If I start my own country, and my laws say that I can hack into your bank account and steal all the contents, I can still be arrested should I ever leave my country, because bank theft isn't legal where you are.

Re: What's next?

While it's not word's decision to make, let's try it.

do we really need capitalization to tell words apart? even proper nouns are clear enough that it's not needed. punctuation makes a clear separation in sentence parts, so we have no need of capitalization to start them. the only problem i can see is distinguishing acronyms that someone has made use the same letters as an actual word from that word would be tricky, but since most of those acronyms involve tortured word choice, that might actually be a benefit.

Yeah, it looks weird to me too. I'm not going to do it again, but maybe we could do without capitalization.

"If only separate peripherals was a thing"

It is a thing. It's one of the things people to whom these devices appeal are trying to avoid. Extra keyboards can be convenient, but not all the time. There are obvious downsides, such as having two batteries to check and two devices to carry, but there can be other problems as well. For example, try finding a good portable bluetooth keyboard. There are many available, but they often fall into a few categories without a good middle ground. There are full-sized ones that you cannot carry with you in your jacket. There are some folding ones that are quite large for a pocket, but are usually good, but which don't fit well when unfolded in a low-space situation. Then there are tiny ones with weird key placement. If someone wants to do a lot of typing but doesn't necessarily expect to have much of a surface to place a keyboard on, it's possible none of those categories will work well for them.

Re: Let me see

The description above is no different. It still relies on storage on a phone. Now that may use a shorter passcode, relying on a phone's hardware to maintain control on how many attempts you have before an unstoppable erasure. If you trust this, there is a simple answer: get a phone, configure it for the security you can withstand, get a password manager on it, set the master key to "a". If you don't have complete trust in the phone's hardware to maintain access controls, then you remember a longer password and trust to much more provable encryption. This service does not have any more trustable security than that. It might be more convenient, but it also comes with negatives as detailed above.

Re: A Good Step

"So a Delaware corporation needs to have a "registered agent" for service of subpoenas, etc."

Great. Except we can't start sending out subpoenas, because we aren't a court. Even if they are breaking a law, we can't subpoena them. We could file complaints, but that doesn't necessarily mean anything will happen. In this situation, though, it doesn't matter about that either because we're after transparency, not enforcement of a law. The corporate subpoena-receiver has no legal duty to tell us things we want to know, such as who put the money in the bank account and who took the money out again to get an ad released. They won't tell us, and there's no requirement for them to do so. So we will get pretty much nothing from this.

Re: No surprise then

I don't think running Windows was one of their primary considerations. It was enough of one that they made Bootcamp, but they did that quite a while after making the transition. I think it was mostly about getting a faster laptop that neither ate through a battery in an hour nor caused burns, given the power requirements of the G5 PowerPC chips.

However, even if Windows was one of their primary considerations then, it doesn't necessarily mean that it is one now. There's a discussion further down about whether an iPad is similarly capable as a laptop. While I've been arguing that it isn't, my arguments have been for specific use cases. For many users, the applications they need do function at a certain level on an iPad. Most of the time, that's not because the writers have decided IOS is great and they want people to switch to it, but instead that many companies either put resources into cross-platform applications or have switched to web ones. In either case, they will probably have something that works fine on Mac OS. I bet Apple doesn't think their users care much about running Windows on their hardware, and they're probably right for quite a lot of their users. They'll be wrong about some, just as there will be some people who need an Intel-compiled binary which doesn't get emulated right or just never gets updated, but I have this feeling that Apple doesn't really care about those people.

Re: "Cops, Feds, and ISPs have been vocal opponents of the technology"

I suppose that makes sense, but you have to trust at least one group with it. No matter how far you push your own DNS setups, something has to make the queries and those queries are going to be sent through an ISP. If you set up your own resolver, then you can still be tracked based on its queries. The benefit of using someone else's resolver is that, as long as you trust them not to spy, nobody who watches their traffic knows what you're doing because your data is mixed in with everyone else's. So if you don't trust them, do you have someone you do?