Posts by doublelayer

Re: Power to the Pi-ple

I'll admit I was thinking about the older micro USB connector, which is rather easy to find. I don't have many USB-C cables, but I expect that's because all my portable hardware is older. As the standards change, I'll probably start to gather some USB-C cables. In terms of providing the high amounts of power the pi needs, that is becoming a greater issue but doesn't really change the availability of power adapters. If I have to find a USB supply with sufficient amperage, I probably can in a local area in an hour if I don't have one on me. If I have to find a specific barrel adapter, I'm not so confident. I don't yet have a version 4 board, so all of mine are using the older connector, and those adapters are available nearly everywhere. It's also the case that those older pis do not require as much power and can therefore run from most USB wall PSUs.

Re: Acedemic?

That's all true, but somehow we have to indicate this to the students. When you're young and don't know how all the tracking and data collection work, you probably assume that you're safer than you really are. And, as a student, you probably don't have a large supply of alternative machines to use for anything private. This might be changing due to increased smartphone use, but they probably don't have their own computers, and home computers for the whole family's use are less prevalent now that laptops are more popular. The first problem we can help fix by increasing education about the dangers of online data collection, while the second one is trickier but we could still help by showing them how to use trustworthy software and maintain good security behavior.

I think we would know about that, but fine, let's assume it's comparable. So what? Looking for someone specific and getting it wrong is a lot different from looking at everyone just in case and arresting a big chunk of them. One is not speaking well of the police's competence; the other is a violation of various rights. Oh, and the other one also means that all the police's time is spent tracking down people who the cameras get confused by, meaning they are less useful at preventing crime or catching criminals.

Re: Paranoia mode on

It's true that the best-case scenario is not to get caught, but in the case that you know or have a strong suspicion that you will get caught, it's helpful* not to let the victim know what you were doing. Consider the situation where you break in to a place to still data by copying disks and you find out that they have a silent alarm and you've set it off. You can run out with the data you have, running the risk that they figure out that's why you were there, or you can steal a couple of harmless encrypted laptops, hopefully convincing them that you were a street thief looking for something expensive. Spies who don't manage to always stay in the shadows find ways to pretend not to be doing what they are in fact doing.

*The above comment is written from the point of view of an attacker. I am not an attacker. Don't be an attacker, or we won't like you.

Re: poison pill time?

That's not sufficient. That would prevent the scenario you've discussed, but they have another option, which already seems more likely to me. That is to buy it and start a massive price increase program until they finally do manage to drive all the customers away. That'll take a while since it's such a popular domain, so it will probably make them quite a tidy profit. Meanwhile, at least a couple million places, many of them individuals or charitable organizations, get hurt. It's not enough that they must keep it intact. If you want a reliable poison pill, make it a requirement that the prices not change for twenty years, and is limited to some low value after that point. If you do that, I guarantee they won't be buying.

Re: I've said it before...

And here I am to suggest yet another possibility: the functionality that comes with convenient personal internet access and the ability to write apps to make use of it. The old PDAs might have a phone connection in them, but it wouldn't be a data one. Then, there was enough data to receive and even send email, as long as you were a business and could afford the plan, but the typical consumer was still stuck on voice and text only. The smartphone also ushered in the revolutions of 3G and apps that expected to have it. True, it wasn't there on the early models, but adoption of those was primarily a small group that could afford the expensive hardware and still not cheap data plans. By the time the general consumer had a smartphone, they also had a data plan and a couple apps they used when away from home.

Re: El Reg shitty photography

I'm guessing they just enabled the function+arrow combination because some longstanding small laptop users are familiar with that layout. If the users are used to using function+up to perform a page up, they might do that by muscle memory rather than pressing the dedicated key for that even though they have it now.

Backdoored encryption isn't for censorship. It is for surveillance. Neither is good, but it's worth keeping in mind that these are two different bad things and countries can be good on one and terrible on another. In general, most countries are far too eager for more surveillance, which needs to be stopped. Still, dictatorships have far more pervasive surveillance systems; they're the possibility we must stay away from, not an alternative.

As for censorship, there are democracies that would like it, but the most censoring democracy doesn't hold a candle to even the light dictatorships. The lines can be blurred somewhat, such as whether we consider Singapore a liberal democracy or not, but most of the major democracies in which we readers live are clearly not in the same camp. We need to prevent censorship whenever it is suggested, but we should probably focus on surveillance more because our governments have already pushed surveillance on us while they haven't gotten very far with censorship.

I'm not sure if heat is enough to make the glass flex back, and depending on how much you use, you could damage the display panel under the glass. If a small amount of pressure can make the glass move, I believe it unlikely that the glass will regain a useful equilibrium without direction. I wonder how this will handle people using styluses to write on the screen or light bumps and jostles in general use.

Re: Haven't we all?

Well, I haven't yet done an rm that killed my own files, although I can take the blame for someone else running an rm that lost them their files. When at university, I was helping a younger student in the second programming course who was getting disk quota errors. The reason was that their code was not working very well and had been dumping a lot of cores, which had not been deleted. We used a couple tools that produced different core filenames, so "rm core.*" wasn't enough. So, of course, I spoke the required command for the user: "rm, then a space, then asterisk core dot asterisk". Unfortunately, another space got entered, and not in a good place. And now I no longer read code or commands aloud.

For the record, I had some extra access to things and I was able to get the student a relatively recent copy of their work. I'm not sure how they felt about me after all was said and done, but as this was the due date for the assignment, I believe there was much panic from everyone.

Re: Google already requires a credit card on file for extension developers

The extension developers could be found guilty of fraud as they alleged true visitors when there weren't any. As for finding these developers, I'm guessing they used a prepaid credit card without a name on it. Either that or a stolen one (I'm not sure if they ever had to pay with it). Some criminals are dumb enough to use their own ID, but ones that set up a fraud operation using so many site copies probably go to the relatively minor effort of getting an anonymous one.

Re: Powered what?

This is a good point. I have a pair of earphones similar to these. The difference is that I got the really cheap ones, which cost about as much as the wired ones being costed above*. Of course, that price is rather expensive for the average wired set, but they said it so I'm going with it. My main consideration was all the previous relatively cheap wired earphones I've broken, usually by moving around a lot and putting stress on the wires. It's quite a few sets. When I'm in one place, a larger set provides higher quality and some improvement in comfort, but I can't easily pocket that when I'm going elsewhere. These are more convenient for me because I haven't yet pulled them out and found the wire broken in such a way that they only work when the wire is held at a specific angle.

*Specifically, the Redmi AirDots. The price appears to have risen since I bought them, but there are probably lots of places they can be purchased. They are cheap enough that, if I end up losing one, I can handle it.

Re: I have an Essential Phone

"The add on bus is unique."

That might have been a problem. If the bus is unique, that means three things. 1. Nobody else can put that bus on their phone easily, assuming that the original designers license it out at all, because the bus would require lots of new hardware and software. 2. It is not easy for other companies to produce add-ons to connect to that bus because the tech behind it is unusual, so they'd probably have to implement new protocols to make use of it. Both of which lead us to 3. nobody has an incentive to support the bus, so the only place doing anything with it is the original manufacturer, which means there are no add-ons for a while and only one eventually, which means that users feel cheated by a feature that never became useful and potential customers think it's pointless to buy the product.

I can see lots of great possibilities for a hardware extension system, but one company alone can't do it. I'm unsure if it can be done, but if it can, it would require a standard freely available to device and peripheral manufacturers, so the abandonment of the concept by one won't render the idea pointless.

Re: Court

The appeals system has a point. If a case doesn't proceed properly, the appeal can correct that. It covers everything from new evidence introduced to lawyer didn't do their job. If you limit appeals, it will hurt everybody. Sure, it would reduce the power of people who have a lot of money, but they'd just shift that money to doing other things in the legal process that make it similarly hard for their opponents to keep up. Meanwhile, if the company (assuming the company is in the wrong) wins the case and the same appeal limitations apply to the plaintiffs, they would similarly be restricted in fixing anything that was done improperly. It's an imperfect system; you're right there. When you have all the details for a better system, come back and we can discuss it. What you've suggested so far isn't good enough.

Re: Innovation?

You are correct that the carriers don't create much of the technology. However, you are incorrect about them not harming. Let's consider each thing the quote says they would harm:

"consumers": This is the most obvious one. Without the need to compete on price, there will be fewer plans, and each will be more expensive. No doubt they will hide this by making the specs of each plan slightly higher, but dropping all the lower-end ones. This harms consumers who cannot afford expensive service, as well as consumers who don't need much and would still have to pay for capacity they don't use. Eventually, the prices would start to rise even for people who are frequent users.

"workers": This one is a bit harder to argue. Of course, by merging, some of the employees of these companies are bound to lose their jobs. That happens a lot, though, and it's rarely enough to rule against a merger. This could also be a rephrasing of the "bad for consumers" line again; if the company is spending a lot more on the more expensive phones, the workers won't get as large a pay increase.

"innovation": I assume this is the one your comment was targeting. While you are right that these companies aren't building the new tech, they are the people whose investments make the development of that tech possible. If these companies have less pressure to compete with one another, they are unlikely to bother investing in new tech that increases range, lowers power draw, or the like. Why should they bother? You could argue, probably correctly, that the rest of the world provides enough competition for the innovation to continue, but that's in the realm of supposition as we don't have comprehensive figures describing who paid how much for each innovation in mobile telephony technology.

The Net interprets censorship as damage and routes around it

Unfortunately, it doesn't. This is mostly because the net has lost much of its ability to route around damage of any kind. If I want to cut off certain areas, there is usually a relatively small set of cables I have to cut or interfere with to do so. Of course it's difficult if I want to take out a continent, but if I'm a government and I want to interfere with my country's networks, I have a lot of power to do that. I can't find the context for the quote, but I'm wondering if it might refer to an individual node on the network deciding to censor, which is a small enough problem that it likely would be routed around.

Because the internet is so complex, it can be tricky to achieve perfect censorship. But that's just because there are so many things the end-user can do to try to get around whatever is put in place. The tough details of getting past the censors are almost never handled by the network; they're done by the person who wants to get at the other end. The global internet may be a resilient beast, but the local internet that each of us relies on is fragile. We need to prevent the people running around with hammers from hitting something important.

Re: Not a desktop replacement for Win 10 then

I'm afraid you missed the point. RDP can let you interact with it, but only if the processing occurs on the remote machine. It does not allow you to inform the remote machine that you have a GPU and it is welcome to compute on it. Therefore, the assumption is that programs running in a container connected via something like RDP won't be able to access the device's GPU.

However, although that was the original point, I'm not certain about it. I could see the container itself having access to the GPU, as if it was on the remote machine, and therefore allowing such programs to run. I don't know that that's the case, but I could see it. If it is structured that way, then programs requiring GPU acceleration would likely continue to work, although given the scale of the device the GPU is probably not the fastest thing around.

Re: I never understood why ...

I'm aware that batteries age and decrease the peak power they can provide. And yet, we don't see devices without this throttling, such as other companies phones, laptops, and Apple phones before this happened, shutting down in this way, even with old batteries. That implies that those manufacturers looked at the peak power they were going to be using and selected their batteries to be likely to be capable of providing that power for quite a while. Meanwhile, Apple didn't, so their devices do shut down unexpectedly when not particularly old. In this case, Apple devices are not performing to the standard used by multiple other competitors, including some made by Apple. The shorter form of saying this is "design flaw".

And now you're telling me that I caused this by leaving my phone connected to the mains while its battery was at full capacity? You know so much about batteries, so you'd also know that it is virtually necessary to have overcharge prevention circuits on lithium ion batteries to prevent fires. Apple has those. And yet, the circuits they have are somehow unable to realize that the power has reached full capacity and take measures designed to prolong the life of the battery? Despite knowing that many users will do what I do and charge the device while they sleep, meaning that it is very likely that the device will be at full capacity for quite a while before the cable is disconnected. I have to say, I've never heard Apple making this argument. It's a very good thing for them that I haven't, because that would probably be an even worse design flaw.

Re: Reduce, re-used, recycle

It depends what you're upgrading from. When it's something five years old, you're right that the power savings aren't particularly notable compared to the other power expenditures. However, when it's something older, the power savings can be surprising. I did the calculation a few years ago on a switch I made. A friend was running a system where people had to fill in a web-based form using a machine running a browser. As this didn't have any requirements other than a simple browser, they had used an old machine from 2002 running a processor using about 130 W. I suggested we replace it with a raspberry pi because XP was getting a bit worrisome around that time, and we did so. The pi we used ran at about 1.5 W, and that was the whole system while the figure for the desktop only included the processor. The fans, hard drive, and ancient graphics chipset probably weren't running low-power either. In addition, I believe there were also some power savings because we swapped out the monitor (the pi only had HDMI, and we found a monitor with an HDMI connector in a closet, so no extra expenditure there). If they ran the old machine for eight hours a day and didn't bother powering off the pi, we still saved 788 WH per week. This could be replicated everywhere else they were doing something similar. Power savings like this can add up to some extent, and it's useful for people to consider that when they decide what hardware they need.

Re: Annoying tho

"What kinds of places CAN'T we walk away from?"

Places that don't have an alternative but you need them. Places whose assistance you need to continue living (E.G. employment unless independently wealthy). Places with people who tell you you can't leave, E.G. prisons. In addition, there are places you might want to leave, and technically you can leave, but you won't because it's a bad idea. It's often not a good enough option, and it's not one here.

The original idea was "write your own browser". That's not tenable. It's quite obviously not tenable. A browser needs lots of components to work with most of the sites out there, and a single person isn't going to get a perfect implementation of all those things. A skilled person might be able to replicate a basic browser, but they could just use an old one. If the situation arises where the old ones are no longer functioning and not being developed, it will not be feasible for a person to fix that problem themselves. For that reason, the original suggestion was a bad one.

"1. LEO latency sucks for FP shooters"

And I care? Because I really don't. I figure that's a problem for the people who play them.

"2. Given the shear volume of the sphere relative to the size/amount of the satellites, the "useful" space around Earth might be .00000001% more crowded than it was 10,000 years ago."

You have not defined any of the terms in that statement. You haven't decided what the size of the useful space is. You haven't decided whether you're including the full orbits or simply the volume of each satellite. And you don't seem to think of astronomy as a case requiring space, despite the fact that any ground-based astronomy does require a certain amount of open space above it so it can see.

"3. The biggest hazard to satellites and space stations of all types are still going to be the tiny particles of natural space junk - the earth moves through many paths of comets that litter the orbital environment each year, for example."

Yes, but you don't help by adding more junk. Especially as that debris exists at all levels while all these satellites will be in relatively close proximity.

"4. Any Ham worth their salt still learns morse code, and has a 100 ft tall antenna in their back yard that screws with their neighbor's tv reception."

What? I don't even know what your point is. If your point is that radio astronomy doesn't work well near those people, that's been common knowledge for decades. You can go away from those people and have a better reception. You can't go far away from satellites because they keep moving. I'm guessing you meant something else, but I haven't a clue what it is.

Re: Surprisingly ...

My suggested solution is to change the keyboard layout change command to something else (my usual is alt+shift) so the shift key is back. That's usually the default on Windows, but I had the fun experience of some ancient and probably dead Linux that thought shift alone was the best key for that; well, I had that experience for about two hours. I can put up with lots of minor annoyances, but try and take my shift key and expect to be hit with a keyboard with little gentleness.

Re: Password Services

"The other thing that people don't seem to have mentioned is the password vault is only as good as the password protecting it (or 2FA). You could use a password generator to generate the most complex passwords in the world and store in a vault with a password of Password1 and it's all been for nothing. In some ways the password vault industry might have made hacking more devastating than before."

Not exactly. That's a good point, but you've still got the attack landscape to consider. If your passwords are stored insecurely on a local password vault, someone could get all of them if they have access to your filesystem through local malware. That's a concern. But if that makes your passwords better, it lessens your vulnerability to compromised online services. If you had some method of knowing you'd never get infected with malware, the encryption password on the vault wouldn't matter but you'd still want to use one to protect you against loss of hashes elsewhere.

It's also worth considering what malware can do to those who don't have a password manager. If it has access to your system, it can watch as you enter your password on the keyboard, redirect you to a fake login page, send password reset emails to the account you have in a mail client and intercept them, or come across the text file containing passwords. Stealing an encrypted password database is a concern as well, but compared to the alternatives, is not as worrying as it could sound.

Re: SUDO and +s is a design weakness

If you want, you can make it very easy for nonroot users to do lots of things, including adding restrictions to exactly which users can do those things. The utility of sudo is that, should you want to change what they can do, it's a lot easier. Say you do want to allow some users to modify /usr/local, but not to have other root permissions. We're using this as an example, but in reality that would be a terrible thing to let them do as that would provide them a great deal of access to mess up everything.

If you do it the old way, by adding them to a group and assigning /usr/local to that group, it's easy. Anyone in the group gets the access you set. If you want to remove that permission, you kick the user out of the group. Easy. Unless you left the company and I'm running the system now, because I don't necessarily know all your groups and what you let them do. You've probably documented it somewhere, but that might be for some systems but not others, or somebody lost your documentation, etc. So now there are users whose access I can't cut off because I don't know it exists. I could do a global check of the filesystem to see if there are any unusual owners or groups, and after I find this first one I probably will, but it's not at all something a new admin would be expecting.

There's another classic way to expose functionality to users: a program running as root that receives user commands. The program itself has root capabilities, but the user doesn't. They issue the command they'd like, and that program determines if they have the rights to execute that command and does so. This works well too, and it lets you introduce even finer controls on what someone can do. So, for example, you can block them from installing a compromised copy of a utility over an old one, but continue to allow them to write new files in there. This is harder for the user, as they'll have to learn how your program works. It's also harder for you, because you'll have to write the program. It's a little easier for me, because your program will either have to have a server component which gets started on boot (thus I can easily see it) or at least it'd be in a directory on a path. Of course, if I don't have source code for this program, my life is really annoying.

Now, we have sudo. Sudo is limited, and it can have flaws. No question about that. But it allows you to relatively easily define who is allowed to do what. It can require their password, so even if someone gets access to an open terminal of theirs or one of their SSH private keys, they can't elevate easily. Your program could do that, but only by replicating sudo's functionality to a certain degree, and the owner and group solution doesn't give you that option at all. It's easier for the user because the commands are nearly always the same. It's much easier for me. If I want to know who has special access, specifically what, and what they do with it, I can find all of that in the sudo configuration files and logs. It's one place, and it's now common enough that it's a typical place to check when administrating a new system.

Re: 640x360 display??

Admittedly, it's a really small screen, so the pixel density will be a lot higher. As I've never used one, I don't know whether the low resolution is evident when looking at the screen.

That's a perfectly fine method of file transfer, but you have various other options that don't require uploading or long URLs. Here are a few:

1. On a machine, put up a simple webserver pointed at a directory in which the file is placed. Type the IP address only, and click the link on the directory listing page.

2. Use an SSH client to SCP the file over.

3. Access a local network share if you run one.

4. Use a Bluetooth file transfer system (in many cases, bandwidth is surprisingly good).

5. Use a cable if supported. It would work well on Android phones or media servers I've used before, but I don't know if you have that option with the Android TV device.

Basically, any of these should be equally fine because you trust the network and both devices. Therefore, go with whatever's easiest at the time. It's only when you are operating over a network where interception or modification of the data is a worry.

Re: help!

An alternative method is to store a salted hash for the full password that you and an external attacker would have to provide, plus three randomly-selected characters that they can use to verify you. That does reduce the number of possibilities for an attacker who has both the hashes and those letters, but by far less than a rolling hash or simple encryption.

Well, as mass murderers go, he had a pretty good PR department. He invested a bunch of money into making people's lives better so they'd protect him, and when your worth is measured in the billions, you can inject a lot of money into an area without noticing much. He also was a prolific briber, willing to give large sums if he wanted something from you. Of course, his slogan was "Plata o plomo" (silver or lead), so it was not very fun when you didn't take the bribe. Still, unless you personally received the lead and you lived in an area he needed support from, you would be more likely to know him for the investment and good publicity. The result being that some still think fondly of him. Oh, and Colombia wasn't the most entertaining of places in the 1980s, so he had a lot of well-skilled competition for person who people fear and hate the most.

Re: Doesn't work in settings where devices are banned

One method I can think of is to use some of the codes, then generate some more (I can usually replace codes I've used as long as there are only a total of ten). The better method would be to have a separate unconnected hardware device approved by the security department so they can be taken in. That would fix all problems and be very logical, so I think we can assume that it will never get approved.

Re: 3 laws for AI

It's also worth keeping in mind the various risks of such an absolute law. A robot using these laws and intelligent enough to know these things would probably refuse to do most things on the basis that it wants to dedicate itself to preventing harm to humans, and if it isn't doing so, it is by inaction allowing them to come to harm. That would probably be a good thing for a while, but after about a week of this, the manufacturers would realize the problems in the business model of making robots who can and do decide to abandon their original tasks and try to form a volunteer harm-reduction squad. And that's only if you can find a perfect way of implementing these laws in software or hardware, if you have very clear definitions of "harm", and if the robots are capable of making the connections between possible actions and probable results. If you don't obtain perfection in any of those aspects, you have many more problems.

Re: web browsers are hugely complex systems

And the original comparison was to an OS kernel. That's massive and very complex, but it is pretty small as disk usage goes. The DVDs usually include lots of much bigger things. For example, you'll probably find the following things on most desktop OS distributions' install media:

1. The default applications, which are probably at least a hundred megabytes. Since many OS distributions include a browser of their own, make that at least two hundred megabytes.

2. Foreign language translation files (not always). Those can range dramatically in size.

3. Fonts. There can be very many of these.

4. Hardware drivers so you don't go through the awful search if a generic driver is sufficient.

5. Extra image data such as icons, desktop backgrounds, etc.

6. Documentation files about various aspects of the system that never get read.

Take all of these away, and the disk usage of the distribution will be cut by a very healthy chunk. There's almost certainly even more to remove before you're left with the kernel alone.