Posts by doublelayer 9408 publicly visible posts • joined 22 Feb 2018
This is a very good point. If a nuclear reactor near me relies on a system never going down, I should probably move away from that reactor. We need to tolerate system failures if not tolerating them could signify death. It's still a good sign if a system can have a long uptime, as that means the system is probably well-engineered, but if it becomes a requirement that a specific system continues to run without ever rebooting, it's a bit concerning.
But in reality, if that's all you have, it's actually pretty difficult to monitor. Especially if the theoretical malicious party knows you'll be doing it and keeps quiet most of the time. It can send small chunks of data every once in a while. If you've whitelisted specific destination addresses, that might not work, but otherwise they can stand up many endpoints that can receive encrypted data, and they can hide it in various ways. This is especially possible if users can connect and use the main internet through the device, as they can have a user obtain a connection and open a channel that looks legitimate through which other data is sent. This doesn't apply to the most sensitive of networks, which would be isolated from the internet anyway, but it does apply to things that can eventually go online. That said, we don't have reason to believe anyone including Huawei is doing that.
We don't seem to be headed in that direction; I can name several nations that would like to separate from groups they were a member of and regions that would like to separate from countries they were a part of, but I can name only a few countries trying to join groups and I can't think of any countries trying to merge into one. With increasing globalization, there are also fewer reasons for them to want to do so. If you like to read academic-style nonfiction, I recommend the book The Size of Nations (Alberto Alesina and Enrico Spolaore) and their follow-up papers on this topic. While they have the same style of goal, they discuss the pressures that can make it more difficult to arrive there.
If they wanted to do so, their spying software on Huawei gear would run on the main chip, and/or have its own chip which is inserted into the main plans. Either way, it would not be possible for an incredibly nervous engineer to entirely disassemble one and prove that someone had been fiddling with it during manufacturing, which they could do to a Cisco device with added hardware. For this reason, we've required Huawei's code to go through a bunch of audits. I think there was some logic to doing that, and we did find some worrying things, but we didn't find evidence that they are doing this. Based on this, increasingly shrill denunciations of Huawei as insecure sound hollow; either they haven't bothered reading any of the investigations and are attacking the company out of paranoia or desire to have an extra bargaining chip in a trade war, or they know something important they're unwilling to tell us about.
At this point, it's really not. Standards bodies* have really failed to care about whether the standard they promote is at all open. They define standards that require patents that a specific company holds and is unwilling to release or license freely, thus giving that company an effective monopoly on compliance and, since establishing a monopoly deliberately is often illegal, a stable income stream from the other people trying to produce competitors. Standards bodies will decide issues of technical significance based on which companies hold the majority voting blocks in the standards body at times, considering the merits or demerits of a technical solution only if a suggestion is so bad that it must be opposed. We cannot rely on standards bodies to require openness as they currently are, nor can we expect governments made of people who don't know what source code is to know how important it would be for them to do so.
*I am speaking generally, but there are in fact a few standards-choosing organizations that don't operate in this way. Unfortunately, all the ones dealing with telecommunications on OSI layers 1 and 2 do seem to work like this almost all of the time, and plenty more in other fields are willing to do exactly the same thing.
Your objection relies on a concerted effort by the military and intelligence communities to violate the instructions of their commander and enforce democracy. That's possible, sure, but you have offered no evidence as to why they'd choose to do that. Keep in mind that the refusal to take drastic action must be concerted, as if a few sectors refuse to carry out orders, they can be arrested and executed by the rest who do. Also keep in mind that, in a situation of genuine chaos, it can be hard to know which restrictions are useful and which restrictions are merely a step on the road to authoritarianism.
Who really knows what would happen in such a situation? And honestly, that's not a good enough basis for me to be certain that nothing bad will happen. It would be better if we could take the time while we are relatively calm to make it very difficult for abuses of power, especially such extreme ones, to happen.
"Or stupidity to write an open source variant?"
How is that stupid? Maybe it's stupid if you also write a closed-source version and expect to sell it, but that wasn't the case here. So somehow it's stupid to decide that you would prefer to spend some time writing a new version and giving it to the community than to buy a license for the alternative? If you want the tool and you don't want to pay for a license, reimplement it.
In that case, what prevents me from taking all their code, identifying when an LTS version is getting released, and compiling it for those who don't want to do so themselves? I'm assuming that there's some difficulty in the compilation of this library? Then, people can simply download the resulting binaries from me. I might put a donation button to let people express satisfaction that I'm doing this.
If this is allowed, it seems pointless on the part of the QT devs to not do this themselves as all the value in the commercial license would then be the support, which was already the case. Meanwhile, there's always the potential that by doing this they may gain some extra detractors, decreasing the size of the user base that could pay for support. It seems therefore that they shouldn't expect to gain much at all from this move.
The ability for you to combat this will depend a lot on where you are. European residents have access to GDPR and California residents to CCPA, and they can report these violations. However, that doesn't necessarily mean the various authorities will do something about the problem. It's worth doing if you live in one of those areas, but you will probably have to have owned and activated such a camera to do so. Unfortunately, in many other areas, the laws around when a company can gather information and sell it without informing you are much looser, and this does nothing for you if you've been filmed by someone else's camera. Depending on the violations that can be easily proven, it may be possible to involve biometrics protection laws, but I'm guessing they had a EULA that included legal protections for them somewhere on page six.
In all reality, asking for that much permission would not be in any way easy. You'd have to contact every account you scraped from, which could be done automatically, but then you'd need to read all the replies manually. With millions of photos involved, that'd be prohibitively difficult, and answering questions in those replies would be even worse. None of that is meant to absolve IBM of not asking for permission, but they can't feasibly collect a dataset like that and handle the permission problem. There's a reason consequence-free data collections are expensive. And why Google is unlikely ever to tell us what is in theirs.
They did take a crack at the quality of submitted code, saying that the code submitted by "heroes" produced fewer bug reports. Of course, that's just common sense. The primary developers are more familiar with the internals of the project, so they won't be hitting any weird parts in their contributions, while at least some first-time contributors won't know everything and will make minor mistakes that get reported. Similarly, any good primary developer will occasionally catch bugs while implementing something else and fix them, meaning that the existing contributions, which are primarily written by the primary devs, are more likely to be frequently debugged. The combination of these two factors makes it very predictable that primary developers' work is likely to generate fewer bug reports.
The managers understand why that is, namely they can't manage to make it any other way. If something happens to a celebrity in whatever field it might be, the public is displeased. If something happens to a software dev, the public won't find out until the next release at the very earliest and probably won't get enough information to figure out that's why it's buggy. Without some external pressure, there is a lot of freedom to treat people with exactly the level and type of respect you want, down to and including none at all. There isn't a great solution to this, but there shouldn't need to be as treating important people, which they almost all are, without respect is stupid in the medium or long term. Sadly, those with the power to decide what policies and behaviors are in play haven't noticed this yet.
I'm guessing there was a specific tone involved. Some of that comes in the phrasing of the questions as "Can you do [something you obviously can do]", which are usually designed or at least interpreted as mocking, but the tone while saying that could make it even clearer. I like the efficiency of the answer, but had it been me, I would have phrased it as "Please read the second paragraph on page 74 of the manual and let me know if that doesn't address the problem."
"If you don't have a spare mouse, how do you diagnose it?"
Step 1: See problem with cursor moving around. The mouse is the most likely thing to make the cursor move unusually. Suspect it.
Step 2: Unplug mouse. Is problem fixed? If yes, move to step 3. If no, move to step 5.
Step 3: Decide whether to try to fix the mouse (E.G. cleaning it) or just replace it. If you decided to fix it and it still is broken, replace it.
Step 4: Is fixed or replaced mouse still making the cursor move around randomly? If not, you're done. If yes, make sure you have replaced the mouse per step 3 and move to step 5.
Step 5: The mouse is probably fine. The only other hardware that often changes the cursor position is the keyboard. Suspect it. Move to step 2 but replace "mouse" with "keyboard" in instructions. If you end up back here after the keyboard stage, continue to step 6.
Step 6: Perform software checks.
It's a long-running joke that the finance department and the IT department (or specifically the BOFH and PFY) have been at war almost since they started working there. This is just a continuation of that. Also, you have no guarantee that there was someone at PR who had a recent interaction with them and that they wanted to annoy.
More seriously though, every part of a business that does work usually has some usefulness to the rest of them. That doesn't mean that everyone will like them. This site is primarily read by people working in IT or development/engineering, so those departments in general get fewer insults (although the work of others in that area will also be described badly). Also from this readership, it is natural to hear more complaints about departments that frequently place obligations or restrictions on IT or engineering. PR is often not connected to those very often, while other departments are. For example, the following departments have these stereotypical ways of annoying the technical employee:
Finance: Refusing to pay for things that would assist the technology of the company, such as a more reliable backup solution or development resources.
Marketing: Primarily for engineering, agreeing to provide some technical product or service that does not yet exist and expecting the relevant department to create it without previously consulting them.
Security: Primarily for IT, placing restrictions on access which make it harder for staff to resolve technical issues.
And of course, I don't think you can talk very long to anyone outside of senior and middle management and not hear complaints about senior and middle management. When those complaints are made, general as they often are, they're not made purely out of malice. Neither are they always correct or well-measured.
My problem with the surveys is often that I know someone will actually use my number to affect someone else's job, either giving them credit for a good interaction or requiring them to explain about a bad one. That's fine if they really did a great job or a terrible one, but there are lots of more ambiguous situations. For example, I'm never sure what score to give when I still have the problem I called about but it's not at all the fault of the person I talked to and they probably did their best to help me but couldn't because of restrictions placed on them. If I give a ten, it makes it sound like I'm satisfied with everything. If I give a low number, it sounds as if the person I talked to was bad at their job. No good answer.
In that specific situation, ramdisks were not a feasible option. The program had a hardcoded directory for storing the temporary files containing edited data, which was the user-specific temp directory. That directory was already created on disk, and therefore could not be mapped as a ramdisk. There were some theoretical options, such as writing a driver that intercepted file requests from the temp directory and wrote them to a ramdisk or trying to modify the binary to write to a different temporary directory, but those were not particularly easy compared to switching to a more modern and full-featured audio editor, especially considering that I don't work in audio editing and it was just a hobby.
The main point, however, is that there can be benefits created by using extra resources. Perhaps a better example is using any interpreted language. Merely by spinning up that interpreter, the program is almost guaranteed to run more slowly and using more memory than the same program implemented in something compiled. However, it is probably easier for the team to debug or improve upon, which creates benefits for the user. I am usually fine with it if a programmer decides that, for their sake, they will be using an extra megabyte of memory without adding a feature. It gets very annoying when they decide that a gigabyte is also forgivable.
Mostly, you're right to argue for less bloat in software's resource usage. It can be really weird to muse on what someone from a few decades ago would think of the cheapest computer we could find today. However, not all of the increase in usage is a bad thing. Some stems from techniques that actually improve the experience, either for users or for future developers.
An example might help prove the point: I used to use an audio editor which was written in the late 1990s, and ran for a very long time despite not getting updated. It had several useful features I liked, a nice interface, it was just perfect. Well, not entirely. Since this was intended to run on computers of the Windows 98 era, the developers didn't plan on having very much memory available to them. They dealt with this nicely, using only about six megabytes, no matter how much audio you wanted to work with. All the audio would be streamed from disk, with temporary files holding processed data before it was saved. This meant that, although I had gigabytes of memory, if I wanted to do any processing that required modifying many parts of the data, it would read in a chunk from disk, process that chunk, write it back out to disk, and continue. It would have been faster had it been possible to inform it that it could cache a lot more. I ran a benchmark between this program and a more traditional editor with memory caching, and found that then (around 2009 I think) having audio data in memory made compression operations take about eight times less time than it took for the program reading from disk.
For the same reasons that we have more concern about IoT junk and laptop malware that activates the camera. My phone is at least somewhat controllable by me, while IoT equipment and most likely any robot built by a big tech company will run black box firmware that I can't easily change. If my phone gets hacked, the microphone is dangerous, but the cameras will only see what I have in my pocket for almost all of the time, while a laptop or other device with a camera mounted less movably can see much more. And probably most importantly, if I don't want my phone hearing something, I can put it in a box and it can't sneak around to listen in.
Do they? I don't think desktop environments that handle multiple displays do it that way, and the only other computing devices out there with two screens (as far as I'm aware) are folding phones which try to pretend that it's only one screen. So can you name a few of these innumerable devices that implement two screens by pretending to not know that some pixels don't work?
Because the law that already exists makes not talking to the police and giving them what they want punishable with an extra prison sentence. Yes, it's obviously a massive abuse of the suspect's rights, but when the average citizen finds out that being silent can land them in prison for longer or in prison at all if they can't be convicted on another crime, they'll probably choose to speak up. That's why the law itself needs to be eliminated.
Does not work for most situations where the data they're looking for isn't just received messages, such as encryption private keys used by some apps, contacts, notes or recordings, photos or videos, metadata that can't easily be wiped, metadata that can be easily deleted but you didn't in time, access tokens or passwords letting them into other things, and the like.
"However, I don't still get what "downloader hosted on WhatsApp’s media server" should mean. They are just describing the infected payload crafted into the videofile ? It is a bit misleading to me"
In itself, it doesn't mean much; they're just stating where the file came from. It does indicate that it was not retrieved from an attacker-controlled location, and therefore that it is not possible to track that location to identify the attacker. Not much more detail comes from this one observation, but it is relevant information to understanding what happened.
"Facebook recently sued NGO Group over its Pegasus software"
I'm assuming this was the spell checker? It's NSO group. Incidentally, as they aren't exactly hiding that they have this malware, I'm surprised and displeased their company hasn't been raided by law enforcement with a raft of computer abuse charges.
And the risks of confusing names. And the pressures on people to register multiple versions of their domain if only to prevent scammers. And the sheer pointlessness of having thousands of categories in which to place things. If you're arguing for radical changes to how TLDs get assigned, having only one makes a lot more sense than having a functionally infinite supply.
I'm not sure whether your past post had specifics, but you need a better reason than that if you intend to prove we need to uproot something that works. As far as I'm concerned, neither group needs .amazon and I am content to let them fight about it. Meanwhile, our other DNS systems continue to work well nearly everywhere on the planet and on nearly every device in use. Based on this and other things, I'd be happy if we replaced ICANN with something a little nicer and a lot fairer, but I see no reason we need to replace our current version of DNS.
Balkanization produces few benefits and many problems. Instead of one corrupt organization which can't figure out what it's doing, we have a hundred or so. That's assuming the governments mandate it. If balkanization happens at the ISP level, then we have a thousand which, even if they intend to be compatible, won't be merely because they can't coordinate in time. We could try to freeze the system, establishing an acceptable state and saying that no changes to that framework will be accepted without unanimity (or close to it), but have fun trying to get people to agree on the acceptable state.
Enough to do what? But almost certainly, the answer is no. All you can accomplish by switching out a SIM is to change the number and provider you're using. Some phones can store a contact list on a SIM as well, but that's an abridged version of what it already has on the device itself. Furthermore, that only affects traditional phone services such as voice and SMS text messages. This involved a message application that runs without using information stored on a SIM.
Well, your experience is not like mine. I've seen exactly this in many closed source projects. People want the project to do what it does with a completely different interface. They're willing to commit a readme that lays out that interface if I could just fill in the gaps. Or they'd like their project and my project to merge because our functionality compliments one another. They'd be happy to modify the code to do that as long as I deal with all the bugs because they haven't read the code to my project before making the suggestion. Some times, these people are making constructive suggestions and my team should consider what they're asking for. Sometimes, they are very skilled and dedicated and they'll be valuable assets to our team; at least one person I respect quite a bit joined us in that very manner. Sometimes they have no clue what they're talking about and should be ignored, and if we didn't figure out this we'll be cleaning up after the disaster for quite a while.
And hence we have the problem. I don't think the IEEE have a good claim to it, but the IETF does. It'll be a pain to find people to agree with me, and another one to get the IETF to agree to take it. The real problem will happen when someone manages to take over the IETF and use it to make money from their lucrative new property, though. After all, ICANN didn't start out like this. Nor did many of the other players with a lot of power in the mechanics of the web. They became this after the people who started them with the best of intentions stepped down and some enterprising people figured out how to be placed in power. At least with an independent thing we have a little hope that it could be taken from them. The United Nations does not have that option unless a large chunk of the world's governments agree (and how often is that).
That's exactly the point. I trust my police only some of the time. The best way to ensure that I can trust them is to keep them honest. That means limiting the powers, because I and everyone else knows that power corrupts.
Take an extreme example: if we allow police to search places without a warrant, what would happen? In many cases in democratic countries, they'd use it when they have to and keep things limited. They would improve their rates of successfully preventing crimes and bringing criminals to justice. But it takes only one corrupt officer with a grudge, a bias, or an interest in what someone's doing to start abusing that system, and once that happens, more people will start to do it. Then some people who run policing organizations will start to set up more organized methods of using that new power for the benefit of themselves or some political belief they think is important enough. Within a few years, the country has turned into a police state. That's why we don't let them do that; not because we distrust them now, but because we need to limit their powers now and for the future.
Reasonable, yes. I agree that, from everything they've said, they have a good reason to ask for the data, are handling it responsibly, and there isn't much capacity for abuse. However, when you look into the details, there's little but bad possibilities in future.
There are some obvious ones, such as requesting a much larger radius. For example, asking for the IDs of every device in a neighborhood and cross-listing that against historical data. Or requesting the full histories of certain IDs, with or without a warrant. There are some subtler possibilities though. If any of this data is wrong, it could result in people being wrongly pursued or people being ignored by the system. If a person involved in this crime were inaccurately placed by their device, they could go unnoticed. For reasons such as this, location data cannot be used as the primary tactic to catch criminals. It is far too unreliable and prone to tampering.
Perhaps the worst possibility though is legitimization of the collection of this data and its availability to law enforcement. The companies shouldn't have it, and in most cases nobody should have access to any collection their may be. If this warrant is used as a reason not to ban the companies from collecting the data, or if it allows other less trustworthy law enforcement (China's, for example) to access it, it may be incredibly harmful.
If they think you were in another country, not just somewhere you were near, it's possible someone else has access to your account. You might want to check the recent account accesses. While your there, close the account because they're trying to figure out where you are.
I wonder if that's really true. The majority of sites need to run code for one of three reasons:
1. To manipulate the content already on the page. This includes input verification, changing whether a section is hidden or not, moving content around for better presentation, and the like. I at least am completely fine with that running.
2. To pull content from a remote source to keep it updated without needing a refresh. I'll admit we use and like this, and we might need a solution to that. We have some capabilities outside of JS to do this already, which might need some improvement.
3. To pull data from the user's system, send it to a remote server, and pull new data back. This is often done for advertising, and it also is the source of innumerable security vulnerabilities. However, as already pointed out above, a site can still perform advertising by sending the ads when the page is initially loaded. While there are possible legitimate uses for that, I cannot think of many pages that are doing so.
If we limited JS to only be capable of the first two purposes, I don't think many sites would look any different. Of course it's simply a dream that has no chance of happening, but I think it would work if you managed to get it started.
Admittedly, an expanded version of HTML could implement some of the more common functionality without requiring JS to do it for you. For example, for table sorting, imagine if you could write this and the browser would handle it: (I'm trying to do this so the comment HTML checker will leave it alone. Note to self: the system will not auto-expand < and > into angle brackets. Apologies if it doesn't work)
<table>
<tr><th sortable>Name</th>th sortable>Value</th></tr>
That could be customized in various ways, and you'd no longer need to download a sorting function over and over. HTML5 already has a "sorted" property which allows specifying some details about sorting, but it is limited where this wouldn't be. Of course, you'd have many small details to handle, such as sorting on rows instead of columns, but it could be quite nice.
I don't think people would mind if a web processing engine only did things to and with the page it came with. It's when it starts collecting data and sending it somewhere else that we get annoyed or worried. As specified, Wasm is restricted enough that it only does processing. Which we all know is not ever the way it'll be used.
Except those never worked as well as it sounded like they would. Many programs written in something that was supposed to be platform-independent but originally written for and on a specific platform ended up running correctly only on that original platform. Take, for example, a program I ended up reimplementing. The original was written in Java. Nice, clean, write once run anywhere Java, without calling anything OS-specific. So it should work great, right?
Well, it was designed for Windows, and it needed to identify and write to external media (or simulated external media). And since it was checking the volumes by enumerating drive letters, it couldn't find them on anything using a unix-style volume mount system. It would run properly until it wanted to read or write to one, then keel over. There was a similar bug that happened when you tried to run the tool on Windows 10, which was a bit more complex and had to do with the way the OS's SSL/TLS implementation worked. Once again, the program failed badly.
In both cases, the version of the JVM running it was the same. While it didn't call OS-specific APIs, it was written in a way that called universal APIs with platform-specific parameters. It was clear that the original devs hadn't planned for anyone to run it on something other than Windows. It's unlikely that Wasm will go that way, but as there were platform-specific parameters that could cause that Java program to crash, there will likely be platform-specific bugs or ambiguities that allow a Wasm program extra functionality or alter its state. The majority of those will cause an annoying glitch seen only by the user. The minority will be developed into methods of accessing the users' systems to their detriment.
That depends which laptop you get. Many of the slightly larger ones (still at that price) do have upgradeable memory and storage. The smaller and thinner ones probably won't, but they'll weigh much less than this will (and won't have any wires hanging off). You have no guarantee when the next pi will come out, what its specs will be, or whether the ports will have changed by that time. With those provisos in mind, it's at least worth considering whether this has many advantages for you particularly.
In that case, this is not the most efficient option. Running a screen from the battery will run it down very fast. You could get a portable USB battery that will run the phone for a week. Sure, there's no big screen now, but the battery will be cheaper and smaller. Meanwhile, if you need the larger screen and keyboard, this probably won't run with any less power than a standard laptop.
For ... what? If you have dozens of pi projects in your house (I may not have dozens but I have a few), they're probably running headless with SSH access from your main computer. If you want this to use a pi as your main computer, why not just use a pi with existing hardware--you probably already have keyboards and monitors available. What is the advantage of this one unless you want to move it around, and if you're moving it around, why not use a standard laptop? The suggestion above of a portable interface to servers makes sense, but otherwise, I can't think of a good use case.
There are two types of protection for code, and they apply differently.
Copyright: You can't copy the code or substantial parts thereof directly unless you have permission.
Patent: If the process established in the code is new and its creator has a patent, you can't reimplement it without permission.
Hence, no, you can't copyright an algorithm, process, or system. You can patent those things if you've invented them, and you can copyright the code used to implement them. If you make a method of doing some task, but it's not original enough to earn you a patent, I'm perfectly allowed to make a program that does exactly what yours does. I should also be allowed to let my program take the same command line flags as yours if I want to.
That would mean that they have to completely reimplement someone else's codebase. That takes a lot of effort. So far, they've shown no interest in doing that because they can instead just sell people resources to run the original thing on. They still get all the money, and they don't have to reimplement a thing. I have to ask if that's all that bad an outcome anyway. It means more people familiar with an open source codebase, hence more potential customers for any commercial system the original author has and more possible donations from users who want more updates.
"If API come under unrestricted usage, then Google should stop whining how others use Google Maps and Other google products via API"
You've gotten that one wrong. The two are not at all similar. Google has restrictions on what you can do with their system, and the API is the path you take to use that system. Oracle aren't running a system, and intend to copyright the names and structure of their API. Google would not mind if I wrote up a program that used the same function names as one of their APIs. In fact, they'd probably be happy because it's now easier for someone else to modify my program to use their services.
In your example, Google want to keep you from acting nasty inside their house, which you got to by reading the address on the front. Oracle wants to copyright the address so you can't have any other houses with those numbers on them.
Oracle's point of view is that everything to do with the API is copyrightable, including the function names and the parameters they take. Whether you copy their header files and reimplement or look at the page and write a header too, they consider you equally culpable for infringement. If they win, that means the following:
"clean-room reimplementation": Have you seen the originals? And yours is similar (let alone compatible)? You infringe. Pay up.
"choose one of the many that are freely licenced": Did they copy? Did they see ours before they made theirs? They infringe. They need to pay up, and you need to stop using it or you will infringe shortly.
. "write your own": Is it similar? Do you use the same names and function contracts? Any of them? You infringe. Etc.
If that happens, I'm afraid it doesn't work quite as you specify. You've suggested that "The APIs that are locked up get ignored." That's possible, but what will happen is what happened with Java. It will get released under something that makes it look open until people use it. Then, the hidden loophole allowing changing the terms gets activated.
The only way to avoid it is to only ever use something that is and always was under a very clearly open license. We can do this now, and that's a great thing. But the only reason we can do that is because interfaces weren't copyrighted earlier. We have open implementations of C because AT&T didn't get to charge us. We have most of our OS and more complex language APIs because we had C. It didn't have to be C, but it did have to be something we could use freely. Without that, we wouldn't have very much, as each group trying to innovate would have to stay stubbornly in their own company or research group and not look at or use anyone else's stuff.
It's not an infallible solution, but a perfectly unbeatable solution would likely require far too much effort on the part of the user. If we require an ID check, then a criminal needs to make a fake ID and physically go to a store. That increases the costs to them such that they can no longer outsource it or do several in a day. If the target is high-value enough, they can still succeed, but it will take more effort and there will be many more possibilities for them to mess up and trigger an alert. In addition, if they do try, they have now committed forgery and fraud and I think the police will be more interested in stopping them.
That's exactly the problem. If the FBI only existed to do things like this, the U.S. could figure that out and get rid of it. But most of the stuff they do is actively helpful to the average citizen, from investigations of major crimes to coordination among smaller crime-fighting organizations. And then they turn around and demand things they have no business having and access communications data without warrants. The institution needs a thorough cleaning and some parts should be jettisoned entirely, but on the whole they're still needed and mostly honest. If only it was easy to assign organizations to a good or bad pile, the efforts to improve would be so much simpler.
That was reported. We assume it's correct, but it might not be. However, I believe that that did happen.
That was four years ago, years which Apple has spent improving security. It's quite likely they've patched the vulnerability used back then and the various people who want access now need to find another one. It would be easier if Apple put one in, so they'll ask for that for a long time. If it was really very important, they'd have another group find it. That they haven't suggests that they don't care all that much about these specific devices and just want access, you know, for next time whenever that might be don't question us we're the law.
Go to that article. See what we said. We weren't happy with Apple's decision in Hong Kong, and we were pretty clear about that. Yes, I see some people there who made such arguments as "It's legal under Chinese law", but they seem to have received quite a few dissenting replies. I'm still not happy about that.
That said, show me a good company that protects people everywhere, rejecting requests for censorship and surveillance no matter who submitted them. I can't think of any. Apple is helping slide closer to that end of the scale, but they're not on it. I'm happy to be angry at Apple whenever they do something dishonest. This time, they haven't.
You don't need DoH for that, just get the typical DNS providers to set up a different set of servers to handle .org and reject what ICANN has said to do. Doing that is easy. Getting it adopted by anyone else is difficult. Doing that without breaking things is impossible, and it only remains to be seen whether someone gets worried enough to do so anyway and risk the breakage.
Profit is fine. You are missing two major points, or intentionally ignoring them.
1. None of the places involved in this at the beginning were for profit. ICANN as well as the places responsible for .org were nonprofits; in fact they still are.
2. None of the money they're getting is due to work they did. They were entrusted with something, and they're selling that thing. As if I put someone in charge of an art museum and that person started selling off the artworks. They didn't produce anything special, and the thing they manage doesn't have value because of their efforts, but because it had value before. They're entitled to being paid for the work they do, as the museum director should be paid for organizing the museum properly and managing security, but neither .org nor the masterpieces of someone else's efforts belong to them.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
