Posts by doublelayer

Re: Amazon have become greedy and annoying

Not for mine. I did that once and now they still push Prime, but they want me to pay for it and would be happy to add it to my bill right now. I only really use Amazon when I want something unusual that can't be found at more normal locations, so I never need them to deliver it right away. They don't seem to like it when users select the free shipping in two weeks option and will do anything they can to suggest that I want it on Friday and it's just a little more.

Re: It helps to have the world's wussiest burglar break into your house...

I think their theory is that, while you're trying to find something with which to knock it out of the air, it's sending your picture off to the cloud and nearby police. This picture will be used by the police to arrest someone who looks a little like you or maybe nothing like you and by Amazon to recommend new tools for breaking and entering when you sign into your Amazon account.

I do kind of want a small drone; it's in that category of things I don't really know what to do with but there must be something useful because they're cool. I wouldn't buy something like this for the life of me because the drone is only useful [fun] if I can program it to fly exactly how I direct, photograph what I tell it to, and deliver the video to the system I define and no others. I have no confidence that Amazon would let me do any of this. Worse, from their privacy record, I expect my data to be stored forever with dubious access control and that both my past footage and the drone itself will be instantly available to police without any justification whatsoever.

Re: Sadly... this is the beginning of the end

"seems like it's disabled someservice, but not actually disabling it. "

"At the very least systemctl should throw an error giving some clue as to WHY it is not disabling a service."

I believe the initial complaint is about what it does do when the service exists, namely it disables it. Disabling it means that it removes the service's links which determine whether that service will be started under conditions like a reboot or a change in level. It doesn't stop a service. The reason I think that's the complaint is the mention of high memory usage; I'm guessing the problem here is that the disabled service is still running because systemd hasn't had cause to restart services. The command to stop a service is "systemctl stop someservice" although you can combine them by specifying disable with --now. I have retrieved this information from systemctl's man page which includes a warning that disable doesn't mean stop.

Now it may be argued that a command called disable should both disable the service from being automatically started and stop it now, but the documentation is clear that it doesn't do that. I am not here to praise systemd; I don't much care whether you like it or hate it. There are real bugs in it which are annoying and I'd like to see patched. Still, if the problem you have is what commands look like, you can't really call that a bug. Disable disables and stop stops. Want to create a disablestop or modify disable? Fine with me, but file it under changes and not bug fixes.

Re: .. all the access they ask for ..

There is a very big risk in giving too much access, but there is also a risk in giving too little. The risk usually shows itself in people doing extra work to get around the restrictions. Here's a basic story of a situation that is all too common:

I once did a short job writing some code with a small team who all started at the same time. After figuring out the specs of the task and how development would work, we decided we needed a database server to store data needed for development. Local IT agreed and quickly provided us a box to run that on. It was set up the same day. Then we tried to set up a repo on the default code system. That took longer because our accounts didn't have permissions to do anything with it and it was run by a larger site of the company. We sent email there, waited several hours, were told that someone else handles this, sent email to them, waited until the next day, got an email saying we needed to prove our need for the permission, brought in our managers, waited a few hours, got an email right before we left that the permission was granted, discovered that we now had read but not write or create, sent another email, waited until the next day, asked again, finally got write permission and they created a repo for us, and finally we could exchange code. During this annoying process, we had frequently discussed using our database server to run a basic git server. We didn't, but we considered it because we would be more productive if we could use a version control system; our only other option would have been to email code around, which wouldn't have been very secure either. Later in this job, we wanted to send a very large file containing data to another team. They asked us to place this file (approximately 35 GB) in our git repo. Why? They didn't have anything else to which both teams had access and they didn't want to waste days to get one.

The same can happen with other types of jobs. If people need (or think they need) to have certain kinds of data or take certain kinds of actions, they'll do what they have to to do this. If security is slow to respond to this kind of access request, fails to consider whether people actually need things, or doesn't provide necessary tools, they run the risk that users will try to circumvent them. Based on the way security is run, some of the more dangerous ways this can show itself may be caught and more egregious offenses can be disciplined. Even if that's the case, the landscape of threats is probably worse and productivity will be impaired. These concerns are probably most relevant to small companies. Large ones have the resources to have a dedicated security team and lots of systems so people can quickly be given access to things they need. Smaller companies probably put all this on IT. If IT isn't sufficiently fast or organized about granting permissions, expect users to take the route of less effort which will cause us to have to take the route of damage control.

Re: Its coming

Computers checking spelling was never a general scandal. You could undoubtedly find people who thought that, if you needed it, you were stupid then. You can almost certainly find such people now as well. If I traveled back in time to 1990 and denounced you as a terrible user of a spell checker, nobody would care. Facial recognition isn't a spell checker. A spell checker might mean that people don't learn to spell as well. A facial recognition system means lots of false arrests and boundless opportunities for abuse.

Re: Working from will NOT last

You are correct there. If the half in, half out approach is ever implemented, it will probably be from an accountant's pen. I predict that it will be against the groans of most of the workers though. I don't agree about family friendly, as neither approach seems to be convenient from that perspective. Working from home when children are also at home seems to irritate those of my colleagues who have children, and it doesn't really help add flexibility if the parent needs to go help the children for a long period. This is especially true if the schedule for when to go to the office is firm, as in the parent doesn't have the choice to work from home on the day they will have the most obligations to help their children.

My objections may be rooted in my dislike for a large, disorganized open plan office, especially one with hotdesking. I think, however, that my dislike is not quite unique. I can easily organize my affairs if I'm to be working from home forever or for a long period; I have done so successfully this time. Having no children helps with this, but even if I did have to set up a better environment for working while being near children, I could do it with enough time. I can also easily structure routines around going to an office. Having to do both and frequently switch between them would annoy me a lot.

And the writers of the headline chose to quote some which summarized the points made in the statement. The statement was outraged, so the chunk that summarized it was outraged. That statement was the topic of the article, so... why was it so wrong to quote a summary in the headline?

Re: Two questions

"1. Why does the Android version, at least, refuse to run without location services running?"

Android's Bluetooth permissions are a little strange. Fine control of Bluetooth can allow an app to perform some location tracking assuming known devices are nearby, so apps aren't allowed to do it unless they have fine location permission. Unfortunately, enabling this not only allows the app to perform the detailed scans over Bluetooth but also enables them to gather information from the phone's location chips and from WiFi scanning. Google evidently didn't think it was worth splitting this permission into parts. IOS does this differently and lumps that into the Bluetooth permission, so that app is not going to ask while Android's is; again a place where Apple could split up permissions but didn't. The source being available, it seems unlikely that the location is being collected or used in any way. However, the usual conditions apply to that statement, including that the data is now technically available and I have not verified that the source matches the app that is downloaded.

Re: DIP switches for the win

It depends. If the article's statement is the way I read it, these switches only allow you to switch between preset modes, not arbitrary ones. I have a keyboard here which allowed programming the keys through a program that is almost exactly how you described them. Proprietary, opaque, weird layout, translation to English from Martian, Windows only. I haven't had to deal with that program for quite a while though because I set up all the modes I wanted, mapped them to start up with a certain keypress, and moved the keyboard back to my main machine. Now I can activate any layout, and they're the ones I specified rather than whatever the manufacturer came up with.

Re: Capitalism hasn't existed that much longer than 200 years

At this point, we get into the discussion of what capitalism really is. In the most basic sense, you give me that and I give you money and you take the money to whoever's got the thing you want, there's been a market economy for millennia. There has been very ancient money from 2000 B.C.E. and likely there was money before that. Other concepts that play into capitalism are much newer. Corporations which exist as a shared operation owned in part by many people, as opposed to the organized operations of some powerful people beholden to nobody, is maybe four to five centuries old. Organized stock exchanges are from the late 18th century C.E. Governmental regulations promoting competition are really new, having started around 1850 or so. Which of these four things are central to capitalism? Which ridiculously obvious things did I forget to mention? Everyone is going to have different ideas, so everyone will have different ages.

I think one thing we can point to that was necessary for what we call capitalism is the removal of a government-imposed monopoly or prohibition. This took several forms. In the middle ages, there were guilds who got their permission to restrict who could do what job from some government they viewed as worthy of dictating that. Later, there were laws about what people were allowed to spend money on and how much they could be paid, laws intentionally written to prevent people in lower castes from doing things. Then there were the colonial monopolies where someone got the rights to most of the economic activity in some chunk of the world in return for going there and claiming the rights to own that chunk for the monarch involved. Slavery and a ethnic caste system were similar in that people were born into a situation which the law did not permit them to leave. When this craze ended is a little tricky to estimate, as we still have some government-supported monopolies today, but I think that's a useful point to use when establishing when modern capitalism really became what we think about. At least that's my opinion on how we go about finding our answer.

Re: Repetition = practice

"And finally the whole programming thing: if people did not learn by practice and repetition then they would not need a computer: they could just read the description of the programming language and that would be enough. And they would also never get better: you'd teach them how to program (from a book) at which point they would be the best programmers they could ever be."

That's not really what I argued. In fact, it's close to the opposite of what I've argued. When you learn programming, there's relatively little repetition. Once you learn what a function is and how to make a recursive one, you don't need to learn it again. You do need to use it. The people who most espouse repetition will do that by making people write twenty recursive functions, but that's not really efficient. Instead, have them write a few recursive functions until they understand what recursion means. Then give them actual problems where recursion can solve the problem and see how they deal with it. It's sort of repetitive in the sense that they're using things they learned before, but it's new tasks which don't take the form of a litany of exercises. This is better than the exercise method because it makes the student think through the solution, whereas exercises already tell them what the solution will be and they just have to do implementation steps. Those teachers who use repetition in a way I dislike tend to focus on basic things and force a "really firm understanding" of those things. Unfortunately, in my experience, that translates as a "really good understanding of how to answer the test question". It results in people using similar code to things they've seen before without understanding why they're doing it; it worked before, so it will work here, and it probably does, but that's because the problem they're working on is limited and performance isn't critical.

Practice isn't repetition and repetition isn't practice. You can repeat an action and memorize results without getting better at it if you're repeating something which doesn't require enough lateral thinking. You can practice by doing a lot of different things, therefore understanding multiple options for completing a task, which involves doing a similar thing but relatively little repetition.

Re: Another attempt to kill the "Personal" in PC...

It can be run at the hypervisor layer if the customer doesn't mind having their disks scanned at all times, because the detection needs to run on any file before the user clicks on it, including when that file has just been downloaded. And it needs to scan memory and basically do all the things a local antimalware program does but on a disk which is in use by another operating system without messing with the OS (E.G. both malware scanner on hypervisor and user-level application on VM trying to access the same file), or causing performance delays (waiting for file locks to release), or not allowing the user to correct a false positive since they don't run the hypervisor, or having vulnerabilities letting someone crash the hypervisor's protection system with a zip bomb or the like. Otherwise, it'll be exactly like normal Windows and protection will hinge on things running under the VM. Either way, there will still be malware, there will still be misconfigurations, and where in the world the real computer is will make little difference.

Re: Hanlon's Razor

But also don't rule out accidentally deleted a line:

function set_default_browser(browser):

system.default_apps.browser = browser

settings = configfile.open("wherever_that_is_stored")

settings.defaults.browser = browser

settings.save() //oops, deleted this

Apple makes bugs. This sounds like one of them. If they didn't want to do it because they want to keep their customers on their apps, they could equally easily have left out the option; their customers have taken that for 13 OS releases so far.

Re: Tok for Tik (sorry, I mean Tit for Tat)

All of those are entirely blocked in China, either for having too many people who like democracy on them or allowing encrypted communication. So the U.S. is the copycat here. It's always a great sign when China is your role model, isn't it?

Re: Meh

You do not understand your own metaphors. Let's limit ourselves to two examples. The worst, email, and the best, megaphones. Best still means bad.

Email: It's not a public platform. I can spam, but only if I have your email address, and you can block me, and the email spec doesn't provide me any resources which amplify my message. If I want to send out lots of emails, I need to provide my own resources. Facebook provides resources and a method to push a message to many people, most of which are not specifically targeted by it.

Megaphones: These let me shout a message out. That's distribution, so it's a better metaphor than email. However, a megaphone is only useful if I can shout through it where people will hear. If I use a megaphone in a deserted forest, nobody will pay attention. I have to use a public place, a venue, in order for my message to get out. So, the people who run that venue have the choice to let me do that or to make me stop. Facebook is such a venue, and they provide tools that have similar power to a megaphone there. They have the ability to stop someone there and the ability to let them continue.

Opinions differ about whether Facebook should be responsible for this kind of thing. That might be fun to debate. I'm not doing that yet. Instead, I'm focusing on these hideously inaccurate comparisons. That's not how Facebook works, so if you intend on arguing your point by comparing two things that are not similar, we couldn't actually debate the point in question.

Re: Great they are doing this...

Me: "tracking one's children is a normal and healthy thing to do"

Reply: "Erm... No? You trust your children or you don't."

Forgive me. I was not clear enough. I intended my original phrase to be very sarcastic. I think those apps should be thrown out at the same time and for the same reasons. That Google thinks it is normal to do that makes me glad I don't interact with them.

Re: Yet another elastoplast with unexpected consequences?

The problem with pre-IOS-14 behavior is that it's easy to convince a device to get handshakes if a phone's ever connected to a network by listening for pings and pretending to be every network. This approach has been verified to work on lots of devices, so if you place a device which will respond to any SSID request, you'll get authentication requests from most passing devices. These don't always work; if it's a secure network, some of the authentication might fail because you don't know the correct key. If it's an open network that you're responding to, those devices just handed you their MACs. If it wasn't, you add that SSID to a list you won't respond to and try again; the phone will send you another ping in a second and you can hope that that one was open.

The software to do this is easy to obtain and configure, mostly used for MITM attacks. Those are tricky because you need to hold your victim near your attack point. If all you want to do is track people, you don't need to worry about the time element (or even the connectivity element) so it's even easier.

"However, the lack of MacOS VMs is 100% Apple patent trolling."

No, it's 100% Apple not wanting to make it available, which is mostly them wanting money and thinking that, by not doing this, they'll make more.

"MacOS is a flavor of Linux"

Wrong. Macs are based around a kernel which is neither Linux nor based on Linux code or behavior. Its userland comes from BSD, not Linux. It has more compatibility with Linux than does Windows or some other things, but it is not a flavor of Linux by any means.

"there is absolutely nothing preventing virtualization besides Apple's lawyers."

Well, some driver work would need to be done, but you're broadly correct. Apple doesn't make it easy because they don't want you to.

Patent trolling is abusing patents which are overly broad, granted even though the holder didn't invent the thing, or in some other way invalid but nonetheless legally granted. Apple might do that sometimes, but that's not what they're doing here. People want a thing. I would like that thing. Apple doesn't want to give or sell me the thing, so I don't get the thing. That's their choice. Patents haven't come into it.

Re: Easy issue to resolve

If we had a fully autonomous vehicle we trusted, we'd probably have a switch that puts it into autonomous mode and disables the controls to prevent controls in the hands of people not really trying to drive from messing that up. We should also include a button to make the system autonomously pull over and stop as soon as feasible and another one to put the car into manual control (these have to be hard to press by accident). Not every driver control still has to be there, but enough to handle emergencies which are going to happen.

Re: Obsolescence?

"Same as if MS shut down their services like Skype for business... you go elsewhere."

I believe the question is asking what happens to the hardware. Can you take it elsewhere with you with existing software support? Could you at least flash another OS and try to build your own? Or does it turn into an expensive brick that can only be used as a fake security camera? Based on some of Google's hardware attempts, option 3 seems likely and option 2 may be possible, but I wouldn't count on option 2 and option 1 will never happen.

"From what others have said on here Epic were allowed to accept payments from outside the Fornite app using a browser etc?"

Yes, but keep in mind that they're not allowed to mention that possibility in the app let alone actually send people there. If their users find it on their own, it works. They're also not allowed to make it cheaper on their site. If they did any of those things, that would also be a breech of their contract and they'd end up in the same situation they are in now. Apple jealously guards that revenue stream and they're pretty clear about how much they're not willing to take from devs.

Re: My head hurts

"If you wrote a fictional book with these sorts of goings on 10 years ago you'd be told it was unbelievable."

I think that people would get confused and return the books. The current system makes no sense, but not because it's unbelievable, just because I have no clue what is happening. The premise I understand: the current American administration likes having bargaining chips and is making up pretenses to get them. The rest is totally unclear. What exactly Oracle is doing: I don't know. What ByteDance is doing: I don't know either. What the president thinks: don't know. What the executive departments are doing when they don't know what the president thinks, what the president is going to use to make his final decision when we know he won't be reading the bureaucratic report, who is fighting ByteDance's lawsuit and how, what happened to the deadline of Tuesday which didn't get met, what members of the president's party are willing to put up with, what the members of that party actually think, whether anyone else is going to interfere, I don't know any of this. At least when other political events are happening I can understand enough of what people think and plan to do that I can marvel at the audacity or hypocrisy. With this, I can only sit there and puzzle through how anyone can make plans when there's little or no information from anybody.

Re: Nonsense

Please read the section of the article that discusses the issue. The problem isn't about testing. Some developers may do that wrong, but that's not what's being discussed. What is being discussed is that developers can't push apps using IOS 14 behavior to the store until the GM goes out. That was last night. Now it's available to users. Those apps haven't been approved yet. The devs are complaining about the speed with which Apple pushed out the release which caused the OS to be there before their reviews completed, not about difficulty testing. I don't care much; I wouldn't install an operating system on day one anyway so I could easily afford to wait for the apps and the OS, but at least understand the complaints before attacking developers about something not connected to what they're talking about.

Re: Something isn't making sense

Ah, that makes a lot more sense. Thanks for the clarification.