Posts by doublelayer

Re: 1996 called...

"Maybe today's global network infrastructure is better and faster than it was in 1996?"

It is. So let's put ten thousand staff in front of those at home and see how many of them have internet issues ever. Even the tiniest downtime makes this freeze. A longer outage probably causes this to crash. At least with local computing, people can continue to write, read content they've already retrieved, and do a lot of work. This is especially relevant because, despite their protestations, there isn't much of a harsh computer upgrade cycle anymore. A computer from 2015 usually handles everything the average worker wants to do (even one from 2010 handles most of that), and most businesses have been holding on to devices for longer. The recent buying spree was for places that needed portable machines for work from home, but that's already happened. If someone really needs a lot of remote resources, they will use the cloud, but most people don't need that and most who do still want some local computing available to them while their expensive cloud box does the heavy lifting.

Re: Yet another elastoplast with unexpected consequences?

Whether to assign a temporary address is broadly up to the network; a device can request one and be assigned the traditional type with the exact MAC address included. Some networking equipment may not respect user preferences in this way and there's little that can be done. It's easy to identify if this has happened and get the data only under that condition. There isn't any easy way to prevent this from occurring without manually checking the address and leaving the network if it hasn't assigned a temporary address. There are also devices that don't have that privacy setting enabled or don't even allow that privacy setting to be enabled, and those can also be tracked. I am uncertain how much choice phone manufacturers have here, but still it could be an important factor.

Even if we eliminate this particular option by deprecating the original suggestion to embed, we still have the other methods for companies to collect addresses as listed in my original post. Not to mention that the easiest way to get that data en masse is to have ISPs collect it from anyone using their equipment without another device in front of it and sell the database, which could be legal depending on which country you're in and could happen anyway even if it isn't legal.

Re: Yet another elastoplast with unexpected consequences?

"Okay, can you explain how Google, Facebook and Amazon can track via a MAC address?"

Several tiers of detection are possible, including these:

Very invasive: Google: WiFi data collection from StreetView or other hardware, access to phones via Play Services. Amazon: Access to their own tablets via their proprietary components which frequently contact Amazon servers.

Somewhat invasive: All: Collection of IPV6 addresses to collect those which have a MAC embedded in them (default for SLAAC deployments). Facebook and Amazon: Collection of MACs from device from installed applications.

Not proven to happen but possible: Google and Amazon: IoT equipment placed on users' home networks which could collect all MACs in WiFi handshakes. All: Potential to have apps on phones with sufficient permissions to cause them to listen for such handshakes also.

That was what I came up with in the first thirty seconds. Let's see if others can find more. I bet they can.

Re: Stalking app?

Well, they are starting a program where people can report stalking apps*. Any app reported there will be reviewed by a team they're creating*. Any app deemed to be targeting nonconsenting adults will be removed immediately and added to Play Protect*, and the people whose devices were affected will receive information about what was happening to them and helpful resources to be assembled by a partnership between Google and organizations who help victims of domestic abuse*.

*None of those things are actually happening. Google, these suggestions are released in the public domain. Please pick them up.

Re: Why is the article writer surprised

"The iPhone 4s can only have music added by iTunes and nothing else. The previous owner hadn't added any apps, so it's useless compared to much older Android phones or tablets or PCs."

Not sure about this. I have an iPod Touch here that's even older than a 4S (this caps at IOS6, 4S stuck on IOS 9), and it allows me to sign in and download apps. Not a lot of those are compatible, but if the app existed long enough, I can get an old version that works. You could probably do the same and better because IOS 9 is more likely to be supported than IOS 6. You could also get an old version of XCode and compile code to it. Whether there's a point is another question, but it should be doable.

I'm assuming here that the comment is referring to the perspective purchase of ARM by NVIDIA. While they're not using ARM's cores, they still have to pay a license fee to ARM in order to be allowed to produce compatible cores of their own. This could give ARM, NVIDIA, or whoever eventually buys it to have some leverage against Apple and increase the demanded license fees, although NVIDIA has promised not to do that.

Re: What is the Author actually asking for?

Yes, Apple didn't bother to make it run in the environments they want to prevent. I'm with the original poster, though. The article specifically says that they don't care if the OS supports new hardware released after now, and they don't care if it gets security updates. At this point, I find myself asking why they need one at all--you can get that and more just by buying an Intel-based Mac today. To me, a VM is only useful if, in 2025, I can still run the latest OS with security patches on the hardware available for purchase then. If what I'm going to get is a VM running what an Intel Mac runs today and nothing more, then I might as well just get an Intel Mac today; the benefit is the same.

Re: You had one job...

I did not vote on your comment, but I think your suggested dual input system is unlikely to work and likely to be dangerous. Having the driver steering and braking means the driver is going to disagree with the car some of the time. Either the test isn't going to work because the car keeps deferring to the driver, or the car is going to ignore a lot of the driver's input. That would mean that a driver which is really in better control might have a harder time getting the car to stop because the car knows that the driver doesn't always brake with similar frequency or strength. You could have an emergency takeover button which immediately forces the car to be controlled by the driver, and that might help, but only if the drivers are trained well enough to instinctively press it at short notice.

Re: "to slide a change into the app that blatantly evaded App Review."

Any system has holes, and anywhere code can run, someone will try to get malicious code to run. Apple doesn't have a malware-proof review system, but their record is pretty good. For this reason, they're probably very irritated about people sneaking code through. On that particular argument, Apple's complaints are understandable. Of course, they're also annoyed about the code that was snuck through and it's not security that has them worried. You can make up your own mind how you feel about that bit.

My guess is that they sometimes just "repair" something by going to the back room, finding another device from that range, and swapping the data over. The device which probably could be repaired is put on a stack of things that will be sent to a repair center where the knowledgable repair technicians will eventually repair its fault, erase it securely, and make it available for sale as refurbished once they get around to building that center, which is scheduled to complete in 2030 but might be delayed because they've just had to move it from China to Mexico and they're looking at moving it again to either Argentina or China for some tax reasons. In the meantime, there's no use keeping the broken parts around so into the big bucket for the electronics recycler at the end of each day.

Re: Oh....bad....bad....bad.....Nothing Like That Going On in the US or the UK.....No Siree!

What was done in the past is important, but a lot less than what is being done today. One is a terrible event for which we should try to atone. The other is a very terrible thing that is harming people actively. If you care about what the British empire did to those it virtually enslaved, you probably don't like human rights abuses. We cannot go back in time and terminate the British empire's crimes, but we could attempt to stop the crimes that occur now. Ignoring those who are harming people because some of our ancestors did similar or worse things to others of our ancestors is missing the point and perpetuating the thing that must be destroyed.

"What utter and complete bollocks. You really think the Chinese are going to invade Europe or the US?"

That's not what the person you replied to was saying. What they said was that, if you live in China, that could happen to you. This is true, because it already has to millions of Chinese citizens. The post was comparing democracies, which don't do this, to China, which does. They weren't claiming that China was going to come to democracies and do it to the people there. The rest of the post has some points that are worth arguing about, which I'll do in a different post, but if you want to argue with this one, understand what was said.

Re: Good old propaganda

The number of people in a database is a relatively unimportant metric. More important ones include the breadth of information in the database (reportedly extensive), the degree to which such information can be used for leverage (uncertain, but sufficient to alarm the researchers), and exactly who is in the database (reportedly people with more influence than the average citizen). Those factors will determine how worrying this is. Maybe after more data about what is contained is released, we may be able to determine how worrying we believe it to be.

Re: Easy to say

Good backup policy requires, absolutely, at least one set which is stored offline and off-site. That's because you need that copy in various cases, including fire, flood, theft, or ransomware. Don't have that and your backups aren't good enough.

Of course there are occasions where people find their system wasn't good enough and they have to make a hard choice between paying a ransom and manually recreating their data. If you do backups right, it's much less likely you'll end up in said situation. But what happens when you do? Well, you have to keep in mind that when you pay, not only do you expose yourself to risk of losing your money on ransomware that doesn't intend on decrypting for you and the possibility that you're now known as a person willing to pay up, but you're funding attacks on other innocent people. It is not only your business that is being harmed, which is why some countries have made the payment of ransoms illegal. People who ignore this are complicit.

Re: But They Do Dress Funny

They aren't doing that. Did the site go down? No, it didn't. That's not the complaint. The complaint is that it's not fair that people with bots are getting the nice slots immediately. That's a valid complaint, but it's not a violation of the law. Valid responses include making bots a violation of the terms, cancelling the accounts of people who use them, or taking technical action to prevent the bots from working. All valid things.

Let's say that I post a page to my personal site and you visit it. Effectively, you're performing a DOS because my server is going to send that page to you. If enough of you do it, my server will run out of resource. That's also the exact point of my putting the page up, so people will use my resource to read it. I cannot blame people for using my resources by accessing public services that I put there and made public and could either make nonpublic or in other ways protect. By doing this, I am taking various risks. For example, I have a bandwidth limit and if enough people access my files, I'll exceed it and I'll have to pay a higher bill. I accept that risk when I put files up and allow the public to access them. If I don't want to run that risk, I can take the files down again. It's on me to manage my own resources and set terms. A DOS attack is when someone deliberately intends to take down my system. A flood of interest in the thing the site does which the server isn't able to handle is not an attack.

Using a system for the purpose it was designed isn't misuse. Using that system with a bot when bots are prevented in the terms of service is a violation of that contract. Let's assume they've put that in (if they haven't, they have no case. Assuming they have, they can execute the penalties in that terms document for bot usage, such as closing accounts, charging fees, whatever they think is best and can get customers to agree to. However, it's not computer hacking. It's a violation of what they want.

"I know this is a leap so far I've practically already broken my legs and popped my knees, but it feels very much like 'if it wasn't locked they can't complain someone let themselves in'"

You are entirely correct. You've leaped so far that you're in orbit. If it wasn't locked, but they don't have permission to enter, then the law says they're not allowed to enter. This is a lot more like "it wasn't locked, and there is a big sign saying that people are allowed to come in, and people do come in and we like that, but someone came through with a bicycle and we don't like those". If it's your property, you can tell people not to come in with bicycles even though they're allowed to walk in. You can make them leave if they do so anyway. It is your rule, not the law, that says this.

Re: It's for charidee!

Well, if you're going to use "You don't know how much they paid for [the cars]", then I can fire it right back at you with "You don't know how much the particular charity paid its director". The problem isn't when charities provide a reasonable salary for people who control it. There are those who think that a decision to run something charitable must necessarily come with a requirement to volunteer everything, which isn't really fair. But simultaneously, there are charities which don't care about their purpose and use their ostensible purpose only for easier fund raising and tax freedoms while funneling the proceeds to some powerful people. We've all seen them. They include places like ICANN, which really needs millions of dollars from the sale of new domains nobody wants so they can fund their incredibly expensive duties of ... well they have to have two lockboxes for the DNSSEC keys, those maybe cost some money.

On the topic of cars, you need a reliable, well-built car if you're going to do field work on unreliable or nonexistent roads. Reliable. In good repair. Not one that looks nice. For one thing, after you drive a car that looks nice off road for a while, it's probably going to stop looking nice, so they're taking something valuable they don't need and causing damage to it. If they were able to explain that the car-maker concerned really wanted to donate a bunch of luxury cars to their charity, I'd accept it (though by auctioning them they might have been able to afford a greater quantity of superior cars or even more medical equipment). However, we have no reason to think that happened. Meanwhile, flaunting expensive items while working with people who probably will never own them is in poor taste, at least in my opinion.

A lot of charities are a lot better at this. You can easily find ones which spend most or all their resources on the specific cause they're working to help with, whose directors are earning a living but not exploiting the assistance of the donors, whose employees and volunteers are different primarily in the amount of time they put in. The fact that many of these exist doesn't make the exploitative charities disappear.

Re: Wibble Wobbles and Letting Cats Out of Bags

It depends where that training comes from. Maybe we could even get GPT3 to teach AMFM to use shorter sentences and that "methinks" is really not that common a word unless we're trying to sound old or whimsical. Then again, I've never figured out exactly why someone unleashed this on our peaceful comments section or why an actual person writes posts from it once a month or so.

You could test it by connecting both the drone itself and the phone controlling it to a network which logs all the packets. While a company which wants to collect could think up a sneaky way to hide data, it's a lot harder to communicate without an interested party seeing that it's happening. Unless they've decided to include a ridiculously expensive and pointless cellular connection circuit, they will either have to use your network or keep things local. It should be provable whether they've lied here.

Re: The biggest problem

That's exactly the point. All five of those examples are China-based. All compete with Huawei. This isn't a market where all the domestic players drift along in unity; they're constantly looking to improve upon their devices and increase their market share. And all five of them wouldn't want to adopt an operating system that gives a major market advantage to Huawei because Huawei has seen the code and they haven't. Chinese nationalism goes only so far. It will likely get the most popular Chinese apps ported to Harmony. It may convince people to buy Harmony phones even if the OS is worse than AOSP. It will not make all the other companies fall in line behind what is just another phone company. Huawei isn't the government, and the other phone manufacturers there are not slaves to what one company does.

Re: “Others have tried and failed"

That's far too generous to it. China is a more captive market, but there are lots of smartphone manufacturers there and they're not all Huawei. Huawei isn't making Harmony OS completely open for all of them to adopt; the parts that will be released won't comprise the whole thing. Do you really expect that, when they release this next year, several other phone manufacturers will immediately start licensing it and competing against the people who wrote it using the same software? They won't. Instead, they'll keep using what they used before: Android based on AOSP. Given that's what most Chinese customers are familiar with, that will still be a formidable competitor. It isn't a foregone conclusion that Harmony will lose to Android, but it certainly might. Thinking that Huawei owns the China market is remarkably similar and similarly incorrect as assuming that the Chinese government's international spying section and Huawei are the same place.

Re: The biggest problem

"There will almost certainly be some form of ABI for running Android apps with minimal additional overhead."

Uh, I really doubt that. They might have a few things they can do which increase compatibility, and their compiler will take the same set of languages, but they're ditching all the Android system APIs. If they're going to emulate it, they'll have to include a lot of duplicate APIs and implement what's effectively the thing they already have. Minimal overhead is tricky because we're layering system API calls on top of one another, but it's possible with concerted developer effort. If they do successfully implement this, there's no reason to develop for their OS, because someone could just develop for Android and run that. It also won't help in other markets, because they're not creating an alternative implementation of Google's GMS APIs.

China won't mandate Harmony OS on local devices either. If they do, Huawei's happy. Xiaomi, Oppo, Realme, ZTE, TCL, and everyone else is unhappy. Unless Huawei really does have a very close relationship with the government, close enough that the government will voluntarily kill most of the domestic competition, it's not going to happen. Harmony will have to compete on its own merits. We'll have to wait and see what those will be.

Re: How very petty

There is no technical issue. Since Epic violated the agreement, Apple is cutting off all the services they used to provide to Epic. Some of that is going to affect Epic's customers. Apple knows that and accepted the consequences. Epic knew this would happen to them and affect their customers. They chose to take that risk. Who you blame for the pain to the customers is your choice. I can't even bother to make up my mind anymore.