Posts by doublelayer

Re: Anything that makes life harder for companies like Cellebrite

You are aware that multiple groups can abuse your privacy at the same time? Sometimes, they even team up to collect the information that they have the easiest access to and exchange it for money or more information. If you, like I, don't like the abuses of privacy, you generally have to know about and try to work against all of the abusers simultaneously.

How are those iPads locked? If someone accidentally pressed the screen lock button, do they need to call IT to fix it? If so, then yes, this could be a problem. If these aren't secured with a passcode, though, then it wouldn't affect you. They would just have to unlock it normally after the weekend.

Re: Horror scenario

You don't need that many people, but remember to budget in:

1. Extra payments for every worker, because salary is not the only cost to the employer.

2. Translators to all the supported languages.

3. Testers for every supported operating system, and yes they have them.

4. Separate development teams for every operating system, because they have those too even if they don't necessarily need to build OS-specific versions of every part.

5. People to manage the build system, IT, HR, finance, for all the programmers/translators/testers.

6. People to either write or get licenses for all the extra software you need to have a modern browser, like fonts for every language. There are many more components involved.

7. Security teams to try to find vulnerabilities and to fix any that someone reports quickly because a browser is a frequent target.

And the optional ones that modern browsers all have:

8. Researchers developing new networking, security, and web standards. You'll need some people to implement them when others do, which is made a little easier by working with them to create them.

9. People who add additional features that you don't care about but other people do. I'm guessing that a lot of people have never used, for instance, Firefox's new offline translation function, but I do and I'm glad they built it.

10. Management, which you will need at least some of, even if it's only taking the most administration-capable programmers off task at times so they can make sure multiple people aren't writing the same thing or the testers are testing the thing that needs a lot of testing.

11. Probably a lot more types of people I didn't think to list or should be split into their own categories.

Not everyone who develops something is a programmer.

Re: A decision that left me scratching my head

Some of that revenue definitely does come through Chrome, but the article is wrong by ascribing all or even most of it to Chrome's dominance. By having Chrome and making sure ad blockers don't work as often as they can, Google does increase their revenue. It also makes it easier to redirect people to pages with Google ads on them when possible and there are a few levers they use to do that. It only works because the ads and the browser are run by the same people. Another person who was running Chrome wouldn't get that revenue, and nor would Google lose much of it if they had to transfer Chrome to someone else.

Re: WRONG!

I mostly agree with you, but I cannot and will not put task estimation on my CV. Not because I'm terrible at it. I am probably not excellent, but I can estimate even though I hate it like basically everyone else I've met. The problem is that task estimation is so general a thing that I can't really consider it a skill. If I say I am good at it, someone will tell me to estimate how much time it takes to write an app that can import CVs of candidates and sort them by qualifications and, when I ask where and from which formats we're importing and what qualifications we're sorting, they will see that as a refusal to estimate. If I say I am bad at estimation, people will assume that, if I get a task as basic as "Fix the bug where some of the strings in that window are showing English even when they should be using the localized ones already written", I would refuse to give them any prediction.

The former has happened. I don't think they were clueless about managing programmers. I think the people concerned were trying to get me to design a large system, but they phrased their request as a time estimate to disguise this. The people concerned weren't my employers or even a perspective employer, just some people who wanted to run a tech project without knowing anything about tech who were probably trying to see how much free work they could get by asking everyone they knew who worked on something computery.

Re: Information is useless without context

My guess is that someone ran a basic study and found that Daves were getting recommended more for no good reason because there's always a Dave everywhere I go. So they modified the prompt a little to include a statement like "Just because someone is named Dave doesn't mean they're automatically qualified", so the LLM behind this ends up reducing Daves by some random amount. All of that doesn't solve any problem, it just adds some randomness to exactly what the bad result is. The problem remains, as it always was, that these bots can only make confident-sounding reports about which candidate is best. They can't actually think about which one is best. Many humans are similarly limited, but the intent is that the people reviewing candidates should be in the set of those who can put good reasons behind their choices, but the AI has no ability to do the same.

Re: WRONG!

Of course, this is all true. The only problem with it is that sorting objects by most equal side length is objective and almost nothing related to selecting someone for a job is. All sorts of bias, intentional or not, is justified on "the people I chose for the job were objectively better, but I can't prove it". In that statement, the second part is often true, because there is not a lot you can prove about which candidate was best. The first bit is often wrong.

Re: WRONG!

I don't think it's that simple. Someone who wants discrimination can't guarantee that their AI will give it to them, and most of them are too stupid to understand what the AI is and is not doing. If they did, they'd probably be too worried that the AI might discriminate against a group they don't want discriminated against to use it.

From those I've seen, AI recruitment software is popular with people who don't know how to do their recruitment job and want software to do it for them. People who don't know how to read a resume to determine if someone has necessary skills figure that an AI can be trained to know that faster than they can learn what all those technical terms mean. Someone who can do that but has way more resumes than they want to read can assume that the AI can do so well enough and much faster. I don't think money is the largest factor, though second-largest wouldn't surprise me. I think the largest factor has to be laziness. Intentional bigotry is far down the list, which is one reason why this and all the other biases are such a problem; people who would want to avoid bias are getting it anyway and the only question is which biases their software of choice is giving them today. From the many studies on this, it seems like the answer might be all of them.

Re: You can't add arbitrary data to remove bias.

Most of the AI hiring software just takes resumes and throws them, verbatim, into the AI. Those resumes have names on them so you can identify the person to contact them later, and neither the employer nor the software does anything about them. That's not the only place where the AI can start introducing bias into the process, just the most obvious and easiest to test. There are a lot of filtering things that a smart employer would do to reduce bias, but a smart employer, when offered software to help, would ask what the software does and how they can know it isn't going to discard good candidates. Since the AI software is based on dubious logic and frequently does discard good candidates, the smart employers already don't use it in favor of software or manual processes that don't claim to do everything for you.

Re: You can't add arbitrary data to remove bias.

One of the things it tells us is that a lot of musicians, including many influential ones, have learned without as many resources as you spend on it. You underestimate the amount of achievement that some people* can manage without expensive tuition. For example, get one of those unwanted pianos, a free tone generator website, and a wrench (ideally one shaped well for the tuning pegs, but a normal wrench theoretically could work if you're careful). Tuning will take a lot longer than a professional tuner would take. I've done it. The piano ended up tuned anyway. There are several problems, like having somewhere to put the piano and moving it there.

* In order to manage this, you should ideally be really passionate about it. There are a lot of things you can learn without private lessons, but mostly by spending a lot of time doing it which you won't do if you don't really enjoy it. For any parents out there, being forced to do it for long time periods does not help, lessons or no lessons. It's a little like working with computers in that, while you will learn faster with private lessons at the beginning, you will not be good without a lot of self study and can build a lot of skills with that alone.

No problem. All of your neighbors who also have rural broadband don't read The Register. That means it's only you, so The Register should be paying some amount for each of your neighbors' connections. If they don't think that's worth it, then your ISP should refuse to send The Register's traffic to you. Is this making any sense?

The ISP's job is to sell me a connection to the internet. I decide what traffic I put down that pipe and pay per the terms of that contract. They have no right to demand payment from everyone or anyone I send or receive data from. They can demand it from me for the agreed service. Charging service providers for your connections just allows them to charge two people for the same service you already paid for and to let them mess with everyone by charging someone who never agreed to be in a contract with them.

Which makes sense. There is only one reason for someone to buy these. They have to be so restrictive that they don't want their users to be able to do anything and they have to have decided that Azure virtual desktops are the right way to get what they want. They won't be buying these for price; you can get a perfectly capable small desktop for a similar or lower price and, if you just want a terminal, you can get a less powerful computer and use it as a terminal for less money. Therefore, you have to be actively paying for it being locked down, so it makes sense to lock it down in the design.

I'm sure someone will try to hack it and possibly succeed, but I bet they will try in a few years when one of these is discarded. It makes no sense at all to buy one even if you could hack it because you could pay less for more hardware with no hacking required to use it as you like.

Re: Bold move

They're not implemented in the same way, but they exist for the same reason, making it easy to return to earlier versions, and they have the same costs, lots more disk space used. Importantly to this discussion, they have to be in the same place if you're doing it in the best way, the filesystem. Now theoretically that last bit is not true. You could implement file versions somewhere other than the filesystem, and the kernel would be the second best place for it to go in the same way that, if you didn't want to put a car in the garage, right outside your front door might be the second best place for it to go.

While you could implement a lot of this with a bunch of special file names, trying to do it without the filesystem being aware of it is likely to cause lots of problems. You wouldn't do it at the application level because there are way too many tools that won't do it at all or properly. However, to do it at the kernel level would require patching so many different things to decide what they're supposed to do. For example, when you use rm and it calls unlink, is that supposed to delete all the versions of the file or just the latest one. If rm was executed knowingly, they probably don't want that file anymore because if they're planning to use the last backup, they would have executed the command to return that one instead, and if they executed it by mistake, they would want the latest version, not the second-latest. So what is correct functionality for unlink now? This is why the filesystem should manage it, which means you don't need Linus to do this for you. There are some versioning filesystems already. Some of them have problems. It is and should be up to the user to select one that works for what they want.

Re: I did rm -rf / once

A lot of the time, /bin/ls is going to get deleted before glibc does. So either way, that command isn't going to be available. A few things will still work. Fortunately, my run of this was not a result of an accident. I had a machine I used for an experiment and I was going to wipe it anyway, so I took the opportunity to run the command, let it finish, and see what could still be done.

Re: Bold move

"But then it could do that because VMS had file version numbers, lack of which in Linux still pisses me off, thirty years after I stopped using VMS. Come on, Linus, how hard can it be?"

That's not a kernel responsibility and a lot of people wouldn't want it. If you want it, that should go in the filesystem, and there are a bunch of filesystems available with features similar or possibly identical to what you're looking for. Filesystems with automatic snapshots of various kinds are available for that, and they all have the cost of a lot more disk usage, both space taken up and writes to the hardware, to manage it.

Re: Bold move

People delete old backups all the time for various reasons. I've disabled a text editor's automatic backup procedure because it created a lot of clutter and frequently didn't clean it up later. There was a cost in that I had to manually track things that I might want to return to and I had to rewrite them if I failed to do so, but I haven't suffered too much by having to do it. I've also had lots of scripts whose purpose is to clear up old backups after new ones are created to save on disk space. There are rules for how many backups there should be and which old ones should be skipped in the deletion process. I have a few programs that intentionally write temporary data, which is sort of a backup in that it lets you resume a process from halfway through, on a ramdisk so that if the computer goes down, that temporary data is cleared, because I intentionally chose to require me to start from scratch rather than have potentially wrong temporary data create a flawed product. Automatic backup removal is pretty common.

Re: what does ~* do?

It could be one of those situations where there is one more or one fewer level of escaping than you expected. I've certainly experienced it as I learned things, things which I would have to escape when I was typing them on the shell, but now that a program I wrote was doing it, the escaping was done for me. Usually, that led to one more level than I needed and the commands just didn't work, but it can go the opposite way where you assume it will do that and it doesn't. Or it could have been a path thing, where a script was running in a working directory different to where the user thought it was, which could easily turn into something too close to root if there was a "cd .." somewhere in there.

Re: Oh, our favorite free speech proponent with so many fans and followers is again ...

You are confusing two things. Sometimes, neither or only one applies depending on the worker's location.

At will employment: You can resign or be terminated with no notice.

Right to work: You may choose not to pay for a union, even if everyone else is. If you make that choice, you are not covered by that union.

Re: Oh, our favorite free speech proponent with so many fans and followers is again ...

Yes, both of those things are true. And yes, both of those things would extend to Musk. What people are pointing out here is that both of those things are things Musk and people with similar agendas have been complaining about whenever it goes against something they disagree with. If Alice gets mad because Bob tried to punish Carol for saying something Bob doesn't like, then it would be hypocritical for Alice to punish Dave for saying something that she didn't like. Their criticism of Musk is still valid.

The court case, of course, is not about free speech. It is about labor laws, which do apply to private companies. Employees would and should fail if they said an employer wasn't allowed to penalize them for saying something because of the first amendment, which does not apply to their private employer. They may not be wrong if they say the company wasn't allowed to penalize them for saying something because of labor protection law, which includes many explicit protections for specific conduct and a number of implicit ones that courts get to argue about.

Re: Lose your device, lose your access

Let's take a user who has an iPhone but no Mac. They store their passkeys on their iPhone. They're the outdoorsy type so they end up climbing a mountain and dropping their phone, which finds a path of less resistance than they will and goes down the mountain really fast. They will never find it again or if they do, it will have found a boulder which doesn't want to absorb any of that momentum and generously transferred it all into destructive force. How will they get their passkeys back?

Option 1: the data is in iCloud, and option 1A iCloud or option 1B at least the store containing the passkeys is secured with one of those passkeys. They don't have them on a non-iCloud source. They won't be able to recover them. Either Apple can (1A), with or without their consent, or Apple can't either (1B).

Option 2: Their passkeys are stored in iCloud, and iCloud is not secured with a passkey. In this case, they can recover them if they can get access to the iCloud account with their password. Great, no data loss. Also, anyone who successfully obtains their iCloud password is in a position to do the same thing. So now iCloud is an insufficiently defended valuable target.

It works if you have an iPhone and a Mac on the same account and only lose one of them, at least the best option, 1B, does. Not everyone has that.

Re: Count me in, please.

And that's an annoyance that they should be trying to improve, probably using some kind of SSO system. However, if I use your numbers and make a couple assumptions, £100,000 per year and assuming 500 staff means £200 per user per year. I think their financial department will be sort of fine with this. IT should still improve it. Unless you were working on something easily weaponized, that is too many times you have to authenticate yourself. They should reduce the frequency where reauthentication is necessary and see if they can simplify the reauthentication process.

The problem is that there are some users who will react similarly when told they have to enter a password and enter a TOTP code from another device once or twice a day when they access the account with lots of money in it. There are times when the extra delays to getting to the place you need to be are necessary and the cost of the added security is more than worth it. In that case, the user's annoyance is not something you can reduce without removing the security and their disapproval of a change in system is not sufficient reason to do anything differently.

Re: Single point of failure

To be fair, a lot of those would have applied earlier. If someone was robbed before the dominance of smartphones, they would still not have any cash and, unless the thief was considerate enough to leave them payment cards, no card to use to get a cab. The only methods left would be walking home with a better memory of how to do so or calling a friend with a memorized number, both of which are still possible* and done by a lot of people. Most of the people I know don't use navigation apps routinely when traveling near their home, and even those who do do so because the apps are reporting on traffic rather than because the users don't know the way.

* Finding a place where you can make a call is harder than when there were public phones, but there are probably a few businesses who will let you call if your phone has been stolen. Of course, you had to pay for the public phones, so it wasn't necessarily perfect then in a post-robbery situation.

Re: Count me in, please.

A non-unique user ID is not a fault of passwords. Passkeys will still do that. There are advantages to them, but don't give them credit for things they don't fix or would be fixed regardless of the authentication mechanism.

Similarly, passwords can be a pain, but passkeys can be even more of one. For work-created accounts, it is often less of a problem. IT can manage a lot of the work, they already figured out where they're stored, and if the laptop is stolen or accidentally smashed to bits by a train, IT probably has processes for revocation and regeneration, or if the keys can be proven destroyed rather than compromised, maybe even restoration from a backup. The average user does not have any of those things. By now, they've mostly figured out how to have a password and write it down. Passkeys are less convenient in every part of the process except the logging in from your computer part. This doesn't mean that we don't use passkeys. It means we have to understand why they will be unpopular so we can fix whichever of those elements we can fix and build up the experience necessary to train users in those parts that can't be improved.

Re: Count me in, please.

If they are actually unable to do their work, it might be. If they are able to do their work but they have to do something they don't feel like doing, that's theirs. Everyone's had that. Sometimes there's a good reason, like using SSH keys instead of passwords. Sometimes there's a reason that makes sense for the business even if it doesn't directly apply, like switching a software provider because they charge less money. Sometimes, the reason is bad, like switching software provider because they bribed someone to switch. However, in none of those cases would it be IT's fault that users have to learn and then do something new. If what they need to do is still possible, and equally or more feasible to do, then that's just an annoyance. They can complain about that and see if the annoyance can go away, but if they claim that they can't work even when they can, they are demonstrating their own lack of skills.

Re: I solved it

You wouldn't have to. TOTP authentication is supported by a bunch of libraries. If I'm understanding their account system, all you have to do is create a TOTP login system the normal way where it's a second factor, then remove the password field so TOTP is the only securing factor. You don't need to buy that from someone else.

Whether you should build it that way is a different question. For a lot of users, that is going to be confusing, no more secure than passwords, and more easy to lock out. Without actually collecting some contact information, the method of account recovery described will be fragile at best. If you do collect contact information, users are used to being able to reset their password without having to pay fees for it. Theoretically, it lets people who are motivated to secure their own accounts lots of room to do so by adding security to their TOTP provider, but such people can already do a lot of things even if it was just a password.

Re: I solved it

"The entire system is completely PII-less."

Except, presumably, for the payment method you use to charge them for account-related actions, which is either the PII-rich payment card or the will-drive-away-most-users cryptocurrency wallet with mandatory minimum holding so you can charge these fees.

Re: Passkeys have been destroyed by Google

Several of the points raised in that blog post are good, but there are a few that I think are missing the point.

For example, one objection in the post is that Google decided not to implement restrictions on providers of passkeys. The point that Google can effectively change the standard by not bothering to implement things they don't like is certainly valid, though it's not like they actually changed the standard and anyone else could also just ignore parts they don't like. However, the specific thing they didn't implement was so bad that I'm glad, and a bit surprised, that they didn't do it. Effectively, it was a way for sites to block key generators, meaning that they could easily restrict you to using one of their choice. That is a terrible thing. For example, if one site gets you to use their key system because it's the only one they accept, it's likely to get users who use that key system to store everything else. Privacy lost in ten lines of code. The argument for why you need that is "a business where we have policy around what devices may be acceptable". To me, this sounds like every other business who thinks that everyone's computer should be locked down so that their preferences are easy to enforce. I don't like it. Businesses can implement their own filter. For instance, they could not let me install software-based key managers other than the ones they like and could block hardware-based ones so only authorized ones work if connected, or they could just tell people that other ones are not allowed and that there will be consequences if you ignore that. Google did a lot of bad things with these, notably the comments about Android's treatment of them, but blocking the Authenticator Selection bit is welcome to me.

Most of the challenges I see with passkeys are not due to deliberate messing about by tech companies. They're challenges inherent in the model. I use a hardware token to access things. I know that, in order not to be locked out, I need to have a backup something, in my case another token. I have to pull it out and enroll it any time I enroll the first one. I have to keep it safe in the meantime. If I should ever lose both of these, there will be a bunch of annoying problems to get around. If I want to access something on a different computer, there will be friction. Maybe I left mine at home. Maybe the computer I'm connecting to doesn't have USB-C ports and I don't routinely carry a USB converter. None of that is Google's fault, and none of it is simple to explain to users. Passkeys were sold as a panacea to the problems of passwords, and they can be a massive improvement, but they aren't an improvement for every user or every use case.

Re: 15 years of experience as a programmer...

I'm guessing this piracy operation was being paid by enough customers that they could pay well for the services of this programmer. I doubt it was a choice of desperation. There are people who would do all sorts of illegal things for a multiple of their current salary, even if their current salary is pretty nice.

If the financial software was specifically designed for committing fraud, the developers should be and are punished for it. For example, the Madoff Ponzi scheme programmers were imprisoned for knowingly writing the software to automate the scheme. The programmers at FTX who knowingly built in the theft capability have been charged and pleaded guilty for that.

If you're just writing innocuous code and it is used for a malicious purpose, you usually aren't charged and I don't think you should be. For example, if someone was contracted to write a video streaming system which was used, without their knowledge, for this site, they shouldn't be charged. There is an unclear area where you're writing code that could have legitimate or illegitimate uses. In this case, it's not that hard to realize that this is category 3: he knew what he was doing it for, he knew it was illegal, and he decided to do it anyway. That kind of thing has always had the chance to land you with criminal consequences.

Re: <shrug>

Most of them do, and those that don't tend to have things that are hard to find elsewhere. For example, while I don't have it, I understand that one of those is mostly a service that people outside the UK subscribe to in order to watch stuff made in the UK. They may not have anything original, but since you can't officially watch all the BBC content without a UK address, it may end up working the same way.

On the other end of this, I was assisting a professor and marking assignments. The assignment involved taking a blank file (of a specific format) and performing several different operations to it before closing it. I was running the answers to see if they met all the requirements, and a few students did successfully do all the things they were supposed to, but only if there was an existing blank file. If there wasn't, their programs crashed. I marked them down for that. When one of them complained, we debated whether that was a legitimate way of completing the project as assigned. I still maintain that it wasn't, because the instructions said "open a blank file" and the function you call to create a blank file is open(), but we ended up returning the points I took away. Fortunately, I convinced the professor to modify the assignment to clarify that they should create one so the next time, students could be safely marked down if they didn't.

A lot of people think specs will include enough details that you don't have to think, but I've almost never actually seen such a spec. You either have to ask for instructions at unspecified behavior or you have to figure out what would be logical in the case. Of course, we also have your example of a spec that did clearly specify behavior but they didn't want it, which is quite common but at least they can recognize that when you point to the error.

Re: Natural Selection in action.

Not necessarily. Fortunately, the equipment could be built such that it didn't fail when moved violently. If that wasn't feasible, it could be a correct design to require that people not move it violently and design around something else, for example building in something so the user can quickly drop it to start using the cutter instead. Sometimes, the thing a user wants to do is not the one correct usage which must be accommodated, which is good because sometimes what the user wants isn't feasible to give them.