Posts by doublelayer 10494 publicly visible posts • joined 22 Feb 2018
You really had to post that sentiment twice? And by the way, it's not really true. Apple designs all their equipment, then subcontracts the manufacturing. Xiaomi does some of that, but a lot of their stuff isn't done that way. For example, they are somewhat well-known for their wearable fitness trackers, and they don't design any fitness trackers. Instead, the company called Huami does that, both for their own brands and for Xiaomi. Neither of these models of doing business is necessarily bad; whether it's Xiaomi or Huami making the trackers, people seem to like them, but they're not the same strategy.
You're misstating the points you're replying to.
"This is not about the US Constitution or American law. This is exclusively for the other side of the pond. In cases such as this the database entries must only be removed for EU territory, Google can still legally show them in other jurisdictions."
Not only was the U.S. not mentioned, but this is a comparison. Countries in Europe do it this way, other countries do it a different way. The comment you replied to was contrasting these approaches and stating opinions based on this comparison.
"This is not a government forcing anyone to unpublish anything."
Wrong. You seem to have two parts to this argument. Let's look at each:
"Firstly, this is a purely private case between a private citizen and a private company."
No, this is a case between a private citizen, a private company, and a national government using a national law which is interpreted by a national court. The law decides what that private citizen is allowed to demand. The law allows the government to penalize the company if it doesn't comply. It is that law, and the government that created, interprets, and enforces it which makes this a governmental matter. It is true that the government isn't making unilateral demands, and in this case they refused to support the citizen's demands, but the law gives them power and it is that power which we are talking about here.
"Secondly, the RTBF is not about publishing. It can not be used to remove articles or force corrections. It is limited to the storing of personal information in the databases of search engines."
Wrong again. It is not about the storing of personal information in their databases. It is about storing of impersonal data, namely specific links. Which they are going to publish if it's in their database in the search results area. Which this law would make it illegal to publish. Your second phrase is wrong, and your first phrase is only technically right based on a limited definition of "publish". We have had many an argument in this forum about whether deciding and sending search results is publishing, and some of us think it is. Even if it isn't, it limits what Google is allowed to write to their search results pages. Not about personal information.
You can argue against the point in many ways. I would agree with some possible arguments. The points stated in that comment are exaggerated and not well-argued. There are lots of legitimate avenues for dispute. You did not choose to take any of them.
"Sorry, there are sentences like "Slapping a "Personal Edition" label on a product implies you can only use it for personal use, which would be against the license." which are utterly wrong."
Maybe you would accept it if rearranged. Here's what I think it is trying to say:
If a project said that you can only use it for personal use, that would be against the license. Slapping a "Personal Edition" label on a product implies but does not really mean that.
The sentence occurring immediately after the one you quoted makes it clear that they understand that the implication is not true. They are not claiming license violations. They are claiming user confusion.
You may have read, but you're doing quite a nice job misconstruing all the points. Let's look at your comments and what they came from:
LDS: "I read the comment. The comment implied LO has no freedom and just they want software from LO they have not to pay for."
gobaskof: "Slapping a 'Personal Edition' label on a product implies [note implies here] you can only use it for personal use, which would be against the license. It is technically legal. But it is wrong [opinion]"
So the original comment demonstrates that they understand that any organization can do as they please with the code, including providing or refusing to provide binaries. That comment disagrees with it.
"RedHat doesn't make the Fedora and CentOS builds - those are "community" projects."
From the Wikipedia article for The Fedora Project:
"The project was founded in 2003 as a result of a merger between the Red Hat Linux (RHL) and Fedora Linux projects. It is sponsored by Red Hat primarily, but its employees make up only 35% of project contributors, and most of the over 2,000 contributors are unaffiliated members of the community.[6] [...] The Fedora Project is not a separate legal entity or organization; Red Hat retains liability for its actions.[15] The Fedora Council is currently the top-level community leadership and governance body. The Council is composed of a mix of representatives from different areas of the project, named roles appointed by Red Hat, and a variable number of seats connected to medium-term project goals.[16] The previous governance structure (Fedora Board) comprised five Red Hat appointed members and five community-elected members."
There's some external community, but Red Hat controls a lot of the code and the organization that owns it. You can argue definitions if you want, but I consider this as having a significant connection to Red Hat.
Original: "But it is wrong and misleading and should not be allowed"
Reply: "Really? This is the mindset of people who think Open Source is 'hey you, work to give me the software I need for free!'"
I don't think that's really true, as the code would exist anyway. It's not that hard to compile most open source projects, so if you don't want to give back, the policy is simple. The original comment was expressing the opinion that labels like "personal edition" imply something that might put off users. Not that they actually do, but that users may believe they do. The opinion was that this belief might dissuade people from adopting it and therefore lose the developers the income from support contracts, extra features, and similar.
LDS: "Again, nobody forbids anyone to take the LO code and make all the builds they like and distribute them. But you can't think to force a company to make the builds you need for free. Otherwise, where's the freedom?"
And once again, the original comment clearly states that there is no requirement forcing anyone to make specific builds, but that if the proposed specific builds were made, they believe that decision to be a bad one. I think part of the reason that leads to this opinion is that it wouldn't be the core LibreOffice team making those decisions, but instead a commercial company, Colabora. It could be considered misleading if someone other than the LibreOffice control organization made software calling itself LibreOffice but with restrictions. It would be legal to do (and again the original comment says as much), but it could sound bad to some people, including the one you replied to.
That's certainly part of it, and I mentioned the discount on Office365 in my mock discussion, but I mostly left that out because exactly the same logic would apply to many a small business. When something is free, they're a lot more forgiving of things like time requirements than if it costs a little less. Even if a completely rational economic analysis says that doesn't make sense, they will do it. Also, in various situations, it does make sense.
Read the comment you replied to. The comment acknowledges that it's perfectly legal. The comment acknowledges that any terms or suggestion wouldn't be legally binding. The comment argues that, despite those things, people will see them as in some way binding. The comment alleges that people will decide not to run the software because of this. The comment suggests that these are bad things and so the behavior likely to lead to them happening should be avoided. You can disagree with those allegations, but it's hard when you only argue against the thing the comment didn't say.
That message seems carefully worded to be accurate and sound like they use the money for development without ever saying that:
"LibreOffice is made possible by the efforts of thousands of volunteers around the globe, and by the generosity of donors [but those two things aren't related]. Please support our efforts [whatever those may be]: your donation helps us to deliver a better product [somehow, but we won't tell you exactly]!"
I concur with your post; this would be a great avenue for further journalism. I generally thought of TDF as trustworthy, so I don't think they're pulling an ICANN and using the money they pull in for the enjoyment of the board, but if they're just putting it in a bank account, it's not helping the project very much. What do these people do?
I see your argument as well as the similar one from the article:
"Free software has an unfortunate connotation of gratis, free of price," Meeks said. "The FSF (Free Software Foundation) has tried for many years to explain that it is all about freedom. LibreOffice has the word Libre in it. But there's quite a strong sense of gratis in its statutes, which is unfortunate."
However, I must disagree. If you go to anyone who doesn't know the term already, they hear "free software" as meaning £0. This if often a good thing because it can be the initial selling point. Even if they pay money for a support contract, knowing that they could entirely stop payment and still have their product is useful. I sometimes volunteer some computer support time to a charity, and I'll use them as an example. Here's a short but effective method of convincing them to switch:
Me: I notice you're using Office365 at the moment. There's another product that you might try which is free.
Charity director: Well, Office365 isn't that expensive. We get a discount on it and everything.
Me: But this product doesn't cost anything. Not everything is as easy, and we might have to replace a few things with other software, but there's a lot out there that we can use. Not only is it cheaper but it is better in various ways. It can never expire on you.
Director: And it doesn't cost anything?
Me: No. You can buy support if you need help with it, but the software is free.
Director: Can you roll it out to all the machines and we can run a test. If the users like it, we can go from there.
Consider what would happen if getting functional LibreOffice required payment, manually building, or getting from a dodgy-looking site.
Me: I notice you're using Office365 at the moment. There's another product that you might try which is free software, with free referring to your rights to do with the code as you wish.
Charity director: Interesting. So what rights do we have with that that we don't get with Microsoft.
Me: You can modify it in any way you like, share the code, contribute to the community, all that.
Director: You realize we don't have programmers, right?
Me: Yes, but it's still better because it doesn't restrict you like Microsoft's product does.
Director: What restrictions does Microsoft have that this doesn't?
Me: You have to pay a subscription per user every year and you don't have as much choice about how you store your data.
Director: So this is free?
Me: No, but it's cheaper.
Director: Office365 provides us with mail accounts. Does your suggestion?
Me: Well no, but we can use another free software product to do that too.
Director: And we get cloud storage which I've used as a basic backup system. We get that too, right?
Me: No, but
Director: So we have to pay for at least three different pieces of software. Will the prices for all these things still be lower than Office365?
Me: Probably. I know the mailserver software is free and depending on where we do the storage, that could be cheapish.
Director: And how about the hardware the mailserver and storage run on?
Me: You'd have to have that too. You have a server in the closet so we could use that.
Director: You're going to volunteer all the time it takes to switch our mail system over and guarantee us that no email will get lost, because we can't handle outages?
Me: I'd like to, but
Director: Is this really that worse than paying Microsoft, given that it sounds like we're getting a lower bill in return for having no features?
The theoretical director there doesn't understand all the specifics, but they have a point. Having two options, and for each having to pay, means the two enter a type of competition that isn't as present if one of them is free. For us, we know about the freedoms and care, we are confident in our ability to troubleshoot if things go wrong, and we often don't care about spending a bit longer getting some software exactly the way we like it. A lot of businesses don't go that way, and think only about finances and wasted time. If you can't argue a business into using the software, then you lose any money they might have paid for a support contract, and they're not going to suddenly bet on an unknown for a slightly reduced bill.
Comment was written somewhat tongue-in-cheek, hence things like claiming he knew what he was doing and recommending that criminals pay attention to environmental considerations. However, it is good security practice to erase disks even when discarding the hardware, so I only had to joke about what his intentions were, not what is a good idea.
It looks like he wanted to follow good security practice. Even if you're going to toss the machine, erase the disk first. If you don't, an attacker can get the computer out of the bin and extract the data. Of course, if you're planning to discard the hardware entirely, secure erasing the disk is more easily done by using a hammer, but remember to still do it.
The instructions above are meant for example purposes only. If you truly are planning to erase your disk to avoid legal prosecution, at least you hope, you should not bin your machine. It is more environmentally friendly to have the diskless shell brought to an electronics recycler.
I really don't mind the typos. It happens to all of us. My suggestion would be to turn the tips and corrections feature into a form rather than an email--sometimes I'm on a machine without email configured or with accounts I don't want to use, so I try to remember to send a message later and likely fail. I'm guessing it was done this way to deal with spam, but you already have our logins so you can associate reports with those for blocking purposes.
The article described him as a systens engineer and a techy, but they didn't provide extra context on that. It's possible that he built electronics or worked on the physics of the radar, rather than dealing with computers. While many electrical engineers and physicists have had lots of experience with the low level of computers, many haven't. I wouldn't be that surprised to hear that they don't automatically know about the device nodes and how to find the right one.
You are very right to think that. It is critical that audits be done about copying data to external media if employees are meant not to do so. This company is very fortunate that all this guy wanted to do was take work home without permission. Had he taken a copy and showed up at a prearranged consulate, he could be happily living in another country with the data handed over before the company even knew there was a problem.
Exactly. If you can have enough weapons to be able to take out satellites with a 12-24 hour lead time, that's pretty good. Preparing a ground-based attack might be able to go faster if you rush things, but it's not markedly so. Also, if you attack a satellite from something near it, you can do so in such a way that relatively little damage is caused to other things. If you have to fire your offensive weapon from the surface, you don't have as many options--either you launch what is effectively what you could launch already, or you go for a blast it to pieces approach. If you do blast it to pieces, there's always the chance you might damage something you didn't intend to damage, either causing problems for you or angering someone who was formerly neutral. Even if you still think surface-based attacks are useful, it doesn't hurt to have both options available. If you can stand to wait a few hours, use your orbiting disassemblers. If you can't, bring out the big laser.
I've dropped mine a couple times, onto wooden floors, onto concrete, and onto a cat. The phone never seems to mind these drops, but mine is older and has a case on it to be careful. The case isn't designed to provide massive levels of protection, but I've seen other people with cracked screens, so I figure it's not hard to use the basic protection option. So far, this combination has resulted in no problems save for a short meow and a contemptuous look.
The culture of having managers and nonmanagers, where managers are defined as people who don't know how to do any of the things that need doing but direct people to do so is harmful. A good manager understands what the people they're managing do, and they understand how to do those things in a pinch. The team members themselves may be better at doing it, but if the manager doesn't know, they're not competent. In addition, the word manager can be applied to people who manage things other than people; it's pretty generic.
"need to take it up with the idiot users who leave pages open when they're not doing anything with them."
That's not a good approach. Why shouldn't most pages be left on? They're documents. Mostly static documents. If I want to have them open, it should do little harm other than using some memory. Same thing is true of most nonstatic pages, because if they need to update, they probably don't need to thrash the CPU for it. After all, there are tons of other apps and applets whose entire job is to remain in the background and update information so it's always available; they seem fine at it. A few pages may do something else, like livestreaming video, but even those should be coded to stop streaming when they're not in focus. Leaving a properly-written livestreaming page open in another tab is simply a better way of returning to it when needed. None of these things are unusual, and users shouldn't be blamed for not knowing that a bad developer has made a site that wastes CPU time or network bandwidth.
So, your suggestion is? If your suggestion is "you should have taxed him more a while ago", well, it didn't happen. If your suggestion is "take away his resources now", don't expect that to happen either. If your suggestion is that he should donate his money to a fund controlled by the government rather than a fund he controls, don't expect that to happen either, because he and probably various others will have more confidence in his determination rather than any national government.
In addition, there are different goals between philanthropists and governments. Do you think the public would be very interested in curing a disease that never affects them, in an area far away with which that country doesn't interact very much? Would a government that is beholden to its voters, lobbyists, and businesses but not to people on another continent spend a ton of money on a comparatively small project to help the least powerful there? It sometimes happens--there is foreign aid--but it's not their primary concern and arguably shouldn't be (I wouldn't argue that but I've heard enough people do so that it does have an effect). It is his choice to spend his money on people outside his country, in a way that might not be the priority of the people who would get the vote on it if he had to turn the resources over. Unless the people decide that, for some reason, he needs to have his money taken away, that is his choice to make.
His employees? Do you mean the Gates foundation employees? Or Microsoft employees (he hasn't run that for over a decade and a half)? Do you have reason to believe either set of employees are being paid badly? It's not like Amazon, which does have a massive workforce at the lowest end that can be mistreated for massive profits. Both his organizations have much different organizational charts. I'm sure you can find some problems, but I don't think you'd find them to be large or systemic ones.
No, they didn't. The claim is that apps expanding to fit the available memory is good. The reply states why having free memory is good. If the apps expanded to fill the memory, then there is no free memory, and the benefits listed there are lost. If a system can run in a gigabyte but has two, you have a gigabyte for caching. If it can't run in one and needs two, then you have less or zero for caching.
Google: We are going to force manufacturers to do something. Something that would improve Android as an ecosystem, you know? It's time to show the power wielded by the holder of those GMS rights. What should we make them do?
Engineer 1: Well, how about security updates?
Google: Security updates? If they want those installed, they'll join Android One. We already have that.
Engineer 1: Well, that's only used by a couple companies, and that's only three years, and the ones who aren't on that program sometimes drop after six months. We could extend those requirements or...
Google: Stop questioning us. You're fired.
Engineer 1: [Is ejected.]
Engineer 2: I was thinking we could limit preinstalled applications that aren't hardware related.
Google: Excuse me?
Engineer 2: Wait. I just mean we can let users uninstall or disable
Google: Have you not heard about Google Play Services? We make money from that.
Engineer 2: [ejected]
Engineer 3: Well we could make manufacturers keep our UI
Engineer 3: [ejected]
Engineer 4: Stop them releasing Android 7 in 2020?
Engineer 4: [ejected]
Engineer 5: More reporting on use of permissions for the security conscious
Engineer 5: [ejected painfully]
[...]
Google: Why do I have to make all these decisions? Shouldn't we have engineers to do this? Well, how about we make them use Go edition more? That would work.
Engineering manager: It might not be a selling point for all manufacturers. Sure it runs faster, but there are some things it can't do which could make consumers think
Engineering manager: [ejected]
Short answer: Probably not.
Long answer: It's up to the manufacturer, but Facebook has made a Go version, these are usually low-cost devices, and one way that manufacturers make extra money, especially with low-cost hardware, is to dump preinstalled crap on. So I'd expect most Go devices available in countries with high rates of Facebook infestation will have a preinstalled version.
"I'd prefer not to be tracked all the time, obviously, but I've never worried that so being would fit me up for a crime I didn't commit. Does anyone here really worry about that? If so please can you explain why in rational terms?"
Here's one short but good reason. It has already happened. Look at arrests based on facial recognition. There have been several in the U.K. and U.S. In many cases, the person arrested doesn't look like the person identified; the cameras got it wrong. And yet, those people have been in police custody for far too long before they were released. They do get released at some point, with no charges, but do you think they get any recompense for spending some time in jail? Any way of proving to people whose meetings they missed that yes, the police did arrest them, but that they didn't do anything wrong nor was there any reason to suspect they did? Similarly, some police organizations have been known to treat some people without regard for justice. It hasn't affected me. It might not be in my area of residence. If it affects others, it's still bad and it is part of my responsibility as a citizen of a democracy to ensure there are protections for those people. One of the most useful protections is requiring warrants for accessing potentially abusable information. It has been done for decades in many countries; it can keep happening.
"For the benefit of us folks in the UK could you please explain what a hanging chad is and why it matters."
This applies only to the 2000 election. Chads are small round pieces of paper that are meant to be punched out of a paper ballot. The voter selects the choice, the corresponding hole is punched, the chad falls away, and the ballot with its hole can be counted automatically. The problem occurred because some machines failed to completely punch through the paper, meaning that the selected hole was not fully opened. The chad remained partially attached to the ballot, hanging there. This caused problems because the counting machines sometimes failed to count those ballots correctly.
"all the engineers involved in the working groups will be rather glad their every word isn't being recorded and scrutinised by strangers with an axe to grind"
According to your description, I can already scrutinize any words I want because the minutes are being recorded. You mentioned some alterations during fast discussion, not cutting out. Given that that's your primary reason, it seems like your objection isn't valid. You are worried that people will do something they are already capable of doing. The only way people couldn't already do this is if minutes aren't accurate, public, or comprehensive. You have claimed that they are all of these things.
I don't believe there are massive conspiracies they need to keep hidden. Nor do I really care about whether recordings or minutes are released. They don't mind publicly announcing standards that were obviously created by corporate interests and not considered by much else, so I don't think there's very much they might want to hide. However, despite this, your claims don't seem to make sense. You claim that recording isn't necessary because text minutes are kept, that audio or video recording would lead to unneeded scrutiny of every word while claiming that nearly every word is written down and made public, that publicity of data is potentially harmful and that in the interest of publicity minutes have been standardized and organized. In each case, the claims appear to contradict.
I'm glad to hear that. As I understand it, according to you, everything is written down, everything is done in a standard way, public, and the only downside is that sometimes people talk too fast for the minutes to be correct. So, if everything's public, and the meeting is over audio, what is the problem recording the audio and using it to help the people taking dictation? Or, you know, releasing it? If you and your colleagues have no problem having everything transcribed, what problem do you have with it being recorded instead? If you don't have any problem with it being recorded, then may I suggest that possibly the people who do are not on the group you're on and therefore that you don't know what they may be doing, legitimate or not? And if that is the case, your description of the trustworthiness is not very useful, is it?
I believe you are correct and that there is some community involvement in choosing the board members in this particular case. I haven't looked that hard yet, and don't know for certain. However, the boards of charities and nonprofits are very powerful and very unaccountable. The reason for this is that a charity (most countries) is not owned by anyone. It's just controlled. There is therefore no check on the board other than laws governing what a charity is and isn't allowed to do.
I have never worked at a charity for my main job, but I have some close friends who have and I've volunteered for one small enough that I have met their board. These people are volunteers who get to decide lots of things. Their decisions cannot be appealed. If someone leaves the board, the existing board members get to replace them. The only way to get rid of someone on the board is for the rest of the board to vote them out. The board doesn't get any money for doing this, but of course you can always find a way to get use out of some money without paying yourself, and given that the board decides who runs the charity, they have a lot of power. If it is necessary to completely remove and change the board, it can be done only by suing the charity and board for violations of some law, which are pretty forgiving in most locations. The charity is allowed to use their resources to defend themselves in that lawsuit. So unless you already have a bunch of money or are a government, you face a tremendously difficult uphill battle.
"If you are a legitimate business and not a scammer, you owe it to the public who may be roped into "doing business with you" simply because you're serving some dodgy JS on thousands of webpages that people encounter every day without any warning in advance that your lousy dodgy JS is going to be trying to get into their browser."
I completely agree. The problem is that Whois doesn't help. I don't trust code any more if it's a company name rather than a privacy organization stored there, because a) I have no proof the information in there is correct even if it looks possible, b) dodgy JS can come from any place and can be owned by any company, and c) any company can create other companies to make their origins look different, and they do that all the time. Consider what you would think if you saw this in a Whois record:
Registrant Name: Siculus, Inc.
Registrant Organization: Siculus, Inc.
Registrant Street: 1700 34th Ave NW
Registrant City: Altoona
Registrant State/Province: Iowa
Registrant Postal Code: 50009
Registrant Phone: (515) 306-8507
Do you trust this company? We can do some research and determine that that company does exist, they are at that address, etc. Do you trust them now? Well, whether or not you trust them should be the same as whether or not you trust Facebook, because this is Facebook. You wouldn't know that from Whois though. Nor would you know whether Facebook/Siculus actually registered this domain--if I was a scammer and I thought you'd trust that, maybe I put that information in when registering my domain. It wasn't hard to find, after all. Nor do you know basically anything else about the system or the people from that contact info.
"For example, because WHOIS records are now virtually useless due to so-called privacy provisions which are largely used by shady organizations trying to escape responsibility for their online activities, it takes me 5 or 10 minutes per domain to do research every time I see some questionable javascript that I'm trying to decide whether to let run in my browser or not."
Which really breaks things up from all the people who would just put in information that isn't at all connected to who they are. Which has been happening for years. It isn't new; when people realized that putting real contact information led to scammers, they started to avoid giving that out. I know of a friend who set up a site in 1998 and put in the wrong phone numbers to avoid scammers. Companies that let you replace your info with theres were easily available in the early 2000s.
Actually, what information are you hoping for to determine whether JS is safe? All whois contains is address, phone, and email. That doesn't tell you anything about whether code is trustworthy. While you might decide to ban any code coming from a domain associated with an address in Russia, do you necessarily trust any code coming from some other country?
The model mentioned measures 129 by 65 mm. Even if there were no bezels on a phone, it could only have a 5.68-inch (144.5 mm) screen and still fit into those dimensions. The iPhone SE 2020 has made that 3 mm wider, and it's one of the smallest options out there. True, the growth in screen size doesn't mean the same increases in case size, but it has been accompanied by increases in case size. The phone mentioned in the article, for example, is still 9 mm wider as well as being 39 mm taller.
""once I've bought a new shiny and finished configuring it, I dig the packaging for the old device out and slap it onto Ebay. It helps to offset the cost of the new device, reduces clutter, and in the event of anything going wrong, I'd rather just buy a replacement"
In my case, if I'm replacing something, it's likely in one of a few conditions:
1. It's broken. Physically. Bad enough that I can't repair it. Resale value next to zero.
2. It has gotten so old that someone might want it, but they won't find it. I've waited months hoping that someone would buy old devices, and now I try to be more realistic about what it's worth, usually next to zero.
For case 2, if I can't sell it but it continues to work, I try to find someone who can use it. I have found several places that would like phones that still are capable of making calls, so I can donate those. Sometimes, I can do the same with laptops. For other devices, I keep them around in case I need a disposable device or a victim for potentially destructive experimentation; after all, it's better to reuse when possible.
I have an old phone from 2012 which was not reliable enough for the place I donate phones to. It has been a potential casualty in a number of tests so far. Still works, well sort of. If I need a cheap device that might suffer during the experience, I'll draft that into service rather than paying for something new.
"It has always seemed odd to me that the American system would treat evidence which actually proves guilt as inadmissible due to the way it was obtained."
The concept does sound problematic, but it also provides a safeguard against misconduct by the more powerful party in a criminal investigation. If a policing organization commits a crime, they may not be held to account. The legal system is connected to them, other courts may not have jurisdiction, and if the defendant doesn't have the resources to pursue them or a sufficiently interested third party to foot the bills, the police get off for their crime. By making it clear that their crime cannot pay, it reduces the need for that. Of course, it also makes it harder to convict criminals, so there are pros and cons to either approach.
In that case, perhaps you could enlighten me to the point I missed? Your comment seems to have left that out.
As I understood it, the comment from which I quoted was under the impression that there was no data available to be stolen by a possibly malicious app. Their comment seemed to indicate that, since the phone couldn't contain a lot of information Facebook would like, it must have no data of value. I listed various types of data that would be entirely obtainable from this device and that it would be undesirable to give to Facebook. Again, if I missed a point, and you understand the point, it would be nice for you to explain yourself. It would have been nicer for you to have done so when you felt the need to tell me; I find discussions work best when people say what they think.
This phone runs on a chip intended for basic phones, with 8 MB RAM. These two facts combine to make it completely impossible to run any version of Android ever released on it. It very much doesn't. Now the Facebook app is concerning, but you can't break out the accusation of Android. If you want to determine whether you trust something, do your research to figure out what it actually runs before jumping to conclusions.
"What exactly would it be snooping?"
Data collection profile: User ID 18502396963:
Phone number: On file.
Contacts: Logged. Up to date as of 2020-07-19.
Call history: Logged. Up to date as of 2020-07-19.
Text messages: Available for processing.
Images: User has not taken any. Automatic backup is enabled if they do.
Voice recording: Enabled, batch upload pending.
Music preferences: ID3 information has been logged and added to user's advertising profile.
Location history: Available for 22 days, 9:14:43. Warning: location accuracy is low, from nearby tower information only.
"The USA wants privacy for its own citizens."
No, it does not. It doesn't want privacy for any other citizens either, but don't think its own citizens are getting consideration or extra things. As government policy goes, it would like for privacy to be deleted from the dictionary and everyone's brain so people stop complaining about all the violations.
I don't think that's necessarily true. While most devs don't have a need for the kind of processing that graphic designers do, their workload is often heavier than text entry. In my work, I enter text for a while, then I compile and test locally. This may not require much power (it doesn't do any GPU-accelerated work at all, for example), but if I had to wait five times as long for a really low-end processor to compile some of my bigger projects, I'd be rather irritated. It's true that, when I'm done with my code, I push it to a remote server which compiles again and runs a bunch of automatic tests, but that doesn't liberate me from having to test locally. Most of the time, the automatic unit tests are sanity checks on things that could have broken inadvertently, but if I'm adding new functionality, I not only have to unit test myself, but I also have to run more thorough tests to verify that, not only do the small bits work, but they are put together in such a way that the big goal happens too. I don't push that to a server primarily because I don't want to wait around for my test data to be uploaded (sometimes medium-sized files) a job to be queued, eventually run on a new build environment, a log to be produced, the log to be put in the files section, download the log, then open it to see whether it worked. Instead, I can run the program locally right now, specifying to print the log to the terminal, and see what happens in real time. If the program I'm testing is one that needs substantial processing, and some but not all are, then having a better CPU means I can do that more efficiently.
"How do they expect to set up a home lab, test software and generally be productive with just a consumer phone or tablet? They sound a bit like frauds to me."
Why would they be expected to do any of those things:
"set up a home lab": In normal circumstances, why would I? If I need a lab, there's probably one in the office I'm expected to use. If I have to work from home and keep using the lab's type of hardware, I will either do so from a remote terminal if possible or take the equipment that's already in that lab home with me. If the company doesn't want me to do either of those, they can pay for the lab equipment that I use for them. If I want to have my own home lab, maybe I'll have some of those devices. If I don't want one, my company shouldn't care.
"test software": Why? If I'm testing software for work use, I use work machines. That's the machine in my office, my work laptop, the machine in my office via the work laptop, or one of the servers I have access to. So all I need is the work laptop.
"generally be productive with just a consumer phone or tablet": I don't expect to do that. I expect to be generally productive with work-provided kit. If I need more kit because my job requires it, then work has to provide that. If I happen to have replacements at home, I may volunteer to use them instead of having my work buy and send me them, but otherwise, it's their problem not mine. I'm currently expected to be productive, and I use my own peripherals because I like them, but the computer they're connected to is work-issued. That's all they should expect me to use.
Of course, it can be removed. The point is less that and more that a proprietary blob which is controlled capriciously by a commercial entity got itself adopted as a standard in a supposedly open and independent standards body. Because that happened, users are having that DRM pushed into their browsers, mostly not knowing this. That may have been somewhat harmless because relatively few places use it (I don't have it installed either), but it is not a good sign for things to come if we let companies interested in forcing their will on the standard control the creator of the standard. Whether those are really big or medium-sized ad companies doesn't matter; it should be for internet users and developers, and it should be open.
"The DRM spec hasn't been a problem for me, using Firefox."
That might be for one of two reasons. Reason 1: you don't use DRM. Reason 2: Firefox includes it. It has since version 47 and it looks transparent to you. It's used on various streaming platforms, but compatible browsers see it and it works without showing the user. So perhaps you do use it and you don't know.
The problem is that other browsers can't just drop it in, both because it's proprietary and because Google owns it and gets to control quite a bit about how it's licensed. If Google says no, then the application can't use their browser to play any DRMed content, and this means most in the public come to see that as a failed browser. This would be a lot like flash except it actually got itself adopted and people don't see it as blatantly; they don't know what to blame when it breaks things.
If I was going to put 21 TB of data somewhere for the benefit of historians, it wouldn't be code, or at least relatively little of it would be. Code may tell some how a few of us thought, but it doesn't show much about how we lived except for the readme files. Similarly, if there are translation files in there it might help as a sort of rosetta stone, but that's getting to the goal by quite an inefficient path. A lot of code will look like all the rest of code, moving data chunks around. It won't help historians very much to have driver code for fifty open source hardware platforms that no longer exist. Here's what I would include instead:
Translations of various texts into most languages, trying to ensure that most subjects are covered (technical, legal, scientific, narrative story, and the most important basic description of something likely to continue to exist later on such as the water cycle). This helps with the inevitable language problem.
Dictionaries of all the languages we've included, which helps with extra words when they've figured out the basics.
Books on geography and astronomy, which help clarify what the planet was like when we were around.
Textbooks for most subjects at various educational levels which provide a summary of what we knew or at least what we thought we knew.
Descriptions written of everyday life by people who have been instructed to provide every detail, and most likely to ensure this, describing the life of people who live quite differently to the describer.
And, since I've probably missed several important things, let's just throw in the entire contents of Wikipedia in there.
There's my suggestion, and that probably fits just fine in a single terabyte; at least text-only Wikipedia certainly does and that's probably the largest chunk in the set. It's not perfect by any means, but if I had to figure out what life was like a thousand years ago, I'd rather have had their encyclopedias than a library written in an invented language that reads from devices implementing an arbitrary communications protocol to read chips with another arbitrary protocol.
It's basically Gentoo everything. First, you retrieve the source for an operating system, Linux for example. This needs various libraries, so you find those too. These need to be compiled, so you retrieve a C compiler. Then you realize that you don't have anything to run on and the compiler's also written in C. Then, you write your own language and compiler for whatever computer you have found, or you use whatever programming language is on the surviving machine available. So basically it would only be useful in a very weird catastrophe. Maybe we should have someone write a book called "How to build a computer out of rocks that knows how to execute some instruction set we designed for computers built with lasers" and put that in the archive too.
If you'd like an opinion, here's mine: No.
Cutting countries off the internet is bad because it's hard, it gives them extra power, and it harms us. I'll take each point in turn, but these are short summaries. Also, I've used China as an example below for two reasons. First, it's annoying to write and to read "Russia, China, Iran, and countries like them" all the time. Second, the problems I detail get infinitely worse the larger the country and the more activity links them and us, and on that basis China is the most dangerous.
It's hard: In order to disconnect China from the internet, we have to disconnect their lines and/or drop all traffic coming out of them. If we try to cut the lines, we will need to reconnect other places which currently use China's lines for transoceanic communication. Mongolia is going to be the worst hit since they're entirely enclosed by China and Russia, but you have some other countries in southeast and central Asia whose lines are going to need to go through India, meaning getting Pakistan on board and going through war-torn areas. Then, you have to imagine that China will try to work against this, for example by using existing lines that go into Vietnam and masquerading as Vietnamese traffic. Do you really expect Vietnam's government to take drastic action to stop this with one of their closest allies and one with a massive army quite invested in it continuing to work? Of course, any espionage would be much more hidden than that, perhaps starting by going through Myanmar but quickly bouncing to servers in the west operated by agents in some other country.
It helps the countries we are trying to hurt: China spends a lot of money protecting itself from terribly dangerous network traffic containing things favorable to democracy. By cutting off that traffic, they don't have to bother anymore. The important government services will still run on local systems through local comms, so the citizens shouldn't be that affected. And when they are anyway, there is a perfect target: the west. "The west has cut off your internet. They do not like us Chinese. They are the enemy. We didn't do it; they did. Why would you support them?"
It hurts us: Currently, we rely on China for various things. It might be better if we didn't, but we do. We buy from and sell to China, collaborate with Chinese research institutions, all that. If we cut off the communication between us, we have to stop most of that and don't expect what is left to continue for long after the governments start looking for revenge. This means that we cannot get things from there, make money there, or do anything to help the people living there get some rights.
It hurts us even longer: That was what happens in the first month or two, but let me prognosticate a bit further. If we decided to cancel our business relationships in China, which we really might like to do, people interested in human rights might be pleased. People who used to make a lot of money in China, however, won't be so happy. It will be in their interests to bring back their profit stream, and they will try. The easy way to do that is to lobby for new politicians who will restore the ability to trade in China, in return for which the Chinese government will demand various assurances from said country. If Singapore, for example, reopens its internet to China and starts buying things from them, do we give up on this exercise, cut off Singapore too, or wait for the same to happen to us? None look viable to me.
KaiOS is using most of the code of Firefox OS (global effort) and is continued by an American company. While I think the most effective sales effort for those devices has been in India, it's not an Indian home-grown OS. Incidentally, Google has been one of the most prominent developers of apps for that platform and has invested in the developer. I assume they're preparing for the possibility that they don't keep their chokehold on the low-end smartphone market.
"Nor is there news of how the new device will impact Android One, the slightly-simplified version of Android that Google launched in 2014 to bring low-cost smartphones to India. Android One is currently alive and well and Google promotes a decent range of handsets running the OS."
That's incorrect. You're thinking of Android Go Edition. Go Edition is designed to run in a gigabyte or less of memory with the extra surprise feature of not having compatibility with some things that you will find out at some random time after you make the purchase. Android One, on the other hand, is a guarantee to supply updates for such a long time that most likely all phones will be broken by the time it expires. Well, to supply updates for sort of a long time. Well about half the expected update lifespan of an Apple device and a third of the lifetime for a Lineage OS device.
Yes, I know about the tips and corrections address. I might send a summary there at some point, but I'm not on a machine with a mail client configured at the moment and I'm kind of lazy.
The problem with that feature is that the main meeting is still going on. Separate small conversations work when people are between meetings. For example, if my team has a meeting, I pay attention to it, and after it ends, I find the person I wanted to talk to separately and we have a chat while we walk back from the meeting room. I'm not ignoring the others.
Existing videoconference software is perfectly capable of doing that, but it doesn't happen very often for a number of reasons. For example, I used to have conversations with the dev nearest me in the office. Some of these were pointless to productivity but I enjoyed them (I hope and think he did too). Some were useful to our project. Neither type happens very often, even though we have the ability to chat or call one another. I tend not to send messages because I'm not sure whether he's busy, something I can determine by looking at him in the office. I think it's similar here, with the added complexity that previous corridor conversations at a conference like this probably occurred between people who don't know one another very well.
The article told us what happened. The counterfeiters wrote a bootloader so it would bypass some protection code. Cisco's update had a new bootloader. Cisco's update knew how to install the bootloader and that it would work on their gear. The counterfeit device didn't think it through and installed the new bootloader, wiping out their custom one. Their custom one being required, that didn't end well.
On a legal basis, it's not Cisco's responsibility. If they knew of counterfeit goods, it would have been easier for them to just call law enforcement. But they are not under any responsibility to ensure their updates work on equipment they didn't license the software to run on. Sadly, they often aren't required to make sure their software works correctly on the devices they do build either, though you can sue them for lost productivity if that happens.
I haven't found charging quickly to be that important. My battery is showing its age and sometimes needs an odd time recharge, especially if I haven't plugged it in the night before, but my solution to this is easier. I have a collection of USB batteries. Some were given to me as presents, and they are large capacity and well-built. Some were given to me as methods to show the company's logo, and those are available if I am ever concerned about losing one. Either way, I can drop one into my backpack and be assured that I can charge my phone should it need it, assuming I haven't borrowed the cable I keep alongside it. These mean the battery doesn't die, extend the time I can be away from power if I ever need that, and can also be used to power other devices in a pinch.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
