Posts by doublelayer

Re: You're funny

"las t time a friend tried charging his iphone here (last years model) he found that with his genuine lead it refused to charge from the usb chargers that we use for our samsung & honor phones, in the end the only thing we found that would charge it was an old charger for a 1st generation ipad mini."

I really don't know about this. I have had iPhones, and they have charged off anything, up to and including a Raspberry Pi. I know I charged one off this really cheap plug next to me which is, let me check, a ZTE. I don't even know how I got a ZTE USB adapter, but it works fine on everything, so it remains in service.

Re: New one on me

Come on. "I can math" has always in my experience been a lighthearted joke in one of two situations: someone expresses surprise at your having done some calculation quickly or when they didn't expect you to do it, or you have made a stupid mistake in mental arithmetic. It's used to juxtapose someone who doesn't know how to phrase that grammatically correctly with someone who is doing mental mathematics. As for "I logicked", I have heard that but very rarely and the grammatical way of saying the same thing: "I used logical thinking to come up with a solution" sounds pretty stupid too.

There are some people who seem to enjoy verbifying nouns, but it's usually sectors like PR or consultants who need new euphemisms or new things they are an expert in that nobody else has heard of so they must be good.

Re: As I read that

"It wiped the car. It just didn't wipe Tom Tom's customer database, which is not in the car."

I get this distinction. When I first read it, I was inclined to agree with it. Having read information in other comments however, I don't think the user is at fault here. It wiped the internal parts of the car. The car was sold with the TomTom device included, meaning that device was in the car at time of purchase. The device interacted with the main car display, meaning that a user could infer, incorrectly in this case, that it was connected to the car's systems and would also be reset on the activation of the wipe. That device didn't get reset or, if it did, didn't update the account it was connected to to inform the account of the reset. And the user didn't have any repeated billing set up on that account. When the charge, wholly unexpected as it was TomTom's error, came through, it presumably indicated in some way that it was linked to that particular Mazda vehicle.

You could see why the original misconception was that Mazda could do something about this. They sold the equipment in the car, their screen controlled the equipment and was used to perform the reset, and the bill mentioned them. Now we know that that wasn't correct, and it wouldn't be fair to them to continue to blame them for much other than failing to warn of this possibility in the reset process. Still, given the limited information available at earlier points in the process, I think the concern was understandable.

Re: Can we get a utilitarian tablet?

So you want a tablet with few inputs, bigger than a tablet, with no battery? An odd use case, I'd say, but you can probably manage it if you're willing to fiddle around. You could, for example, get a Surface, disconnect the camera (from a teardown it looks like that's doable), and run Android X86 on it. Or you could get a tablet meant to run Linux which has killswitches for all those things and do a bit of work to make Android run well on it. And I found some large, desktop-sized all-in-ones with Android on them from several years ago. Maybe one of those product lines still exists. But if you're asking why companies haven't built that device already, it's because it isn't very useful for people. Most users use tablets and touchscreen devices for portable, not desktop, use cases. So they make them smaller and with batteries.

Re: Democrats

I thought that about the surveillance bills passed in the early 2000s. Then I stopped thinking that, which was good because it's painful to be wrong and I would have experienced that pain every year or so when they blindly reauthorized those powers, even as revelation after revelation came through about what those powers were being used for. Why should I believe that any politician, other than perhaps Senator Wyden, understands or cares about privacy and security? I have seen no evidence in favor and quite a bit of it against.

Re: once the encryption is broken...

That's likely not how that would work. First, it requires tech companies, most or all of them, to choose altruism and privacy over profit and friends in government. They're already not willing to do that; why will they when it's even more painful? Most of the big companies don't really care much about encryption. They provide it some of the time, but mostly they don't bother. The primary exception among the giants is Apple, but Apple alone probably can't do much about this, especially as they don't run public online platforms anyway so they're safer than most from the effects.

Of course, if some company does decide to turn off a state for those reasons, that state will almost certainly find a way to go after them. They could, for example, sue them for violations if they can get any connection from that state to the encrypted system run outside it. States have power to arrest employees or get assets the company might have there, so if they want to force a company to comply with the law in one specific way, they have some tools they can use to try to make that happen.

From the article, which presumably you read before getting here:

"Initial drafts of the law also contained two proposals that raised serious concerns from a broad range of groups and organizations. Firstly, the creation of a new 19-person committee that would be led by the Attorney General and dominated by law enforcement which would create content rules that tech companies would have to follow to retain legal protections. Secondly, and the suggestion that has security folks up in arms, is that those rules could require tech companies to provide Feds-only access to encrypted communications."

Summarized from later in the same article:

That panel: Still in the law. Still law enforcement.

That panel empowered to require backdoors: No.

Fifty state panels empowered: Yes.

Fifty state panels restricted from requiring backdoors: No.

Some state governments expressed interest in backdoors: Yes.

So some states could make encryption illegal: Yes.

So companies would have a patchwork approach: Yes.

Which would be really tricky and open them up to lawsuits: Yes.

Which companies like to avoid: Yes.

Easy solution to that: Don't offer encryption inside U.S.

Re: We're all fucked....

"Once it affects those senators, then they'll realise the mistake they made."

I admire your optimism. I unfortunately cannot see them ever understanding what this does, even if they are directly targeted by it. Even if the person who breaks in puts a message box on their screen saying "I could do this because of the act you passed", they'll probably go on thinking that it made total sense. Now, in order to find the person who broke into my computer system, I am proposing we pass the Encryption Violations and Intelligent Law Act, which will allow law enforcement to access information during investigations without a warrant as long as a copy of that data, encrypted or not, has ever existed outside the house of the subject, on the basis that current law only requires a warrant to search the houses of subjects so data isn't included.

Re: Sometimes you just have to be there

I entirely agree. I think this applies to most of life, really. I've certainly noticed that some types of activities I did at the office are not working as efficiently now that I am at home, and my job is one of the most easily virtualized ones. Still, I know that it is not safe for me to return to the office, and if the U.S.'s trend continues, it may not be safe for students to return to universities in a month or two. Given this safety concern, there are only a few ways to deal with it.

You could just cancel classes and postpone them for a time when optimal learning conditions are available again. This would harm plenty of students who will have delayed entry into the job market and may not have the economic ability to do nothing for a semester. You could bring all the students to the campus with the ability to send them back home if something happens, but in addition to increasing the likelihood of something happening, you have also created a bunch of chaos if you do exercise the option of sending the students away. You could try a hybrid model where some students show up and some don't, which would probably be bad because those who do show up get all the benefits you listed in your comment while those who go virtual aren't the primary focus of the university's planning (as well as all the concerns about bringing everyone back just scaled down a bit).

While you raise valid points, nobody is doing this because they think it's better. They're doing it because the situation is dangerous.

Re: It Could Be Made to Work ???

Well, that has several downsides. Basically, you're hoping to compare a lot of latencies between the satellites, requiring the device at the other end be informed of relatively large sets of data. That would make the system more delicate and require more data from the satellites. It would also make the system a lot more dependent on fixed ground locations, which isn't necessarily the most desirable setup. While those satellites are capable of broadband speeds, doing that would usually require larger receiving dishes and more power output. For things like ships and planes, you probably wouldn't find it that hard. For portable units used by field troops, that approach might be inadvisable. Still, if they intend to use the constellation for this purpose, they may find that my concerns are not that troubling. Still, if I were them and wanted to do the navigation with these satellites, I'd start by considering just putting the clocks in the ones that haven't yet been launched. They're planning to send thousands up; it's fine if 80 don't have clocks.

Re: It Could Be Made to Work ???

Phone chipsets rarely support additional services that weren't around when the chip was designed. No matter how a new navigation system is implemented, whether almost identical to GPS or entirely different, a new chip will be needed to receive from it. The only exception would be a system which augments an existing one, similar to how QZSS overlays upon GPS for Japan. As for the clocks, that would be a problem. While they could put the clocks in the new satellites and reprogram them, they could have also put clocks in their own satellites without buying this company. While a navigation system isn't impossible, it would seem to be a strange step to take if that was the primary goal. Given their discussion of broadband, perhaps they have other goals in mind. Whether those goals make sense or are in any way useful is another question.

Re: Liability

Yes, you can switch an image in such a way that you are in the wrong. It's not because you switched the image. It's because the image you switched to is illegal, meaning you are guilty of possessing an illegal image and of trying to distribute it. You can claim maliciousness on any switch, but the fact remains that it's not their image to retrieve. It does not matter what it was or what it switched to; they have no legal claim.

For example, let's consider part of your comment:

"unless you switched the file with malicious intent, meaning to cause harm, inconvenience, punishment."

The most open of those words is inconvenience. The problem is that, although anything I change is inconvenient, they don't have any right to convenience on that basis. They are using my bandwidth without permission. It is similar to if they ran their corporate network off my WiFi from next door without permission. If I found out and changed the password, they would be inconvenienced. However, they would not have the right to recompense for that because the inconvenience they received was a direct result of their doing something they do not have a right to do. I did not guarantee that I would keep my WiFi up, nor did I guarantee that my server would stay up, nor did I guarantee that I wouldn't change files.

The same argument applies to harm. If they connected a device to my WiFi that would cause harm if it lost network connection, and when I changed the password it did cause harm, that is not my responsibility. They exposed the victim to harm by making it rely on something they didn't have a right to use. That is, at the very least, negligence. I don't think most courts would stop there either.

Re: Liability

"Lets say you were hosting a copy of (say) jQuery. Then, you notice that Barclays have hotlinked it into their own site. If you now come along and stick a crypto-miner into that file, you're opening yourself up for a world of hurt."

If I want to make a script on my page with a cryptominer, I am allowed to do so. If I call that file JQuery.js, I am allowed to do that. If I edit JQuery, I am allowed to do that (MIT license). So the only way they would have a legal claim is if I agreed to host it for them. Otherwise, I have never made any guarantee that the file would remain what they saw at one point. I can argue that I did not know they were linking to the file, and they would have no proof that I knew that. I can argue that they were violating my terms of service by linking to the file, and if I did edit my ToS accordingly I would have a better case than they would. I don't need to claim either of those things in order to have the right.

The issue of a powerful place using legal might to harm people they don't like, even when they have no legal basis to their attacks, is accurate. However, it's also possible for them to do this for anything else. If they hotlinked to a file and I changed it to indicate they used without permission, they could get angry. If I blocked their request, they could similarly get angry. If they felt the need, they could have their lawyers sue me for breaking their service. However, if I blocked, edited to print a string, or edited to introduce a miner, I have the same rights to do what I have done and they have no basis to win the case.

Re: Liability

If they have hotlinked to your site because you are providing them a service, then there is a terms of service document describing who is responsible and potential penalties in various situations. Under GDPR, your site would be a data processor and both you and the original site would need to ensure legal handling of the data provided to you. If you violated that, data protection authorities can go after you, even if it was through another site that the data came to you.

If they link to you without permission, then you are not responsible. Well, that depends--if you log information you know to be personal information when you know you have no right to it, data protection can still go after you. But for most other things, you don't have any responsibility. If you want to host scripts that nobody else would want on your site, you are allowed to do so. For example, cryptomining scripts are not illegal, so you can put them up if you wish. If someone decides to link to a file and you switch it to a different file, that's their problem. Any liability would be on them because their site, not yours, was the one deciding what the user gets, and it was their choice to include a script their users don't like.

Well, many businesses want someone's head because it's an easy way to make it look like they've done something: "The employee responsible was fired [and therefore the person who should have detected and prevented won't be]". But there's various times when it's the right response. I don't know how or why this particular error happened. However, if it was somehow done intentionally, it's a very obviously bad thing to do. Someone who decides to use a compromisable third party without any guarantee of security or functionality might not be the best coder out there.

Yes, there are lots of things that can fall into that bucket, but this is worse than most of them. For example, although pulling code directly from NPM is similarly dangerous, people at least expect that it happens and do some types of automatic security checks on new releases. Nobody's going to do that for the Internet Archive. Also, most places from which external scripts are retrieved at least expect that to happen and have made statements about keeping their server up. I don't think the Archive has ever indicated they are willing to be used as a CDN and they can delete files or edit them at any time without notice.

So, if you have a sufficiently worrying practice being intentionally used, you have to wonder whether you will catch them if they do something like that again. That isn't necessarily a reason to immediately fire someone, but if you have alternatives, and the current job market means you probably do, it's a thing worth considering. A good company won't fire people for honest accidents, but negligence or intentionally doing something stupid are potentially worth it.

Re: Pre-orders for the Librem 14 opened today priced at $1,199.

I checked out their specs page. Base RAM is 8GB. Increasing that to 16 GB costs $79 and to 32 GB costs $219. Base storage is a 250 GB SATA M.2 SSD. They have various larger and faster options.

For those outside the U.S., there are some limitations there. You'll notice I quoted all prices in dollars, because they don't seem to have prices in any other currency. They note that, while they ship, taxes in other countries are the buyer's responsibility so I can't tell you U.K. prices with VAT included. They have power adapters for U.S., U.K., and EU sockets. Not Australia, though it is a USB-PD one so that doesn't have to be a problem. Also, they only seem to have English U.S. keyboard layouts right now. If you can touch type your language on that layout, you're good. If you have an attachment to the U.K. layout, maybe they'll fix that sometime.

Re: Why Intel?

You can get a thing like this with an ARM processor at the core. I think there are a few like that, but the one I know about is the Pinebook Pro. It is very open, has hardware designs, firmware source, hardware killswitches. The only downsides are that, using conventionally available ARM SOCs, it is a little limited performance-wise. It maxes out at 4 GB memory, and has six relatively slow CPU cores. If you can handle the reduced performance in a laptop and want a lot of privacy and security, that's probably a good option. Otherwise, we will have to wait for more easily obtained fast SOCs or stick to X64.

Re: Severely endangering national security

"the Chinese government (indeed, its people) may prize stability more than "flourishing" or 'progress.'"

Rubbish. The Chinese government prefers that because stability means the previous status quo, I.E. they have all the power, stays in place. The people don't get to decide because 1) the government has done everything it can to mislead them about the benefits of their rule and the dangers of its removal, 2) the government has done everything it can to indicate that, should you have opinions, it is wise not to tell anyone lest they be forced to give you some vocational training, 3) the government has also indicated that, if you don't have opinions or even if you do, and someone asks you for your opinion, you should state one fully supporting the government, and 4) the government has demonstrated the capability and willingness to back up items 1-3 with violence.

I am tired of the arguments that a dictatorship is suddenly acceptable because it is desired by its victims. It's simply not true. Cultures may have different ideas about what they view as logical, but similar cultures in places like Taiwan and yes, Hong Kong, prove that there is not some Chinese acceptance of authoritarianism. No, you cannot base it off the writings of east Asian philosophers who preached the same, because I can find Thomas Hobbes and many like him and throw him back at you. Democracy as it is currently practiced is a relatively new concept, and it is not restricted to some subset of the world's cultures.

Everyone is capable of deciding how they want their government constructed. Nearly universally, when people are given that choice, even without experience with all options, they have chosen democracy or something they thought would be democracy. The democracy practiced in Japan and South Korea is differently structured than that in the U.K. and U.S., just as it is different from that practiced in Chile, Sweden, or various other clearly democratic countries.

Re: What's wrong with standard unix user-group-world and access control lists?

Android has lots of problems, and it's not because of their SD card format. If they wanted to, they could sandbox the SD card easily without doing anything to the format. It's already set up to have directories where apps write by default. They just block access to those directories based on the app, allowing the user to override that. Problem solved. Except that's not the problem. Android's problems run a lot deeper than that, and the choice of format and decision not to sandbox the SD card too is somewhere between inconsequential and slightly positive.

Re: What's wrong with standard unix user-group-world and access control lists?

On most consumer computers, everything is run with the same user account. Try explaining to the general public that yes, we know you are just one person, but you should create multiple users to run different applications. It sounds ridiculous. That's because, in most cases, it is ridiculous. I have done it with a few applications I have reasons to limit, but most of the time, I have no reason to and I don't. With this, you can take one of a few approaches to solving this problem:

1. What problem? Everything in the user's directories can be read or written if the permissions say so. This is generally fine if malware doesn't get into that directory. Not so good if that happens.

2. Create various areas where applications can write which are sandboxed away from other applications. This actually makes a lot of sense, because user documents can be stored in general-purpose directories.

3. Throw up warning screens whenever a new application wants to read or write to a new area. This will probably generate user annoyance and high blind click-through rates.

4. Warn the user on each file an app loads. The users will soon throw the computers on the floor.

Apple went with a combination of options 2 and 3. Option 3 is the more annoying, whereas option 2 makes a lot of sense. Unfortunately, we now know that they failed to implement option 2 correctly, became aware that they failed, didn't fix it, and ignored the problem completely. So we're essentially back to options 1 and 3. If you're sufficiently confident that you will never have malware running on your user account, you're fine. If you think that's a possibility, you're less fine.

Re: Is this an open check for the registrars?

Registrars can already do that; you don't need a domain to be trademarked for that domain to be valuable. If one registrar decides to extort a user, they have that ability. Regulations try to prevent it, but not all of those regulations work.

As for ownership, things that are trademarked are never owned. Trademarks apply to things so small that you can't own it. Apple, the computer people, don't own the word or concept of an apple. Their trademark rights say that they can prevent people from using the word to name other computer products so people don't become confused about who actually made the thing. That right isn't perpetual or unlimited, and it in no way means they gain ownership over the word. Similarly, someone using a domain name as a trademark doesn't need to own a domain name, which of course they can't do anyway. If they don't have that domain name, their trademark application would likely be rejected because someone is already using the phrase; that would be a good thing to make explicit in law. That's why we have trademarks: to clarify who is using a thing that can't really be owned.

The decision can be made based on a survey because the law is about what users think. The law considers, for example, whether something is likely to confuse consumers, which you can't just encode into legislation. It also allows for trademarks to be removed if consumers have come to think of the term as generic, which likewise means that you have to find out what consumers think. The means to do that is to ask them.

Re: So many gaps in this...

Logically, this decision should have benefits for that. Someone trying to trademark "Booking" might have problems with holders of booking.*, assuming they managed to get past the generic term test. Someone trademarking "booking.com" would not overlap with someone with booking.[something else]. Of course, there's also the issue of trademarks in other countries which could go in a very different way.

Re: Gets my vote...

"USB C is the right connector to force as a common standard (until some new super feature comes along that needs something different)."

I am happy to go along with that when we force a common standard on USB-C. This means no display-only cables, no everything-but-display cables, no Thunderbolt-only cables, and while we're at it, no power-only cables and every cable at least capable of delivering 5V 1A. I already have functional but very annoying power-only micro USB cables which tend to turn up every time I really want to move some data to a device with a micro USB port; I don't want to repeat the experience with even more options for a not working cable. When every USB-C cable either carries all types of data or is broken, we can force its adoption. Until then, I don't think we should force something on people that is unwilling to adopt a standard itself.

Re: "quantum compass technology"

QZSS is intended to provide navigation in densely-populated cities. Japan has a lot of those. It also provides increased service throughout Japan and the surrounding ocean, but a lot of that is because QZSS works with GPS to provide extra information. If all the GPS satellites were to be shut off, QZSS would be difficult to use though theoretically possible. Presumably, the British military will want coverage over the U.K., the various bases in the Mediterranean, Atlantic, and Indian ocean, and in areas where they have fought recently such as southern Asia. You can't do that with a few satellites. If they're willing to do U.K. and surrounding ocean only, they can do so more cheaply.

Original: "Wrong orbit, wrong clocks, wrong radios."

Reply: "But only 12% launched so far, so clocks & radios are very changeable."

If they're going to design completely new satellites that work now, they don't need to pay this company; they just do the design and launching. The only reason to pay this company is to use what they already have, possibly augmenting it with additional launches for that constellation. They're not going to buy this company just to do something they could already do.

Original: "Even if it could be repurposed, which isn't a given, it would do positioning very badly."

Reply: "Why is why it's being considered primarily for comms & broadband, with positioning a purely speculative application."

It was discussed as a replacement for Galileo. Navigation system. It might be useful for other things, but the U.K.'s stated interest is for navigation. Maybe they know what to do to make it do navigation, but if they considered buying it for communications purposes, it would have been better for them to say that rather than call it an alternative to Galileo. It's not hard to type "For increased communications potential. The system may also be of secondary use in a proposed navigation system". They could have if they meant that.

Re: Re assume...

If you don't know what the plans are, because they are not apparent, how do you know they so obviously exist? Has someone told you of additional plans, so you know of their existence because you trust that person? Have you seen the big cabinet with "Extra plans: Satellite Navigation System" written on it? What evidence do you have for there being additional plans other than that it would make sense if there were some? There are many things that would make sense if they existed, but that doesn't create them.

Yes, they need engineers and designers on that report. They need them to answer questions like "What is needed to build a system like this?", "What do we already have that we can build on top of?", and several rounds of "How about this instead?". You need to pay the engineers. Sometimes, they need to run some models or simulations. They don't, however, need to build satellites or receivers for them, nor build new computers to run models on. Their purpose is to come up with some possible designs for a system and expected costs in time and money to build them. It's mostly thinking of designs and writing about them. Their remit is not to build prototypes; their remit is to write about possibilities. At the end, their product will be a large set of writing, hopefully including useful answers to all those questions. Or in other words, a big report.