Posts by doublelayer

Re: "pre-installed Facebook app"

In that case, perhaps you could enlighten me to the point I missed? Your comment seems to have left that out.

As I understood it, the comment from which I quoted was under the impression that there was no data available to be stolen by a possibly malicious app. Their comment seemed to indicate that, since the phone couldn't contain a lot of information Facebook would like, it must have no data of value. I listed various types of data that would be entirely obtainable from this device and that it would be undesirable to give to Facebook. Again, if I missed a point, and you understand the point, it would be nice for you to explain yourself. It would have been nicer for you to have done so when you felt the need to tell me; I find discussions work best when people say what they think.

Re: The point of the EU

"The USA wants privacy for its own citizens."

No, it does not. It doesn't want privacy for any other citizens either, but don't think its own citizens are getting consideration or extra things. As government policy goes, it would like for privacy to be deleted from the dictionary and everyone's brain so people stop complaining about all the violations.

Re: Wireless FM radio

Update: Several months after this article, a review stated that a wire was needed for the radio. My assumption of earlier seems to have been incorrect.

Re: Do you ever change your mind, based on data?t

I don't think that's necessarily true. While most devs don't have a need for the kind of processing that graphic designers do, their workload is often heavier than text entry. In my work, I enter text for a while, then I compile and test locally. This may not require much power (it doesn't do any GPU-accelerated work at all, for example), but if I had to wait five times as long for a really low-end processor to compile some of my bigger projects, I'd be rather irritated. It's true that, when I'm done with my code, I push it to a remote server which compiles again and runs a bunch of automatic tests, but that doesn't liberate me from having to test locally. Most of the time, the automatic unit tests are sanity checks on things that could have broken inadvertently, but if I'm adding new functionality, I not only have to unit test myself, but I also have to run more thorough tests to verify that, not only do the small bits work, but they are put together in such a way that the big goal happens too. I don't push that to a server primarily because I don't want to wait around for my test data to be uploaded (sometimes medium-sized files) a job to be queued, eventually run on a new build environment, a log to be produced, the log to be put in the files section, download the log, then open it to see whether it worked. Instead, I can run the program locally right now, specifying to print the log to the terminal, and see what happens in real time. If the program I'm testing is one that needs substantial processing, and some but not all are, then having a better CPU means I can do that more efficiently.

Re: @doublelayer - Brave

Of course, it can be removed. The point is less that and more that a proprietary blob which is controlled capriciously by a commercial entity got itself adopted as a standard in a supposedly open and independent standards body. Because that happened, users are having that DRM pushed into their browsers, mostly not knowing this. That may have been somewhat harmless because relatively few places use it (I don't have it installed either), but it is not a good sign for things to come if we let companies interested in forcing their will on the standard control the creator of the standard. Whether those are really big or medium-sized ad companies doesn't matter; it should be for internet users and developers, and it should be open.

Re: It doesn't need to be runnable

If I was going to put 21 TB of data somewhere for the benefit of historians, it wouldn't be code, or at least relatively little of it would be. Code may tell some how a few of us thought, but it doesn't show much about how we lived except for the readme files. Similarly, if there are translation files in there it might help as a sort of rosetta stone, but that's getting to the goal by quite an inefficient path. A lot of code will look like all the rest of code, moving data chunks around. It won't help historians very much to have driver code for fifty open source hardware platforms that no longer exist. Here's what I would include instead:

Translations of various texts into most languages, trying to ensure that most subjects are covered (technical, legal, scientific, narrative story, and the most important basic description of something likely to continue to exist later on such as the water cycle). This helps with the inevitable language problem.

Dictionaries of all the languages we've included, which helps with extra words when they've figured out the basics.

Books on geography and astronomy, which help clarify what the planet was like when we were around.

Textbooks for most subjects at various educational levels which provide a summary of what we knew or at least what we thought we knew.

Descriptions written of everyday life by people who have been instructed to provide every detail, and most likely to ensure this, describing the life of people who live quite differently to the describer.

And, since I've probably missed several important things, let's just throw in the entire contents of Wikipedia in there.

There's my suggestion, and that probably fits just fine in a single terabyte; at least text-only Wikipedia certainly does and that's probably the largest chunk in the set. It's not perfect by any means, but if I had to figure out what life was like a thousand years ago, I'd rather have had their encyclopedias than a library written in an invented language that reads from devices implementing an arbitrary communications protocol to read chips with another arbitrary protocol.

Re: Is it Time?

If you'd like an opinion, here's mine: No.

Cutting countries off the internet is bad because it's hard, it gives them extra power, and it harms us. I'll take each point in turn, but these are short summaries. Also, I've used China as an example below for two reasons. First, it's annoying to write and to read "Russia, China, Iran, and countries like them" all the time. Second, the problems I detail get infinitely worse the larger the country and the more activity links them and us, and on that basis China is the most dangerous.

It's hard: In order to disconnect China from the internet, we have to disconnect their lines and/or drop all traffic coming out of them. If we try to cut the lines, we will need to reconnect other places which currently use China's lines for transoceanic communication. Mongolia is going to be the worst hit since they're entirely enclosed by China and Russia, but you have some other countries in southeast and central Asia whose lines are going to need to go through India, meaning getting Pakistan on board and going through war-torn areas. Then, you have to imagine that China will try to work against this, for example by using existing lines that go into Vietnam and masquerading as Vietnamese traffic. Do you really expect Vietnam's government to take drastic action to stop this with one of their closest allies and one with a massive army quite invested in it continuing to work? Of course, any espionage would be much more hidden than that, perhaps starting by going through Myanmar but quickly bouncing to servers in the west operated by agents in some other country.

It helps the countries we are trying to hurt: China spends a lot of money protecting itself from terribly dangerous network traffic containing things favorable to democracy. By cutting off that traffic, they don't have to bother anymore. The important government services will still run on local systems through local comms, so the citizens shouldn't be that affected. And when they are anyway, there is a perfect target: the west. "The west has cut off your internet. They do not like us Chinese. They are the enemy. We didn't do it; they did. Why would you support them?"

It hurts us: Currently, we rely on China for various things. It might be better if we didn't, but we do. We buy from and sell to China, collaborate with Chinese research institutions, all that. If we cut off the communication between us, we have to stop most of that and don't expect what is left to continue for long after the governments start looking for revenge. This means that we cannot get things from there, make money there, or do anything to help the people living there get some rights.

It hurts us even longer: That was what happens in the first month or two, but let me prognosticate a bit further. If we decided to cancel our business relationships in China, which we really might like to do, people interested in human rights might be pleased. People who used to make a lot of money in China, however, won't be so happy. It will be in their interests to bring back their profit stream, and they will try. The easy way to do that is to lobby for new politicians who will restore the ability to trade in China, in return for which the Chinese government will demand various assurances from said country. If Singapore, for example, reopens its internet to China and starts buying things from them, do we give up on this exercise, cut off Singapore too, or wait for the same to happen to us? None look viable to me.

Re: "Slapping a "Personal Edition" label on a product implies..."

You may have read, but you're doing quite a nice job misconstruing all the points. Let's look at your comments and what they came from:

LDS: "I read the comment. The comment implied LO has no freedom and just they want software from LO they have not to pay for."

gobaskof: "Slapping a 'Personal Edition' label on a product implies [note implies here] you can only use it for personal use, which would be against the license. It is technically legal. But it is wrong [opinion]"

So the original comment demonstrates that they understand that any organization can do as they please with the code, including providing or refusing to provide binaries. That comment disagrees with it.

"RedHat doesn't make the Fedora and CentOS builds - those are "community" projects."

From the Wikipedia article for The Fedora Project:

"The project was founded in 2003 as a result of a merger between the Red Hat Linux (RHL) and Fedora Linux projects. It is sponsored by Red Hat primarily, but its employees make up only 35% of project contributors, and most of the over 2,000 contributors are unaffiliated members of the community.[6] [...] The Fedora Project is not a separate legal entity or organization; Red Hat retains liability for its actions.[15] The Fedora Council is currently the top-level community leadership and governance body. The Council is composed of a mix of representatives from different areas of the project, named roles appointed by Red Hat, and a variable number of seats connected to medium-term project goals.[16] The previous governance structure (Fedora Board) comprised five Red Hat appointed members and five community-elected members."

There's some external community, but Red Hat controls a lot of the code and the organization that owns it. You can argue definitions if you want, but I consider this as having a significant connection to Red Hat.

Original: "But it is wrong and misleading and should not be allowed"

Reply: "Really? This is the mindset of people who think Open Source is 'hey you, work to give me the software I need for free!'"

I don't think that's really true, as the code would exist anyway. It's not that hard to compile most open source projects, so if you don't want to give back, the policy is simple. The original comment was expressing the opinion that labels like "personal edition" imply something that might put off users. Not that they actually do, but that users may believe they do. The opinion was that this belief might dissuade people from adopting it and therefore lose the developers the income from support contracts, extra features, and similar.

LDS: "Again, nobody forbids anyone to take the LO code and make all the builds they like and distribute them. But you can't think to force a company to make the builds you need for free. Otherwise, where's the freedom?"

And once again, the original comment clearly states that there is no requirement forcing anyone to make specific builds, but that if the proposed specific builds were made, they believe that decision to be a bad one. I think part of the reason that leads to this opinion is that it wouldn't be the core LibreOffice team making those decisions, but instead a commercial company, Colabora. It could be considered misleading if someone other than the LibreOffice control organization made software calling itself LibreOffice but with restrictions. It would be legal to do (and again the original comment says as much), but it could sound bad to some people, including the one you replied to.

Re: One reason only

KaiOS is using most of the code of Firefox OS (global effort) and is continued by an American company. While I think the most effective sales effort for those devices has been in India, it's not an Indian home-grown OS. Incidentally, Google has been one of the most prominent developers of apps for that platform and has invested in the developer. I assume they're preparing for the possibility that they don't keep their chokehold on the low-end smartphone market.

Re: "The lack of corridor diplomacy affects participants’ ability to network"

The problem with that feature is that the main meeting is still going on. Separate small conversations work when people are between meetings. For example, if my team has a meeting, I pay attention to it, and after it ends, I find the person I wanted to talk to separately and we have a chat while we walk back from the meeting room. I'm not ignoring the others.

Existing videoconference software is perfectly capable of doing that, but it doesn't happen very often for a number of reasons. For example, I used to have conversations with the dev nearest me in the office. Some of these were pointless to productivity but I enjoyed them (I hope and think he did too). Some were useful to our project. Neither type happens very often, even though we have the ability to chat or call one another. I tend not to send messages because I'm not sure whether he's busy, something I can determine by looking at him in the office. I think it's similar here, with the added complexity that previous corridor conversations at a conference like this probably occurred between people who don't know one another very well.

Re: Computer misuse act

The article told us what happened. The counterfeiters wrote a bootloader so it would bypass some protection code. Cisco's update had a new bootloader. Cisco's update knew how to install the bootloader and that it would work on their gear. The counterfeit device didn't think it through and installed the new bootloader, wiping out their custom one. Their custom one being required, that didn't end well.

On a legal basis, it's not Cisco's responsibility. If they knew of counterfeit goods, it would have been easier for them to just call law enforcement. But they are not under any responsibility to ensure their updates work on equipment they didn't license the software to run on. Sadly, they often aren't required to make sure their software works correctly on the devices they do build either, though you can sue them for lost productivity if that happens.

I haven't found charging quickly to be that important. My battery is showing its age and sometimes needs an odd time recharge, especially if I haven't plugged it in the night before, but my solution to this is easier. I have a collection of USB batteries. Some were given to me as presents, and they are large capacity and well-built. Some were given to me as methods to show the company's logo, and those are available if I am ever concerned about losing one. Either way, I can drop one into my backpack and be assured that I can charge my phone should it need it, assuming I haven't borrowed the cable I keep alongside it. These mean the battery doesn't die, extend the time I can be away from power if I ever need that, and can also be used to power other devices in a pinch.

Re: Bad timing, sigh

You can, and I have, but that only works for some of the use cases of VPNs. In my experience, people want VPNs for one or more of the following reasons:

1. To provide a secured tunnel to a known endpoint.

2. To access other machines without having them be openly available on the internet.

3. To have anonymized traffic that's difficult to track.

A VPS handles use case 1 easily. It can handle use case 2 with some work (for example, I have mine set up so I can VPN into it, then follow a previously-established tunnel to a device which is on another network). It does not handle use case 3 unless you allow others to use your VPN as well so you can hide among them. That's usually not a good idea because you will use up a bunch of bandwidth and may be responsible if someone uses yours for illegal actions.

Re: Free/Libre and Open Source advantage

"I made an Android app that reads the clipboard on startup without asking. It does it to see if the clipboard contents is a URL, in which case it pre-populates a text field with that URL"

That's your choice, but I think it's not that useful for a few reasons.

"I could have added an extra Paste button, but then I'd have to worry about issues like "would the button take up too much room on small displays" (or if it's hidden, would users be able to find it)"

This is why consistent UI decisions across apps are so useful. In most operating systems, there is a typical way to copy and paste and any app supporting those actions does it the same way. If your paste function was available and followed a convention, most users would know how to use it.

"and "would users be confused if pressing the button causes an error message because the clipboard contents is not something we can handle—would it be better to simply not offer the option in that case?"

As I see it, this is a nonissue. If the clipboard contents are not text, you just don't paste any contents into the box. If it is text, you put it in when they paste and let the user decide what to do then. After all, you already have to have some control for a user entering an invalid URL, either a typo or testing you, so if the clipboard contents are invalid, you just report them as invalid just like you would if I mistyped the URL as "https;\\".

These are subjective decisions, and everyone will probably have their own opinion on what is best. For what it's worth, mine and yours differ.

Re: Local sellers can't avoid much taxes

There is a good solution to the problem of large multinationals using tax havens, which is to clarify and reenforce national tax laws so it's harder to use the haven to protect taxable income in each country. There is a bad solution, which is to name the people who are avoiding, which of course these companies do, and specifically target them. Both solutions function in as much as getting some money out of the entities concerned, but the first solution means you don't have to readjust your law when a new egregious offender turns up and the second solution makes you look as if you just have some companies you don't like. I am not here to defend the tech companies; we all know very well how they juggle things around to avoid any taxation or accountability. I come here to recommend a legal solution that is more likely to be accepted and more likely to work in an objective manner.

Re: Why wouldn't Tim Berners-Lee have 17 years experience designing websites?

I did not read that far down; thanks for bringing my attention to it. That said, I'm not accepting that; it sounds like at best a pedantic distinction without a difference or at worst an excuse for getting the number wrong. Designing something can happen in many ways, as long as you make decisions about how a thing will look or function. It's pretty broad. When I made students write "design documents", they neither wrote the code nor used imaging software, but they still designed their programs when they wrote up some text. You can design a site in the same way, and you can also do work on making the site look exactly how you want it to. That sounds like design to me.

Re: Am I the only one

"My thoughts were the opposite. PWA's don't have as much access to the hardware as native apps. Even when they eventually do, how is this different from native apps now?"

Let me count the ways. Um ... sorry, lost count somewhere around twenty three and I should keep working. Fine, here's the short version:

Current mobile operating systems have put a lot of work into sandboxing apps. They don't all do it right, but they mostly try. Users can generally block certain permissions and it isn't trivial for an app to circumvent a denial and get the data anyway. Similarly, it's usually difficult to have one app suddenly start reading the resources of another app. That's unlikely to be the same for a web app, if only because all the sandboxing would have to be started again. Of course there will be protection from accessing the location permission, but will the permission system be as granular? Will it be secure against circumvention attempts? Will it include any sneaky access methods because Google is building it?

In addition, a web app has a very different security profile to a native one. Web apps tend to use a lot of libraries. Those libraries come from really nobody knows where, or sometimes we do know and we might feel better if we didn't. Each of those places can get modified to introduce new code. Since these are progressive, update frequently, move fast and break things apps, our devices would be pulling this new code down and starting to execute it. At least with a native app, the library has to get tampered with, pulled down for the build, and released to the traditional channels. That might not be a reassuring shield but at least there's a shield.

Another issue is with privacy. Theoretically, analyzing network traffic from a web app isn't more complicated than with a native app. In practice, it's trickier. If you are able to intercept apps' traffic to block it, a web app can more easily disguise itself as a browser. Since the app needs to stay up to date, it must ping a server all the time, and because devs are lazy, there is a reasonable chance that it will require a server to function properly. While any app can require a server, it's more likely that a native app which cannot pull libraries from a server will function without one than one which requires a server pushing libraries for installation.

That's the short version. I should probably stop writing now.

Re: I can hear the conversations already

The problem is that, unless they operate the nice kind of call center, you are liable to finally get an operator after an hour of the same two advertisements on a loop to have this discussion:

Client: I am trying to activate a new phone online, but it says that the eSIM requires me to call for activation.

Operator: I will help you resolve this situation. First, may I have the phone number you are using to call us so we can call you back if needed?

Client: Sure. Here it is.

[...]

Operator: So you don't need help with your SIM card then?

Client: No, I need to activate a new device.

Operator: Well, I'm in the troubleshooting call center, but fortunately I can forward you to the activation call center. It'll just take a second.

Client: Thank you.

Advertisement starts again.

System: Good morning and thank you for calling Verizon. How can I help you?

Re: The real news

That's not true. It happened. It really did. It was nine months ago in a private test somewhere in Europe. And they detected this guy entirely correctly. Well, he wasn't the guy they were looking for, but he was an identical twin with that guy, almost. I mean we put this guy in a lineup, brought in some people, and asked them to look at a picture and point out which of the people in the line was that guy. Everyone pointed at him except for a few of them, but those people didn't select anybody so they don't count.

Re: Another non-event distracting us

Exactly. That's why trust in the base app is such an important detail. The only relevance to the "pull down arbitrary code" possibility is that someone else could get the code inserted, either by forcing the company to do so, stealing the mechanism, or discovering a vulnerability. The new code would not be released as a potentially detectable update either, making it easier to hide.

I think the best example of such an issue is the vulnerability discovered in WhatsApp a little under year ago. Said vulnerability wasn't intentional (unless you are paranoid), and it allowed arbitrary code execution by crafting an invalid video file. That code would not be able to exit the sandbox of the app, but WhatsApp's sandbox is really big so it proved to be a useful exploit, weaponized by at least a couple groups. If TikTok had a similar mechanism intentionally or through a vuln, it could prove dangerous even if a user trusted the original app. Obviously, I do not know that such a thing exists, but if it did, it would be bad.

Re: 5v/12v ring

I suppose the question would then be why. Let's assume you could create secondary circuits at lower voltage. What would the benefit be of doing that? If you still provide the main circuit at normal voltage, your secondary circuit means extra installation, extra possibility for breaking, etc. without removing any of the cost associated with the main one. Meanwhile, providing the ability to use higher voltage may be useful in a limited number of circumstances. For example, most places could probably use LED bulbs at lower voltage (although how low is in question, see the other reply for details). However, some may wish to use a different type of bulb. I know some people use bulbs that release more ultraviolet light to promote vitamin D creation. I don't know if those have a higher power requirement. Most importantly, I don't know what other unusual types of bulbs people use, and I don't know if it's a good idea to make it more difficult for them to do so.

Re: Late 2000s?

Why do you assume that "the 2000s" by default refers to a century? Because for all you know, it refers to a millennium. The only significant figure there is the 2, so any smaller chunk that still includes multiple years is valid, including 2000-2999, 2000-2099, 2000-2009, or for some pedants the 1-offset century and millennium as well. I choose to believe that this happened in the late 2000s, sometime around the year 2978, but the various changes in human culture since now have made it not as funny. Fortunately, they also invented time travel so someone could report it to us.

Re: Simpler than I expected

When you purchased your iPhone, did the manufacturer indicate that the contract for service was a component of the product? When you first got your iPhone, did you set up the contract on it as part of the process, or did you set up the contract with the mobile provider and connect the iPhone to it? Both of those things were different for this case. There was one other thing that was different, and that is that there wasn't any contract. This has been clarified by the original source several times above this in the comments: there was no contract, and the charge that TomTom sent out was not a valid charge.

Re: Alternatives?

If you go to your lots-of-items-selling site of choice, you can almost guarantee that you will find various budget mechanical keyboards around and even below your price range. I have experienced good results with some of these, but with each you will have some drawbacks. There are those who will not accept any switch type other than the well-known manufacturer they have used before, for example, and budget keyboards tend to use some manufacturer you've never heard of. I tend not to care, but if you do, the budget might not satisfy. Similarly, at that price range you are unlikely to find keyboards with extra features like Bluetooth, detachable cables, or extra ports. If one does contain such a feature, it's likely the only one.

Re: Got one of these recently

I found a couple low-priced options with removable batteries. I don't know if any are good though. Here's a search with the selected criteria being removable battery, 3.5 mm jack, 2019 or later, and at least 32 GB of internal storage to get rid of the "Go Edition" useless things.

Re: So, IPv4 addresses are like petroleum

Yes. In many ways they are like petroleum. There is a limited amount. Nobody is really sure when we will hit that limit but we have gotten far enough that there can be problems with the supply. Some groups control a massive amount for no good reason. Large parts of the world have next to none compared to their populations. There are replacements that might be useful if more people were to use them.

IPV6 has many problems, and making any change is difficult, but it is already chaotic to try to find and keep IPV4 addresses. This block may have reduced that pressure for a little bit, but in only one region of the world and only for so long. Given the aggressive CGNAT used in some parts of Asia, I imagine demand for these addresses will be fierce.