Posts by doublelayer 9408 publicly visible posts • joined 22 Feb 2018
The point of six weeks of standby is the three times as long you could do other things, like using the tethering if you have an account that will actually permit tethering for long enough to run the battery down. The benefit would be that, with a massive profit margin already, it could be useful to the user without doing much to the company.
I'm not saying it happened--in fact, it seems likely that it didn't happen, but the chip in practice does not need all of the things you say it does. If the original description is correct, it merely sits between a flash chip and a processor, replacing serial traffic. It could use the data traffic from the flash as enough power to inject another signal. After that, the new code could be run just fine by the processor running the servers' firmware, which can do all of the actual stealing, embedding of information into something hard to detect, and exfiltration over the internet. I don't think this happened, but your reasons wouldn't explain why not.
Yes, this would have been much less of a problem if people backed up their files. That's correct. It's also quite relevant, except:
1. There are some people who never back up their files. They aren't reading this comment or this site at all.
2. Microsoft's update system is such that it will run the update when it wants to, without asking you. Therefore, you don't have the chance to say "Let me take a full backup of this before you do that."
3. Windows now gets updated a lot, such that you can't take a ton of time out of your schedule to do something unusual every time it does. I used to be in the camp of always doing a clean install if a new major version of the system was coming out, just to avoid any problems that the upgrade process has. This includes taking a full backup, both through my normal system and onto alternate media that is confirmed bootable or externally mountable in an emergency. I'm not going to do that multiple times a year, thanks.
"The user account I'm typing this from was first created in Tiger in 2005 and has been migrated through all the intervening releases."
In my experience, I've never seen it do anything to the user folder, or really most places on the hard drive. However, it does at times reset settings. You have to go to system preferences to switch them back. I've seen this on IOS too. It's not a terrible bug, but I set those settings and I'd like them to stay that way without my needing to go back in. I've also seen certain installation bugs (the one that hit me when high sierra was launched at me is particularly memorable). Still, I'd say that apple OS releases haven't really had anything as bad as this one on windows.
As usual, I'm glad that yours is working, but if others' systems aren't, there is still a problem.
"No they don't and no it doesn't. They get stored in the AppData profile "
A lot of stuff gets stored there, but I have several programs that put configuration in documents/$program_name/config or something. They usually don't give you any other option. Yes, they're bad programs, which is why I try not to use them. No, I don't have much choice not to.
I don't really have a problem storing data on the same volume as the OS, which simplifies things if I'm using a single-disk machine, like most laptops. However, since they made documents, etc. into libraries, which means that there are several things called documents that are not necessarily the same thing, I've not liked to use them. I mostly use folders of my own choosing, which also helps as I spend a lot of time in the command line when I'm on windows.
It wouldn't go through customs. A server manufactured in China/Taiwan gets sent to Australia and used for something $agency wants to receive, and it hasn't gone through a U.S. controlled customs. You could intercept it at the factory, or perhaps get the Australians to help you, but you can't get every one of them. And if the Australians will do that one, do you have the same relationship with every other country that server could be going to? Especially if the path is China->Iran, it won't be so easy for you.
I'm as paranoid as the next security person but somehow I think that the tool that does this won't be something this version-specific. The espionage people wouldn't want something to break just because a new update was released. Also, they'd have trouble intercepting servers manufactured outside their borders between factory and customer. Not that they couldn't do it, but it would be harder to do so to a lot of people at once.
I assume the key and a tiny bootloader checker is hardcoded into something non-writeable, so the code must be signed with the known key and checked before it runs. Therefore, new code can't be installed unless it's signed with the key, and without said new code, you can't ignore the key. Not perfect, but it will probably work. It would be difficult enough to run the previous exploit, limiting the number of people who have sufficient access, so this further restriction will probably reduce the likelihood that something of the kind will happen. Hopefully, dell has really good security on that key.
That doesn't work. If anything modifies those chips later (I.E. the manufacturer updates something), your bug is destroyed. If the chip is tested, you are discovered. And you can't easily make new holes in the thing because you didn't design it. With a separate chip, the manufacturer updating a chip can't kill you, a test of a component cannot find you out, and you can use all those existing chips to hide yours, which can be really tiny and be set under another chip.
You are right about a lot of this, but have missed a few points:
It would indeed burn itself out and use too much power if running at CPU speeds. It doesn't need to. If the story is correct, it only needs enough processing to inject code into a serial line. That takes a lot less power. After this, the CPU handling the BMC handles all the work.
It probably wasn't (if it exists) created by the factory. Instead, the plans would have been created elsewhere, and a slight modification to the process would be necessary. I don't know much about the organization of Chinese motherboard factories, but if I had plans that were almost identical, I assume the factory could build them just as well.
The point about monitoring internet traffic is a good one. I don't have a great explanation for how that worked. The best I can come up with is that you could set up an image on such a system that could interact with the firmware and exfiltrate information into that VM, then hide the data as it is sent out from that VM with other expected traffic. Still, that's hard. If it actually exists and was used (it could be a sleeper system for some purpose), perhaps some network traffic systems aren't as thorough as we hope.
There are easier ways to have a backdoor, but this way is pretty good for having a backdoor that's hard to spot. If you simply replaced the chip containing the BIOS, made a backdoored flash chip, etc. then all you'd need to do to find them is to test that chip, as they do just to make sure they're working. If, for example, you took a flash chip and asked for its contents, it would be instantly obvious whether the contents were right or not. By having a separate chip to handle that, you would have to test all components of the board together, and that only helps if you know what to be looking for. For the people doing this, it would actually be easier just to see if you can find the chip in the board. So I don't know whether this chip was ever created or installed, but the details make sense if it was.
While you can't be ordered to lie, you can be ordered not to disclose information. This leaves you with the following options:
Apple: No comment.
El Reg Readers: So clearly it's happening.
Apple: Definitely not. We can categorically deny all of this, in any terms you like. Just read out sentences and we'll tell you that it didn't happen, to avoid any sense of our being disingenuous.
El Reg Readers: It's almost certainly not happening.
Judge, 2022: The government finds for the plaintiffs, owing to clear falsehoods released by the defendant in an attempt to protect them from adverse actions on their share price... [until you fall asleep]
Apple: We can tell you that we aren't under a gag order, and that we haven't found a security device embedded in supermicro servers we purchased between the dates of ... [and other overly specific terms]
El Reg Readers: They sound somewhat confident. Maybe we'll believe them, but we're not entirely sure.
Meanwhile, if there really is no chip and therefore no order, you have the following options:
Apple: No comment.
El Reg Readers: So clearly it's happening.
Apple: Definitely not. We can categorically deny all of this, in any terms you like. Just read out sentences and we'll tell you that it didn't happen, to avoid any sense of our being disingenuous.
Apple attorneys: Yes, this didn't happen, but if you are that specific, someone could find a loophole and get you to say something that we could get attacked for. We don't have the time to evaluate any specific statements, so we should just issue our own denial, as specific as you think it needs to be.
Apple: We can tell you that we aren't under a gag order, and that we haven't found a security device embedded in supermicro servers... [extra details to assure people watching that they're being honest and really trying to demonstrate that there is no cause for worry]
El Reg Readers: They sound somewhat confident. Maybe we'll believe them, but we're not entirely sure.
"The two portable Surface slabs rely on Microsoft's proprietary Surface Connect port and a USB-A port, which may annoy those who'd prefer USB-C."
I really don't care that much about the USB-C. I consider it a slight advantage to choosing what computer to buy if it has such a port, which frees me to buy things that connect using that port, but I don't own anything using USB-C connectors. In fact, if my only choices were "only USB-A" or "only USB-C", I'd have to go with the USB-A ports. The major problem is the fact that there is only one port. That's not going to work very well for a lot of use cases.
What's wrong with "re-imaging"? Maybe I'm not thinking of the same definition as you are, but in the sense of "returning a computer or other device to a state where it was initialized to some level by writing a stored disk image to it", it seems descriptive enough. I do have a mild dislike of the term "Imagineer", though; at least I'd never want to be called such.
I'm having trouble with the federal government's arguments. I would think that, while the constitution/federal law can tell the states they must or must not do something, the FCC's removal of regulations on companies wouldn't count as doing that. For example:
Federal government: You must not allow people to buy uranium.
State: Citizens can buy uranium here.
Court: Sorry, state, the federal government told you that you can't do that.
Federal government: We don't care how much ethanol is in gasoline, as long as it is safe.
State: If you want to sell gasoline here, you have to include a specific amount of ethanol. Also, it must be safe.
Court: The government didn't say you couldn't do this, so that's fine.
Federal government: We are retracting our previous rules, so now the network companies don't have to adhere to any net neutrality regulations.
State: They have to inside California.
This sounds like the ethanol example. Maybe I haven't seen the relevant part of the regulations, but I don't remember their saying that states must not restrict things further.
The contest isn't between "RDP" and "VPN". It is between "RDP left wide open, with the only security being the password box" and "RDP with security built in". My favorite security built in for RDP is having it accessible on an internal network only, and then giving computers that are already on the network a method by which they can VPN into that network remotely. Your home computer can't get in in any case, and nor can the people just looking for targets. But really, a lot of things that are more basic can still fix this problem. You could use 2FA, or limit the number of password attempts, or block people who try too many times. Those won't fix all the problems created by having an RDP session running publicly, but at least the people running brute force password attacks won't be able to continue. And none of that is hard!
All of the advice is nice and useful, now all we need is for those people who haven't been following it to pay attention to an advisory about security and practices to do to make things more secure. Except the people who are insecure are lazy about their security, so they won't have paid any attention to the announcement. Anyone know a way to break this loop?
WRONG.
"50m is only 0.0022421524663677% of 2.23bn so [...]"
5.7e7/2.23e9 = 0.02242152466367713
0.02242152466367713 = 2.242152466367713%
And the detection wasn't based on sequential accesses; we don't know in what order, if any, the accounts were accessed. The thing that tipped them off was the quantity of accesses, so the perpetrators could have gotten more data by slowing it down, potentially evading facebook security forever.
Also, the people didn't break in with the intention of taking facebook down. They wanted the data, and they got it. We don't yet know what they're going to do with it, but the results were intended to be and will be problematic for the users, not facebook.
I think they did that already. I notice a lot more of the message "Sorry, your computer or network is sending automated requests [it is not] so we can't handle your request [so I just give up]" when the email address isn't a gmail one. I have considered just never using such a site anymore, but that cuts out a lot of smaller sites that use it for spam prevention.
There is absolutely such information. I don't know how much facebook divulged to these people, but they could easily have gotten post history, images uploaded, messages between people, etc. This includes data that was not public on that person's pages. It is possible that the people may have gotten more information. It is not safe to use facebook for many reasons, this being only the latest one.
What would a good actual use case for this be? Not in general terms; I'm asking for a specific application where this works better than a database or a set of databases that are stored across regions and coordinate. What benefit does this bring, other than being something that absolutely won't run on anything else without changing a lot of code, thus providing a sustainable source of income for whatever service provider the user starts with.
Maybe because I have a long way to drive and the car could, by automatically driving me there, free me to spend that time productively? That's why I'd like a fully self-driving car, anyway.
I see a few limited use cases for these voice assistant things, such as the convenience of asking what the weather is and getting a response without getting my phone, unlocking it, and clicking an app. No, it doesn't change my life, nor does it really save that much time, but it is marginally more convenient so I'll use it for that purpose. Of course, I haven't bought one of these things, because they're unnecessary and creepy. I can already do this using the voice program the phone people shoved onto my phone without asking me, or with about ten other ways.
I know I'll get a lot of disagreement with this, but for many people, 16GB is a perfectly fine amount of memory. I don't know what you do, but I assume it's not one of those things. If you're using a lot of VMs, writing code in a large IDE with a lot of features turned on, or anything that deals with a lot of video and audio stuff, for instance, large amounts of memory can be very important. However, most business things aren't doing anything of the kind. Anyone who is just browsing, doing word processing, and using email and some videoconference thing won't need 16GB. I think that 8GB would be perfectly fine for that use case. Some business uses may need a bit more, such as the machine that's actually running that tremendously bloated financials package. However, a lot of places I've seen have moved that to a server with the machine just providing a frontend to it. That's another case that doesn't need a ton of memory.
I have a computer with limited memory. I'd love one with 32GB of memory, and if I had it, I'd find a way to use it. However, I handle certain exhaustive workloads and I tend not to run into a situation where my 16GB is insufficient. I have multiple VMs open at most times, each one having been given quite a bit of memory. Of course, some help may come from not running windows as the base OS, but even with that, you can still run quite a bit with 8GB memory, and 16GB, especially for a business machine, will work for almost everyone*. *Everyone refers to the business at large, not the technical areas, where the percentage is lower.
The best explanation I can think of is coverage, such that a country with good download speeds but bad video would have a fast network that isn't reliable, probably when moving. Video consumed while on a train or something like that could cut out a lot. But really, I have no clue. Maybe the article could get some more details?
For example, if they have five different servers that could work, they don't need to have large load-balancers to handle that case. Five ports on a public IP would mean that there was a theregester.co.uk:443, theregister.co.uk:444, etc. Who is going to type :444 when they don't have to? Nobody. Five servers running internally that are mapped to the same IP takes more networking setup that isn't really necessary. If they have servers in different places, many places can easily direct people to a nearby one, but again, doing that with the same address, while possible, takes more effort than doing it with five distinct ones. If addresses had a good reason to be rare, then I'd have more sympathy with the argument that people are just wasting them and should be better, but there isn't such a reason, as addresses can be made extremely long and extremely plentiful. So go ahead, use a hundred addresses if you have a hundred things at the other end.
There are plenty of reasons to dislike IPV6. I agree with most arguments, even the often-attacked hard to remember the addresses argument. However, the argument that four billion addresses should just be enough for a world of seven billion people and millions of companies, including tech companies with a lot of stuff running on them, and that we should just fix the problem of people using too many addresses, seems foolish to me.
I can see your point with most households, but there are some who will have publicly-facing devices and may need some more. In some cases, they may have small servers of some type, which could be quite a few. I wouldn't judge them without knowing their use case; they probably have their reasons even if you don't like them.
As for companies, there are some who use only shared hosting, and there are those who have several IPs for the web server alone. For example, The Register has five addresses for their web servers because there are real advantages that having one would not bring them. The company might have a lot of systems running that need to be public. It would be possible for one system to have the only public IP and direct traffic as needed, but it would be inefficient and a tremendous single point of failure with the capacity to bring down a lot of access should it break. Some of these workarounds are necessary with limited address space, but if more addresses are available, I see no reason giving people the benefit of the doubt that they need a few hundred addresses. Of course, deciding that the logical unit to give each user is a /48 (2^80 addresses) may be going too far in the other direction.
If only the process of getting dedicated IPV6 sections for a single unit were more convenient. I had cause to try to get one, going for one block for an organization rather than getting one from the ISP because we have multiple areas served by different ISPs. I figured we could assign subsections to each area and have a coherent block. Of course, blocks for end-user use are only allocated at /48 blocks, because there is never any way we could run out of addresses if they hand quadrillions to each person who has a reason, but also it turns out to be nye impossible to get an ISP to accept a block that isn't directly from them. So, of course we're using blocks allocated from the ISP themselves, losing any coherence provided by the structure, and making firewall rules (E.G. people from location A may connect to the server at location B, but people from the wide internet cannot) more complex. This happens because we have to know each subnet that the ISP has provided if someone at one place wants to run up something internal, rather than knowing our address section (which, IANA, could be a /96 without causing us any problems whatsoever). I think they might have constructed that a bit better.
Incidentally, what's the benefit of storing the key in the TPM, without requiring a password, USB dongle, or pin to unlock it? The key is nice and secure, but the system can just read it and go right ahead. So the only difference is that if you steal only the hard drive, you can't read it. But if you steal the computer itself, you can just boot it up and attack the login window, which can gain you access to all the decrypted contents of the drive. Since encryption is primarily a defense against physical access and theft, storing a key in the TPM doesn't strike me as at all useful, let alone a good idea.
As far as I can tell, this is a version of the internet where everyone has to hold a bunch of data that no one needs because what if it dies? It can be annoying to get a broken link because someone's host has gone down, but it might be even more annoying to have to store a bunch of garbage that was posted at one point but has no purpose anymore. For example, could I use this as free storage for my encrypted backups, just by splitting them up and uploading them? How does the IPFS network feel about keeping that around so I can retrieve it by smaller and easier to store hashes?
Another problem is the hashes themselves. It's wonderful that they can make it impossible/somewhat difficult to replace data, but that is what normal hashes already do. I somehow need to get my hands on all the hashes I need, and it's not that hard to put in some documents that look like what I want, but contain sneaky tracking code and incorrect hashes to other files, then ensure I get the wrong one. The lack of a secure way to indicate locations means that the secure delivery once a hash is entered is a lot less valuable than it sounds.
So this is another nail in the coffin of state surveillance, huh?
Hey! You've got to take those nails back out! You forgot to put state surveillance in the coffin before you started nailing it up! Next time we need something buried, we're going with a different group of coffin makers.
Please tell me that this can be turned off. The last time apple did this, they did it badly. They installed an easy to call the emergency services using the same shortcut that used to be for respring (essentially, stop apps and reload the interface, but don't reboot), which could be useful if you were developing an app that had bugs and caused the phone to lag. So, I ended up on the phone talking to the emergency dispatcher who did not need to hear from me, and my phone was still laggy and required a force restart. If I was crazy enough to have the apple watch, what would happen if I dropped it on a desk, or I set it down to charge but accidentally knocked it off the table, or I dropped it somewhere where I couldn't get it, such as through a grate? I don't want to burden the emergency services with a bunch of useless calls.
Unless this has changed in the past two weeks, the phone number step is not required. Fill out the original form for a free account. They will demand proof of humanity, which I think is set to phone number. However, you can do a captcha, get a mail to another account, or donate to bypass this. Then you have an account. I speak from experience, having done this twice.
That is exactly my point. It was easy enough for me. However, it involved using a gmail address. In the days when people are unwilling to trust gmail, what can I offer them as an alternative. Very little. It isn't possible to set something up that would be independent of it. In the end, you end up with a chain of things that are all tied to an email address, and the only place you can get one of those that isn't connected to another chain is a company that is external to you and that you may not trust. You major options are google, microsoft, and apple, with a few Russian and Chinese participants available too. I'm sure you can find some more that will let you pay them for access, but there is not a guarantee that they will be any more trustworthy. A new system may not fix this.
One of the major security problems I have with email is how it is required by most things. Consider my recent attempt to switch from using a mail account provided by a company to having my own mailserver that would be more secure and more under my control. I've seen it recommended by a lot of people, so it should be doable, right?
I already own a domain name, but if I wanted to get one, the registrar requires an email address for the account. It can't be my new one because I haven't bought a domain name yet.
The place from which I'm buying my server space needs an email account. While I have a domain now, and thus could probably set up an address through it from the registrar's tools, they don't give me free mail facilities, and I don't want that anyway because I want to set up my own. So, since I don't have a running mail server yet, I can't use my new address.
Fine, so I can't use server space that I buy from a remote provider. Maybe I can get a static IP and run a mailserver on physical hardware in my house. The ISP requires an email address.
It seems that there isn't a good way to have an address that doesn't rely on an external address itself. I did end up setting up that mailserver, which now handles most of my mail. However, I still have to have that third party address, to deal with the messages and identification for my domain registrar and my server provider. I considered switching those accounts over to my new domain--I would have needed that third-party address at one point, but it could now be dispensed with--but then I realized that, should either the registrar or server provider become concerned and suspended the account or asked for additional verification, I'd be immediately locked out because I'd rely on the server they'd just cut off or shut down to authenticate myself. And people wonder why nontechnical users just set up free accounts with gmail. It's a losing game, it seems.
So I should have a whitelist of people who can send me mail, having to negotiate their certificates approved by [not mentioned] so I can trust it? How do I deal with the "We would like to schedule your job interview for the important job you applied for." email that I'd like to read, but it's coming from an employee of that company whose identity I didn't know and therefore whose certificate I don't have, let alone approved.
That also makes the process of using email for casual communication, at which it works well, much more irritating:
Before:
"We should really discuss this later. Would you be interested in meeting next week?"
"Sorry, I'm busy then, but I'd love that. How about we email to find a time?"
"Perfect. My address is person@website.domain. I can write that down if you'd like."
After:
"We should really discuss this later. Would you be interested in meeting next week?"
"Sorry, I'm busy then, but I'd love that. How about we email to find a time?"
"Perfect. My address is person@website.domain. I'll need yours, as well, to approve it."
"Mine is another.person@adifferent.domain. Just let me get my phone out so I can send you my public key."
"Sorry. My phone died earlier. I suppose I can try to find someone with a USBC cable I can borrow so I can record that and send you mine."
"Otherwise, I suppose I could write down the hex value of my key and you could approve it. I hope that I'll remember to contact you, because without your key, I can't approve seeing your mails."
"That will work great! It's wonderful how we solved that insecure email problem, isn't it?"
Of course you are right. There are a lot of good use cases for machines with 256 MB or less of memory. However, my original point with respect to memory was basically these two:
1. I wouldn't recommend the use of a machine with 256 MB or less of memory as a computer to be used as a desktop, running GUIs of multiple applications,
2. I wouldn't recommend a pentium computer (referring to pentium meaning the typical age of chips called pentium when they might regularly be shipped with 256 MB of ram) for any purpose. Among the reasons for this are power efficiency, raw processor speed, memory speed, and speed and reliability of the disks typically found inside these things.
In general, whatever distro you already use, minus some stuff that requires a lot of disk access. If, for example, ubuntu is your wish, just install it, pick a desktop that you like and that doesn't lag much when you run it on the oldest computer you have, and install the utilities and applications you'll use when the machine you're using your USB disk on isn't connecting to the network. I'd suggest making a partition on the disk for general data storage that can be safely mounted and written to by other systems, so you can continuing your USB drive as a drive and for dealing with data stored on encrypted disks you can't mount when booting directly, and you'll have all you need. With very few exceptions, any linux distro will run well enough. Some desktops will use a lot of resources, especially disk, so they might not be available to use while retaining your patience, but there are many, including mate and KDE, that run perfectly well.
I can't really see the use case for a pentium with 256 MB ram. Anything that still needs one will probably also require whatever software was running on it already. Otherwise, a better computer can be had for $5 for the raspberry pi zero. A better computer with a screen can be had for $25-40 if you look for a used laptop being sold on your used-goods-emporium of choice. Power consumption means they aren't even good for places that can't afford modern systems. What's the point?
I've seen it used as well. The version that we had had a scan scheduled every week during the middle of the afternoon on Wednesday, when you were working. The software would courteously ask you to confirm the scan, with the option to delay it. Nice and respectful, no? No, not really, because the delay function didn't work all that well, and would sometimes delay all the way until you logged in on Thursday morning, when it wouldn't ask you but would just cheerfully scan everything with the accompanying lag in performance. And because whatever group was responsible for scheduling the original scan for when people were working, most users would go with the only guaranteed way of continuing to be productive: clicking the "skip this scan" button every single Wednesday.
Yes, that's so. How does it work if it went like this:
Due to GDPR, we require to accept our terms of service and privacy policies for doctor antivirus [tm] to REMOVE ALL MALWARE from your system. In order to perform our 99% effective algorithms, we will need to collect information about whether the code crashed [several more clauses] and some information about your computer [left unexplained]. Please check these boxes to note that you understand that we take your privacy and security seriously, and then we'll start our medical scan [tm] algorithm to find the malware that caused you to install this in the first place. Just check these boxes, and it's all done!
I certainly hope it still works in that case, and I'll cheerfully watch on as Dr. Privacy Cheat and the rest of their software earns them a massive bill. However, I figure that lawyers eventually figured something out with regard to that particular issue.
I wonder whether anyone at the webmail providers has done something to help track these people down. It is now the case that it's almost impossible to set up an account with the main providers without providing them with a phone number, at least, which they use to "verify" your existence. That implies that they should have those somewhere. If they can't use these to help find criminals, why are they violating standard users' privacy by making them give them one in the first place?
Not only can North Korea make him a new identity with great ease, but most North Koreans, including, I assume, this guy, only get to leave the country if it is specifically approved by the government, which almost always means only to China. I wouldn't be surprised to hear that he'll be staying there for the rest of his life, from where he can keep working on all the same stuff. If you don't have the choice to go on holiday, you can't be caught on your way.
I mostly agree with you, but some applications of what is termed AI are things the brain couldn't do either efficiently or at all. Usually, they call this machine learning, because they realize that the program is less deliberate intelligence and more iterative or evolutionary familiarization with data. For example, a laptop can recognize text from images much faster than your brain. Your brain can do it better, but the computer can do it well enough if image quality is good, and can process at hundreds of pages a minute. Identifying irregularities in a million seemingly random numbers used to be a multi-year project for a team of cryptographers, or a multi-month project for a concerted effort of tens of teams. Programs exist to do that in a matter of hours using consumer hardware, or seconds on the computers you mention.
There are other examples that a computer can do where a brain can't; anything that involves a lot of data transformation, while technically possible to be done manually, would require a brain to act almost identically to the computer, doing the job much more slowly and with the virtual guarantee of many mistakes. Thus, not all machine learning/clever algorithmics/artificial limited-intelligence is useless. Primarily just the kind the companies want we consumers to have available to us. The good code they keep to themselves.
I use DDG whenever possible. It is my default, and most of my searches go through it. However, there are types of queries that google can handle much better. One of these is when you want to download some piece of software, but you don't remember what the download link is for it. If it's a thing that has its own site, then it's straightforward (go to site, click download). Consider a program like thunderbird. Is it mozilla.org/thunderbird? I don't know; it might be. If you want the download quickly, google will direct you to the right one from the search "mozilla thunderbird download", whereas duckduckgo will give you several close but wrong pages. They are also prone to being attacked by the SEO-intensive software distribution sites that put malware in with the download if you can even find it. Google can also answer certain questions directly. When the standard user wants to ask a question and get the answer fast, google's lead in this keeps them from taking my suggestion and switching to something that is more respectful of the user.
Google's search is still pretty good. This is unfortunate because the previous sentence is the standard response to my question "How are you liking using duckduckgo?". I would cheerfully continue to use google's search, including seeing ads on that page, if only they could disassociate it from some of the other creepy things they do. Unfortunately, that doesn't look like a viable possibility.
It's surprising to me that the two phones compared in the article described the other as good if you don't want photos. I understand that the camera on this one is better, but the one on the other is a 16 megapixel sensor, which, assuming it's not connected to some terrible imaging unit, should be fine for a lot of people who don't intend to go into phone photography. I figure that it will be just fine for people who like to take photos to send to others, given they used to do so with 5 megapixel cameras and didn't seem to have a problem with it then.
That's logic. You and I have logic, but phone makers don't. I was resetting some old phones for a friend's business a few weeks ago and was presented with about six phones that I thought were identical. Instead, they represented at least three different LG brands. Fine, so the black and white ones weren't the same model, but there were two different types of black phones that seemed the same to me from all respects. By the way, none at all had the same OS version/security patch. 4.4.4, 5.0.0, and 5.0.2 were all listed, along with security patch dates ranging from 2015 to January 2017.
In terms of buying a device, the many options preferred by some companies irritate me. Sure, the long list of models ensures that there probably is one that's nicely priced and includes whatever specs I'm after, but the length of the list, as well as the inability of any web listing to stop repeating them, means I'm not likely to find it. For example, try to collate a list of all the mid-range windows laptops from dell, HP, lenovo, etc. into a single database that can be searched. When, for example, someone asks me for a machine on which they intend to run windows, and I just need to find one with an I3/I5, probably 8GB memory, traditional ports, and reasonable storage, there can still be too many options for me to find the one that is best priced. I can find something meeting those specs almost instantly, but it's likely to cost almost twice as much as it should. Eventually, I find one and recommend it, only to have to start again a year later when someone says "You know computers, right? Could you help me find one to..."
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
