Posts by doublelayer

I think it's an often-used metric because it was once important, back when laptops couldn't suspend all that well and would go through the battery quickly enough for it to be dead when you wanted it again. Either that or when people had to reboot very frequently. Neither of those have been a major concern for over a decade though, so we could probably stop using it.

Re: That was a serious breath of fresh nerdiness

"Encryption has to come out of the factory enabled"

This is generally fine as long as it makes me set the key. If it uses one set at the factory and simply encrypts that key with the password I supply, that's not acceptable.

"with no way to turn it off"

Not acceptable. I may want to turn it off. If I know enough about how it works to do that, I probably have a reason. For example, if I want people to be able to remove the disk and read it on something else, encryption would completely remove that option. If I want people to be able to boot another disk on it, which isn't encrypted with a key known by the remaining components or at all, the user couldn't do that either.

"and be hardware assisted so there is neglible impact on performance."

That's already the case. Nearly every disk encryption solution uses AES, and nearly every modern processor used in a computer has AES acceleration in hardware. Ask the many people, myself included, doing all their work on devices with full disk encryption. It's fine from a performance standpoint.

"Even myself as an expert am extremely leery of enabling encryption on a device which shipped with no crypto because I know the device would have to reimage and migrate all the data to get to that state."

You're worried that a device will have to be reimaged? Do you know how often that happens? It happens on large upgrades (Windows and Mac, not Linux most of the time). It happens when a disk gets replaced. It happens if a backup is restored. It should happen every time a device changes hands. It is the first step after a company gets a device from somewhere else as they'll apply the corporate image. And it happens when the disk gets encrypted. If you're encrypting the right way, and I'm sure as an expert you would, all the disk has on it at the time of encryption is a basic OS image with the encryption software if that wasn't already included. If for some reason it fails, which doesn't really happen unless you cut power or something, reimage and reencrypt. It'll work fine the next time.

What you're really getting when you ask for this is a device that is stuck with the original factory image, and because you've asked for "no way to turn it off", can't ever be replaced, for any reason. And that's terrible from a security perspective, even if that image and user data is encrypted.

Re: The fundamental difference is...

The cloud providers could argue that they aren't just selling the software; the users could just download that from the original source any time they wanted. Instead, they're charging for the resources the software is run on, and optionally the management of the systems concerned. Clearly, a lot of the value for them is coming from the users' desire to run the software they didn't develop, and they are getting benefits from that, but they could argue that they are not charging users for that software, just the extra services they provide. You decide if this argument is good enough, but as you've said, it should be expected given the pretty explicit way the licenses say people can do that.

Re: "he can pay you to develop it. Or pay you for setting it up on premises"

In the case of many of the companies mentioned, however, the cloud providers aren't continuing development and keeping their code away from people. In many of the cases, all the new code the companies provide, which isn't all that much, is being released freely. The problem these places are talking about is that the cloud places are making bunches of money by selling the administration of this software and the resources it runs on. And while I see the point that these companies are profiting from the work of others, it's also the work others specifically said people could use for whatever purpose without needing to pay them.

This isn't to deny the usefulness of a license like the AGPL; it makes sense why people want it and there are other places that would have had to release a bunch of code if they had AGPL-licensed components. Even if all the projects mentioned in the article were AGPL licensed, however, the cloud places could still charge for servers that run these projects, management of those servers, and programs and scripts that modify the running of that program without being written into it.

Re: "he can pay you to develop it. Or pay you for setting it up on premises"

Some problems we can deal with:

"Can you see the failure of your assertion in the article case?"

Original assertion: "he can pay you to develop it. Or pay you for setting it up on premises"

"1) They don't need to pay you to develop anything, they develop it themselves and don't make it open, as the license doesn't require it"

So clearly, they won't pay you for that, because they paid someone else for that. Doesn't really change the math; you could have been paid for that if they chose you for the job.

"2) They can set it up themselves."

Once again, someone else is being paid for something you could have been paid for if they chose you.

The assertion said that you could attempt to sell further development or setup for money, not that people were guaranteed to provide you with work in that area. There are various services you could provide around an open source codebase, but there are several caveats about those. The primary one is that you would be providing a service that someone else could provide. For example, it would be completely possible for someone else to provide the kind of Linux support for which Red Hat is known. In that case, Red Hat loses. But Red Hat didn't lose, so it clearly works at least some of the time. Meanwhile, I run plenty of code that Red Hat wrote at some point, but I don't pay them for support (using Fedora/Cent OS/other distributions that contain some Red Hat projects, but not using REL). By making their code open source, they accept that some people will be like me, and they realize that this might actually be quite helpful to them later down the line.

"Anyway, the opportunity of making money by developing new features and installing disappear when everybody can obtain and install your software"

Not really. Plenty of people hire open source developers to put another feature in because the developer wasn't already planning to but they are most competent to continue developing on their own codebase. You're correct that there are many other options that don't result in the dev getting money, though. But the opportunity of making money by making people buy the software disappears when you make the software free, too, and we don't complain about that because the dev theoretically realized that when they made that choice.

"you can offer it at far lower prices when you don't have to pay for development also"

This was in the sentence with a discussion about developers, but I presume "you" now means the companies that sell stuff based around the software. And your point is? Lots of people don't pay for everything in their system. The raspberry pi probably would have cost more if they had to pay for development of their own OS to run on it. Instead, they ported Linux, requiring much less code. That resulted in more Linux users, more developers who can contribute code upstream, and a cheaper computer for us. This strikes me as a win-win situation, but your tone above sounds like you took this another way.

Re: Fundamentally flawed model

That was meant as a joke. I'm pretty sure of that. You posted a comment critical of the site, so someone joked that your complaints against it were felt so strongly that you wanted to take it down. Nobody here really thinks you took it down or want to do so.

Re: Hmmm..

I think you've gotten things the wrong way. Fiona didn't claim that she was not responsible, simply that others could also be held responsible and she didn't let that happen. The person who decided to put that file on a production server, which was not Fiona (the article makes that clear) should perhaps not have done a straight copy-paste from development to production. That's not new. Anything sufficiently large has stuff in the development folder that isn't to be released in production, and usually a script or two to try to manage that. I'd argue that these others weren't very responsible, and thus that turning them in would have been a pretty nasty thing to do, but I'd also argue that Fiona did little or nothing wrong and was unfairly attacked for a thing that did no damage and was clearly not intended.

Re: I Like The Idea

Removing that screen doesn't give much space; it's a pretty flat piece. Most of the volume of that area is already taken up with a battery and the chips for the phone. The battery would only be a little bit bigger. Meanwhile, losing the smaller screen means using it with one hand just became completely impossible. Also, I'd rather not hold the unfolded device to my face to make a phone call, though you could theoretically let a user place a call with the device unfolded and then fold it in while talking. Then again, the whole folding and larger screen component already means it's not for me, so I'm probably not the right person to assess your suggestion.

Re: Taxi Drivers Unite

"I think it's time for some market disruption by the drivers,"

I would really like to see that. In many cases, the companies run at least in large part by employees have some major benefits. There are a few cases where they can fall into error, but that's by no means guaranteed.

"they should stump up a little cash each and commission a generic ride booking app that has a simple flat monthly (tax deductable) subscription charge"

That, however, won't work at all. Neither part of that is going to be feasible. Tax deduction only works if the place is a registered charity or nonprofit. There are lots of ways to file as one, but there are usually requirements about working for some specific charitable goal. By most definitions, giving that group more control over what they earn is unlikely to be accepted under the current rules. However, let's assume that either I'm wrong and it is accepted or the law is edited to allow it. The fee still wouldn't be deductible because it'd be considered a purchase, not a donation. Only donations are considered deductible for the purchaser.

As for the subscription, that will fail for pretty much everyone. For many people who don't frequently use the transportation, it won't be worth the average subscription price for the four rides they take a year. Meanwhile, others may get a ride every day, and be profoundly underpaying for that. Worse still, if I have paid for the subscription, nothing keeps me from getting a ride to absolutely everywhere I go, because I've already paid so it's now free. So many more people will be calling rides that there wouldn't be enough drivers to handle the load, yet their revenue wouldn't increase at all. Meanwhile, potential customers would see that it always takes forever to get a ride because all the current customers are using the service five times a day, and they won't sign up. If I have to pay every time I want a ride, I'll probably not take as many, which means there are more available drivers as well as keeping environmental costs down.

Re: Wattage limit

They want to maintain the ability to run in power-restricted environments. Maybe it's also a principle thing as well. But imagine trying to run a raspberry pi powered robot off a USBPD cable rather than a mobile phone power bank. While not that many people use their pi for that, you'll see lots of plans and pictures in raspberry pi media, and it wouldn't be so impressive if it were handicapped by a wall connection. I would also say that a raspberry pi's utility to me has often been its ability to run with relatively little power; if I'm running something nonstop or off something with limited power availability, the pi is my go to solution.

It's not exactly easy to make a completely compatible board. The major problem is the SOC. While it's as open as such parts tend to be (now, that took a while to come to pass), you can't exactly go out and buy one. You could probably go out and get a couple million, but that carries a few financial problems. The rest of the parts are very standard. While you could probably make a board with exactly the same shape but a different processor, there's no guarantee that it will work well with existing raspberry pi disk images. Unfortunately, ARM chips can be like that. Furthermore, when other companies try to copy the pi, they want to distinguish themselves from the pi to get customers. Since the pi already has a pretty narrow profit margin, it's hard to compete with it on price. People can, however, compete on specs. For a while, lots of people complained that the pi didn't have gigabit ethernet. Plenty still complain that it doesn't have a SATA connector on the board. Still others had a massive problem with the single gigabyte of memory on previous iterations. In each case, some place tried to make money by making a similar product with those features, usually at a price point at about 1.5 times that of the raspberry pi. I don't know how successful they were, but plenty of those boards are out there.

"TBH I'm amazed there aren't knock-off Pi-es out there. Is there anything proprietary or custom to them?"

There are plenty of similar products. Many of them are so obviously meant to be like the raspberry pi that they've called themselves "[insert other name of fruit] pi". Some actually have better specs than the raspberry pi. However, they are less popular for many reasons. One reason is that they don't have as much community support, sometimes supporting fewer operating systems or working in an incompatible way. Another reason is that, while they often support similar hardware modifications, they aren't directly compatible with the ones designed for the raspberry pi. A third reason is that these usually don't have a guarantee of continued manufacture or software support, something all pi models have received since they first came out. But if you're looking for other versions, you'll find them thick on the ground.

"They are verging on being usable low-end computers now."

They passed this point for many users quite a while ago. It depends what you're doing on them, but for traditional office tasks, the version 3 was quite capable of the load. If you need a lot of memory, nothing before the pi 4 gave you more than a gigabyte, but plenty of use cases didn't need that. It won't replace the full desktop for the people who need that amount of performance, but it could probably replace many an old one.

"Perhaps an official PiBook (in the vein of the OLPC XO netbooks) might be in the offing?"

The PiTop people did make one of these. I'm hoping some other people will also do so, as I found their one somewhat overpriced and underwhelming. Unfortunately, for the price of their enclosure, you can get a comparable laptop with better battery life, builtin storage, and a slightly faster processor. I'm hoping that people will start to realize the potential of using the pi as the computer for various form factors.

Re: Telecom Companies Rule

You are banking on the speed of light to necessarily generate faster comms. It doesn't. We've had lots of things that used waves traveling at the speed of light to send data back and forth, including nearly every type of radio comms system you could build at the time, and plenty of them were rather slow. The waves move faster through air than through a cable, but what mostly matters is how fast they can be encoded and decoded at the ends. If, for example, the frequencies in use are prone to collisions, that introduces a bunch of latency that wouldn't be there otherwise. Cables don't really have this problem. That's not the only issue either. To illustrate this, consider that modern satellite internet uses the same geostationary orbits that the original ones used, and while latency isn't much improved, bandwidth has been rising rapidly. The electronics have improved; the physics is the same. So just because there are some numbers that look like they make a point, it doesn't necessarily mean they're correct.

In addition, consider how the satellites actually send data. You have to uplink to a satellite. If that satellite isn't in range of the target, it has to send a signal to another one. That might have to happen a number of times before you reach a satellite in the right geographic position, which then downlinks to a ground facility, which uses cable to connect to the host, which then contacts the ground facility with the data, which sends that to the satellite, which has to send the result back to your satellite, and then it arrives at your house. All these factors could introduce latency problems, and some could introduce bandwidth problems. If there isn't a conveniently-located ground facility for your destination, you might end up experiencing most of the cable delay anyway. If you're after a server in a place like Singapore, with a lot of servers and little room for satellite downlink space, you might find that the relatively few satellites there are heavily burdened. A lot of this is difficult to calculate without access to the full documentation that the company has and guessing at part of it. At least, not until it actually goes into service and we can experience it for ourselves. Until then, you might want to think twice before declaring it's definite success with such vigor.

Re: And if Huawei allowed unlocked bootloaders

I was responding to "As long as there are companies and secret services that work with mafia methods, you can't afford such liberties. They would be their downfall if they did." Clearly, I misinterpreted it. I misinterpreted it because what you've clarified sounds a bit crazy. Do you have evidence of someone who actually did that? Because other than overworking the company tech support as they reflash their devices, the criminals doing that wouldn't gain anything at all. You only get to claim a refund if the device is manufactured with defects, not if you've deliberately destroyed it.

You don't see, for example, people throwing phones on the ground then shipping the destroyed remnants back and asking for money, because that wouldn't work. And a locked bootloader doesn't really protect against that in any case, because if you really want to render a device unusable, intentionally uploading a corrupted ROM is a relatively time-intensive and very reversible method, I.E. one of the worst options for available frauds. Furthermore, unless you can point to a place that did this, it's a weird argument to make.

I'm sorry that I gave you credit for an argument you didn't make. I thought you were talking about accessing data or preparing a device for resale, because that's the major undesirable thing that criminals do to phones. I apologize for assuming you also considered this aspect, but I believe we are now on the same page. What book this page is in is another question, but one that can wait.

Re: And if Huawei allowed unlocked bootloaders

I don't understand your comment. Are you alleging that locked bootloaders are there to protect us from criminals and surveillance systems? If you are, that's pretty laughable. People steal phones all the time. Most of the time, they don't care about the data and are perfectly happy to reflash the device and sell it on. Even if they could replace the firmware with something else, the phone's serial numbers, IMEI, etc would still be present so the phone would be just as easy to identify as stolen. They don't need to care about the bootloader, only whatever antitheft mechanism the manufacturer has. A good antitheft mechanism doesn't have to be incompatible with an unlocked bootloader; a solution as easy as "Please enter phone's encryption unlock code before the bootloader starts" would serve perfectly.

As for surveillance states, they really care about the data on the phone. Not the hardware itself, just the data. There are only really two ways they go about getting data from a device:

Method 1: They have a phone, and they want to extract all its data but the data is encrypted. In that case, they don't need to replace the firmware, because doing that would wipe out data they need (either all the user data or at least the key used to extract it). They might try to copy the old firmware so they can retry encryption codes, but the antitheft system I described above would hamper them from doing so.

Method 2: They have a phone briefly, and they want to install malware on it to track a user who will use the device in the future. In this case, the last thing they'll do is to replace the firmware. If anything looks different, they'll be caught and the person they're tracking will dump the device. They'll use the tracking software they can install above the firmware level, which can be deployed much more quickly. In either case, a properly encrypted device will prevent them.

Re: Surely Huawei can just facilitate the user adding these?

This proves my point. You have a phone with the required APIs, and all the apps work. Huawei's phone won't have those. Almost all of the apps from FDroid will work perfectly. Many of the apps on the play store will also work perfectly when sideloaded or retrieved from the store by one of the apps you mentioned. However, if an app uses Play Services or another one of Google's proprietary APIs, and many do, the app won't work when installed. It will install properly, but when you try to launch it, it will reach a point where it crashes or doesn't work properly. In order to fix that, a user has to install the required APIs. These exist, but they're not listed on FDroid or in the Play Store itself as Google thinks they've been shipped as part of the default firmware. So the user will have to look for the APKs online, find the versions that run on their hardware, and install them in the correct order. I have no doubt that, when this phone is released, someone will create those APKs and publish them in a matter of days. Users will just have to find an uninfected copy of those and install them correctly. As I said, it's doable, but not without effort.

Re: Surely Huawei can just facilitate the user adding these?

What you need to consider is that none of the proprietary Google APIs are present, meaning most apps in the play store, along with the play store itself, won't work. You'd have to sideload those APIs first, which is doable, but you have to find versions of them somewhere (they're not on FDroid), then load them in the proper order and with some special requirements. Doable, but not without some technical knowledge and having to trust a source of the packages.

Re: So an android phone without the built in google spyware?

They also cannot preinstall the Facebook app, so you get your wish there. Unfortunately, we have no guarantee that they haven't just replaced the Google and Facebook spyware with spyware from anyone else, whether Huawei or someone else they got money from. Though it's probably at least a little bit more private than what Huawei used to ship, I'm still going to recommend an open source variant like Lineage OS for real, verifiable privacy.

Re: This is more of a problem for Google than for Huawei

It's not a stupid question. Huawei makes a lot of phones for the Chinese market and is making money hand over fist in that market. We all know that. But this Google services cut doesn't really hurt that at all, since China has blocked almost all of Google's services anyway for a decade or more. I'd be concerned that they'd lose market share in China if they dropped AOSP for their own custom and untested OS, but if they stick with effectively the same code as they used before, that's clearly not going to happen.

So the major question is how much it will hurt Huawei's ability to sell their phones overseas, and establishing their current market share in various places is a necessary first step to accurately calculating that. And for some countries, their market share is very low, such that it wouldn't be easy to tell if they've lost many customers. For the record, from statistics I found online, and I'm going to have to trust that the internet has correct data on this, Huawei's market share by country is basically this:

Italy: 24.4%

Russia: 14.1%

France: 13.2%

Mexico: 12%

U.K.: 8.1%

Australia: 7.1%

Japan: 4.3%

Canada: 3.8%

India: ~2%, noted to be falling quickly

U.S.: very low, doesn't show on graph

Brazil: very low, doesn't show on graph

Based on these figures, we can see that it's quite logical to ask about the current market share of Huawei by country. If they lose lots of business in Italy due to the services cut, it's much worse for them than if they lose business in Brazil. Americans probably don't see many Huawei devices when out and about, while Russians probably do. And in addition to the mathematical benefits, it gives us a concept of where Huawei does business and where it has yet to take over. I think the question's well worth the asking.

Re: So..

In many cases, it already does. If you ever try mining on Windows, you'll probably have to whitelist the directory where you put your miner. In fact, Windows Defender even treats the Monero binaries as malware, even though you can't use them to mine, only to transact. But there are fewer traditional antivirus products for Linux, and they're less common, so I don't know if they also treat mining as suspicious.