Posts by doublelayer

I'm not saying there is a good reason for complete immersion for a while, but two points are, in my opinion, valid:

First, people might really like the guarantee of water resistance if they think they might run into a water-related accident that could kill their phone. I've had that happen before--I was asked by a friend who was away to ensure a filter was running on a swimming pool they managed as they were trying to sell that house, and I slightly missed the edge as I stepped over. My phone did not survive the two seconds of immersion. If I thought that would happen again, I'd get a phone likely to survive. The same could be true of people who go out on boats for a while, people who frequently use their phone outdoors (E.G. navigation) when there are puddles about, or people who worry about being caught in the rain.

Second, Samsung said their phones were waterproof, and showed examples which were wrong. It doesn't matter if we don't really think the uses of the phones are worthwhile if they were intentionally misleading people about it. If I make a drill and say you can drill through stone with it, you better be able to drill through stone with it or I have been misleading. It's not enough to say "Anyone really wanting to drill into stone would get a more professional tool. They should only be using a drill like that on wood." I said it in an advertisement, and fortunately that's one point where it's not legal for me or anyone else to lie.

Re: Since Google invented it

You're missing the point. "Google invented search" means that Google invented an algorithm or rather a set of algorithms they used to create a search engine that was better than the others at the time and is still good today. Of course they didn't invent the concept of searching resources. Similarly, Gutenberg invented a useful form of printing press, but didn't invent the concept of printing or the printing press as a type of product. Arguing that he gets the credit for stuff that existed before him would be weird, but so would be attempting to deny him the credit for developing a technology that proved to be a very successful and influential implementation.

Re: @heyrick - Sounds like a bored dev is trying to make a name for himself

If you buy something with terms that say you now own that thing and the original owner agrees, then you own the thing. After that, it's your thing to use as you see fit unless you choose to sell or give it to someone else. For example, Apple wanted a new OS in the late 1990s, so they looked around to find someone who had an OS, which they found. They then bought that one and used it to make OS X. Before Apple bought it, it was the work and property of NeXT and it was nothing to do with Apple. After Apple bought it, it was the work of NeXT and the property of Apple, and after pretty much the same engineers who worked on it at NeXT did some work on it for Apple, it was the work of Apple. If I write some code and then you join my team and we both work on it, the final product is the result of both of our endeavors and we both get the credit. If you pay me to join my team, I still get credit if I did stuff. If you pay me for the rights to the software I had a lot of credit for with the clear idea that you get the IP and rights to sell, then you can decide how it will be sold, including what the price will be, how you'll advertise it, and what name you use.

Even if we could magically decentralize CloudFlare and make people write nice HTML or at least store their own scripts, the internet wouldn't be a lot less fragile. The reason for that is that there are very few places that process all our traffic. There's only one line leading to your house that actually works, but that's a short length that isn't the main issue. The issue is that there's only one line that connects your ISP's local unit to whatever center they have for sending it out of local, and only a few lines (or maybe just one) connecting large areas to other large areas. What happens when cables stop working? Large parts of the internet lose connectivity. Routing around that kind of damage requires a web of lines, but a lot of the world operates on chains of lines instead. It's hopeless; the internet can't really route around damage. We just put our systems in lots of parts so we can weather most small disconnects and otherwise we're hoping nothing really bad happens.

Re: But... why?

I think it was probably something like 2400:xxxx:.../12, I.E. a more specific address that then got truncated by the typo. For example in IPV4, if someone did 12.34.56.78/8, some programs would just assume that to mean 12.0.0.0/8.

Re: Desert Solar Power ?

Rooftop solar panels, while they can power a house, would not be at all powerful enough to take the load of a cloud provider's datacenter. They could put a bunch of solar panels on the ground elsewhere, but they probably won't. However, as such a sunny state, there are quite a few people with solar panels connected to the grid supplying solar power at certain points. Nevada is one of the best states in America for renewable energy.

For a source, see this chart with data from 2017 (it seems from a quick search that solar use has been climbing since then). While the sorting (I did the without hydro option) makes it look like Nevada is actually not as great, its proportion of solar/wind to total is about the same as most of the ones that look to be ranked higher. Depending on which column you use, it looks bad not because Nevada isn't working but because they don't have much hydroelectric power and they're not as big as some other sunny states like California.

I don't mean to assign any credit for this to Google, but if they're going to put a datacenter somewhere, this isn't the worst state from the perspective of environmental impact of attaching to the grid.

Re: Expensive concerts...

The latest IoT isn't usually on something modern either. Usually, your choices are some version of Linux grabbed by the devs at random before they started coding the app, a version of Android grabbed by the engineers from the "tried and tested" AKA "at least two versions behind" group before they started building the prototype, or a custom lightweight OS that they paid an arm and a leg for and never actually gets security updates, but as long as it's not running the grid people won't bother to try to hack.

Re: Things that breed ... things that heal

There are always those things that you expect to break but yet somehow hold on for a very long time. I was given a thermometer at one point, the kind that measures the temperature outside with a probe. It was clearly made as cheaply as possible, with lots of parts that really felt like they would fall off if you pushed hard enough. I put this on my window from which I was constantly knocking it, but it withstood very frequent falls to the floor without ever losing a piece. It also managed to last about twelve years on a set of batteries. It's still going strong, despite my firm belief when I got it in 2003 or so that it wouldn't last until 2004.

I don't think these are backdoors, the Chinese military is better than that, but let's look at a few possibilities in general.

If I want to embed a backdoor into something but not get caught, I have a few options. I could do the standard hard-coded credential backdoor. This has to go unnoticed by the public. If it is seen, it can be tracked to me depending on how much the company wants to protect me. A patch will be demanded to remove the credential, and after that's installed, I'm stuck. I might instead choose to use some libraries I know I can break into. I'd use the latest version with the vulnerability I want, and I'd probably leave a few different ones open. I'd make the access mechanism complex so people can't easily stumble on the way in, but this mechanism lets me have deniability because I can play the "incompetence and not malice" card. It also lets me patch one of my vulnerabilities and maybe get away with leaving another one open. It does take more programming skill to implement this well.

That's how backdoors work. The reason I don't think these are deliberate is because coding standards are so bad. If they were in the middle, I'd have some suspicion, but nobody needs openSSL from 1999 to get a backdoor and that's just calling attention to problems. However, there's one more thing to consider.

If you were the Chinese government, and you wanted a backdoor in Huawei equipment, and the company didn't already have one for you and wasn't planning one for you, what would you do? This would be my plan: I'd get a PLA programmer employed at Huawei. The person I chose would be very skilled and knowledgeable about the type of equipment. If possible, I'd train them on Huawei source code, to which I assume the Chinese government has easy access from a government contract or having broken Huawei's corporate security. This person would then insert some carefully crafted vulnerabilities into the code for the devices. Nobody will notice internally; they're letting obviously insecure libraries through. When libraries are updated, this code can remain for quite a while, being disguised by the unintentional vulns left in by poor coding. This would also be harder to detect because so much focus is being placed on understanding all the rest of the codebase that my relatively small addition can last a while without being questioned.

Re: AVG FREE ANTIVIRUS, I AM LOOKING AT YOU.

How about this one that happened to me just a few months ago. My father (he's not reading this, so I can safely call him nontechnical) wants to do something his laptop can't do right now. I find him a good piece of freeware (in this case true free software with code on github, score) that does that. Knowing how search engines work, I give him the address to type in over the phone, no fooling me. The site looks nice and clean, with only one link saying download, so all I have to do is get him to select the x64 instead of the x86 and we're done and I can show him how to use it. The problem is that I have an ad blocker and he doesn't. He clicked on a download link and installed the thing it auto-downloaded (fortunately not malware but definitely not the thing I had in mind). I got him to run a defender scan just in case and removed the unwanted application with extreme prejudice next time I was near. Ads allow people to infect good sites with their nastiness; this is why we need to block them.

Re: So EE can't now tell its customers to upgrade to a cheaper plan if they've opted out?

It's a marketing message. Even if it would be a thing I'm interested in, it's marketing. If I stopped you on the street today and said I was selling laptops for any piece of scrap paper (always assuming I was being honest), I'd be marketing to you even though you would probably see how many pieces of paper you could find in your bag. This is the deal with advertising. Sometimes, it actually tells people about things they decide they want. Sometimes, it is an annoying intrusion. Those two sets aren't necessarily mutually distinct. This is why we have things like opt out/in methods for customers to tell places whether they want to see the ads; I have opted in to some communications and opted out to others because I've decided what I want to see.

And there doesn't technically have to be. Firefox supports it, but you can use any DoH server you please by changing the config. I've suggested running a system-wide DoH client that performs requests for applications that communicate with it locally. However, I wouldn't expect Chrome to make this easy to change.

That's unlikely. If he was killed by someone else, they would have had to go to a lot of trouble to get the death ruled natural. His business partners and family members, those who are having property taken to make up the debt, would announce immediately if there were any suspicious parts of the death so they could delay or even prevent their property being seized under the theory that whoever was responsible for his death could also have stolen the money. Since they're not doing that, this leaves only two logical options: 1) he actually did die and you figure out the details that make that work or 2) he stole the money and faked the death, and the company either knows about it or have given up on being able to catch him.

While the first option is possible in that he could have lost the money through some other means and then died coincidentally, possibly aided by stress after losing all the money, the second option is a lot more logical, especially with the small number of large withdrawals as described.

Re: Yay!

I can't really agree with a zero and a 4 being the only models. The zero is great for its use cases as a controller for hardware, battery-powered machine, or headless WiFi device, but it's pretty much useless for everything else. It can't so easily be used for education because the price in getting its weird HDMI (that mini one that is between standard and the small one people decided to use) to connect to a school monitor and the USB OTG cable and hub to get input devices makes it more practical to just use the standard pi for that. The compute module helps people build stuff with the pi, which encourages open source development and helps support the foundation as well.

Re: Good reason

I can see only two times when a factory reset of a light bulb would be desirable. The first is when ownership over the bulb is about to be transferred. Given that we're talking about cheap light bulbs and not phones or computers, that seems relatively unlikely, although the app reset mechanism would work just fine in this scenario. The second and in my mind more likely situation is that the bulb is not working properly and does not respond to app commands to reset, resync, or reconfigure. In this case, the app can send out its code all it likes and the bulb might easily ignore the reset code because it's broken. The software needed to receive the code is more complex because it has to run the bluetooth receiver and properly decode the result. A simple program in the bootloader that responds to power on/off can run at a lower level, just as a physical reset button could. These options circumvent the problem of a software stack that might break too often. They also introduce the difficulty of flipping switches or removing bulbs from sockets. It's a game of tradeoffs.

Re: AI database

Alternate suggestion: don't store them at all. Not in Google's database, not in a normal personal database, not in your whatever-it-may-be database, nowhere.

Re: @Splurg The Barbarian - No, no, no, no, no!

But this requires a large amount of user buy-in. If a hundred users start spamming voice assistant things on average once a day, it will be nothing at all compared with the millions of users actually saying real things. Even if we scale it up to a thousand people and twenty times a day, it's still a drop in the bucket. That's one thing neural networks are useful for. We'd need a lot more junk data. If we try to automate it by recording specific things, they won't have to bother with the algorithm; they simply find the weirdest spikes in the data and delete that from the dataset, if they don't find the recording of "Alexa" or "OK Google" being used and program the units to stop recognizing it.

Re: So what is the blockchain for?

I believe this transcript I stole from Facebook will make the point of blockchain clear:

PR Exec [name redacted]: "We have heard some concerns about the privacy and integrity of our new currency. We'd first like to tell you how we're ensuring that money can't disappear from users' accounts. You may have heard of the revolutionary technology blockchain. This technology is used to ensure the integrity of data, like how much money each user has, even when those users don't necessarily trust one another. You don't have to trust us; the blockchain will keep people from doing anything at all to your data without your specific approval."

Extremely high-level executive [name redacted]: "How will you handle it if they notice you've not answered the privacy question?"

PR Exec: "Standard boiler plate, failing that I just threaten them with their blackmail file."

EHL Exec: "Oh, by the way, how much of the blockchain do we control?"

Tech Exec [name redacted]: "100%, sir."

EHL Exec: "So we could in fact delete all the money in about how long?"

Tech Exec: "It's a big button on the main page. Takes about two seconds to propagate. After all, we have a lot of money to spend on reliable systems for things that matter."

EHL Exec: "What if it goes down?"

Tech Exec: "That doesn't go down. It's not low-importance like all the rest of the services."

EHL Exec: "Well done. You can leave now."

[Sound of door opening and closing]

[Silence lasts eight seconds]

EHL Exec: [maniacal laughter, see recording] [Transcriber's note: If listening to recording, mental health services are recommended, contact transcriber for further details]

My family bought a smart TV, and quickly realized that they did not want any of its smart capabilities. It has been told to forget the network, the WiFi credentials were changed, and I added a firewall rule to block any packets coming from the TV's MAC address in case it has the smarts to read my mind and guess the new password. It has been relegated to a simple panel with an unused processor somewhere in it.

Re: Can someone tell me why Venmo is a thing?

As for why it's a thing, the various problems with cash have been noted. One could write checks, and that would work most of the time, except that people in general seem to dislike them and prefer paying by card. Venmo provides a method for people to use payment cards to pay individuals. Whether that's important depends on the local alternatives, but the success of Venmo even though it charges a small fee per transaction shows that it provides a service useful for some.

As for why it's public, I have no earthly idea. I didn't think that was the case. It seemed really stupid to me, with no perceivable benefit and requiring the Venmo people to spend a little time on a public interface for viewing them. No idea whatsoever who made that decision and what exactly is wrong with them.

Re: What's it Good For?

Nobody's arguing that it should be shut down. That'd be crazy. However, this site falls into a valley where on-device random number generation is insufficient and where this site would introduce security problems. There are probably a few places that need that degree of entropy, but many of them may have gotten a temperature, static (cosmic radiation), or even human-fed (times of typing or something like that) source. By all means use it if it's needed, but I doubt that people will be rushing out to do so en mass.

Re: Some weird comments on here...

I don't think it's a good thing. I wouldn't be eager to do it. Yet I'm a little proud that I have done it and succeeded. When I was first required to work that long, it felt very difficult. Knowing that I didn't fail under that stress is at least a bit positive, even if I don't want to repeat the experience. Thinking this also lets me take an unpleasant part of my history and use it to my benefit.

Re: Missing the point

"Surely it's up to the consumer/viewer to say "I've seen a video showing X said Y" and not "X said Y". Isn't "don't believe what you see on the internet" a thing still too?"

But that's not good enough. It's well and good if I know something's false, but if someone else believes it, I can still get hurt. Suppose someone is angry at me and makes a fake video of me plotting a crime. I clearly know it isn't true. However, I need my boss to know that as well so I keep a job. I need my neighbor to know that as well so they don't call the police on me. I'd prefer that my friends and family know that so I don't lose their company. When a lie believed by someone else can cause problems for others, it's not enough to say that people should just come to their own conclusions. If something can be done to support the objective truth (I'm not sure there is such a thing, but if), it should be considered quite strongly.

Re: EVERY SINGLE SEARCH RESULT was for a frigging VIDEO.

I doubt it. Reading will still be useful for things like signage or searching through things (skimming isn't so useful when being read to). It also allows reading more privately, as one has to have headphones to listen privately but just has to block their screen to read privately. In addition, it requires those with sight, the vast majority of people, to entirely change their workflow to stop using their primary sense. I wouldn't count on that happening.

Re: Scoff not

I would argue that two points are simultaneously correct:

point 1: IT people tend to be more dismissive of users than they should,

point 2: IT people have very good reasons to be dismissive of some users.

I've seen both sides, as I'm sure have most others reading these comments. I've seen the IT people who think they know a lot more than they do and think everyone else is an idiot. I've also seen the users who don't know anything and refuse to do anything these IT idiots have suggested. It can often be tempting to ignore one point by focusing excessively on another, but that doesn't help. If you lean to hard on the stupid users, you don't treat the large set of users who have problems, don't know how to solve them, and need and rely the help of IT to keep things going with the respect they deserve. If you lean to hard on IT having an arrogance problem, you end up trying to be nice as opposed to efficient. While the people who actually fall into the "stupid user" group might feel happier at the end, the people who really need IT's help probably aren't getting it. Once again, they lose.

Something should be done about users who waste the time of the IT people. IT people need to respect users more. I think this applies to pretty much every profession.