Posts by doublelayer

Re: Just wait...

A coworker recently wrote a piece of code that had a bit of a problem, and asked for my help debugging it. Its problem was that it tried to allocate about 300GB of memory and didn't check for errors after allocating. In order to debug it, I had to receive it. I think that guy is now guilty of various heinous crimes for sending me his diabolical malware which would have totally destroyed ... well temporarily disabled ... well made me press control C on a whole debugger session had I run it rather than just reading it. It's clearly a lot worse than what this person did. Which law enforcement office do I report him to, and how many decades in prison is he going to get?

Re: BYOE

I prefer having the IFEs, not because I find their features useful (I've never used one), but simply because they usually have the ability to charge USB devices. This can be quite useful after the laptop battery or book didn't last as long as you wanted and you're stuck with your phone for the rest of the flight. Otherwise, you always have to save enough power in the phone battery because you know you'll need it to get navigation or transportation when you land.

Re: RE: I'd be a lot less emotionally distressed after than before

Not only that, but this effectively deletes a large chunk of his employment experience. If the company that he wants to apply to sees that he has previously shown ethics and has a problem with that, he won't be hired there. Meanwhile, he won't be getting any references from that company even as most companies want to see references from the most recent employers. Depending how long he was employed there, he may find it significantly harder to find employment, and that's if the company doesn't have a method of putting him on a blacklist. If they do have that ability, he may not get another job for a long time or without making a significant upheaval. That would give me a lot of emotional distress.

Re: Don’t you love monopolies?

Why, nothing of course. You see, as the market share of our wonderful rendering system increases, people are showing that they acknowledge that we provide the best, fastest, most secure, and most open engine available. We gladly extend our code to anyone, which is why we have made the Chromium™ engine completely open source and offer it to any user or company out there. We also offer all our services that are built into the Chromium™ engine and can't be removed without tearing the codebase apart to these companies, no questions asked except sometimes when they will need some API keys to distinguish them, but that's clearly a normal and justified thing to do with open source code.

With more and more people using the engine, any potential problems such as a framework that allows extensions that users install knowingly being able to block some parts of their traffic (yes, I know, but it happened) can be fixed extremely quickly. We aren't saying that it will be free of defects, but it will be better than the other options out there because it was developed with a very Googly mindset. We'll have so much data about everything that happens that we can find any risks to users' security or privacy and fix them immediately. We confidently expect that, in the next few years, the market share of our major competitors such as Gecko and WebKit will decrease to zero as competing browsers, which we totally support by the way, realize the superiority of this engine.

Google autocomment software, version 38.159.2581003.627501869274030461957286834

Well, we had to do something useful with our extra programmer-hours, didn't we? Like all google services, this autocomment software is completely open source. You can use it by getting an API key from Google's developer program and calling the three functions available in that interface. That's what open source means, isn't it?

Re: Thank goodness Bitcoin is there to stick it to The Man, right ?

These people weren't trying to use bitcoin or any other cryptocurrency as a currency, which was its original goal. They simply wanted to jump on the bandwagon of thinking it would soar in value once again because blockchain, which sounds technical and people like to talk about on TV. They probably didn't have any specific distrust of government, unlike those who want to replace fiat currencies with cryptocurrencies, for whom trust is a very different issue. Those two groups must really hate one another.

GDPR came into force almost a year ago. They're subject to it now, and it requires them. That is assuming their contract doesn't say something about account closure, which many do in order to indemnify the company when they delete users' data after accounts are closed.

Once again, blame is not the correct way to deal with an account compromise. Whether the password was bad or not, the client did not take an action with the intent of allowing an attacker in. Yes, there are good practices that would have helped here, but not following every good practice does not automatically make any problem someone's fault.

In that case, I could come to your house, find a place where you have been too lax with your security, and blame you for the fact that I broke in. Should I do that, the blame for breaking in belongs only to me. Good practices mean that it is less likely that I'll be able or inclined to break in, and as such benefit you because you don't have to involve law enforcement. You may have entered a contract with an insurance provider that requires you to follow certain practices in order to get benefits. Still, I am not rendered innocent if you forgot to lock your door.

Re: If nothing else ...

I think that, in most cases, the problem getting old code to run on something newer is all the old libraries it thinks it should be using that don't work the same, or exist, as they did so long ago. This wouldn't be able to help with that. It might be able to do some things, like taking a binary and making it run on a different architecture, but it's probably a lot more limited than we'd like.

More explanation is required for that statement. We all know about the biometrics problem (can't change them, you carry them with you where people can steal copies, etc.). Those don't apply to 2FA. So what are the problems you're referring to and what are the "simpler, more reliable ways" to fix it?

Re: Terrorists rolling their own crypt

Also, that may confuse cryptography with cryptographic systems. Rolling your own cryptography nearly guarantees that you will make a stupid mistake and your crypto will be broken a lot faster than you thought. Using someone else's crypto that is proven to work but changing the container format and/or transmission protocol means that the people attempting to read your communications will have to pick both of those apart before they can start to crack the key. It prevents them from having a pre-built module for it that they can set going, and you're still using a proven algorithm.

Re: There's really no need to panic over this.....

I agree that they haven't been a major problem yet. However, there is a place where you don't have that clear a boundary. Case one is on a VM host, where one VM can run its own code and take memory from another VM. You can't block the malicious VM from running code, and you will have sensitive data in memory at some point even if it is only authentication data. The drive-by access by javascript is possible too, but requires more knowledge of the system, so is unlikely as you say. Another possibility is that access to certain parts of memory that are rightly removed from your segment may allow privilege escalation. I don't know where they are or how hard it is to use them, and I don't think people are finding that yet, but if we left them unpatched, it might be worth criminals' time to find out.

Re: Monero Hard Fork

I didn't say I agreed with it. In fact, I think it's a shortsighted addition. Still, it's important to characterize it properly. Unlike forks of cryptocurrency projects which cause people to lose value or get confused as to how to use it, monero's "hard forks" do not affect existing currency unless it changes in value as a response (it's massive decline over the past few months was not related to the recent fork, but instead because people have started to realize that long numbers with bunches of zeros are not really worth very much). The mining process is the only thing that is changed, for good or ill. Ill, by the way, by most reckonings.

Re: whats this crap?

Original: "For example, it sees no problem with kidnapping foreign nationals to serve as pawns in diplomacy."

Reply: "China or America are we talking about?"

China. Definitely China. The Huawei thing is a different story where there isn't a clear difference, but I don't remember anyone being kidnapped simply to show that a Western country isn't happy. The Canadians arrest a person for which there is an extradition request. They didn't immediately extradite them, they are putting that through their legal system and are also handling the legal complaint by said person through their local legal system. Meanwhile, China takes a Canadian hostage for no reason. They did not accuse that person of a crime, they did not charge them, they were not complying with a legal request of another country in international law. One country is performing their normal legal process, the other thinks that detaining people for no reason is a legitimate diplomatic tactic. Don't support that by pretending they're the same.

Re: "state hackers weren't smart enough for false flags"

They wouldn't really want to hide unless they had something new and didn't want extra attention, I.E. not what happened here. However, someone else might want to disguise themselves as North Korea, simply because it means tracking down the real them is harder. That was the risk in a false flag. Russia's attack on the olympics in 2018 was disguised to appear North Korean, and you could see a criminal group doing so as well for extra security against attribution, whether they end up getting that or not.

And this plays right into the ideal strategy to collect children and adolescents. They have a lot of time and nothing else. A little money seems like and possibly is a big deal to them, so they're willing to go through the effort of setting up something in order to get it. They haven't had the experience to know when they're being targeted maliciously. They don't have the technical knowledge to understand what kind of data they've just given away nor what can be done with it. I would not be surprised to hear that even more than 18% of these were adolescents; Facebook created a system virtually guaranteed to bring them all running.

Re: Does anyone bother with Windows anymore ?

Yes, people are using it. Whether it's a good idea or not, a lot of places that I've seen are so connected to windows for various reasons that they are not going to switch. These aren't the people who need specialized software, either. Usually, they simply don't have the resources or will to switch their processes to mac OS and buy macs for everyone and don't want to try the Linux desktop thing. Some of them stick with windows 7, but it is going to run out of security patches, which frightens them. Also, they usually get machines by obtaining whatever is cheapest when a new one is needed, and many of those come with windows 10 already on them. The result is that plenty of people and businesses are now using windows 10, problems or not. Given that this is a beta version, problems seen in it are not going to change their minds. I've seen a bit of sway when some windows 10 bug hits them and disrupts something, but they know it will take some time to switch all their users to something else, so they stick with inertia and don't.

Re: Too easy to fix

Captcha, maybe*, but not old browsers. Bots may identify themselves as an old browser because their devs are lazy, but it's a five second fix to change the hard-coded user agent and run again. A user who hasn't updated their browser because they aren't sure how or like the older one better will have to spend much longer getting that fixed, and the tickets will have sold out.

* Can anyone build a captcha that works for users? The only one that I see all over the place is Google's, and it frequently accuses me of sending automated queries (I am not). Also, it has a lot of scripts that are very inefficient.

Re: Defective laptops

"You can read on an eink screen."

Granted. That's useful, while reading static text. That is fine. However, you can't easily read dynamic text, like fast-printing console output, without delays and the mandatory use of the less command. Sure, we use it all the time anyway, but the screen would be less fluid and more annoying.

"Why should I want video or colors?"

Because the world has decided that those things will exist. Some status things will display important information by changing icons and colors rather than changing text. I would rather they didn't, and it sounds like you agree, but a laptop might be called upon to do that. It also helps if someone wants you to look at a diagram, E.G. of a system they want you to work on or build. They may have used colors, which may be important to them. "My machine will last ten times as long as yours does" is not a useful explanation for why you can't see their document. For that matter, they may have used video as well to explain their point, whether relevant or not.

"I expect a laptop to be a mobile device."

They are, and they will run for a while. However, your concept, mainly the screen on your concept, removes some of the features of a laptop in the interest of power. It's useful to know what you'll lose by doing that, especially as people who just see a laptop will assume you have the capabilities your model has jettisoned. That's why I would prefer a laptop with a lower-power processor and a normal screen that is designed to be powered dynamically (E.G. a low-power low-brightness mode rather than a small saving from brightness reduction).

I would not want to use your idea. That doesn't mean that it wouldn't work for you, but I think it's important to recognize that a scaled-up kindle can't simply take the place of a laptop in all cases. My suggestions are that you get a laptop with lower power draw and a larger battery, or use a device that is designed for longer battery life. Your use case of reading text and writing on a keyboard actually sounds like a kindle would be sufficient for it. Either way, know what your hybrid product will be able and unable to do.

Re: fetishisable glass slab

Thanks for the suggestions. It does not have an IR blaster and nobody bought it when I put it up online, possibly because it isn't a well-known brand. It does run a snapdragon, so I'll look at the process of porting lineage or sailfish to it. It's been a while since I thought about porting a mobile ROM to a device because the experience was so terrible last time (and didn't work after the chaos). Maybe that has improved. I really hate throwing away working electronics that seem to have the capacity for modern workloads, but it sometimes leaves me with piles of stuff left by others who lack that inhibition.

Re: Not to worry only the State is likely to use this

The point is that you need to know where the person is (roughly, what set of towers) at a specific time and also their identification data for the cell network. Let's assume the government, Google, and organized crime are all after you and are maximally malicious.

Government: Does not need to use this. They can get all the information from mobile providers or their own more sophisticated hardware. Situation unchanged.

Google: If using an android device, they could have the data already. If not, they could attack others' devices in your area to do a scan for your device. They do not need to establish this type of infrastructure when they already have some they could take over if they really were maximally malicious. Situation unchanged.

Organized crime: They could perhaps use this, but they'd need a lot of technical information that is hard to get and a lot of hardware that is tricky to obtain and use. They probably would except they already have a perfectly good way to send a person to your general location and follow you. That's much cheaper, so they'd do that instead.

Probably. However, since they are very cheap, and unlikely to fail immediately, you could get a lot of semi-reliable storage in a portable case. The RAID approach prevents a failure of one or two cards causing the loss of data, and they're straightforward to replace. I would not suggest it for internal data storage, but it could be useful for backup or for those who need a great deal of data on them.

The main alternative is a portable mechanical hard drive. This would probably offer a lot of benefits, but it is a single unit with no redundancy, and if the controller fails, it may not be feasible to recover data unless the drive can easily be disassembled to get at the disk. This idea wouldn't be worth a ton to me, but I'd be interested and would possibly buy one if the price was right.

Re: Editorial question

Not mutually exclusive sets. In many cases, the PS attacks were run on an insecure public-facing system. Sometimes, the PS attack was run on credentials obtained from a phishing attack. The 57% is the number you are looking for.

Re: re: Tech giants hate this...

I'm not holding out hope that a company will always be on my side. I am hoping that a company, Apple in this case, will be on my side for unrelated reasons long enough for the protection to be made law. After that, if they switch their view, we could use the same law against them. For now, they're an ally and one I'm glad to have.

Re: You know, screw that...

False statements can cause share prices to change, cheating people out of money. For example, the original statement of a plan to buy stock would, if believed, increase the share price. If untrue, this means someone can manipulate a share price for personal profit reasons. The proper legal system agreed with this conclusion at the time.

This is not an issue of free speech. He is not being imprisoned because he is not allowed to say what he did. He said and signed a legal agreement affirming that he would run these statements past a set of lawyers, and he didn't. If you would like to argue that the statement wasn't false, the statement could not cause a change in share prices, or the statement was not in the scope of the original agreement, you can argue that the complaint is wrong. Whatever your view on that issue, argue about what is at issue. Know what free speech is and what it isn't.