Posts by doublelayer

Re: If only there was a way to run a separate process...

This is not buffer escape or unwitting execution. It's not even poisoning instructions, which is kind of like what you're describing*. It's programmatic copying and pasting text. The bot's being told to read documentation and glean instructions from it, then execute those if they're safe. No level of separation is going to prevent it from executing stuff in that. That makes it inherently dangerous and, since the checks intending to find malicious instructions and not run them are also LLM commands, dangerous in a way that's not easy to fix. The user is intentionally allowing a program to fetch and run things from untrusted locations and it goes about as well as you'd think it would.

* Poisoning instructions is when a user executes a prompt in an LLM like "Summarize this text", and the text contains other instructions which the LLM ends up executing. That can be argued as an example of what you're describing, although since the LLM has no concept of separate instructions and data, that's also difficult to prevent. That's not happening in this case because the only instructions the LLM is executing are those it was given. It just happens that the instructions it was given are foolhardy and the protections designed to block the biggest disasters aren't big enough (and likely can never be).

Re: Thunderbird for the win

"How many people realise all their private stuff is on "Someone else's Server"?"

I hope it's anyone who is choosing to use POP3, because all your private stuff is still on someone else's server. That's how email servers work unless you run them yourself. If you don't trust the someone else, you should be careful what you do with their server whether you use IMAP or POP3 to talk to it. Both protocols can be used to permanently erase mail from the server, but it was there in the first place, so if some server was being untrustworthy and keeping copies, they could do that as easily no matter which protocol was used.

Re: Thunderbird for the win

I suppose if that's what you want, then that's the protocol for you. I don't understand why you want that and I know most others don't want that, which is why IMAP is the default for almost everybody. I was glad to leave POP3 behind decades ago because it would do the things you are describing. I had to either handle every email on the device that first saw it or delete every email from multiple computers because they couldn't sync the fact that I don't want to see this message anymore. Because I leave deleted mail in a folder, using IMAP also meant I did have a full archive of old mail rather than each machine's individual subsets of deleted mail.

With IMAP, there is a local file storing the state of your mail folders, but it will, unless you configure otherwise, update itself from the server's state. If your server is deleting things without your permission, it seems like fixing the server so it doesn't do that is the more effective strategy.

Re: An email server on my andriod

You can do that. It's not really that hard to run the software on a phone. What's hard is running the software in a way that isn't a huge pain for everyone involved.

Your phone moves from one network to another regularly. People need the address of the server to send mail to it. That means you'll need to do extra work to keep associating your name with the new address of your phone, except that most of the networks you'll be on won't give you a public address because NAT, so having a DDNS system will just let anyone track your general location but they still can't send you mail. It also means that, when your phone runs out of battery or you're in a place with bad signal or you need to turn on airplane mode, then email can't be delivered to you and will time out on the sender's system.

Re: Sorry, unless you ruin your own email server (somewhere)

And you can have your own domain and still use Google for that with GSuite if you want. It does appear more professional to do so rather than to ask people to send what might be sensitive personal or financial information to mybusiness@gmail.com. They might be running it equally unprofessionally behind the domain name, so just because they've chosen to connect a more normal mail system doesn't prove anything, but if they're operating from a single, likely shared inbox, it does prove a few gaps exist.

Re: Thunderbird for the win

Where does this conflation of IMAP with Google or with this decision come from? IMAP does none of what you're accusing it of. It exists to make email work more normally when more than one device is in use so that they share state. It's entirely unrelated to this. Google could import mail with IMAP too, but evidently they chose not to write that and dropped the feature rather than change it, meaning they're not even using the protocol you're accusing them of abusing, at least not in the place this article is talking about.

Re: IMAP4 Was Originally Published in Dec 1994.

IMAP does download email from the server and let you control it. You have the choice not to and only use the server's copy, but no mail client does that by default. Your argument works against webmail, but not against IMAP.

Re: IMAP4 Was Originally Published in Dec 1994.

Your argument can never end. They think the example in the article was a niche use case with few users. What from the article indicates otherwise, since that's an opinion? The only thing likely to convince one of you that the problem is bigger or smaller than expected is statistics on user count and purposes, and the article indeed lacks those because Google is the only one who could provide the former and hasn't done so. Until then, you'll end up arguing over the one anecdote from the article or your own assumptions to try to decide how important this feature was to those who used it.

Re: POP3S

This is GMail connecting to other people, not running the service themselves. If the other people don't operate POP3S, then they can't use it. I'm not sure what the people using this feature are connecting to, but older services still recommending POP3 probably didn't set up and run a POP3S path. However we judge Google's decision, we can't propose something as a solution if Google couldn't use it in practice.

Re: Ground Stations?

I already described the inter-satellite option in my post, and I described why that isn't enough, because if a lot of Venezuelans signed up for this, they would saturate those links. The question is whether there are enough ground stations in Colombia that Venezuela's traffic can be handled without the need to install more which could take a while. A single user's speed test does not demonstrate that. I'm sure Starlink has plenty of analysis of this already and will deal with it if they ever properly expand into Venezuela.

True, but unless they get a move on, that won't make the free credits available to anyone because those expire in less than a month. If Starlink gets fully licensed to operate on February 4th, then nobody gets to have those credits. I don't think Starlink is the primary goal of any of the people who are or claim to be in control of Venezuela, and licensing, even abnormally, takes a while.

What does their desire have to do with whether the service is available in those places in practice? The article's point was not whether Starlink in Venezuela is good or bad but whether it is actually there, which it mostly isn't. Its availability in any of the countries you name depends mostly on the number of people with access to dishes and whether they are able to operate them, and Spacex's willingness to exaggerate makes that harder to know, even though Spacex could provide exact statistics on the number of users they have in those countries any time they wanted.

Calling out hyperbole or dishonesty is not the same as opposing a technology or a specific product. Pretending that they are makes your counterarguments pointless and suggests you don't have an argument about what the article was talking about.

Re: Ground Stations?

That's not true; a ground station at the same latitude but the opposite side of the planet, so in this case somewhere in the Philippines, is not available to a satellite over Venezuela. There is a limit on which ground stations a satellite can successfully transmit to. The orbits are not parallel with lines of latitude, nor are their connections to ground stations anywhere on the orbital path.

In practice, they can use other stations by communicating between satellites, meaning that they can also use stations at latitudes or longitudes the original satellite can't reach. That slows down the connection, which is one reason to ask about the availability of local ground stations to minimize inter-satellite traffic.

"You're confused that people are rewarded for their work? The people who pay for the full version are subsidizing your free version."

You have misunderstood. The decision was between a commercial piece of software which definitely has a feature or an open source and thus free* alternative that might, but it takes experimentation to find out what features it has and whether they work. I do start with the open option because it's free to check whether it can do what I want, though I'm fine going to a commercial option if it turns out the answer is no. If the open option does work and I use it a lot, I may donate to its authors because I believe writers of software, whether proprietary or open source, do deserve compensation for the value they create. The decision is almost never between two options created by the same people.

What I find confusing is people who hear that there is software that is probably able to do what they want and comes without the need for payment, data collection, etc, but nonetheless choose not to try it to see if it can work. For example, I've known people who were annoyed that the version of Microsoft Office they bought is no longer working and ask me to help find them a cheap replacement license. I suggest LibreOffice might be worth a try. If they tried it and it didn't do something they want or they found it hard to learn, fair enough, but when they don't bother and tell me to buy Microsoft Office, I don't understand why they couldn't give it a go. I still find them what they asked for, though.

* Theoretically there can be open source software that requests payment, but because of the license conditions, they can't stop people from removing that part so it's rare and easily ignored.

You are entirely correct about the answer to that question, but that's not the set of options users generally get. Here are more likely questions, each of which users face individually for different programs or services:

1. Would you like to pay $x for a permanent license to this program or $x/4 per year? Users decide based on an assumption of how long they'll need this thing.

2. Would you like to pay $x/year for this software or nothing for a version that doesn't have all of the features but maybe it has enough to do what you want? The user decides based on their willingness to experiment rather than to buy the thing they know will work. As someone who always starts with the open option because it's free to see how well it works, I find those who choose the other option a little confusing, but I've seen plenty of them.

3. Would you like to pay $x/year for a service or set up your own server and configure and host it with some required system and network admin? The user chooses based on their knowledge of or willingness to learn terms like "firewall rules", "NAT circumvention", "log-based banning of malicious attempts", "sizing your VM for performance requirements", and things we underestimate the complexity of because they're the bread and butter of our jobs.

Re: The last thing we want

That's orthogonal to groups 1 and 2 and therefore isn't part of this. The question to answer to determine which of those two you're in is whether you would want them to move to Linux because, assuming you are correct, it would be easy for them to do so or whether you don't care that they're not. Your response suggests group 2 is more likely, but there's insufficient information to tell. The fact that you get asked for support has no effect on whether you want to and are trying to increase Linux's user base among the nontechnical.

Re: The last thing we want

You need to decide what group of Linux or open source supporters you are in, with the general options being group 1, you use this and don't care if others do, or group 2, you use this and think it would be better if the general public did too.

If you are in group 1, then you can ignore this. Whether or not this gets developed is not something that you can stop, and if you refuse to use it, then your stuff won't change. There's plenty of Linux software right now, and they're not going to recompile it for Windows only because this would take a long time to build even if they had a bunch of people wanting to and they currently don't.

If you're group 2, however, then you need to understand that you're losing already and no intentional ignoring of Windows is going to change that. Not running some piece of Windows software isn't going to kill Windows, it's going to keep the people who want to run it away from stuff that isn't Windows. If you want them to stop using Windows, then you will have to figure out how to make it possible for them to switch without as much pain, whether that's this or some other type of emulation so their software can still work, finding a workable alternative which already works on Linux, or convincing the people who wrote that software to build it for Linux. I assume you're not doing any of those. I'm happy to be proven wrong.

This attitude is why I'm closer to group 1 these days. I give people Linux machines sometimes, and some of them can and have used those to good effect, but I'm not trying to force people not to use Windows because there are too many problems I can't fix single-handedly and too few people doing anything to try to fix them. There are advantages that we Linux users would get if others started using it, and that's not going to happen as long as we ignore, deny, or as you have chosen in your post, embrace those problems.

Re: Look at the bigger picture

What you suggested is not too hard and is not really worth doing. What Recluse suggested is much harder but theoretically can help. Your approach works on the device level, blocking entire devices from network access. There's a way that's much more user-friendly to do this: don't give it connection credentials or cables. That accomplishes almost the same goals and doesn't require users to do anything with their firewall configuration. Unless you have something that can usefully do something on the internal network, the results are identical.

Recluse's suggestion involved allowing devices to access the internet but only allowing certain addresses as destinations. That lets you use a device where you do want to connect it to something without allowing it to do more. It also means a frequent need to allowlist another address, especially for systems that handle video which usually have a lot of CDN nodes with different addresses. That isn't easy for the untrained user, but it's also not easy for the trained one when you don't have documentation on what each address is and why the device wants to talk to it. The difference, knowing how to manage firewalls and what networking jargon means, turns out to be a relatively small part of the problem.

Re: Not here

That's not a high-bandwidth system, but in theory you could implement a communication path that way. But to manage it, you need the device sending video content to do most of the work, implement a system to tell the difference between hidden data channels and what the codes are supposed to be, accept data sent over that connection, send it to the destination chosen by the screen, and not tell people that's happening. Since each manufacturer is doing this on its own and something like that might be the most convincing ways to get regulators to act, the manufacturers can't just implement a standard back channel and all use it. So I think you can be relatively confident that that is not happening. Whether your HDMI source is trustworthy depends on what it does itself, not what the TV sends to it.

Re: Neat trick

There is no need for you to continue reading it, but you may be overestimating the murder rate. There are many episodes without any murders in them to many complaints from the comments from people who want the rate to be higher. Comments about the BOFH often show a lack of originality with the insistence on killings and basically only two accepted methods, but the articles themselves show more variation.

Re: The real reason nobody wants to use it

If that is what they're saying, they've got it wrong. If you used an ISP-assigned block of addresses, you wouldn't keep them when switching ISP, so you would need to have a plan for doing something about the change in addresses. If you had your own block and just let the ISP announce it, then you could take that to your new ISP with some downtime as they sort out the announcement process, but probably not too much if you overlap ISP contracts. And you can do the same thing with an IPV6 block you've allocated directly. Big companies tend to do that. Small networks tend not to bother. Both should be completely expected by any competent network admin.

Re: The real reason nobody wants to use it

The implementation work, getting equipment and software to handle it, getting addresses assigned, getting international routing stable, is all the same. That's the work that's noticeably hard and expensive, whereas the difficulty reading out a string of digits is much smaller if it's relevant at all. What part, other than your memorization or reading, do you think would have been easier with 40-bit instead of 128-bit addresses?

Re: Gold rush

But after the frontend has handled the clicks, something still needs to get the information and process it, and Java is still often used in that. Certainly not universally, but just because something is a web UI doesn't tell you anything about what language does most of the work which will be whatever the team that built it wanted it to be, and if that team was from one of the many companies that have been building Java-based backends for business applications for twenty years, they're often not changing.

Re: Pointless

In each of your claimed cases, I see the chatbots happily lying. Does the product have feature X? The description should tell you for sure, but the chatbot can easily answer yes when the answer is no. When you complain that it doesn't have it, they can point out that the description didn't say it could, which is why the LLM had no information, which is why it randomly guessed yes. If you care about products, read the descriptions. They are not very long. Manuals are slightly better but mostly similar.

Terms and conditions are painful to read, but getting a summary of them which might leave out the parts that are important isn't helping you. If you don't care, you have the option that many take: don't read them at all and just agree. I don't recommend it, but I understand why people do it.

It would be correctly functioning if it just counted down through zero into negatives, but that's not what happened. I'm not sure what happened, but it evidently crashed at zero, which is not correct behavior or necessary. I keep assuming that there was a divide by zero in it somewhere except I can't find a reason why it would need to divide anything by the remaining time and that shouldn't have crashed the system, just the application. So while you're right that it wasn't a y2K bug, it was definitely not correctly functioning.

Re: Amazingly title happens to be correct;

To stop you from going a bit too far, you should acquaint yourself with the dictionary for this poster, including:

proprietary adj. Any license poster Eric 9001, formerly known as GNU Enjoyer*, doesn't happen to like, namely pretty much all of them.

Synonyms: open, open source, FOSS, GPL [without specifying a version], pretty much any other adjective other than "free", which will be insistently interpreted as a license that poster does like and, if it's not, they'll fight you without any good reasons.

* Of course I can't prove they're one and the same without access to the user database, but I am quite confident and believe I could convince if it was necessary.

"Or, perhaps, they're primarily making it for themselves, and making it available for others, but aren't concerned with mass-adoption."

I think this is a lot of it. Partially I think that because it describes much of the things I've developed and released under open licenses, but I don't think this is all me putting my own flaws on everybody. A lot of UI work is a boring slog and isn't necessary if you assume that people will figure it out the same way I did when I wrote it. Building something which can be given to the general public without training is hard work that doesn't benefit the programmers much, so it often does not happen. That leaves you with the luck of the draw on whether the programmer's initial idea works well or not.

Re: "long shaken their heads at the profligate ways of modern engineering"

You're correct about many of the specifics, but wrong about your admonition:

"the environmental disaster can be attributed to mismanagement, and lack of care when disposing of waste, but you make it sound like it was a deliberate act."

No, this entire comment thread has been about mismanagement and laziness and the consequences thereof to compare about what people see, correctly or incorrectly, as exactly that among software writers. Programmers generally aren't trying to make their code run in lots of RAM for no reason. Those who use too much are doing so because it's easier, they don't know how to do it better, or they don't understand that there are consequences when they waste it. Similarly, laziness with what you do with hazardous waste can have consequences and people sometimes ignore them because it's easier not to without intending to cause a disaster. In all their examples, they were saying that there are things which could have been designed or maintained better but were not due to laziness, either to make the case that software isn't special and shouldn't be singled out or contrasted as if it's unique there or to blame programmers as members of a wider group. They did not say and clearly do not believe that this is a malicious or pre-planned deficiency.