Posts by doublelayer

Re: Attribution now easy?

"If the server where the upload happened actually knows the timezone where the uploader was located why doesn't it seem to know the uploader's IP?"

It does, but we don't know that server. What we know is the stuff that got left in the code, and given that this left in comments explaining how this was stealing things, the author was evidently not smart enough to delete such things. What this tells us is that the uploader's time zone was set to something UTC+05:00 when they generated the files that contain timestamps. That doesn't prove they were there, or that if they were they're usually there, but there's reason to give it some credence. That would put them in one of seven countries: Kazakhstan, Maldives, Pakistan, Russia, Tajikistan, Turkmenistan, Uzbekistan

"Attribution -which used to be next to impossible back in the old, non post-factual days- seems to be a standard procediure, nowadays"

And you'll note that they haven't attributed this one. Identifying a time zone is far from attribution. But questioning attribution because it conflicts with one's political beliefs is a similarly common procedure. The researchers who attribute more regularly now have put a lot of work into doing it properly. Those who question usually haven't.

"because pretty much every threat, malware or attack is immediately attributed on disclosure - usually to asia where the state-backed evil lives."

And there we have it. Nobody said this was state-backed. Also, they clearly weren't. It's a quick and dirty cryptocurrency stealer. That's not state-backed. That's someone individual looking for money. But thanks to putting words in someone's mouth, you identify yourself as someone with an agenda or someone who can't read what was said and what was not.

Re: Have you ever searched for anything on Reddit ?

In my experience, both are true. Searching there was never good, and maybe this will be better though I'm not very sure. The content was another story, because quite often, there is useful information somewhere. The problem was that there is enough useless information that even a good search engine might not find the useful part for you. This depends on your tolerance for reading several search results until you find the place where a knowledgeable person chose to answer it, so it ends up working out some of the time, but it isn't a fast way to get a result, and since it's human-generated, it tends not to be comprehensive data when that arrives. It's a tool that's useful for some cases, but I don't think it will be useful to enough cases or people that Reddit will gain much search market share.

Exactly. Acceptable reasons to massively change the interfaces include and are limited to the following:

1. The old one is crap, and we're willing to admit it was.

2. We're adding something which the old interface will make far too complicated to make sense, and we've actually created a prototype of how it would work with that interface, but that would be untenable.

3. We have large amounts of evidence in the form of large stacks of paper or large files demonstrating how this is actually better from the experienced and new users' perspective, created by actual tests or people who only care about usability and tell designers to go away until they're done researching.

"Because we haven't changed in a while" is not and never will be on that list.

Re: The security aspect.

That is possible, and I'd care more if Google Play wasn't already lousy with malware. The unavoidable implication of this comparison is that, if they didn't have to allow other stores, malware wouldn't be a problem when people stuck to the builtin store. That's not the case. It's not even the case with Apple's store, although the difference is significant. Google will still be allowed to ban any store for having hosted malware, which means that stores that want to stay around will have to be quite careful. I'd expect, for instance, that Epic will be monitoring their offerings quite closely because they're running their store to collect lots of cash, Google would like any excuse to throw them out, and "they hosted malware" is a really good one. Others will not have the same incentives and will host malware, and those stores will be gone very quickly after the first detection happens. Meanwhile, the normal store will continue to hold tons of it.

Re: "thought the car would take care of things"

I mostly agree with you. Most drivers who think that autopilot works are idiots, and this driver is even more of one than most because of the numerous previous warnings. However, the problem is that, using your analogy, the manufacturers of the furnace have been repeatedly announcing for a decade that this will be the furnace that you can safely enter while it's burning and the furnace will protect you, and you don't even have to push a button. Admittedly, that decade included the point where they said that was coming soon, but for several years now they've had what they call "full self-driving" which isn't any self-driving and certainly not full. They really should be banned from using that term. If you lie to idiots that something is possible, consistently for a long time, and it never has been possible, some idiots will believe you. At what point does that become your fault, even if the idiots remain responsible for their own actions?

Re: Maybe there needs to be a new open source licence

You can write any license you like, including that one. It's not at all the same, because both free software and open source have been very clear on a few rights that are not compatible with that license. One is obvious; if you have those restrictions, then you're not getting the right to use the software for any reason. Some others are less obvious but perhaps bigger problems. For example, let's say that I have contributed, so I get free access to the code. Do I get the right to modify and distribute, and under which terms? Can I distribute a version which allows anyone to use it? Can I distribute a version under the original terms, but now they're paying me, because after all, that's who they got the code from? If the original author stops developing it and I'm now doing all the work, do they still pay the original guy? Pretty much every attempt, from ones where they're being clear that they want all the terms of proprietary but with the word "open" in there somewhere to well-meaning but still broken ones like Bruce Perens's "post-open" license or FUTO's "source-first" approach, deals with this problem by stripping those rights too and from everyone involved.

So by all means, write some software and put that license on it. I won't view it the way that I view open source, even if I end up with the higher tier of rights, because chances are that I'll be forbidden to do things that I'm allowed with real open source.

Re: Translation

It is, and I expect that many of them will find that it doesn't work and they've destroyed something that used to function quite well. In my opinion, I wouldn't mind if they could actually accomplish it; if they can make a computer do the job with equal or better quality, I don't mind that they do and someone loses the manual job that's now been automated. My primary concern is that they will pretend that's what they've accomplished when they actually have a computer that does the job much worse, then use unethical tactics to make the customers or other employees compensate for that externality.

I'm not very sure how this is related to the four-day week thing, though. I'm referring to productivity because, if we can prove that productivity is unchanged when shrinking the week, then it will be much easier to make it happen, whereas if we can't or say we can without actually proving it, it will be harder to convince those who can make it happen to do so. The people paying others to work don't want to pay more to get less, and they will try not to do that, but if we can demonstrate that they're not getting less, it might actually work out. That requires to actually know that would happen, and the people employing others are going to be harder to convince than I am.

Because the one thing where this is better than Chromebooks, and it takes a while to find it because this is pretty bad, is that these computers are not locked. Read that comment about installing Windows Pro on the machines, and what's the problem? It's not locked bootloaders; it's drivers. You can still boot to other media and install something with the primary challenge being hoping it has the drivers for the important hardware in the thing. Thus, you can arrange that petition, but complying with it will be very easy. If you want a petition that matters, demand the drivers, although I wouldn't be surprised if there is a way of extracting them from the existing SE build of Windows and getting them into regular Windows. Linux and Chrome OS probably won't have that option, but Linux's driver choices are quite expansive.

I was still surprised and disappointed hearing of this because I've helped get other school-focused Windows versions to unlock to regular Windows before, and when I did that, it wasn't hard at all and didn't even require a reinstall. It shouldn't be hard to make that happen, and Microsoft should have done that for all the devices they could having dropped support so quickly. It seems that the main desktop OS companies are in a race to see who can expire equipment most quickly, and I want that to stop. To Microsoft, Google, and Apple, haven't you noticed that Android manufacturers are being dragged slowly into supporting their devices longer? That doesn't mean you can go the other way with laptops because they already lasted that long.

Re: Klarna Rehiring

That's Klarna's problem, but now they know what not to do next time. I think it will take more cautionary tales like that to make this sink in, but this is why I'm not a strong believer in the LLMs wiping out jobs thing. Some people will lose their jobs because their employer is an idiot and thought AI could do anything, but unfortunately, people already lose their jobs because their employer is an idiot and did something unwise from time to time. That is not the same as what AI promoters like to predict.

Re: “We want kids to know who they are before platforms assume who they are.”

That would depend where they are, because in more urban areas, there are places where you can find a phone for emergency use. The fact that most phones don't charge by the minute no matter where you call (sometimes in country but that's enough) makes this easier, because now they don't even ask for the change. But that's certainly not everywhere, so what do we do in that case?

Here are some things we can do. I already mentioned the friend who got a cheap flip phone with no social media capability. Not that the flip phones that theoretically have social media are that dangerous, because they tend to have 2.8-inch screens and 2 MP cameras and those aren't going to make the process very easy. Or you can get any number of Android devices and lock access to things except the dialer and messages. That's a native feature now, was a native feature before in several manufacturers' variants, and before it was, there were many apps in the Play Store allowing you to do that (don't ask me how those got in while Nextcloud had to fight for normal files access, but it happened). If you're annoyed that Google put Google account requirements on their parental controls, I get it, that annoys me too, but you shouldn't be that surprised because it's Android and you're posting here, so you should already know how many features of Android are Google proprietary additions with data collection. Maybe you'd be happier with IOS, where the restrictions are a native OS component and require nothing more from the parent than setting up the device before handing it to the child, even if they never log into any Apple account.

From the cheapest 4G feature phone (2G in countries that haven't shut it down yet) to smartphones being handed down, there are tools available. Most of the time, the people complaining about these have put no effort into using them but demand better and better ones which would impose more onerous requirements on the rest of us. I have lost most of my sympathy for them.

Re: All because

If you want to use the book analogy, if I walk into a book shop and open a book, but then put it back on the shelf, I'm not charged for having done so. I am charged for that book when I want to take it with me out of the shop. That is how the shop determines the difference between people who intended to purchase the product and those who haven't made that choice yet. If they want, they can make sure I'm not reading that book inside the shop.

And so far, we aren't really arguing whether the thing Oracle's attempting is legal. So far, we're mostly arguing whether it is ethical, which I think it's not. There are reasons to think it's not legal either. It would be if people installed the software and used it for commercial purposes, but clicking a download link which isn't gated is unlikely to be considered entering into a contract. But most of what we dislike is definitely legal; it's totally legal for Oracle to call people who once downloaded a file, accuse them of having broken a contract, and demand lots of money, just as it is legal for me to call you out of the blue, accuse you of having broken a contract that never existed, and demand lots of money. It would only become illegal if I actually took that fallacious case to court and lied to pretend a contract existed when it didn't, which Oracle might not do because the chances are too high that they'd lose, but they can threaten it because that can scare people into paying up. However, if I did call you with such a threat, it would quite clearly make me a bad person, and some of us think that Oracle's being similarly immoral with this little change.

Re: 33 year old vessel

Several of those questions are irrelevant such as:

"How much more service life do they anticipate out of this vessel?": Is this why they canceled their lease? If the vessel failed, wouldn't their lease cover this?

"What are they still researching after 33 years, as the article doesn't cite any actual accomplishments?": Oh, it was just one study. We only need to study one thing about Antarctica, sea ice, the climate in general, any of that stuff. I'm sure whatever it is was solved already. While they don't tag their discoveries by whether they occurred on this ship or not, a list of recent articles about their work include several about things determined by researchers in the Southern Ocean, including oceanographic, atmospheric, biological, and geological findings.

Your points might be relevant if they had canceled this ship because they no longer needed it. The fact that they still have a planned replacement suggests that they do need it. Okay, but maybe this ship was just too old, although thirty years isn't that unusual, but who knows, maybe it has some faults. If that was the case, they would have said that. The reason for this ship being cut is obvious: they're being asked to work with a lot less funding and this is an expensive thing they can no longer afford. That makes most of your questions wholly irrelevant, since the question should be whether the benefit they provide is worth continued funding at their previous level rather than a significant cut, and specifics about the ship could at most move the item around on the list of things they didn't want to cut but still have to.

Re: Oh, the irony...

"Another alternative is the Unix style /etc/passwd encryption."

What are you talking about? /etc/passwd does not encrypt passwords. It hashes them. If you only have the hash of the WiFi password, it won't work. And encrypting passwords is what's done, with the problem that, if you want it to connect automatically, the decryption key for those passwords has to be stored somewhere anyway, and that means something with access to both data sources can access the passwords.

Re: Someone from the EU please explain

The article covered this:

Trump and von der Leyen's agreement on the deal doesn't mean it's a sure thing, of course. As a matter that affects the entirety of the EU, each of the 27 member states will get to vote to ratify the trade agreement. That might be a hard sell.

No, she does not have unilateral authority, but she does have enough that she can try to negotiate something and put it before others for approval.

Re: I'm a bit confused

Of course, some facts or the entire thing here might be made up, but the story isn't implausible. Some computer games loaded themselves at startup or kept a program running after they closed in order to make the process of starting to play them faster because a lot of the resources had been loaded. These assumed that the user would return to them quickly enough to justify doing that, but it could use up lots of RAM. Networked games might also host a server, which would use other resources depending on who might use the server. That would be really easy to change, but not everyone knew they should do that.

And to the first reply to your question, it's also not implausible that it wouldn't have been easy to track down. Does this pharmacy sound like they had a lot of admins on standby to fix this? A lot of small businesses I've seen have exactly zero people who know what netstat does, let alone how to use it properly. For that matter, I've known an IT company whose primary business was serving such organizations and not all of their tech staff knew what netstat does. Some did and would use it when necessary, but for people whose primary task was explaining how not to break things, it wasn't considered required knowledge. Even to get there, we'd have to jump from "this computer is slow" to "the problem is something running on the network", which is not the most likely cause. I wouldn't find it at all surprising if they did things like defragment the hard drive or scan for malware in the hope that that would be the cause, only to find that it was still slow afterward.

Re: How difficult is it? Actually : not at all easy

I think that is what Liam should have been driving at, but I think he took a wrong turning. The problem is, as David correctly stated, getting the thing installed. To some extent, it's also getting Linux to do the things they used to do on Windows in such a way that they feel confident about achieving the same goals. Neither of those will be fixed by making Linux more like Chrome OS. The installation problem won't be fixed in the slightest, and it's a pure surrender on the functionality angle because it degrades the machine to the least common feature set of anything else, rather than normal desktop Linux which can do all of that plus lots of functional desktop applications even if we ignore virtualization and emulation.

Re: The more things change...

And, even without that, the results of the attempt were impossible to reproduce and calculated as being implausible at best. But showing the actual results of such a diet, which would be rather unhealthy but not immediately lethal, would not have made for as entertaining a documentary.

Re: Proprietary?

They could try, but there are a few problems with the idea.

People who use a lot of GitHub's additional services like automated build pipelines already pay them for that. People who don't use a subset, mostly hosting. If they try to charge for hosting, they're going to end up with a much bigger, more confusing, and more dangerous to their brand version of GitLab's hosting crisis. I think that, if they tried that, it would end the same way, and I think GitHub knows that and doesn't want to drive people away, so they won't try.

And, if they did, since there's no tie between GitHub and the funding, they could easily migrate to some other hosting. It would be very easy for some EU company to come along and offer extremely cheap Git hosting for any project being removed from GitHub since there's already money for it. I don't think you'd even need that, since a fund that size would likely only be funding a smallish subset of projects, and they could probably be hosted quite easily with donated resources from places like university mirrors. The idea has so many holes and functional alternatives that I don't think it would be attempted.

My best guess is that they're focusing on how to get people who previously wouldn't buy anything other than Nvidia because of CUDA to buy an Intel part instead by developing some more software. They could try that either by building a rigorous compatibility layer with CUDA like AMD's been periodically trying and trying not to have to, by building something better than CUDA (good luck to them), or something like that. Of course, that's just me trying to turn a dangerous combination of management speak and speaking to the nontechnical* into actual words, so it's likely I've completely missed their point and guessed wrong.

* Management speak is bad on its own, but when you add in talking to investors who do not understand why people buy chips but will overreact if the words say anything about competitors doing well, almost all remaining meaning is lost.

The most convincing benefit of humanoid robots I can think of is that it might be easier to train them to do a task that a human was already doing without redesigning the process. For anything done at scale, that would be inefficient, because a machine specifically built for the task connected to a process specifically designed for that machine would be able to get the most out of both. However, for smaller things where that would cost too much in designing and manufacturing those custom machines, something that can be mass-manufactured and has the physical capabilities of a human might be a way to reduce the cost to automate. Similar to how an embedded device with a board that only contains the components you use is the most efficient if you're going to build thousands of them, but that if you need six, sticking in a Raspberry Pi can be cheaper because those already exist and don't need any board design, manufacture, or firmware writing.

The problem with the idea is that humanoid robots would need to be adopted in so many places to bring their manufacture price down to a level where they'd compete with just having a human there to do it. I doubt Tesla's going to manage that. Without some adoption, the prices can't come down, and without prices coming down, the cheapness argument isn't available.

Re: "There are ten people in the world who could decide tomorrow"

There aren't. Even if there's a single person at each of those companies, which there isn't, their choosing to try to standardize this wouldn't make any difference. Not even for their own hardware. Samsung's chief of UI commands that colors will always appear in the same place. The phone, television, appliance, watch, website, web app, individual phone app, Windows laptop driver setting program, etc teams all have to get that memo and implement this change, but not all of them even have the same places. Phones and televisions at least both have a device settings page, and I'm going to guess that any setting they offer about colors is already in there under display, but many of the other things don't have one, so it can't be put there. Just trying to standardize Samsung's UI settings would take lots of people.

But that's not what the author wants. The author wants to be able to set that globally, up to and including inter-device automatic sync, effective on all software and websites. That's far more than ten people. Let's consider what the worst group is for the user described who can't see blue on white well. The worst system isn't the one that allows you to make that change but you have to set it manually. That's annoying of course, but at least you can set it to something better after some effort. The worst ones are the ones that don't have any options for color schemes except whatever their UI person set it to, and that's a lot of things. A standardized place to put the controls and syncing the data structure everywhere, while being mildly tricky and almost impossible respectively, would do nothing to fix that. So even if those ten people existed and could perfectly coordinate and impose the plan on the hundreds or thousands of people it would take to implement it everywhere, the biggest problem would still be there.

Re: Shirley

And you see everything as a forest, even if it's a single tree in a field. The people committing this crime may have lots of reasons to do it, but some of them are not poor, not revolutionaries, they think it's fun. Swatting was and probably still is popular among videogaming communities by people, often very young ones, who did not realize what would be the result of their actions. It was basically just a higher-end violent prank because the people carrying it out didn't consider how possible it is to end in murder, and that worked a lot of the time because, although some of these events do end in deaths, a lot of them just have everyone in the house and probably most of the neighbors absolutely terrified, property damage, but no deaths or injuries. People who think of this as a prank are not doing it out of desperation for the job they don't think they'll be able to get, and many of them are at the stage in life where they're not thinking much about their future plans.

Re: About time too!

That could happen, but shareholders facing the prospect of their shares becoming a lot less valuable by sustained loss of activity tend to forget why they put that rule in, even if you managed to get them to instate it in the first place which isn't easy. Some companies can try it, but I think most won't and those who will will often cancel it when it gets important, so I still favor a legal ban on paying ransoms.

Re: The whole point of backups...

"You can abandon Microsoft products or abandon offline backups, but not both, and the former is for most companies impossible."

And, if you do choose between those and opt for abandoning Microsoft, you made the worse of the choices, because plenty of ransomware targets Linux servers because that's where lots of companies store the valuable data. Only taking out the Windows desktops is annoying and they'll lose some things, but if you can take out that central infrastructure which is often Linux-based, that's the valuable option. Offline, or at least immutable, backups makes recovery much easier, although it's still worth putting more time into prevention.

Re: "Killing the web"

Google makes money from showing advertisements to people and getting them to click on them. There are adverts on the search page. Those are still there with the AI answer. Clicking on an actual result does not automatically earn Google any extra money, and if that site has no Google ads, it doesn't. The search is the product they offer in order to get the ad revenue and data which they use to target ads, or at least tell advertisers that they can.

Re: Encryption is good, but it isn't the answer.

"Real data theft has historically not been accomplished by unlocking encrypted data, but by exploiting horribly designed software and poorly managed systems."

Because and only because decrypting data is hard. I don't know whether quantum computing will make this trivial soon or ever, but let's assume it happened and review what would happen in that situation. Now, getting access to your traffic is easy if you use WiFi. Not my WiFi, any WiFi near which I can put an antenna. Or if you use mobile internet, or satellites, or a cable I can monitor. Those aren't major problems now because there are multiple layers of encryption on it, and even if I can crack your WiFi password from next door, I still need to break the HTTPS encryption before I can grab credentials. Not so if encryption is defeated.

And it's not just copying data. Now that I know the keys, I can also impersonate things and intercept your communications. That's just thinking of me with the stuff I have near me. For someone with more power, like an ISP or government, this is dramatically different. They have the ability to collect a lot more encrypted data and ways to abuse it. They often don't because it's expensive. If it were made cheap or free, we'd get many more chances to see how badly it goes.

Currently, encryption is like a strong lock. It often makes more sense to try to go around it because people have often not considered that it's not too hard to break a hole in a wall or lift a ceiling and climb over, so they might not have blocked you from doing that. Only when those have proven difficult do you start trying to get through the lock directly. If all secure locks were quickly degraded to those weak ones that get used on internal house doors, there's no need to test the ceiling when a paper clip can get you through that in five seconds.

Re: Just do the right thing!

"What interests me is how many downvote the freedom of speech and to hold their own ideas."

Usually, because a lot of people who talk about freedom of speech attach it to something people disagree with. If I write a comment saying that you are a brutal serial killer who likes to torture your victims for a few days first and that I would like the freedom of speech to say so, which part of that are you going to vote on? Especially if you know I'm making it up, so the reference to freedom of speech isn't even making a political point?

That's not at all unusual. I've downvoted people who called for legal protections on privacy. Is that because I oppose privacy? Far from it; I've made some long speeches in fervent support of it in the past. It's because they attached it to other things, like their right to privacy meaning that they should be allowed to have security vulnerabilities in the code they sell and I should not be allowed to tell anyone because that would identify them. In my opinion, those people are not interested in privacy. They are interested in pretending that what they want is a normal legal right.

If I think your idea is stupid, then I will defend your right to not be arrested for saying it and that's where my support ends. That means that if a website decides to not let you say it there, sorry, but that's how websites work. And if the problem is votes or criticism, then it doesn't apply in the slightest, whether or not you add an argument about freedom of speech to the end of the idea, because I'll still be focused on the idea. If I think the speech is actually a crime, like when fraudsters have tried to make the case that they have the freedom to say anything, including lies about the thing they're selling, then I don't even give them that. If you disagree with any of that, we can always debate it, but I'm guessing your downvotes aren't because of ideological differences about freedom of speech but the views you are supporting alongside those arguments.