Posts by doublelayer

They should know some things

A manager should have a working knowledge of the big components, not every detail. I wouldn't expect a minister of transport to know the different kinds of tarmac, but I would expect them to know that airplanes are machines that go into the air and land in another place, conveying their passengers and/or cargo to that destination, that pilots are the people who fly them, and that they are supposed to land only at airports. In fact, I expect anyone to know that. Ministers for transport should also know where they fly (I.E. where the airports are and how high the planes are when flying at cruising altitude), how they fly (in the sense of what is needed in terms of fuel, people, coordination, and equipment), and what restrictions there are on who, when, where, how, and why they fly. I wouldn't expect a minister for transport to be able to fly a plane, but if they asked "What is air traffic control", I would say that they are unqualified.

A cybersecurity manager should know what security is, and what poses risks to it. They should know what the internet is, and at least something about how it works and why this creates security risks. Otherwise, how could the manager decide whether to trust me when I say "I have a product that your office should purchase which will provide a completely hardened layer preventing people from breaking into connections over the gopher protocol." That's a thing a manager decides, and they need to know to throw the person making that statement out immediately as a scam. If you don't know that, or at the very least how to find that out quickly, you are unqualified.

Re: Now if Mozilla would look at itself

That's all true, but mozilla still has the browser that is less privacy-invading than the main competitors. Of the browsers that real users (read not us) install, firefox is the one I'm most comfortable with. In addition, firefox being open means that most of the browsers that are better are forks or redistributions of it.

Re: Lets hope

Citation: just look at any time when they collected data without being above board on informing the people whose data was collected. Which is pretty much every time they collected something. Just because you may be fine with google having the information you know they have doesn't mean that others are. If google collected information on people and they didn't want it to happen, that is sufficient evidence for those people to be worried about google getting access to health data.

Re: "Lots of things are dangerous if you use them incorrectly."

Everything is dangerous when used incorrectly enough. The question is whether these devices are safe when used correctly. Many people put them in enclosed spaces, because the closet is the best place for a thing that takes up space and you don't really have to interact with very much. So if it is dangerous for it to be in there, we should probably know and deal with it.

Re: hobson's choice

Apple does spy, somewhat, but nothing like what other companies do. They don't collect as much information, are better at allowing data to stay on the device rather than getting sent to them, and don't make a large part of their business from data exploitation. So yes, I'm saying that.

Re: insanity is doing the same thing over and over again and expecting different results

Agreed on the misattribution point. I would much prefer it if this didn't happen.

For most things, there is enough stability that doing them multiple times results in similar effects. With a broad definition of the action and the result, they do the same thing. See rolling a die (expect a number 1-6 or the die rolling away and under some piece of furniture) or slamming your hand in a door (expect pain and possible bleeding) for examples. I therefore find the definition useful for use with those people (E.G. my parents) who have, and most likely will again, sat in front of an interface, not knowing what to click to get their desired result, and will click the same button that definitely did not do it last time, expecting that it will work this time.

Re: paranoia

If you allow this to go as far as it can, you end up not able to use anything. Every time you buy something with a USB connector on it, it might have been compromised. Every time you are given something, that might be compromised too. The computer you bought might have malware preinstalled. The parts you were going to use to build yourself a computer because you can't trust the manufacturers might have malware on them.

In the case of the conference, I think it's fair to assume that the drive is probably safe. Don't just assume that it is--test it first--but it is not the high-risk situation like when drives are found unattended. If you always use "what is possible" as your question for trust, you will end up at a dead end. Instead, ask "what is feasible" and "what is likely", and take whatever precautions are available for those infeasible and unlikely things that nonetheless are possible.

Re: Not expandable memroy

They should stop making up new card types. Is this card any better than a micro SD card? Even if it is slightly smaller, the lack of any available rather nullifies that benefit. In addition, the phone has enough space for a micro SD card; it's not that big a difference in size. We already tried the lots of different incompatible portable storage type system. We didn't like it.

Re: Not very rugged

If they start using them, I'm sure there will be an available rugged case. After all, iPads aren't very resistant, either, but they get used a lot. It is still a lot more cash for the performance available, but that probably won't stop people buying them.

Re: Play Protect

If I was simply using unwanted apps as an indicator of maliciousness, I would have a long list indeed with the phone I mentioned. I work in security, though not on android. The apps I mentioned were constantly phoning home to various servers that did not seem very happy about telling me what they did. The to do list app scanned as known malware. The facebook app did facebook things as far as I could tell, but did not seem to come from facebook and had a weird version number that I couldn't match with versions of facebook posted to google play. Convinced now?

Re: Jenkins?

Having never used it, I find your explanation logical. This sounds like it would be a useful tool for parallel testing. However, I would contest your point that "the alternative to not checking in code with bugs is writing perfect code every time". I would argue that the best alternative to checking in code with bugs is to test it on all available test cases and possibly new ones *before* it is checked in. This won't be perfect, but it will be much less of a hassle for other members of the team. I doubt the developer is really bad at writing and testing code, but I don't think his style of self-deprecation did him any favors there.

Re: Old Stuff

Perhaps what is worse than having a bunch of obsolete tech is finding obsolete tech that you decide you want. I was recently working at a different location, and helped a colleague there search through some cabinets in the basement, where I found a bunch of really ancient things, one of which was a ... well sort of a laptop from the DOS days, although we don't know exactly which DOS days. This one being a rather rare machine from a manufacturer in New Zealand. I found myself wanting to take this back with me and try to get it running. Then, I remembered a few problems with that:

1. I didn't know how the thing worked.

2. The thing didn't have a power cable, so I'd have to make one based on the specs written on the machine.

3. The machine had two floppy drives, at least one of which had important software. There was already a disk in both drives, but they were not labeled. Next to that was a binder containing at least a hundred more disks. There was really no telling which one had the software on it.

4. It probably weighed ten kilos or so, and I had to fly back.

5. Nobody had given me permission to discard this for them, although to judge from the other contents of the cabinet, they were not going to want any of it.

It's probably still there. If I get sent there again, I might just take it this time.

Re: If only

How would that work with devices that are frequently behind firewalls or NATs, or changing from one cell tower to another. Writing a client that can send a video signal pier to pier and receive it is not that complicated. Making a good one might take some effort, but the technical aspects are easy enough. However, as with every other pier to pier thing, you end up dealing more with networking than many will accept. Even things that are mostly pier to pier often rely on a central register of who is involved and how you can find them, and sometimes that register will also have the functionality to assist with connections because there isn't a direct open channel to that device. If you can overcome these problems, you'll have fixed quite a bit.

Re: Only affects insider program - Not correct

No, it affects anybody who installed an update* after the servers got broken, whenever that was. Insiders saw it first because they install updates a lot, but it will affect a lot of people before someone fixes it.

*installed an update, or had an update flung at you, or maybe there's something else that contacts the registration servers though the article doesn't say there is

Re: user error

It's said that the cache was located inside, but not in the same directory, as other videos. For example, the cache at /*/videos/cache, but the video projects themselves at /*/videos. If that's true, this would be entirely adobe's fault. However, if this is not the case, I would expect a product made for people who aren't necessarily technical to look in that folder and say "Hey, this cache folder isn't empty. This is where we put temporary work files; think of it as our scratchpad. Files in here are ones you don't deal directly with, but we might change or delete them. Are you really, absolutely, 100% sure that this is where cache files should go?". Plenty of terminal tools written for people who are supposed to know not only how they work but also how to rewrite them in some cases still have a "replace files?" prompt. That said, if this event actually involved the cache directory being set to the videos directory and not a subdirectory of it, I have less sympathy for the user.

Re: 176 Mb

Most of that will be graphics for various parts, as the updates are full system images. So significantly less than two million lines of code. Still, I agree with you on the bloated part.

Re: GDPR users were less exposed

I have a website, and I've opted out of having the details in whois. I don't need automated systems collecting my mail address and phone number; if someone really wants to know who owns the site or to contact me, they can fire up their browsers and read the pages or use the contact form. Given that I don't maintain any infrastructure that someone might need to ask me to fix (the original purpose of whois), what benefit does it have for my site?

In addition, I've never found whois particularly useful in other cases. For example, I had a domain name that I wanted, but someone else had. However, they were not using it for anything. In the whois details, I found that it had been registered twenty years earlier and that the owners were not a domain squatter, so maybe I could convince them to let me have it. But the contact details were the generic ones for the company that owned it. If I contacted them, I'd have ended up talking to people who probably don't know they have the domain name, let alone who I could talk to to ask for it. So what utility does it have for other domain names?

Finally, it has no use in security, because nobody verifies the data that's entered. If I was running a scam, I could put plausible data in there with no problem because the registrar is not going to verify it, which means that I can't use whois lookups to verify if something is trustworthy or not.

Re: Features that don't matter.

"Not as small means that it is more maintainable, more flexible, and less likely to cook itself. Smallness is a pretty optional feature in 99% of real consumer use cases. It's not really an advantage."

I beg to differ. Sure, a larger desktop does have benefits in maintenance and heat. This I'll grant. But the small form factor is more flexible, because you can put it in places you can't put the large thing, as well as every place you could put the large thing. As for it being necessary, people live in small places. People live in tiny flats, university housing, etc. You don't always have tons of space to put something. If power is so important, you'll probably use some of that limited space for a full-sized desktop. Still, it can be useful to have the option of a small desktop that leaves more room for the other possessions you may have. A small computer like a mini/NUC/raspberry pi is also much easier to use headless. If you want a system for a room, something that small can be slotted nearly anywhere, including just hanging on the wall if there is no convenient place otherwise. A desktop doesn't have that.

Re: Does anyone use an IDE on RHEL anyway?

At the university I went to, our CS department did everything they could on REL. Servers all ran it, and all machines in the labs were REL desktops. They probably want everything on the same level. Could they have had the workstations run fedora/ubuntu? Definitely, just as they could have put those on the servers and still been fine. Still, REL on the workstations probably helped in administering them.

Re: Mass Dialers -- A.K.A Robo-callers

While there are hardware ones, and you could probably ban them, it would be very difficult to tell the difference between a call center using a software autodialer and a call center doing normal jobs. The call center people just say "I finish a call, and my headset rings again. It's not my fault that we're busy", while the admin people say "We just manage the employees and make sure they answer all the incoming calls we have, and also we have to call some of our clients back because they've agreed to it." By the time anyone investigates, the IP phone system has been reprogrammed, so nobody knows for sure what exactly they were doing.

Re: I never got laptops...

I'll extend that a bit.

If I want portability, I'll use a smartphone (or old phone if all I want is communication, but probably a smartphone).

If I want raw power, I'll use a desktop.

If I want a large amount of computing power but available in many places, I'll use a laptop. I can bring it with me in a backpack, and can use it on the go from its battery.

I don't need a tablet because it is as big as a laptop (the slight difference in weight doesn't make much difference) but can't do as much. I don't need something as powerful as the portable thing but as portable as the thing I need a backpack to carry.

Re: 2000 quid?

"It's a similar price to it's nearest competitor the Wacom MobileStudio Pro 13."

Sure. But firstly, I'd much rather have the studio, because it runs a normal OS and has some expandability with normal ports and second, that is also overkill/nearly useless for most use cases. You can beat both of these machines in most areas. Compute power? You can get a lot more for the price with a desktop, a laptop, even some tablets with full OS's on them. Battery life? Use a machine with a similar processor but a less power-hungry screen or one you can control better. Functionality? Use something else; check. When comparing this to a laptop, virtually any modern laptop, it loses. People don't typically want to approach their computing devices and draw on the screen. Some designers and artists do, but it's been tried a lot for the rest of the computer user population, and we said no. So what feature does this iPad have that warrants it costing twice as much as a comparable laptop, with touchscreen, with the capability to run a full OS and maybe be somewhat repairable. You could even get a not bad apple laptop for half the price of this one. They're putting the price far too high.

Re: I shall call it Mini-Me

I seriously doubt that they'll suddenly decide that this one should allow hardware modifications. In general, depending on use case, the base config would probably work for a lot of people. For technical users like us, four gigs of memory is limiting, but if you're using it headless or as a basic computing device for a nontechnical family, it isn't that bad. You could run into storage limits with the 128GB SSD, but it fills up a lot more slowly than windows does, so I'd call it doable.

For me, the Mac Mini has been out-of-date long enough to weaken its position in the small box market. For a while, the Mac Mini was really the only usable computer at that size. Anything else at that size was ridiculously underpowered and/or expensive. Even after that, the system compared well against the usable, sort of, alternatives. I remember helping a friend decide on a small machine to use as a media system in early 2015. We considered various options, including the raspberry pi (then version 2) and the intel compute stick, but they just couldn't compare to the mac mini. The raspberry pi didn't have built-in networking and required a lot of cabling to set up the required storage. The compute stick had an atom processor which wouldn't be very fast, and was said to overheat a lot. The mac mini allowed all of that to be stored in one convenient unit, with enough processing to do most tasks and storage sufficient for a small media collection.

The small computers have caught up, and probably overtaken. Now that the raspberry pi has WiFi, which frees up a USB port, and a much faster processor, it can do most if not all tasks a headless mac mini would do. It still needs external storage if used as a media machine, but that's only one thing to connect. I doubt that the compute stick is very good yet, but there are small machines with intel processors as well. These are smaller than the mac is, they offer more options for modification later on, and they give you a lot more performance for the price.

Re: 1440×900

I believe the resolution is 2560x1600 (4096000 pixels in total). Apple's made that display at this size for a while, so it makes the most sense.

Re: Why would you have a maintenance window at 6:30am?

I'd also rather the job where I can do some maintenance from home late at night. However, that option is dangerous. If something breaks that requires me to be on site, then I probably have to go there. At night, when access isn't always figured out, and transport systems might not run as often if at all. Worse, let's say that I say "Sure, I'll work at night for a bit running standard maintenance and also be there in the day. It still adds up to the same amount." Now, they have an expectation that I'll be there during the day. If the maintenance is usually thirty minutes or so, that's fine. When it becomes several hours for a major update or something similar, requiring you to stay up most of the night to work on it, you have less leeway to say that you won't be in. You have a perfectly good excuse, but that often doesn't convince the people who pay you.

Re: I love this

I've seen some similar things. I don't think this article is really doing that, other than to point out that Chinese manufacturers haven't been very mainstream until Huawei became so about a year ago. Before then, none of them were all that well-known, although you could buy phones from them.

As for the trustworthiness of the tech, I'm willing to trust most of it. However, there are a few parts that are a little weird. I recently got a Xiaomi fitness tracker to use as an alarm clock (I like vibration alarms). The companion app wanted me to sign a strange license agreement containing such normal phrases as "This product may not be used to damage the reunification of the motherland." and "People with intentions of antisocial or antigovernment actions may not use this product." I found those a little off-putting. Fortunately, I found an open-source companion app instead, so I used that. Still, when faced by things like this that remind you of the system watching Chinese citizens, I believe one could be forgiven for asking whether there's anything creepy in the code that we can't see. I don't really think there is in most if not all cases, but the question isn't irrational.

Re: Choosing to kill someone is murder, shirly?

Self defense is one thing. Choosing an alternate victim is another. If there is a person planning to shoot me, and I have a gun, I can shoot them in self defense. If the person is going to shoot me, and I grab another person and shove them in front of me, that's murder on my part. In the case of a crashing car, if given the choice of "die or that person dies", selecting the latter could easily be considered murder, because the victim you chose was not at fault. Hence the person on the sidewalk.

Re: Am I missing something here?

Windows CE wasn't great, perhaps, but it was stable and did run for mobile PDA-type things. You could use the applications on them, and you could load others. It provided a common platform for applications that would run regardless of device peculiarities, and with some support for modern (of the time) hardware. You could also get some interaction between the mobile device and computer that actually worked, sort of. What other mobile OS had that at the time? As I recall, most of them worked but only with their own programs, or weren't compatible with much else. I think it could have provided Microsoft with a very good entrance into mobile computing, although we'll never know because they threw it away with Windows Phone 7. Still, there are a lot of embedded devices that still run it (I don't know why).

As for normal windows, I've never really loved it, but most versions were acceptable until windows 8. That's when they didn't just alter the interface, but instead crumpled it up and started over. I'd have to give windows 10 a slight edge over windows 8 in the interface department, but that's like saying that it's closer to the top of Mt. Everest because it's standing on a phone book. Meanwhile, everything else still managed to get worse with the release of windows 10.