Posts by doublelayer

Re: Here he goes again ...

I can see a small reason for a flip style, but not for a clamshell one. Things like the gemini that offer a tiny laptop, sure, but not a phone doing phone-style things. The benefits I see with the flip style is that you can have some protection of anything delicate, you have more distance between the microphone and speaker so it actually fits your head, and flipping open to answer and closed to hang up is rather nice. However, the phone would have to be relatively large to accommodate that structure with the kind of screen sizes people want nowadays. I'd be fine with a 4-inch screen, but the buying habits of most others, as reflected in the phones being produced at flagship level, clearly disagree. As little as I want a 5.5-inch phone, I want it even less if it is much thicker, which it would have to be. This leads me to the other problem I have with the flip style for a smartphone--there is a lot of surface area for rather little volume, meaning that things like batteries would likely remain in one piece, powering the other. This makes the modular idea rather limited and means the extra thickness won't host extra battery, which is the reason I'm willing to accept that. In addition, current flip designs wouldn't make it easy to have a single flat surface when flipping open, which makes it difficult to orient the screen at a comfortable angle without having to deal with the other half. That other half would be difficult to orient for typing such that the screen is also conveniently positioned. I'm all for flip phones, but I'd like them to remain the small non-smart variety. The flat screen type, in my mind, best fits the way people use smartphones.

Re: PKI done properly costs money

I don't think so. You seem to be saying that, if we just got over it and cheerfully spent the money, things would be better. These certs aren't free, and the problem's still there. Perhaps one reason we'd prefer the certification process to be free is that all the power for whether the code we wrote is trusted goes to someone else.

The same is true of https. Sure, you can see having a certificate that isn't self-signed as an indication that the server is likely to be who it says it is, but if you're really in a situation where you can't be sure of that, you have bigger problems. If you're getting DNS poisoned to bounce you or someone's taken over a domain name, the problem is big and needs to be dealt with more strongly. Meanwhile, an HTTPS cert of any type provides the user an encrypted connection to the site and protects them. You have to choose where you go, but https://www.iamevil.scammerparadise.net is still going to be risky no matter whether they paid someone to verify that they owned it.

Re: One in twenty users?

Sort of but not exactly. Since 10.9, new versions of the OS are free and can be installed relatively easily. It's not like windows 10; it will actually run pretty much the same. Since they didn't leave any models on 10.9 (everything on 10.9 supports up to 10.11), they supported it for less. I believe they still release security patches for 10.11 because older machines have reached the last supported OS. Incidentally, I'd recommend everyone running less than 10.11 upgrade to it, because it is significantly more stable, and that nobody upgrade from 10.11, especially to 10.13.

Re: If you don't connect it to the network, ...

But they make it look like connecting it to the network will be helpful. That means that nuts like my parents, who had decided to test out some streaming services, tried to get the TV to stream them for them by having it connect to the network. Of course it didn't work, but now I have to find out how to get this thing back off the network. Somehow, my suggestion of giving them a raspberry pi that they could just connect an HDMI cable to was not seen as helpful.

Re: Key word is "Trainee"

"but giving them a crappy task that needs little or no training, (except, making the tea for the workers on a site can be a very skilled job to get right, getting everyone's tea made to exactly how they like it, i.e. more or less milk, 3 or 5 sugars)** is part of the training...."

It seems really pointless. Primarily, I'd assume that people should just make their own tea. If there is something that needs to be done by one person so that everyone can do that, fine make the trainee do it, but if that's the main thing they do, it feels like you can't be bothered to respect the skills they are supposed to be enhancing. Theoretically they were hired to learn things because they showed promise. If you're going to use them as a person to do odd jobs for which their experience is by and large pointless, then you might as well have hired someone who didn't have the skills. They'd probably have been somewhat cheaper, there are many people needing the job, and they would have knowledge of what you were going to ask them to do.

"back in the day of apprenticeships, all they did in a machine shop was brush up and clean the machinery until they knew all the names of the parts. it would take time to learn the skills to work on actual client works..."

Exactly! That's what I'm talking about. Sure, they're doing something that is relatively easy, but they are learning something relevant. This part is called X. It is part of that thing over there, and it performs task Y. This is how to clean it properly. Once you've cleaned it, so that we can use it again, you'll learn what part Z does and how you can use parts X and Z together. They may have learned faster if their supervisor just taught them, but that wouldn't be efficient.

In the end, they got the benefit of knowing what was going on, their employer got the benefit of their work, and either they continued to work together, in which case both were successful, or the employee was able to use extra experience to get or set up a career for themselves. Meanwhile, someone who is used as cheap labor for making tea or similar completely unrelated tasks gets next to no benefit. They have learned nothing, so all they get is something to put on their resume that shows that they worked on something. It's single sided toward the company, but there are very many options for it not to be. That's why I have a problem with it.

Re: Server Farms and Mining Rigs should be...

But what if it's summer but it's been chilly for a bit. Might I fold some proteins then?

Re: Past its sell by date?

Please don't. I use libreoffice too, but return it in a format that isn't bloated and slow. PDFs break a lot, are ridiculously large for the data stored in them, and usually require far too much software to read.

Re: One day, ...

Ok. Now I'm curious. Since I can't think of anything that would get rid of all computers while leaving humans, what type of situation can you think of where computers would be banned? And does your theory also account for the populace to comply with said ban? I'd really like to hear your theories, because I'm not thinking that way at all.

Re: PDF is clunky.

Whatever reason they may have had for losing the document, their mistakes were not the point. The point is that PDF files, although they are lauded as being useful on any platform, frequently lack the feature of making their content available if you don't want to just look at them. Some PDFs have text that can be extracted, but the number that don't is higher than the number that do. If I want to use the contents for some reason, be that copying and pasting code, quoting accurately, or sending data over something where text is more convenient*, PDFs frequently won't work. Sometimes, this is done for security, because I suppose it would be harder to violate copyright with something where copy and paste are made impossible, but usually it's down to someone messing something up or being a control freak because I should view this document in the font they like. With any text-based format, you have the freedom to make it useful by converting it to any format that would work well. The greatest risk is that it won't look as nice on the other end. With a PDF, the message seems to be that you are not allowed to do anything that the original document-writer didn't think of allowing you to do.

*Recently, I wanted to give someone some of the documentation for a system they were using. The only problem was that they were on the other side of an e-mail exchange. I can't send the PDF file because it's 48 mb and there's a limit on attachment size. This file was sent to me, so I don't have a link to it online. I could post it somewhere and let them download it, sure, but copying and pasting the ten-item instruction list would really have been more convenient.

Re: No worse than something on a web page

Good point on the light node way, I was not aware that was a thing. I suppose that eliminates my objection.

On the subject of reddit, I was using that as an example, but the point was that you couldn't kill the mechanism. You post a message in a monitored thread (give the system a list of two hundred or so to check, from any account. Every message gets read and decoded. Therefore, all you need to control the system is a key that can sign/encrypt a command and knowledge of the threads used. Reddit/whatever platform it is using can find your message and delete it, and also block the account, but you don't need either of those. The message was already read and acted upon, and you can send another message just by opening another account and posting with it. Perhaps reddit will take things down too quickly, but all you need is some online forum thing that allows new accounts rather easily and doesn't pre-check posts. Posting here, for example, wouldn't work because the first three posts are moderated manually. That doesn't hold for many other methods. One other benefit of the online posting way is that the periodic killing of posts helps the commander. There is little chance of the program getting an old instruction and acting on it when it shouldn't.

Re: Super virus able to run on any platform

I'm not sure if your being serious or not... but there is no software. They're lying. They just dropped the operating systems they could think of into their message (see first comment for full text) under the theory that that would be helpful.

Re: Has a disadvantage too

Even if it encourages more people to share binaries, it should prevent as many malware-infected ones from being there. For me, that will be a benefit. I tend to prefer having no google account set up with an android device and avoiding the play systems entirely, but there are things I can't get in fdroid. For example, some google packages are useful to me but don't come installed. I just have to hope that whatever site I get the APKs from haven't infected them (by the way, anyone know whether there are some trustworthy apk collections out there?). For me, this will be somewhat helpful.

Re: weird decision by Aussies

Regarding the argument that the fingerprint sensor might be insecure, that's a risk that is taken when parts are switched. You have to understand that the cheaper part might be problematic, or in fact that something might be dodgy with it. However, the risk doesn't mean I can do whatever I'd like. For example, I can build you a hard drive that contains sneaky ransomware on board. Use it for six months and the ransomware activates, encrypting the disk and booting your machine to ask for money. The fact that I could do this doesn't mean you are justified in never buying a disk again, nor does it make it logical for you to say "Any disks I approve are fine, all others aren't". If I buy a disk, I assume the risk for it. If it turns out someone's sneaking ransomware into them, find them and report them.

There's a chance, but not a big one

The way I see it, microsoft have chosen a good time to think about switching over, as they are at a relatively pivotal point. This is similar to the many stories about their thoughts of running windows 10 on arm. I don't see a reason this has to fail, but I can see lots of ways it could. The last time microsoft tried it, for example, they got windows RT and it didn't succeed. They will need to realize that very little is going through the windows store and that the rest needs to be available. That means either getting devs to recompile a lot of things or making a compatibility layer. However, if they manage that, I see no reason this couldn't be a new architecture.

However, given microsoft's track record with this and their current software base, I doubt it will happen. Apple could switch to arm because their low-end users get their software from the appstore, and their high-end users use software made by companies that have enough money to recompile and test the new code to death. Linux can switch to most things because the software can be recompiled by anyone and patches provided by anyone with the knowledge and inclination. If microsoft makes this available, and things start to break, it may fail at that point. They aren't really providing something that we couldn't get before, so it will need to be very good for it to get the chance to become better.

Re: someone can tell me

That doesn't really get very much of it. Here comes a big data blob out, and another one in. What was that? Was it spyware sending your data to a C&C, with the next set of data coming back? Or was that your music player syncing your playlists, or even just checking for updates? There are many devices that would be caught by something like that, but the more you attempt to have the thing online, the more data it will send that you can't make any sense of. If you can't be certain that the connection to the cloud for the GPS data to be interpreted (that's something that won't run on a watch for a while) doesn't also contain anything sneaky, worry is justified.

Re: And about time too...

While I'd really like an open source, everything free, no slurpage system that takes the world by storm, I know that won't be happening. I'd be very satisfied if we could have such a system that is at the level of linux on the desktop. Sure, people in general aren't using it, and remain open to the many problems with the current players, but it is a thing that can do most of the things people want to do, can be installed on most relevant hardware, etc. If we had something that could live comfortably on phones, could be installed on them without fighting them, and had access to the services we need, I would be thrilled. Most things would not need their own applications, because their websites will do most of that. However, we will need apps for the standard videochat and cloud storage software to complement the apps that do more standard on-device things (without a good mail client, contacts manager, calendar, and phone/SMS client, there is no chance).

I have gotten as close as I will probably get to this with a blank android system (no google play apps if I can manage it, firefox as browser, all apps installed from fdroid). I'm sure there's a lot I probably don't want to know about in there, but I don't have a way to get any closer.

Re: As I was reading...

Maybe, but there are plenty of things that would be useful. In the case of a thing I considered backing, a phone case that records phone calls and can also act as a convenient audio recorder. That's something I could use, as I find it handy to start a recording with a press of a button, which my phone can't do (unlocking, opening app, and pressing a button is fine but can take a few seconds which annoys the person you want to record, and won't work if you're on the phone. It is a product I want, the price seems fine, and the people are near their estimate of how much money they need to make it, so they should have enough. I don't know what happened in that case, because I didn't end up supporting, but all I know is that they haven't made any of these, the page is dead, and I'm disappointed because I can't buy it.

Re: Windows Phone ... 7 ?

It was the application in the microsoft store--I.E. it was running on windows 10 mobile (maybe windows phone 8.1 too, but I haven't checked). Frequently, windows 10 mobile is still called windows phone, both because microsoft has been known to do it and the fact that windows 10 mobile sounds weird. Windows mobile was a thing, but it is nothing like windows 10 mobile. Meanwhile, windows 10 mobile and windows 10 are alike only in that they require too much background junk and have cortana on them. Windows 10 mobile and windows phone run on similar devices, in some case the same devices, made by Nokia two to four years ago (they are still making them, right? I haven't really heard anything about it). Hence, windows phone can refer quite clearly to the latest windows thing that runs on phones.

Re: we're not freaking magical wizards

I agree, but more because the statement is just wrong. The general public don't see dealing with systems as fighting demons. To judge from the general attitude, they consider it as either building something (those being the courteous ones), putting roadblocks in their way (the annoying ones), or doing something that requires no skills at all (those being the stupid ones). Also, I have never considered a system or program I'm writing to be like a puppy or any other animal. With animals, I get a sense of life, of personality, although that's mostly made up by me, and independence. I view programs as something I am building. It may at some point be independent of my actions, and there may at some point be enough code in it for something it does to be sort of lifelike. However, it's not living enough for me to consider it like an animal. If you want a parallel that works for me, although this is probably very subjective, I'd suggest a system as a piece of art. I have an idea of what it will be, I take steps to get there, and the completed work is designed by my imagination and different from my original blueprint.

Re: Does this mean ...

My solution to this problem, while slightly less secure, is to cut off data transfer an hour after it stopped already. Therefore, anything that you started with proper access goes to completion just fine, and an hour after that, the lock goes into effect. This also means that someone who has a device they want to continue to have access can do that because the connection remains live and has to die for an hour before the lock engages. This does mean that if there was a data transfer less than an hour before the police try to get into the device, then their device can brute force all it likes because the transfer can't be interrupted. However, given the relative rarity of people actually using hardware data transfer with phones, this probably isn't a big deal. Also, under this system, I'd probably reduce the time to about ten minutes.

Re: Big Brother much?

They could already do that. They haven't removed the sideloading thing, but instead they have patched a hole that allowed people to sneak code into users' browsers with a low-profile thing that was easier for users to just click through. I don't use chrome because of the privacy problems it entails, but google has improved it with this change. I see little to complain about in this situation.

Re: Surface Pro 2?!?

Not quite. The surface pro 2 was released on 22 October 2013, so it's a little under five years old. I'm not supporting their decision to drop support, because it'll still do computing, but it's a bit old hardware wise.

Re: FFS microsoft

I think microsoft has a point here. Never mind that the protocol was made insecurely; that was a problem before but it's just reality now and it has to be dealt with. Microsoft can't seem to get people to change from one protocol to the next version that is more secure just by making it available. SMB2 is twelve years old, after all. In that case, it may be needed to add an incentive for that to happen. Sure, it'd be nice if nothing ever broke and people only had to upgrade when they wanted new features, but that's not how software works.

A month ago, I found this old device with an ancient linux kernel on it (version 2.6, proprietary interface on it) in my closet. I played around with it, trying to see if you could run modern stuff on it. The device had no package manager and no C compiler, but it did have various other packages and python. So I tried to download some code from github, and what happened? It wouldn't download because github had instituted a security policy the browser didn't support. I'm not quite sure what it was. I think this is new enough to support https in general, so I assume it was a new version of SSL. So, technically, SSL changed its security policy in such a way that my device couldn't even browse the internet. Still, we want that kind of thing to happen because if we just left it out, we wouldn't have security. We'd have plain HTTP, and whatever version of SSL we started with. That version has become insecure, so we've canceled it. Security requires protocols to change. Sometimes, that means we can't use our windows 2003 servers anymore because it's now 2018. In my case, it means my powerhouse of a 520mhz ARM processor from I don't know how old with its 64mb of ram can't be expected to go online anymore. Of course, if the hardware on which it was running was that important, we could always reinstall it with something modern. Sometimes, that's just how things should be.

Re: "no software will be ever fully secure, sorry.."

I support open source. I don't want only one open source thing to exist. For example, I like Linux and support it, but I don't have a problem with BSD, nor would I have a problem with any other open source operating system. I'm fine that non-free OS are there too, but I don't like the theory so much.

However, if the choices are one open source thing or one closed source thing, I'm going to go with the open source thing, so long as they have similar features--I'm not going to throw away a modern and working product for some code written in 2003 and not maintained. The reason is that, when something terrible happens to it, there are many people who will work on making it work again. If, for example, we had a situation in which everything in the world ran under the same version of Linux, thus making it possible for someone to attack it all and take it down, I feel more confident that someone can get it back up than if it was windows running everything. Neither should be allowed to happen, but if something open source fails, you need to fix it yourself or someone who also uses it needs to fix it. If some closed source thing fails, the people who made it have to fix it, which breaks if the people don't want to, are not available, are busy, or have lost data they need for the task. So, no, I don't want open source dictatorship, but yes, I do tend to trust such software a bit more.

Re: Did the Reg really ...

I think they're just of the opinion that an apple I that won't be useful in any way and may not actually work at this point isn't worth the money. That's not the same as saying there's something wrong with the auction. Frankly, although I'm interested in old computers and wouldn't mind physically owning some of the more famous models to play around with the hardware, I would not pay very much at all for them. Also, I'd probably get bored rather quickly and then seek to get rid of them again because they're useless for real computing and probably a lot heavier than I, who grew up in laptop era, would assume.

Re: Just more BS

They did come up with the iPad size first. However, the first touch product they released was the iPhone. The iPod touch was released after the first iPhone, so it was more that they removed the phone part and made the iPod touch.

Re: Another deja vu?

No, this isn't a zip bomb. Those are zip files or other archive files that decompress to a bunch of data. Sometimes they are also recursive so they decompress to multiple copies of themselves. The goal of an archive bomb is making the system run out of resources: memory or disk if the zips expand to a lot of data, processor if they are recursive. Thus, the program running them will crash or run into problems.

This file wouldn't cause a crash. Instead, it would write files to a location that isn't planned. For example, imagine that you unzip a file on windows in c:\Users\me\extract. Normally, all the contents will be under that folder. The zip file, however, can be constructed so that it also decompresses to c:\windows\system32\explorer.exe. This overwrites it with a different file that contains malware, and now running the formerly trusted explorer process will infect the system. The zip is not meant to crash the system, but to infect it.