Posts by doublelayer 10700 publicly visible posts • joined 22 Feb 2018
This guy may not be particularly dangerous, but anyone who deliberately attacks something in a way that harms emergency management needs to have that enforced. If the people running the system are right that operations were impacted, his little stunt could have caused real damage to many people's lives.
Also, how painful would 36 months without a network connection be? On the bright side, I'd get to avoid those boring e-mails.
Regarding the argument that the fingerprint sensor might be insecure, that's a risk that is taken when parts are switched. You have to understand that the cheaper part might be problematic, or in fact that something might be dodgy with it. However, the risk doesn't mean I can do whatever I'd like. For example, I can build you a hard drive that contains sneaky ransomware on board. Use it for six months and the ransomware activates, encrypting the disk and booting your machine to ask for money. The fact that I could do this doesn't mean you are justified in never buying a disk again, nor does it make it logical for you to say "Any disks I approve are fine, all others aren't". If I buy a disk, I assume the risk for it. If it turns out someone's sneaking ransomware into them, find them and report them.
I don't think so. If I "repaired" something with a part that doesn't work, then I'm the one at fault. However, what was installed was a touch sensor that, while not the one made by apple, did the job it was meant to do. All apple did was to go in and break it. They probably could have gotten away with allowing the driver for the screen to become deprecated and fail, as they aren't obligated to support it, but writing code that essentially does
if (screen.manufacturer != "apple") {
brick_phone();
}
isn't OK. A better analogy would be if your computer broke, a friend replaced the processor with another one that did processing just fine and with the same instruction set, and I, as the software writer, chose to decide that I didn't like that and I'd just make it fail for you. You can't do something the sole purpose of which is to break someone else's thing.
The way I see it, microsoft have chosen a good time to think about switching over, as they are at a relatively pivotal point. This is similar to the many stories about their thoughts of running windows 10 on arm. I don't see a reason this has to fail, but I can see lots of ways it could. The last time microsoft tried it, for example, they got windows RT and it didn't succeed. They will need to realize that very little is going through the windows store and that the rest needs to be available. That means either getting devs to recompile a lot of things or making a compatibility layer. However, if they manage that, I see no reason this couldn't be a new architecture.
However, given microsoft's track record with this and their current software base, I doubt it will happen. Apple could switch to arm because their low-end users get their software from the appstore, and their high-end users use software made by companies that have enough money to recompile and test the new code to death. Linux can switch to most things because the software can be recompiled by anyone and patches provided by anyone with the knowledge and inclination. If microsoft makes this available, and things start to break, it may fail at that point. They aren't really providing something that we couldn't get before, so it will need to be very good for it to get the chance to become better.
That doesn't really get very much of it. Here comes a big data blob out, and another one in. What was that? Was it spyware sending your data to a C&C, with the next set of data coming back? Or was that your music player syncing your playlists, or even just checking for updates? There are many devices that would be caught by something like that, but the more you attempt to have the thing online, the more data it will send that you can't make any sense of. If you can't be certain that the connection to the cloud for the GPS data to be interpreted (that's something that won't run on a watch for a while) doesn't also contain anything sneaky, worry is justified.
While I'd really like an open source, everything free, no slurpage system that takes the world by storm, I know that won't be happening. I'd be very satisfied if we could have such a system that is at the level of linux on the desktop. Sure, people in general aren't using it, and remain open to the many problems with the current players, but it is a thing that can do most of the things people want to do, can be installed on most relevant hardware, etc. If we had something that could live comfortably on phones, could be installed on them without fighting them, and had access to the services we need, I would be thrilled. Most things would not need their own applications, because their websites will do most of that. However, we will need apps for the standard videochat and cloud storage software to complement the apps that do more standard on-device things (without a good mail client, contacts manager, calendar, and phone/SMS client, there is no chance).
I have gotten as close as I will probably get to this with a blank android system (no google play apps if I can manage it, firefox as browser, all apps installed from fdroid). I'm sure there's a lot I probably don't want to know about in there, but I don't have a way to get any closer.
There isn't a problem with your setup. The problem is that I can't get it. I have had a few android devices, and I'd have loved for all of them to be google free. That didn't happen.
First, many devices never get support from a third-party ROM. Unless you buy the flagships, you probably only have a fifty-fifty chance of getting something. I don't want to buy the flagships because they cost a ridiculous amount for features I don't need (if my camera has five megapixels, that's enough for the one photo I take in a year) and lack others I'd like (I have a few applications I've written that like the extra storage of an SD card). I can get what I want in a much cheaper android device, but that device probably won't get a non-google ROM customized for it. It definitely wouldn't have been running ubuntu touch or firefox OS when those were still things, explaining why, as much as I wanted to try them, I never got the chance. Some of them can't even be rooted by things available online, or can be rooted by something that only looks extremely dodgy and I'm not sure whether to trust it or not.
Then, even if there is such a ROM, the process for installing it always looks like 1. Root device (no instructions, try to find the least dodgy thing) 2. Log into a shell with ADB 3. Push all of these files to some system directory 4. Run this installation script with these fifteen parameters and wait. And yet, those scripts don't seem to be very reliable. When a shell error happens in the middle of a script, but not one that got handled with an error message, I have to wonder whether I should bother to try to fix the script and/or whatever it has been calling, or give it a miss altogether. Oh, and by the way, I am also wondering whether the half-completed script may have bricked my phone or not.
I'm all for more non-google experiments, but I don't get the idea that these people have considered these problems. They just seem to say that they'd like something, so they're going to go code for a bit. I've said that before, but without actually thinking it through, the results were never good. You have to plan, design, and poke holes in things before you can write a good system. I'm hoping that this group has done that. I doubt they have.
Maybe I can help with your questions, as I already avoid most google services.
Google docs: Use another program. Microsoft has this one they've made in a bunch of different ways. They don't have to track you, because you pay for it. It's called office. Apple has one too. There are also open source ones, which you can have for free. That's my choice, personally.
Google search: Use another engine. Duckduckgo works OK. So do various others. Google is rather well-liked, and for good reason, but making it out as if google is the only one that works at all is at best misleading.
Google drive: Use another storage system. There are so many cloud services that can be used that I can't even list a representative sample. I quite like dropbox, if you want true cloud, but there are a lot of options. Also, you could use your own systems using a variety of protocols.
Google maps: Use another GPS. Google maps is nice, but you don't have to use this. Evidence? I don't. I've used various GPS applications, usually with maps that were made by companies that make the GPS writers pay for them, which means I pay for them. I paid for the set of maps I have, and it really wasn't that much. The applications work rather well. However, there are free GPS apps that don't rely on google to do everything for them. Also, apple and microsoft both have maps applications of their own. Whether they work for you is a different story, but they exist.
There is nothing that google has that I can't replace with something else. If I don't like google, I can replace their services. So please don't act as if I need to thank google for their selfless creation of this wonderful code. They are asking a price for it, just a price paid using different units, and some of us don't want to pay that price. We pay different prices for some things, go open source for some things, and make our own replacements for other things.
Yes, we do think we can keep these sensitive details away from people. Amazon knows my address, because they need it to deliver. So does the local takeaway, which means that I can just click it and not have to enter it again. That's fine. However, if I'm running a calculator app, it doesn't need to know where I live, and I have no reason to give it that. If it goes about getting it anyway, there is reason for me to dislike that and take action to deal with that, either by dumping the app, feeding it incorrect information (if I can find out how), or complaining to them.
I speak Spanish. If I don't want to tell people that, not because it's a problem but because I feel like it, I have the right and ability to do so. You don't get to tell me that I have no right to hide that, because I can if I'd like. Maybe I'm tired of people asking me to translate things for them, or maybe I'm out of practice and have forgotten things, which embarrasses me. Maybe I just think it's none of your business. If you go about finding this out by tracking things I do, I have every right to become annoyed and take action against your tracking. The same applies to google.
Maybe, but there are plenty of things that would be useful. In the case of a thing I considered backing, a phone case that records phone calls and can also act as a convenient audio recorder. That's something I could use, as I find it handy to start a recording with a press of a button, which my phone can't do (unlocking, opening app, and pressing a button is fine but can take a few seconds which annoys the person you want to record, and won't work if you're on the phone. It is a product I want, the price seems fine, and the people are near their estimate of how much money they need to make it, so they should have enough. I don't know what happened in that case, because I didn't end up supporting, but all I know is that they haven't made any of these, the page is dead, and I'm disappointed because I can't buy it.
That's all true, but I would say that all the stories about things being made with croudfunding that are delivered late if ever and don't work have made me less likely to try it myself. Also, to what extent do other sites have the same level of nonexistent products? I don't hear these stories so much about kickstarter, for instance. There have been a few things I thought about buying from croudfunding projects. I've just checked one of them, which appears to be fully vaporware. It was supposed to ship two years ago and the page hasn't been updated since then. Maybe I'm right to continue to start with distrust and allow them to try to build up from there.
It was the application in the microsoft store--I.E. it was running on windows 10 mobile (maybe windows phone 8.1 too, but I haven't checked). Frequently, windows 10 mobile is still called windows phone, both because microsoft has been known to do it and the fact that windows 10 mobile sounds weird. Windows mobile was a thing, but it is nothing like windows 10 mobile. Meanwhile, windows 10 mobile and windows 10 are alike only in that they require too much background junk and have cortana on them. Windows 10 mobile and windows phone run on similar devices, in some case the same devices, made by Nokia two to four years ago (they are still making them, right? I haven't really heard anything about it). Hence, windows phone can refer quite clearly to the latest windows thing that runs on phones.
In general, I would like apple to allow a lot of things that they don't. The fact that they have monopoly rights over what can run on their hardware does limit what can be done with them. However, there are two major points that, although I dislike them, I think tilt the balance toward apple.
First is the point that this applies to pretty much any device. Computers generally allow any software to run on them, but that is the exception, not the rule. There are a lot of devices that have a monopolistic method of allowing things or not. I can't go outside amazon's system for things to run on their echo speakers. I can't decide to install my own software on nest's thermostat. I can't erase my android phone and put something else on it. Of course, I may be able to do these things under some conditions if I go to a lot of effort to break into the system, but that also applies to apple, as I can jailbreak my phone and use any number of appstores. In general, I think precedent says that you can build your system in a way you like. Your customers can break into it on their devices, but you don't need to provide them the means to do it. Frankly, if this argument is accepted, I'd like to see a similar action filed against every android phone maker with locked bootloaders.
The second reason is a bit less formal, and that is that this is apple's main selling point. They haven't hidden this fact at all. They guarantee that any app in their store passed their vetting process, which could be used against certain apps because apple doesn't like them, sure, but is more likely to be used against apps with real problems. I think there are similar contracts in many places; microsoft's contract of "You must not sell PCs running Linux or we won't sell you windows" comes to mind. For example, if some store came out with a product and sold it there and nowhere else, could it be argued that they have a duty to sell it in other stores?
I agree, but more because the statement is just wrong. The general public don't see dealing with systems as fighting demons. To judge from the general attitude, they consider it as either building something (those being the courteous ones), putting roadblocks in their way (the annoying ones), or doing something that requires no skills at all (those being the stupid ones). Also, I have never considered a system or program I'm writing to be like a puppy or any other animal. With animals, I get a sense of life, of personality, although that's mostly made up by me, and independence. I view programs as something I am building. It may at some point be independent of my actions, and there may at some point be enough code in it for something it does to be sort of lifelike. However, it's not living enough for me to consider it like an animal. If you want a parallel that works for me, although this is probably very subjective, I'd suggest a system as a piece of art. I have an idea of what it will be, I take steps to get there, and the completed work is designed by my imagination and different from my original blueprint.
I'm mostly wondering how this program managed to look at the part of the video it was provided and figure out what a person is doing in it. Sure, it can be easy enough to look at a frame and say "There are carrots in that bowl", but it can be very difficult for a program to look at arbitrary videos and decide whether I'm chopping or dicing those carrots and what I've done with them next. So many details are unimportant, such as what kind of knife I'm using and how fast I'm chopping, yet that will be a lot of the activity. For example, consider a situation where I'm going to make a salad and have started a video stream to this AI. I am currently standing in front of two cutting boards, one containing spinach and the other cucumber. The video is instantly recognizable to a person, and probably to the AI, as well. However, what if I have limited counter space, so the cucumber cutting board is behind me on a different counter. Am I going to use the cucumber? That's a typical salad-making move, but the camera doesn't know. I may just have placed my vegetables on that counter and moved the spinach over because that's what I'm using now.
Therefore, I can think of three possibilities for how this AI does this, which they at least didn't explain in the article and I'm kind of tired so I'm not looking for extra explanations right now:
1. The image recognition system was provided information and has managed a great training set that has actually allowed it to automatically determine, within limits, what culinary task I'm doing. This would be revolutionary news, and would massively overshadow the prediction element, because it would be a success while the prediction is at best borderline noteworthy. So I'm assuming that didn't happen.
2. The training set was made very similar (same kitchen, camera position, etc.) and all the test videos were also shot there, so the algorithm would fail under any standard conditions. In that case, they are overestimating the usefulness of their code.
3. The researchers labeled their videos for the convenience of their algorithm, in which case the prediction algorithm is being based on alternate data. Similar to the time when google tried to predict cancer in patients and forgot to take out the record that identified people as being treated at "[name] cancer center", thus getting a program that looked great while being entirely useless, if this is the case, this experiment is a major failure.
My solution to this problem, while slightly less secure, is to cut off data transfer an hour after it stopped already. Therefore, anything that you started with proper access goes to completion just fine, and an hour after that, the lock goes into effect. This also means that someone who has a device they want to continue to have access can do that because the connection remains live and has to die for an hour before the lock engages. This does mean that if there was a data transfer less than an hour before the police try to get into the device, then their device can brute force all it likes because the transfer can't be interrupted. However, given the relative rarity of people actually using hardware data transfer with phones, this probably isn't a big deal. Also, under this system, I'd probably reduce the time to about ten minutes.
Probably not. The phone will refuse to send any data or accept input from the connection, but it can still read the chip. Even if it does use the same bus, I don't think you can put something on the USB end to get it to trust the cable, because the chip is read directly. So the cables will most likely remain broken.
Technically true, but usually it won't work. Most systems will disallow things other than plain ASCII. Unicode and in some cases extended ASCII is out. In fact, there was one system I had to use that blocked a password using the question mark (?) symbol. Actually, it sent the password in but chopped out the question mark first, such that the original password would not work but the one with the mark excised would. Great job there. Rather than allowing a system to get confused, I tend to go for length plus a few punctuation marks; that way, nobody can just brute force the alphabet to get it.
They could already do that. They haven't removed the sideloading thing, but instead they have patched a hole that allowed people to sneak code into users' browsers with a low-profile thing that was easier for users to just click through. I don't use chrome because of the privacy problems it entails, but google has improved it with this change. I see little to complain about in this situation.
I don't think we need any of the new TLDs, and I'm not even sure why people are buying them. I can see a few cases for some things, usually geographic ones like .nyc or .london. Otherwise, the lists are full of domains that cost a ridiculous amount, thus virtually guaranteeing that nobody will use them, redundant names (.accountant and .accountants both exist because, you know, why not) and some that are now owned by corporations (.google? Why?). We don't need them. Delete them all.
I've noticed this as well. I think it has recently taken the top spot for most annoying forum post over the people on stackoverflow who feel the need to put "This question has been asked before. Please look there [no link] and ask again if that doesn't answer your question" on all the posts just so the first three stackexchange links that come up for any search will have them.
Sorry, microsoft, but your touchscreen trackpad system has no chance. Apple actually had a chance with their touchbar--sure, nobody wanted it, but they could ensure that all the macs available would have it, that all the apple software would make it useful (sort of, but at least it would do something), and that people who were doing development and wanted or needed a new mac would have it available. You can't do that. The little touchscreen is going to cost money to make, so nobody buying their machines on a budget will have one. It has no business case, so people buying laptops for employees won't use one. The pad is now a selling point for the machines it's shoved into, and there really isn't enough use case for people to buy it. If you really want to see it succeed, start forcibly attaching it to all the models you can, especially the surface. Then, you can actually say that [some large number] of these pads have been sold. However, don't assume that their sale means anyone's using them, because they're not.
I think microsoft has a point here. Never mind that the protocol was made insecurely; that was a problem before but it's just reality now and it has to be dealt with. Microsoft can't seem to get people to change from one protocol to the next version that is more secure just by making it available. SMB2 is twelve years old, after all. In that case, it may be needed to add an incentive for that to happen. Sure, it'd be nice if nothing ever broke and people only had to upgrade when they wanted new features, but that's not how software works.
A month ago, I found this old device with an ancient linux kernel on it (version 2.6, proprietary interface on it) in my closet. I played around with it, trying to see if you could run modern stuff on it. The device had no package manager and no C compiler, but it did have various other packages and python. So I tried to download some code from github, and what happened? It wouldn't download because github had instituted a security policy the browser didn't support. I'm not quite sure what it was. I think this is new enough to support https in general, so I assume it was a new version of SSL. So, technically, SSL changed its security policy in such a way that my device couldn't even browse the internet. Still, we want that kind of thing to happen because if we just left it out, we wouldn't have security. We'd have plain HTTP, and whatever version of SSL we started with. That version has become insecure, so we've canceled it. Security requires protocols to change. Sometimes, that means we can't use our windows 2003 servers anymore because it's now 2018. In my case, it means my powerhouse of a 520mhz ARM processor from I don't know how old with its 64mb of ram can't be expected to go online anymore. Of course, if the hardware on which it was running was that important, we could always reinstall it with something modern. Sometimes, that's just how things should be.
I support open source. I don't want only one open source thing to exist. For example, I like Linux and support it, but I don't have a problem with BSD, nor would I have a problem with any other open source operating system. I'm fine that non-free OS are there too, but I don't like the theory so much.
However, if the choices are one open source thing or one closed source thing, I'm going to go with the open source thing, so long as they have similar features--I'm not going to throw away a modern and working product for some code written in 2003 and not maintained. The reason is that, when something terrible happens to it, there are many people who will work on making it work again. If, for example, we had a situation in which everything in the world ran under the same version of Linux, thus making it possible for someone to attack it all and take it down, I feel more confident that someone can get it back up than if it was windows running everything. Neither should be allowed to happen, but if something open source fails, you need to fix it yourself or someone who also uses it needs to fix it. If some closed source thing fails, the people who made it have to fix it, which breaks if the people don't want to, are not available, are busy, or have lost data they need for the task. So, no, I don't want open source dictatorship, but yes, I do tend to trust such software a bit more.
"The Photoshop giant said today its Flash Player 30.0.0.113 update should be a top installation priority for Mac, Windows, and Linux systems."
Adobe, I'm sorry I couldn't come into work today. Evidently the person you had making press statements hasn't read my playbook. The quote should have resulted in this excerpt from the article:
"The Photoshop giant said today its Flash Player 30.0.0.113 update should be immediately installed over any older version, and then both it and all related versions should be permanently purged from the user's computer. This is a top priority for Mac, Windows, and Linux systems."
I'll be back to work after the weekend. Please put this statement out, however, as it is quite urgent.
I think they're just of the opinion that an apple I that won't be useful in any way and may not actually work at this point isn't worth the money. That's not the same as saying there's something wrong with the auction. Frankly, although I'm interested in old computers and wouldn't mind physically owning some of the more famous models to play around with the hardware, I would not pay very much at all for them. Also, I'd probably get bored rather quickly and then seek to get rid of them again because they're useless for real computing and probably a lot heavier than I, who grew up in laptop era, would assume.
While I don't have much of a problem in IOS (a result of not using most of the built-in apps at all), the last few mac updates have been terrible. I have seen nothing good since El Capitan--I still run this when I can. They've been breaking things, dropping support left and right (no, I'd not like to pay you again for the next version of the app I just bought when this version still runs or at least would if you hadn't put a kill switch in it), and is filled with security holes and UX failures. Frankly, I'm usually good with every release focusing mostly on reliability--you can choose a system that does 100 things rather badly and has a chance of blowing up and hurting someone or a thing that can do 70 things well. I'm usually team 70.
However, I did see this nice part of the article:
"Google is still troubled by the fact the installed base lags far behind the latest code, "
Whose fault was that, google? You see, apple gets to update all their stuff because they made it; that helps them. But you don't see that many people having trouble updating their Linux machines, and windows updates can be run on hardware without having to throw it away and buy another one [1]. Maybe, if you thought of that, you could have put some basic rules into the android system deployment guide such as "your add-ons have to sit on top of the OS so it can be updated", "you are not in control of the OS and everything on it in perpetuity", and "security updates come from us and you don't have the right to block them, nor the possibility of just doing it by uncaring accident". If you had done that, I'd have android as a viable platform.
[1] Windows updates install well on all computers already running windows. This offer valid only if the computer is functioning and undamaged. This offer is also only valid if no programs were installed to the windows folder, no registry entries were edited, group policies changed, command prompt sessions initiated, unsafe sites browsed to, nonmicrosoft software installed, user files placed outside user's directory, microsoft software installed, settings changed from default, computer isolated from internet, files stored on internal disks, computer connected to internet, or keys pressed. However, if these conditions are not available, windows updates are still available to those users who are willing to take the risk. Sometimes they work.
So, we have option 1. Option 1 is that ICANN remains independent from governmental control. It is free to mess things up as comprehensively as ever. That's not good. Let's look at option 2. Option 2 is to give it to the U.S. government. Those in charge now have less knowledge, and it's being championed by politicians with next to no knowledge about what it even does. Not to mention the fact that having it explicitly under the government will intensify the calls of nutcase nations to go with option 3: put it under the ITU. Can we have option 4, please?
No, this isn't a zip bomb. Those are zip files or other archive files that decompress to a bunch of data. Sometimes they are also recursive so they decompress to multiple copies of themselves. The goal of an archive bomb is making the system run out of resources: memory or disk if the zips expand to a lot of data, processor if they are recursive. Thus, the program running them will crash or run into problems.
This file wouldn't cause a crash. Instead, it would write files to a location that isn't planned. For example, imagine that you unzip a file on windows in c:\Users\me\extract. Normally, all the contents will be under that folder. The zip file, however, can be constructed so that it also decompresses to c:\windows\system32\explorer.exe. This overwrites it with a different file that contains malware, and now running the formerly trusted explorer process will infect the system. The zip is not meant to crash the system, but to infect it.
A salted hash of a fingerprint, if feasible, would still be inadequate safeguard. The reason for a salt in a hashed password is to protect large groups of passwords and insecure passwords. The salt, because it is different for each password, means that people can have the same password without that being obvious in a data dump. The salt also makes it less likely that the hashes can just be looked up in a list (a rainbow table). However, if I have *your* salted password and the desire, I can break it. The difference between salted and unsalted is that my work is significantly less useful for breaking into others' accounts after I got into yours.
Fingerprints can be hashed; I hope that happened here. I'm not sure how feasible it is to salt one. In strings, some random chunk needs to be dropped into the string somewhere. Either the fingerprint data needs to have other data added somehow, or the model needs to be serialized and data added to that. If data is added in a fingerprint, it appears to me that that might affect the reliability of a scanning process, producing either false negatives or ways to authenticate with partial prints. If data is added to a serialized string which fits a specific pattern, it would probably be a bit more evident and therefore easier to remove.
Finally, the security afforded by salted hashes is not intended to protect passwords forever. It is meant to limit damage and increase the lead time for an attack, hopefully long enough for the compromised credentials to be identified and revoked. Fingerprints can't be changed. A leak of such data can be used in a number of nefarious ways. Therefore, the distribution of biometric data or data used to represent biometric data are necessarily more dangerous than passwords or hashes.
It is dangerous to refuse to trust someone on the basis of not having a linkedin account. Their account is likely to have exactly what you already have--their resume, their references, and some contact info. The one thing that linkedin has that they didn't give to you is a list of many people they know, knew at one point, or who sent them a connection request when they thought "Oh, I recognize that guy". If you're going to look through that list with the hope of recognizing someone and asking them, you're going to a lot of effort for little reward. Any person with something to hide isn't going to hide it in their linkedin profile; it won't be there at all. If you need to find it, more serious effort will be required. I have a linkedin account, but not for getting jobs. I assume that my qualifications, my performance in interviews, my open source contributions, and my references will be considered. Trust me, there is no other information in my linkedin account that could help you. I have my linkedin account so that I can find a job there, so that people looking for someone might see the profile, and because they haven't managed to spam me enough for me to shut it down.
I sympathize with your frustration with the veto, but I'm afraid it is basically required. The existence of veto rights for some nations reflects the reality that they can basically do what they want, ignoring the U.N. If the U.N., now minus its veto capacity, were to pass something that went against the wishes of the U.S., Russia, China, etc., U.S. Russia China would cheerfully ignore it. I hate that this is the case, but a mechanism that can decide things and kind of get them started as long as U.S., U.K., France, Russia, and China have no problem with it is better than a system that can't do anything at all. As I see it, your choices are about 0% functional and about 0.7% functional. If someone can create a 1% functional or better, I'm all ears.
The code "if (a = 3)" is not valid. If statements take a boolean condition. a=3 returns an integer (in most languages). Yes, C will read it and interpret it as a boolean because C will do anything you tell it, no matter how obvious it is that it won't help, but it's a type clash and the more intelligent compilers/interpreters will notice it. You could argue that a loop that always sets x=[iterator] is incorrect, because the end value will always be the latest iterator, but you can't always know that. Even if that was the only code involved, the compiler would have to know that op= (set) is a function that has no side-effects while any other function might. If the loop actually read anything as advanced as or more advanced than
foreach account in list {
exposure=account.exposure();
total_exposure+=exposure;
}
then the compiler would be out of luck. Maybe calling exposure on an account does something. No code to remove, no warning to give.
Sure, running sum(list) is fine, if you already have a list. However, consider that the data might not have been in a list, such that the code actually looked more like:
foreach (account in accountsList) {
(login,password)=db_login_fetch(account);
account.access(login,password);
exposure=account.exposure();
total_exposure+=exposure;
}
Sure, you could rewrite it. The other option, using sum, looks like this:
exposures=[];
foreach (account in accountsList) {
(login,password)=db_login_fetch(account);
account.access(login,password);
exposure=account.exposure();
exposures.append(exposure);
}
total_exposure=sum(exposures);
The code is longer. It requires more memory (perhaps quite a bit if there are lots of accounts). This code is assuming a nice list data structure with its own append function and memory management. If this is C, that's more complicated. Storing in a structure takes a bit more time, and it will be thrown away immediately. You can also mess up this code by mistake, as well. This would have prevented the += problem, but it doesn't prevent other problems.
I don't think this is really important; given that the data was in the form of numbers, adding them up or summing a list would both be very basic. However, if I had a different type of data that took more memory, was complicated to "add", or could take a while to access, I would prefer incremental addition rather than a list collection and subsequent summation.
They are fighting about phones that are nothing like the phones they have now, which, incidentally, are once again very similar--similar design choices, similar features, similar ridiculous price, there isn't much difference really. I don't know where this will end, but I am quite sure that I don't care where it ends. I can be glad that I am not on that jury, because that has to be boring.
While I get that the comment was a bit slanted against Microsoft, Microsoft was specifically mentioned to have an insecure client for this, and they need to fix it. In the interest of balance, I hope apple, Mozilla, and Microsoft all fix their clients immediately. Oh, and anyone else who is vulnerable; that's just the group mentioned in the article.
I can't wait till another group of researchers uses this to prove that you can mess the positioning up enough to cause navigation systems to mess up. I assume it won't actually happen, but just imagine a ton of evil devices on a road all sending out their actual location shifted left by five meters.
Satnav: "You need to be in the right lane now."
Driver: I think I'm already there.
Satnav: Move to the right.
Driver (requires brain cell shortage, so we know that won't be a problem): *drives into lake*
Satnav: "You need to move even more to the right now. You need to be in the right lane for this next turn."
Although it's actually more likely that people use this mechanism to crash drones.
A building I frequently walk through has a group that specializes in placing wet-floor signs in the worst possible locations. I think I'm pretty close to knocking my hundredth one over. My favorite is the one they place right at the top of the stairs, on the side you walk down. Instead of moving it about three inches to the right, where it would be up against the banister and basically impossible to topple, they've placed it where people frequently knock it all the way down the staircase. So far, nobody's gone falling down after it, although I do believe the falling sign has hit perspective stair climbers on various occasions.
"Google has some really, really useful services: maps, digitised books, search, mail and lots more - alternatives for some, not for others."
I agree for search and mail to some extent (I know we'd all like to have a personal mail server that we control entirely, but it's expensive and complex), but there are a lot of GPS solutions that work quite well. Google maps may be popular because it comes by default on android phones and can be installed on IOS for free, but apple has their maps for IOS not to mention the many satnav providers. I use a GPS app whose main asset to me was that everything was offline (I have a 3gb per month data cap, so that's useful), but now it also has the benefit of not sending data to people. I've never actually gotten any use out of google books. Every time I've looked for something, google gives me a paragraph and tells me the rest isn't available. Either it is, but only if I purchase through google play, or they have the book but I can't have it.
I can't figure out exactly what Ubuntu is going to do with the data they have. We all know what that data looks like; it's a list of pretty much all the intel and AMD processors released in the last eight years with quite a few from before that. The ram table: 512mb, 1gbb, 2gb, 4gb, 6gb, 8gb, 12gb, 16gb, 24gb, 32gb, 48gb. I'm sure it'll be fun to see how many people are running it on something really old (They would see an intel core 2 duo P8600 for an old backup machine from me if I wasn't still on 16.04), but how is that going to help them. They could go to a lot more effort to figure out what users want by involving them directly.
"Third world doesnt denote poorer living conditions. It was the stance taken during the cold war."
Perhaps it was. Now, the terms have been redefined:
First world: Countries with high levels of economic activity and generally high living conditions.
Second world: Term is no longer used.
Third world: Countries with generally low levels of economic conditions. Sometimes also countries with low levels of political freedoms, although less often used this way. People never seem to put China in this group, for instance. Maybe they get to be in the second world?
Fourth world: The same as third world, but used when someone wants to make a rhetorical point that these countries are even worse than "third world" ones.
Definitions change.
I get that they're suggesting that people who might have been infected reset to wipe it out and then reestablish the latest firmware, but if people actually did that, almost all of the devices could be re-attacked in short order and they would all have to reinitialize their networking. No thanks.
In principle, I agree with you. However, there is a case to be made that, even with an actual market, ISPs shouldn't be allowed to intentionally block or limit access to services. Otherwise, you could deal with a situation where eight companies (let's call them A through H) offer services in an area, and each of them bolster their only partial hold over the market by also having a video platform, as many American service providers do. They don't like each other, so they all block each other. If you want to watch video on A's network and C's network, you can't just buy service from A and then pay for C's video, as A will block it. Instead, you could either buy service from them both or hope that someone else will unblock if you pay enough. I wouldn't want to deal with the plans they make available, each with a different set of sites that work, sites that lag, and sites that you just can't get to. They already make it hard enough with the different plans for how much data you can use, what speed you can expect, and how much you're going to pay. Don't add more complexity, because that gives them more control.
Would that it were so. However, while I can't speak for Huawei, I have seen two ZTE phones purchased by family members. Both had facebook installed by default. Fortunately, on one it was possible to disable it (though not to uninstall it) without rooting, and the other phone was dropped and damaged so I threw it away. Don't assume another country is far enough away to avoid these parasites.
Ok. This will get a bit of a reaction...
IP addresses are never going to be simple. They are big numbers. The same reason we don't memorize phone numbers for everyone and every takeaway we know means we won't memorize IPs for all the websites we visit or even all the systems we run. However, we do memorize some phone numbers, and some IP addresses. Because they are shorter and have fewer rules, the relevant IPV4 addresses are easier to memorize. 127.0.0.1 is localhost. 10.0.0.0-10.255.255.255, 192.168.0.0-192.168.255.255, and 172.16.0.0-172.31.255.255 are private space. I didn't have to look that up.
This has a certain level of convenience. I've been trying to get an openwrt device to make a range extender for a network, which I haven't done before and evidently it's not as easy as I thought. I've entered the address 192.168.8.1 a lot today, because that gets me to the shell. I've also entered the address 192.168.1.1 a lot, because that's the shell for the actual network. And sometimes, I have to disable DHCP on this device, meaning that I have to set my computer's IP manually. 192.168.8.2 is rather easy to enter. Like it or not, if I have to remember that the shell can be accessed at 29a0:37e9:0103:::382:011f:1, it will take me longer to figure this out and I will be more annoyed at the end.
In my mind, this isn't a reason to ditch IPV6. However, you can't deny (or actually I assume somebody can) that the addresses are easier. I can convert hex just fine, into binary, octal, and decimal. That's not the problem. The problem is that IPV6 requires me to memorize the whole number, which is a long number, whereas for IPV4, I basically only have to memorize "8". The 192.168 part never changes, and of course the network device is .1. For the same reason, I have memorized the IP of a site I use for ping tests. I never actually use the site or type the IP, but I can use my coincidental memorization of its address to say "Oh, DNS is working." I also know my personal VPS's IP address, although I definitely don't need it.
To anyone out there considering this, please don't make this based on a captcha. Those things break too often. I'm tired of fighting with them, either so they'll work when being run on something mildly unusual, so people who have difficulty seeing things can try to use the audio one (if even provided), or so the provider doesn't decide that, since they are seeing us try a few times, that we must be a bot and should be blocked. Captchas are evil things.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2026
