Posts by doublelayer

Re: There is no escape from the surviellence network

You: The article has written; "Free text messages", "Access will be free until July"

Which, as you well know, is true, in that you don't have to pay until July when it starts being not free at all. But do go on assuming that there is only one definition of "free" and it was created in 1983. Surely, it will eventually convince someone that they were a complete idiot when they used it to talk about prices, which only came about when some anti-FOSS people wanted to torpedo the word. It will also make the people who make the software you like annoyed with you.

"I see this being useful as a fallback connection for areas with little to no reception—once this exits beta they will probably bundle it into existing plans for just that purpose."

I doubt it. For one thing, this is probably more useful as a fallback for when it would be more expensive to build a tower than to give people worse service. There are many rural locations where it isn't cost-effective to build a tower, so this may be their excuse for labeling this area as in-network when you can only use the satellite. But that becomes a competitive advantage, and that means profitability. If they can be the only network that has anything, albeit an inferior* satellite, then you can charge more. Rural cabled internet already does this significantly, where someone might be paying twice as much for ADSL than an urban resident would be paying for symmetrical gigabit. That works for a cable which collects your address in order to tell you what services are available at your house and how much they cost, but that doesn't work for a mobile provider who charges the same amount everywhere in the country. Satellite becomes the perfect tool for charging people more where that service has no alternatives while charging people less if they could easily go to someone else's service. Therefore, I predict that this will be a charged extra until other providers in the same market are offering satellite service too.

* We'll have to see what the satellite service is like. I am predicting that it won't be very convenient to use and that there will be restrictions that make it less useful than a ground station. Maybe this will be proven wrong; I didn't think they would get LEO satellite to standard phone compatibility this fast.

Re: There is no escape from the surviellence network

You could leave the phone behind, or you could disable your network. If you were running to the woods to avoid surveillance but you took a connected phone with you, you're avoiding surveillance wrong. Plenty of forests have mobile service from terrestrial towers.

Of course it's not free, it's $15 per month for an unspecified usage cap which the article doesn't mention but I'd be surprised isn't there. But since nobody said it was free, I'm not sure how beating your favored drum is relevant.

Re: Is the needle even in the haystack?

I don't care if they do. I got rid of it. If they want it now, that's theirs as long as I have no more responsibility anymore. It is why I erase things before getting rid of them, though.

Re: The real question

I have a challenge for you. Get an old laptop hard drive. They're extremely cheap these days. Write some data to that drive. Then bury it with no protective arrangements, ideally in a place that gets rained on and next to rotting things for a year. See how recoverable that is when you dig it up. Corrosion is more powerful than you think. Of course, the options of the drive getting smashed or simply being impossible to find are there, but in the situation where you found it and the platter hadn't shattered, you would still have a device that is not in good condition to be read.

Re: There's a simple solution to all this.

Buying a landfill and excavating it, even in the cheapest, most destructive way, is going to cost more than that. Recovering data from a corroded hard drive itself is extremely expensive, because the average data recovery specialists don't see things in the condition this drive would be. Maybe he has found some people willing to make this bet, but if that's all he's raised, he will need more.

Re: Oh Dear, Oh Dear, Oh Dear

And if he ever buys it, remember to subtract any charges for doing any excavation with zero environmental damage and making him clean it all up afterward. Make sure that money is put in an account that can only be used for that purpose before he takes possession. At that point, let him give it a try; it's not our problem if he wants to waste more of his life on an impossible dream, but we're not letting him break things while doing so.

Re: The real question

No need to reconstruct the blockchain. That is already public. All he needs is the private key that gives him access to the wallet, multiple keys if there are multiple wallets. It's almost certainly an all or nothing thing. If there's only one wallet, he only needs 256 bits. Possibly 384 bits if it's base 64 encoded or 512 if it's stored in hex, but either way, a couple sectors could be it. To find those sectors though, you'd probably need the file table too.

Re: Asian accent!!!

I'm guessing this is why they pretend to be Polish or Serbian, assuming that people will not know what a Serbian accent sounds like and will mistake their Asian one for a Balkan one. Trying to pass it off as Chinese might be easier, but I think many small companies would not hire a Chinese remote worker at all due to more complicated Chinese labor laws and they would also probably offer a lower salary.

Re: Interesting

There are other tactics. The first interviewee, for example. The second one used GPT-style answers, but the first one knew what he was talking about or was better at cheating. Probably it was the former; some of the North Koreans they use are quite well-trained. They don't always do great work once they're hired, although sometimes they do. It would be possible to have people who know what they're doing do the interviews, then swap in others for the actual job. That is easy for an orchestrated campaign the way that North Koreans do it, but it wouldn't be hard to hire someone to fake being you for a couple interviews. Vigilance and processes that verify as much information as you can will always be necessary.

Re: A job's a job

Maybe because, on every single article where North Korean activities are brought up, martinusher can be counted on like clockwork to show up with an explanation of what is happening which ignores facts stated in the article, denies facts you can prove with a quick search, and has a benign explanation which is wrong but also wouldn't be acceptable if it was what actually happened. For example, the argument that employers were intending to hire Chinese remote workers when the article said that they were impersonating US residents or claiming that these workers are all free agents just trying to make an honest day's wage for an honest day's work.

This comment is no different. It suggests that North Korean workers are free agents again (they're not), that the stories of installing malware into companies are fiction (they're not), and follows the same inaccurate playbook. I don't know why he does this, but he does do it routinely. It goes on to blame the companies that hire these workers, so not only is it your fault if you hire a North Korean, it's your fault if someone manages to commit fraud in an interview to look better at their job than they are. In reality, those who fraudulently complete interviews using ChatGPT or someone else giving them answers are not fulfilling the needs of the market, they're lying for personal gain, or in the case of North Koreans, survival and tiny perks. People who become victims of fraudsters may be many things. They may be greedy, miserly, stupid, or they might not be any of those things (it all depends on the context), but they aren't getting what they wanted or it wouldn't be fraud.

Re: Old scams in new jackets

If the company is remote, where do you send the person? It also makes any interview very expensive when you have to fly the person from Poland or Serbia to San Francisco. Not that it wouldn't help, but there is a reason why a lot of companies, even those with offices, don't do their interviews in person. Your solution could involve sending people to the offices only for the last interview before giving them an offer, which would be slightly better.

Re: "The copying of our content was not 'fair use.'"

"Am I violating Reuters's copyright by doing so with their material?"

Well, if you are told you need to pay for it, but you find a way of getting a copy without paying for it, I think you'll find that courts think you are. The same reason that, if I ever get a copy of the AI models these companies make and use them, even if I don't sell them, they're going to think that I don't have a right to do it.

Re: "The copying of our content was not 'fair use.'"

Patience might be helpful here. You're demanding a response from people mere minutes after posting something. These forums don't work that quickly. You're also getting angry at what is at most two downvotes your original post received (no, not me). For all I know, it was only one by the time you complained. Get used to it, more people will express their views through votes than through replies. You may not get many votes or replies on this topic because the copyright of legal documents is not an article a lot of people are likely to click on, but if you do, they won't come through as quickly as that.

Re: "The copying of our content was not 'fair use.'"

If I want to train some AI on publicly available court decisions, I have a brilliant idea: I should do it with the public court decisions, rather than someone else's summaries of those decisions that I don't have permission for.

Yes, I do like paying people for things if I like the price. If I don't like the price, then I don't buy them. Price discovery and an open market are almost always available. If I want a certain book, then it is not hard to find the places selling the book and how much they charge to get a copy. If they all charged £200, then I will probably read a different book. Of course, there have to be some restrictions. For example, one of the only cases where anyone tries to charge £200 for a book is for textbooks, which is why I would buy used ones. I'm sure textbook authors would try to prevent people from selling used copies if they could, and I will fight against any attempt they may make to do that, but that is much less far than you constantly argue for.

Re: What kind of fearmongering article is this?

"It implies that some wide-scale microcode attacks are taking place, but there isn't any?"

It doesn't. The "biggest microcode attack" refers to the political point in the second half.

"If an attacker has ring 0 access, they are just going to use that access to achieve their goal and will not waste the extra time and effort required to write microcode updates that achieves that goal."

That is true if it is as difficult to write a microcode update as it traditionally has been. If everyone could do it, they would do it to hide better and, if they could find a way, maintain their attack even when other things are booted.

"If you want to fix the microcode security issue, the only solution is to make the microcode updates free software and then the users will collectively be able to verify if any update serves them or is proprietary malware."

That won't work, especially as the microcode changes every time a processor manufacturer changes their internal model. Microcode for one chip versus another could be quite different even though the ISA is the same. Microcode as free software might help some people who could audit what is in it or write their own, but it wouldn't be as transformative as you're describing for a similar reason that the underpinnings of Android are theoretically free software too but yet most devices cannot have anything but the manufacturer's image flashed. Of course, it's also not going to happen because it is one of the major ways that processor manufacturers improve the speed of their chips, so releasing it would hurt their competitive position so they won't do it.

You could edit the microcode to intercept the add call and choose to return an incorrect result. Adjusting the adder itself would probably be infeasible, but bypassing it might be much easier.

Re: TPM and Linux

I don't know what you think a TPM does, but it sounds like you've misinterpreted it. Many Linux systems use a TPM quite intentionally for the same reasons that Windows does. If you use LUKS volumes, one of the most common configurations is to use a TPM so that the volumes are linked to the computer in which they were created. This means that, if I get a copy of your drives and start brute forcing your key, I'll almost certainly fail because I don't have the part stored in the TPM. Of course, you can use LUKS without a TPM if you want, but it's really not unusual to use it. A TPM is a relatively dumb piece of hardware/software and like any other part of the computer, you could use it for malicious purposes. Since it can be used to run only a certain set of software at boot, you could use it to make sure the computer doesn't boot anything except Windows. However, if you're concerned that they'll do that, it's worth considering that there have been TPMs since 2003 and can you point to any time when they did this?

Re: MS doing their best to slow down the adoption of Windows 11

Do you have any idea how one would use a TPM to accomplish either goal 2 or 3? That's not what TPMs do.

To be boring, probably the reason they put in the requirement is that they turned on Bitlocker by default, Bitlocker requires some version of TPM to have drive encryption without requesting a password at startup, and they want to be able to cut 1.2 compatibility out of their code at some later point without having annoyed users yelling about how their update is breaking drive encryption. The requirement, along with the restrictive processor requirement, is generating a lot of ewaste that I disapprove of. Again, I think this is probably less malicious than lazy, because it enables them to compile for newer instruction sets whenever they want, but machines with Skylake CPUs are not out of date. Microsoft used to be much better about allowing the user to determine when their hardware was old enough to need refreshing; Windows 7 or 10 wouldn't run well on something ancient, but it would run. Unfortunately, Apple has done similar things with their shortening Mac OS lifetimes, and just like Windows 11, a simple tweak to the installer makes the modern OS install just fine, demonstrating how unnecessary the hardware requirements are.

Re: where this gets real sticky

Musical copyright cases are often complicated by the problems you're describing, with one creator thinking they own a simple set of chords. This is why they often lose them, though it's mostly a role of the dice to see what the jury thinks that day. However, your simplification misses several important points.

Yes, there are twelve notes in an octave. There are also many octaves (technically unlimited ones, but we can limit it to seven or so), and many instruments can and do use notes between those twelve, and there's a lot more to a sound than its frequency which is why we don't listen to all our music played on the sine wave. That makes no difference, because it's similar to saying that there are only twenty six letters in the English alphabet, so anything written is just an arrangement of those. Not every melody has been previously generated, even if they have similarities. While some people may try to claim ownership over sections that are far too short, there are people who create new works and seek to protect the whole, rather than each component. Meanwhile, people who intentionally made minor changes still had to compensate the original creator; while some people may have decided that covering someone else's song would be a quick way to fame and some of them were right, they had to pay for the right to make that cover. The same is true of sampling. It wasn't free when the people you're talking about did it.

Even if we decided that music has two few components, that doesn't extend to other forms of work. There are a lot more arrangements of words than there are of notes and more reasons to string some of them together. Depending on how into information theory you want to get, you can put visual art above or below music on the entropy scale, and even if you consider a picture to have less information content than a song, video lets you extend that quite a bit longer. Generative AI companies have been helping themselves to all of those things without permission. To me, how original these things are is not the question. If it was copyrighted (it was), and they considered it worth including (they did), then they need to obtain the rights to it. A lot of those rights will be really cheap. If it was so unoriginal that it didn't add anything, there should have been no problem excluding it from the training data. They included it for a reason, they found that their models were better with it than without it, and they can pay for that.

Re: False perceptions by 'creators

I think we all get that to some extent, but the creator of this thread appears to think that's all we should ever need to create something that's not physical. I do wonder, other than wordy defenses of piracy, what things that person creates? It would make a lot of sense if those things were physical, the one category they still think has value.

Re: Going after federal government tech spending ...

Partially, it's because we've probably all had the experience of the way this type of paperwork ends up working out. When submitting expenses, you must enter the payment code. The correct payment code for your payment is 1924[general services]/2001[travel]/2014[routine business travel]/0103[motorized travel]/2005[per distance billing fuel and vehicle maintenance]. Finding that code will take twenty minutes of searching through internal wiki articles and that file that's on someone's SharePoint/Google Drive and doesn't look authoritative, but you're going to use it because you've tried for a long time to find something better and you've failed. By the way, when you travel for a slightly different reason tomorrow, that 2014 needs to change for what looks like a similar transaction. It's not that it's not a good idea to track this information, but that most of the time spent doing it is not adding any useful information but is costing a lot more in paperwork. Not just filling out that form either, but sending someone to investigate it when someone should have selected general business travel but accidentally selected travel to customer site because they traveled to a customer site but the code is more specific than that.

In this case, the insistence on filling out the comment field demonstrates how little they understand this. Sometimes, you need the comment field to explain why something was purchased. Sometimes, you don't. If you're paying the monthly bill for a mobile phone you need for access to something, and you've already filed it as such, then there is nothing more to put in a comment box and its blankness is not a symptom of any problem.

To find fraud, you have to work a little harder than complaining about forms. To improve record keeping, you have to work harder on having procedures that can be realistically followed. But by all means complain about comment fields and payment codes; it makes it look like you know what you're talking about and doesn't require the slow and boring bits that could actually solve a problem.

Re: Someone else's computer

This comment is another example of how you're not understanding what the problem is or how it works, since buying an abandoned domain was an alternative to, not a component of, this problem. If you leave your domain but keep your AWS account, then I cannot get access to any of your AWS resources by getting your domain.

Re: Someone else's computer

This is no different to things people can and do on their own infrastructure. S3 bucket names are DNS names and they can be reregistered when abandoned. This makes a case for Amazon deciding that it should only be possible to register a name once and once it is deleted, it's burned forever, but we don't attack the original domain name system for allowing that. As usual, it's the responsibility for the people using those names to keep track of them.

In fact, cloud services makes it easier to do that than traditional ones. If I have a domain name that I've registered and I don't want someone to be able to squat on it, I have to keep paying for it every year. This is one reason why I have a bias to not having very many second-level domains*. If I have a S3 bucket that I don't want people to squat on, I can keep it around for free. I am charged for files stored in it and for bandwidth it uses, but if I delete all the files but keep the bucket around, the name stays registered and I retain control. It is better, however, for me to check such things rather than trust that whatever file comes back from an HTTP request is good enough.

* I generally suggest that a company with the domain company.com refers to other services they run using subdomains (product.company.com) rather than creating another second-level domain (companyproduct.com). It has three benefits. Users can more quickly identify that the domain is related to the company since only they can create a subdomain (unless they've been hacked, which is a possibility), it is easier for the company to keep track of domains they control and make sure they are either in operation or shut down, and for smaller projects, it can cut down on money spent on registrars.

This is a reason why I prefer offices with walls. It introduces a barrier to someone interrupting you for ten seconds, but if a quick meeting is useful, then it's not hard to have one. Another thing a lot of modern offices have not bothered with, eliminating or at least significantly reducing their utility. Of course, depending on what you're doing, the frequency of when that is useful varies. Even limited to my experience as a programmer, some tasks involve a lot more coordination among a team of programmers and others can be done without much collaboration at all. Jobs other than programmer probably have a lot more differences that I'm mostly unaware of.

This is where someone trying to optimize productivity would compare the options and determine what worked the best, possibly with some experiments. If close collaboration was useful, then they could put those people together or just encourage people to set up calls quickly and flexibly rather than sticking to the stricter schedules I'm used to. If people didn't need that, then they could use different structures. Instead, they seem to select something and just mandate it based on no reasons at all, because if they had any reasoning, they could probably get somewhere by being explicit about what their reason was.

Re: Well, it's Dell.

This isn't about email versus chat like Slack or Teams. Either of those can be used for a long thread with lots of participants who misinterpret things or have communication difficulties. In most cases, I prefer email because it makes it a little easier to organize things if you have good subject lines and you can manually organize threads. I certainly do when there are twenty of them that may all get updated. Nothing prevents a Slack thread from going similarly off the rails. It isn't necessarily any faster than email because people can wait to write their message until they have information they need or just some spare time.

The tool is not the factor here. The factor is knowing when a synchronous meeting would be more efficient and doing it, ideally just as long as necessary to resolve this issue and then stopping. In an earlier comment, I've stated my anecdotal experience that there can be an advantage to an environment where meeting synchronously is easy so people do it more often, but that most return to office schemes do not create that environment. From what I understand of Dell's plan, they are unlikely to get that advantage but are likely to harm and annoy their employees.

Yes, a video call can replace an in-person discussion most of the time. However, in my experience, it isn't as easy to have an impromptu video call. Many people, sometimes including me, tend to schedule those on the calendar meaning hours of delay and avoid having calls unless it is obvious that we need one. Therefore, in my experience, there is an advantage to quick communication when people are nearby one another and meet anyway. Depending on the company though, going to the office might not do any of those things. If the team is not in the same place, then being in the office just means that scheduling a video also involves finding a space to be in while you do it or dealing with office noise. Some teams might not need to do this as often either, making the office an expensive way to get that marginal improvement, both in straightforward financial costs of having the building and in other costs like people being more tired after commuting.