Posts by doublelayer

Re: All your tunes belong to us

Sometimes, but many such cases have failed because the thing that was "copied" was so small or so common that it did not deserve protection. Each time, it's just an experiment to see what the jury thinks. There are also distinctions depending on what exactly was copied. For example, a sample of a recording is considered copyrighted, while a note is not. While they might seem similar as they take about as much time (fractions of a second) to play, they should be and are treated differently. What I was trying to point out is that releasing a pattern of notes will not invalidate copyright on a subsequent song that also plays that pattern.

Re: Not been said yet

The how and why are both covered under extradition legislation. It has been described, specific to this case, and in general, several times. It is the job of the court to read those laws, interpret the situation, and determine, then explain, why it applies. If you're looking for the legal explanation, it makes sense to get it in its full details from there, which is why others have suggested that you do so.

In short, the United States does not have any special consideration in the process, and any country could make a similar claim if they can claim and prove that they were the victim of a crime. To use your own example, Russia can and has used these requests numerous times. Sometimes, they have done it to get actual criminals. Sometimes, they have done it to try to get noncriminals, and the countries often reject those requests. In neither case would extrajudicial killings be permissible, and when countries do that, as many have done, it is a crime and could, depending on the methods and purposes, be considered an act of war. Often, the consequences for doing it are not as strong as I would like them to be, but that is not comparable at any level to the normal, legal process of extradition. If you want to know more, many good textbooks on international law and law enforcement are available for your perusal. If you want to know more specific to this case, many court decisions and applications from lawyers are similarly available.

Re: ARM needs to standardize

That wouldn't have fixed the problem they're talking about. It wouldn't have done anything at all for any other ARM equipment. They're talking about standardizing the firmware on ARM boards, which would mean not only that I would have a chance of booting a Linux image on any one of them, but that, with minor changes, you could do exactly the same with Risc OS. Instead of being Raspberry Pi only (some models not supported), it might boot on all of the ARM SBCs out there.

Meanwhile, Raspberry Pi trying to push Risc OS instead of Linux would have doomed their boards. An operating system that might be nostalgic for you to use, but by your own admission, crashes frequently, doesn't have any modern applications, doesn't allow the use of pretty much any commonly used programming languages nowadays, and would have been attached to some slow hardware. That would mean that educational buyers who wanted their students to learn any language they could ever use elsewhere wouldn't buy it. Individual enthusiasts who wanted to use them as networking equipment, media servers, home automation boxes, or almost all the popular uses except a desktop wouldn't have bought one. Industrial users who need something stable to control their equipment wouldn't have bought one. That means there would be very little money for the next version, so we might not have seen any hardware improvements. I'm quite glad that they did not try to force Risc OS as the standard. Risc OS can and has improved only because enough Pis were made that they are good experimentation targets, and they would be in an even better situation had the recommendations made in the original comment been carried out.

"Does it apply to military kit? If a US shell casing or drop tank lands on you does that get you compensation, does you have to be a citizen / ally / not-a-target ?"

Yes, although you have to be not a target because if you are the target and you are able to sue, they'll just try again. Still, militaries have been sued for damage before and have had to compensate for it. Expect that they'll have lawyers to argue that it shouldn't apply this time.

"Does it apply to pollution? Is NASA responsible for emissions from its rocket launches ?"

I would think so, but the good news for them is that the people who write the pollution laws can also exempt things from them if they want. If we decided that we want them to be exempt from this, we could make that happen.

"Are US merchant vessels responsible for CO2 emissions in the same way as they are for pollution ?"

To the extent that it is regulated, yes, although there are complications related to where the ship is registered and located which may allow a ship operated primarily by and for Americans to avoid having those laws apply some or all of the time.

"Just make it vlear that legal responsibility for the "decisions" of an AI rests with the last person in the chain of developing it training it and finally letting it loose in control of something that causes harm."

Bad plan. That's exactly what the companies making this stuff want to happen. They build a crap model, collecting lots of money from investors to do so, then they send people to sell it to someone else by promising things it can't do, collecting more money from them, and when it finally blows up, it's all the user's fault. After all, they were the ones to turn it on. The initial responsibility should rest with the user, but that user should be able to pursue the creators of the thing if it was their fault.

You know, the way that anything else works. If my car blows up, I should consider the manufacturer responsible and liable and they are. However, if it turns out that the explosion was due to parts made by a different company, the car manufacturer should be able to hold the manufacturer of those parts responsible. If those parts were dangerous because the raw materials were improperly provided, the manufacturer of the parts should be able to hold the supplier of those materials liable. By making the entire chain responsible, as long as each link in the chain actually did something wrong, you might actually fix the problem. If you only make the last person responsible, then all the other links will continue to do whatever they want because they'll never have any consequences.

Re: This makes perfect sense

"to have a capability at all, however rarely enabled, requires the architecture to support it. And the test infrastructure. If it doesn’t, natively, you have to *change your entire software architecture*."

They have the capability. When you install something from the App Store, there is a program that creates the environment for the app and installs the image in it. When you upload code from XCode, it creates the package and installs it. When you have a corporate profile and a non-store app, it obtains the package and installs it. When you use beta-testing through profiles or TestFlight, it gets a package and installs it. When you restore from a local backup when offline, it takes the app packages that iTunes has collected (at least it once did) and installs them. All they need to do to have sideloading is have one more avenue for calling this package installer. They don't need to change the architecture, they don't need it to run Android applications, they don't need to change or eliminate sandboxing, they take a package, without checking for their signature which is not required in the installer anyway, and run the same install procedure they already have.

Re: EU: DON'T KILL iOS SECURITY!

I have news for you: the walled garden is fine. All this law requires is that, if I want to walk outside that garden and brave the dangerous woods, I can. You can remain in that garden, with the gates closed, all you want. If something bad happens to me in the woods, that's on me.

You don't need me to be unable to do something just because you don't want to do that thing.

From most points of view, you are absolutely correct. The average Russian citizen suffers from corruption. Their institutions suffer. Some of their larger projects, like the invasion, suffer. However, from the dictator's point of view, corruption that leads to them is what they want. A less corrupt system is one where Russia as a whole might be doing much better, but Putin would probably be doing not as well. From that point of view, that is control. Sure, it might mean that when he tells people to invade Ukraine, a lot of them die while not moving as quickly as they otherwise could, but in a non-corrupt system, they might not invade it at all and that would mean he has less power.

Re: TMobile is correct, but...

"But "the council isn't allowed to take that into consideration"? Are you even being serious right now? The council, which is elected, isn't allowed to ask the questions that a lot of its voters want asked?"

There is a reason it's not a local issue and why there are legal limits to it. If I convince someone that something which we all know isn't dangerous is dangerous, does it automatically become their right to do what they want about it? Stupidity has to be limited in a variety of ways. That means that the rules of what constitutes water safety is made at a higher level, so that neither the chemical company saying "let us dump or we'll fire you all" and the person saying "someone told me that dehydrogen monoxide is deadly so we must get all of it out of our pipes" get to decide what they want to do. It means that what is a crime gets defined at a higher level, so a group of sufficiently motivated neighbors can't define insufficient yard maintenance as a felony (sadly, there are some people who might want to). And it means that electrical safety is defined at a higher level and that if you think that it's wrong, you don't get to redefine something safe as dangerous, even in your local town. If you want to redefine that, go get a job at the FCC, but expect that people will prevent someone as ignorant as that from getting there because they have actual work to do.

Re: Broken

You know what was meant, though. It allows running a user-mode application. It doesn't allow device drivers. If the application has specifically written code (DRM) that doesn't work with it, that's not the fault of the emulation. Such things break in VMs all the time, or sometimes just because it was feeling like it one day. The main possible problem with this emulation is its speed.

I don't have firsthand experience with how good it is because I have not been convinced to want an ARM laptop. I have continued to assume that the emulation wouldn't be fast enough, even despite Apple's success with their similar emulation. I do know one person who has experience to the contrary, but they are running software that controls scientific equipment, which is probably not the most CPU-intensive program out there. Those who play a lot of games may have a different opinion.

Re: Risk versus preparedness

It's not that you're wrong, but that nothing you said is very connected to anything they said. When they say "safety", they don't automatically mean avoiding any negative or toxic uses for the technology. Of course, getting a clear definition out of them tends to be hard, but when they've spoken, it often includes a couple basic things, such as use directly in weapons systems, and a few extreme things, like it spontaneously taking over the nuclear arsenals because that's what the sci-fi greats wrote about. I have little reason to think that a different AI company will want to or be able to deal with the more annoying uses, such as auto-generated spam clogging up the internet or not stealing all the training data. Sutskever complained about many things that OpenAI did, and when he did I often thought he made more sense than Altman did, but he didn't, as far as I know, express an objection to the kinds of things you're talking about.

Oh good, that means you know of an operating system that would prevent someone knowingly pasting code into an admin or root CLI from causing damage. Please tell me what it is. I've got a couple versions of Windows, Mac OS, about a dozen Linuxes, and a few BSDs and none of them can do it, so I'm always interested in an idiot-proof and even a malice-proof OS. Of course, your critique means you have such a thing, right? Not that you have no clue what you're talking about and want to castigate someone you dislike for something that everything would be vulnerable to?

Re: Questions

"So you condemn peer pressure to get people to quit, but you're quite on-board with peer pressure to get people to start,"

Did they say that? I'm not them, but as I agree with some of what they said, I'll try to defend them.

I take a negative view toward anyone who believes they should chide someone for not being on social media, but that view is not much different if they're chiding them to not be on social media. Consider for the moment someone chiding you for posting to the El Reg forums. It would be annoying. It wouldn't make you like them. Perhaps most importantly, it wouldn't change your mind, would it? If they were more extreme, you might stop to get them to stop, but it wouldn't be because you understood why or even that they were necessarily correct.

How many boxes of paper have been tossed out because they're big, heavy, and easily recycled? How many more boxes of paper have been destroyed because they were put in a place where they could burn, rot, or be eaten by something? The existence of old paper does not prove that it is better than alternatives. It only proves that it is older than alternatives.

You can preserve information in lots of formats if you try to do it. The compactness and ease of reproduction are advantages for digital data, but neither will it continue to exist if nobody goes to the effort of doing it. Paper does not remove either of those requirements from the archival process and it makes some tasks more difficult. For instance, if I had found that box of race results in my house, I wouldn't have scanned them. I wouldn't have retained them. I would probably have asked the one person I know who cares about races if he wanted them, then when he said no, into the recycling bin. Unless I could find an easy race archives that wanted paper and was willing to come get and process it, it wouldn't have been preserved.

Re: The concept of automated voice ordering at a drive-thru doesn't make any sense to me

If you're going to do that, have some UI testers and give them lots of time and budget for users to test with. Those screens often seem to confuse people when they're looking for some menu item that isn't there, want a specific customization option, etc. Meanwhile, if you make the most simplified interface possible, anyone who can find what they want will be delayed as they have to tap through things they aren't interested in. If they're not careful, they may find fiddling with the interface reduces the speed and their revenue.

Re: I have a browser without adblock...

Those ads can be basically free, whenever someone else didn't buy space. Their divisions may not have to pay much if anything to put it there, and anyone who decides to enroll is more money for the company. The main cost they have to factor in is how likely someone is to get so annoyed by the advertising that they stop using the service altogether, but I doubt it's many people, including us. Those who get the most annoyed can install an ad blocker instead. I have a feeling that people who stopped using Amazon had other reasons to do so, and someone who liked the service and wanted to continue using it but didn't like the ads likely found a solution they're willing to put up with. Then again, if I am wrong and people did stop using Amazon only to get away from Prime and Audible ads, they probably wouldn't know it, so they don't see a reason to stop.

"if this thing was such a problem it should have been addressed at the time it was signed. I am not qualified to judge if it was outrageous, illegal or whatever - all I see from where I'm sitting is that it became a problem only after it became clear the goals stipulated in the agreement (goals which were, at the time of their signing, at least as outlandish and unrealistic as the rewards promised if said goals were achieved) will be met."

The problem is that "addressing" it is not free. It's not just saying that I object. It takes a court case, which requires hiring lots of lawyers. That means that, for someone who owns a small amount of Tesla, the amount you lose from a biased and illegal deal (let's assume for now that it was one) is less than it would cost to register your objection. Uniting with other small investors would deal with the cost, but now it requires a significant amount of organization and labor on your part. The difficulty in registering complaints does not prevent those complaints from being valid. Even in a situation where I am wealthy enough to hire those lawyers myself and focused enough to know instantly whenever a board decision is made, then immediately contest them, my case would not be heard for months, if not years.

I think we've identified our point of disagreement. I think that investor protections exist for a good reason and are not limited to immediately after an action is taken for another good reason. I do not see any problem in the objections raised to Musk's reward having come later. That doesn't mean that it's still unfair now and needs to be reversed, but that they had the right to raise the objection and the judge reason to deny it based on the way it was set up in the first place.

Re: Banana Pi BPI-F3 RISC-V SBC

There isn't a firm one, but to me, something I can give to a relative, then leave for another city, confident that anything that breaks is user error that I can talk them through on the phone. That means any of the following things would exclude it from the list.

1. GUI doesn't work.

2. GUI sometimes doesn't work.

3. Driver problems for any of the important hardware in the unit.

4. Spontaneous reboots of any kind.

5. Missing hardware support that should be there by the design of the hardware (E.G. some classes of USB device not supported).

6. Lack of battery management (if there is a battery).

7. Typical software cannot run quickly enough for average home use.

8. Updates frequently change something 1-7.

9. Updates aren't supported at all.

Sadly, there are various pieces of open hardware that miss one or more of these points. Those are things I'll occasionally consider buying, but I would not give to anyone else.

Re: Windows ARM applications

"I can't believe that I'm the only one who runs more than a browser and an office suite on their computer."

You're not, and I never said either that you wouldn't nor that I don't. However, a lot of people do. There are billions of Windows computers in offices, homes, and schools which run a small number of basic applications. For that reason, it is worth considering whether they can use an ARM-based Windows computer. In nearly all cases, yes.

I specifically mentioned several of the types of software you name. For example, the ones that involve custom drivers likely won't work on an ARM machine. Firmware updaters that use standard protocols probably will because you need very little processing power to run a serial connection and send over a file. Software like Adobe's products probably wouldn't have worked well at the beginning because, while they have emulation now, it's not the fastest. For a while, Adobe would have been a good reason not to buy one. A month ago, Adobe started making ARM versions. DaVinci Resolve has an ARM Windows build too. I'm expecting that "old version of MS Streets and Trips" will run acceptably under emulation.

I don't have some of the software you have, but I have my own collection of tools that I couldn't do without. As I stated, I haven't bothered to get an ARM device for various reasons, but I have reason to believe that, if I did, several of those pieces of software would either have an ARM build or would run well enough under emulation. It might negate the point of buying one, but it would be possible for me to use it. I think a lot of what you named is in the same category.

Re: Strawman Arguments always win...

And if one doesn't bother to read the counterarguments, one fails to convince anyone that one is correct after all. We've had the "if it didn't work, you didn't apply the magic right" people already.

A lot of the comments here point out actual objections to Agile, as in limited issues that apply in particular situations. Maybe you could explain why those are incorrect? Crazy as it seems, a lot of us have read the manifesto and the list of principles and have a real basis for our critiques. I think many of the bad uses that claim to be Agile are doing things that you and the other authors did not intend. That is not the case for all of the bad applications. Even when it does apply, that doesn't automatically mean they weren't doing Agile. There are many things you wouldn't like which your manifesto does not recommend against.

The foundation's goals are not necessarily the same as the company's goals, and depending on the shares it holds, it may not be able to have as much of an effect as you consider. Many large charities have business holdings, but that does not oblige the businesses to act as a charity. In fact, if they did, all other shareholders would have a reason to complain and possibly sue to change it. This doesn't mean that they are legally barred from acting this way, but that in practice many companies in such a position cannot realistically do so without incurring legal risks or, if they try for long enough, shareholder-required changes in management.

Consider as an example Twitter, the old one. The Twitter board of directors and executives did not want to sell to Musk and tried several ways to make Musk go away. They were in charge at the time, and that's perfectly within their rights. There was nothing illegal about taking that attitude, even though it would mean less short-term money for the shareholders, as they could easily argue that they were doing it for better long-term success. Yet, enough of the shareholders made it clear that they would rather have the short term cash, and the directors were then required to change their policy and sell if they could. If the directors did not, the shareholders could sue the company and have the directors replaced. The Twitter board chose to skip that long process and just go along with what they knew the result would be, and the shareholders likely benefited from that decision because Musk ended up paying them more than their shares would have gained for quite a while without him. Nothing prevents Raspberry Pi from continuing to focus on low prices and for the community's benefit, but nor is there a guarantee that they will, even if Mr. Upton would prefer it.

I'm not sure this is worth arguing, but I'll try at least once.

For starters, you claim that I am misrepresenting you when I said "If you go to jail if anything bad happens, why should you sign up to be responsible for security?"

I got this from this statement from you:

"We also need to make them REALLY respinsible for breaches. If they are the cause of WHY a breach happened because they are clueless idiots, they need to goto jail for a long time."

That seems like a clear call for punishing them with prison time. In my opinion, that is a serious enough punishment that people won't want to be in that position if they know what they're doing. The CSO is, by definition, responsible for the company's security state, and they will inevitably get blamed, at least in part, for any negative event that occurs while they're there. That's not necessarily the wrong thing to do, as quite often, they do have some responsibility. They are not omnipotent, however, and anyone with skills will understand that no level of competence on their part will eliminate the risks. You need a lot to outweigh the risks of "go[ing ]to jail for a long time", and a lot of people who know what they're doing won't take that risk.

"the medical industry and pilots are examples where credentials and skills are checked. Sure they arent perfect but they are a lot better than the zero we get from cxx."

Neither demonstrate the point. Pilots have to be licensed. Doctors have to be licensed. The person who tells the pilots where and when to go does not need to be a pilot. Hospital administrators don't need to be doctors. It's also irrelevant to the point about punishments and responsibility. If you're calling for a licensing test for security workers, that's a separate issue that we could discuss, but using your examples, the person managing the pilot generally isn't the one punished if a pilot flies incorrectly and crashes, nor are they if the finance department has cut down on maintenance to the extent that the plane crashes. If that guy was the one to be punished in both scenarios, you wouldn't find many people willing to be that guy, and the problem would not be solved because bad pilots and bad maintenance would both be very cheap to everyone doing it, because all the cost is paid by that guy. If you want these to stop, you have to actually figure out who is responsible with the chance that's it is a small amount each for lots of people. A license check won't do it,. Lots of punishments when you find a scapegoat you're happy enough with won't do it either.

Working software over comprehensive documentation

Which, to me, means it is better to spend time on making more value, that is, time spent making software work than on documentation no one is going to look at.

I'm afraid this is one of the parts of the manifesto that I take the most issue with, and I'm going to have to use you as an example why. There are many people who interpret that line in the same way. I'm not sure whether that's the same way the manifesto's writers were thinking when they wrote it. I hope not, and I think there's a reason that it might not have been, but as I've said to other defenses of the manifesto, they didn't bother explaining what they meant, so they're either in agreement with or responsible for this attitude when people use the manifesto as justification.

A lot of developers don't like writing documentation. They start finding reasons why they shouldn't have to. Managers also don't particularly want to do it, because it would seem to add time to the development process without making the software any more capable, and if the developers aren't going to do it, then you'd have to hire other people to do it, and that's expensive. Too bad for both groups because it is needed, and they should both know that. I'll tell you who suffers when the documentation's insufficient:

1. The users who read the documentation in order to use the software and get their job done.

2. The users who don't read it, but when they screw something up, can be referred to it, read what they should have done, and use it properly next time.

3. The trainers who need to learn how to use the software in order to teach users, but don't use it themselves. Winging it means training people in at best an inefficient and at worst a wrong way.

4. The support staff, if you're lucky enough to have them, who explain to users how something works even if they don't use it full time themselves. This also includes the tech-savvy colleague who gets a lot of routine questions from the less knowledgeable users.

5. Developers in general when they need to know what behavior is expected, so they know whether a certain change needs to be written differently, communicated to users, or expanded with multiple options.

6. New developers who need some way to learn what this project does and how it does it that's a little faster and more reliable than figuring out where the main function is and trying to read it like a compiler.

7. Me, as an established developer, when I want to help the new developers learn but don't have enough time to hold a complete course on it.

8. Me, as an established developer, when I need to teach someone in great detail or they'll be unproductive and our manager gets unhappy, but the lack of documentation means I have to spend a long time doing this, which means my code production decreases, which means my manager gets unhappy.

Re: Double opt-in demands

"So your issue is with amateur admins, and not SORBS."

As they clearly stated, their issues are with both. Their issue with admins was taking a report in an extreme way, and their issue with SORBS was creating a report with insufficient justification, which they allege other lists did not do.