Posts by doublelayer

Re: Reading the report...

When was that time? In my experience, the challenges were different, but they still had them. Back before there were software limitations like all the different layers of firewalls, there were hardware ones instead. I'm unaware of any time where shifting a large subset of a larger project to something new was child's play unless it had been designed with that in mind, and in my experience custom-built systems for a company or organization were rarely designed that way because building them for the infrastructure they had now was cheaper.

Re: The US Constitution isn't for personal interpretation.

Neither of those statements are correct. Taking them out of order:

"Tik-Toc's main argument seems to be that their servers in the US are too deeply intertwined with the one's in China."

They said nothing of the kind. Their main argument is "that's not legal". Their secondary argument is "splitting this up isn't feasible this quickly". Their tertiary argument is "you can't just split one piece of software into U.S. and non-U.S. versions, no matter where the servers are, because they're still one piece of software working on a global set of content".

"Which means they are implying that their CEO committed perjury before Congress."

The testimony concerned wouldn't even conflict with what you say they're saying. They testified that they have Americans working with American data on American servers without the Chinese employees accessing or using it. That's it. I'm not sure I entirely believe that, but nothing in that conflicts with having a single global network which isn't easy to partition on a whim.

"Congress is setting domestic ownership requirements as they do, for example, for US nuclear weapons makers."

Their ability to do that is limited. Yes, there are some areas where they have that power. Nuclear weapons are a bad example, since the government is the only place buying them so they can set whatever restrictions they want. Radio and television stations might be a better example as they are also forbidden to be foreign owned (sort of). However, they do not have the legal authority to impose that regulation on anything they like whenever they like. I am not a lawyer, but I think you have overestimated how clear this case is.

Re: Mesh networks

I'm not as concerned with hardware bans; some Chinese company would make cheap Android phones and get them imported. They don't care about any other local regulations, so why would they care about these either? Myanmar might keep them off the cell networks, but that's not an issue if you're using them for a mesh node.

However, mesh networks aren't the silver bullet some people imagine. They're not as resilient as they appear. You've pointed out several major problems with them, and they're also pretty easy to infiltrate and track since, by design, they let any device nearby into the network. You would have to put a lot of effort into such things as trying to insulate people from a device that advertises that it's part of the mesh network, waits for a peer to connect, then triangulates their location. It might not be effective if you only transmit while walking down crowded streets, but people probably don't limit themselves that way.

Re: this content sometimes disappears from view

It isn't that hard to keep every link together when you've designed the site, but it becomes much more of a pain when you use intermediate software. I've helped a few websites switch their sites from one backend CMS to another. They never want me or anyone else to hand-code HTML and maintain their structure and I don't want to do it either. In each case, they're looking for something where an untrained employee can log in, click some buttons, type some text, and their site changes. I take a very different approach on sites that I run, but those are easy because nobody except me needs to touch them.

Re: re: Seems like this might be something AI could usefully be applied to…

The rest of the comment may convince you that I didn't have an LLM write it for me. However, whether I did or not, I used those two phrases to refer to two problems with concerns about novel tracking techniques. Unprovable is a concern because, if you don't try to prove that something works the way you've described, then how do you know that it does? If you accept your theory about how something works when you cannot test it or even demonstrate that something has definitely happened at all, then why should anyone believe it happened rather than making up whatever story they like and believing that without trying to prove it.

The faulty assumptions lead us there and it's something that everyone is vulnerable to. We all have situations where we think something has happened when it has not. Here is an example:

A while ago, I opened Notepad++ on a Windows computer and a window popped up. Well visually it didn't, but I have some software monitoring for invisible windows which noted that it did, and it had a scary name: "Input capture". I've seen that window before, and it most often happens because of a remote desktop connection or a GUI VM connection. What could cause this? I was sure that I hadn't done anything unusual lately, so it clearly couldn't have been me. Maybe I had malware from somewhere. Maybe this was evil Microsoft snooping on me. Maybe someone had infiltrated Notepad++ and given me a poisoned update. Something was being done to me and I was determined to stop it. A full disk scan identified no malware, and a reboot didn't make this go away.

As it turns out, it was me. I had started a WSL VM in an earlier session and opened a file from that session in Notepad++. Then I rebooted, so WSL wasn't running anymore. When I tried to open Notepad++, it tried to open a path that looks like \\wsl.localhost\Ubuntu-22.04\... and that started some searching processes looking for the remote computer so I could get the file I had requested, but they didn't work because the remote computer was on my computer and I hadn't turned it on. I didn't see that because Notepad++, not getting the file it asked for, helpfully didn't open it and showed me the next one in line. That was not in my list of assumptions.

If you see an advertisement for something, there are lots of reasons it could have gotten there and some of them are simple enough that we don't consider them. We may assume that we never visited a page about this topic, even though we actually did and a tracker tracked us from it. This is logical because visiting one website is a really small action, especially if we just glanced over it before abandoning it as not a useful site, so it got about four seconds of our attention. We don't need to remember every little thing like that, so we forget it, and then when something crops up days later, we have forgotten that easy step. The problem with assuming something we haven't proven is that, if it's related to something we can prove, then we can stop it or at least try to. If we always assume that we have stopped all the basic web trackers, therefore any tracking we see must be due to something else, the chances are high that we haven't stopped all web trackers and we will get more done by finding the ones that slipped through.

Re: Laptop Farms?

It's not about how many people use the same IP. As long as they work for different companies, nobody will notice. This is about which IP.

If you track the IP from which I made this comment, it will look like a normal ISP as used by residential or office users, not a datacenter. If I proxied through a cloud service, the IP would identify that I had. You can test this. Get a cloud VM and put a VPN endpoint on it, then try to browse from that endpoint. Some sites won't care and will look the same. Many other ones will identify your range as a dangerous place for traffic to be coming from and will either block you entirely (I think this is a bad idea but some sites do), or more likely just send you tons of captchas. This doesn't even require you to share the IP. When I first wanted to run my own VPN, I did exactly this, and although I used an address that only I had used for over a year, it was still in the Digital Ocean address space. Digital Ocean is well-known as a cheap place to rent servers, meaning that my datacenter neighbors almost certainly included many spammers and criminals, so I was suspected as well. I moved that endpoint.

When you connect to a corporate VPN, it will log the address you use to connect to it. If that address is unusual, it will usually note that and, depending on settings, report it to the company's security team. If it's for a country you're not expected to be in, for instance, that will likely generate a report and some companies will send those to someone for review. The same thing is true if it indicates that you're coming from a datacenter. Therefore, to evade this, you have to come from what looks like an acceptably local ISP.

"Mev boost is open source, so the exploit is a publicly documented way of using it."

That's not how open source works. It is a discoverable way of breaking it, but there is a reason why it's considered a bug. Heartbleed was also a publicly discoverable flaw in open source software, but using it to steal data wouldn't be legal. Your argument appears to say that if it's with open source software, then you are legally allowed to do anything you are able to do. The law doesn't think so. They could try arguing whether this manipulation is an illegal kind or not, but just because open source software was involved won't change it.

Re: @Tubz - Wait!

Yes, they are. Not the same China though, so maybe the claim got a bit weaker. Maybe you could, I don't know, ask the people of Hong Kong what they wanted and then let them have it? No, that would be... democracy.

Re: China is far too big

"Every Belt and Road initiative only drains the target country of it's resources and doesn't provide any form of growth or independence whatsoever, so they're acting more like a parasite than a foster."

That's kind of the goal. Build something useful, get good terms on the loans, and then when the country is unable to pay back the loans, you have leverage to make requests. Forgive the loans and you may be able to set up some more infrastructure there, for instance. A lot of countries are willing to spend to get things like that. When the US wants a military base in another country, they usually don't expect that to return a profit and are willing to spend to get it. Many of China's international ventures accomplish similar goals and aren't that much more expensive. Of course, it also makes it easier for China to import whatever they might want from that country, so there is a small boost to the other countries from export industries.

China has a lot of problems, but it has a government that is in a position to ignore many classes of problems that democratic countries can't ignore and the size to absorb many negative events. It also has many assets it can use to advance. I think you may be counting them out too quickly.

Re: I absolutely adored my Mac Classic.

"Can the Pi folk please use their loot when they go public to start selling a works-out-of-the-box, cased, retail Pi PC for the mainstream user. Then we can start having some fun again, 80s style."

What's the point? They kind of already embraced that with the Raspberry Pi 400, which isn't really any more boxed than a normal one other than providing a basic case with a keyboard on it but it certainly looks 1980s-ish. However, using a normal Pi, all they would have to do is to put the board in a case of which there are hundreds of options, preinstall and preimage a card, and ship with whatever set of peripherals you don't want to buy separately. Lots of resellers already do some or all of that. What more do you expect from a retail version and what benefits do you hope will accrue by doing so?

If your contract specified working remotely, then they can't easily change it on a whim, though they can do some things. If, however, you have a contract from before the pandemic which specified the office, then they can tell you that they are enforcing that again, and if they thought about this and put it in the contract, then they also can.

These are the easiest examples, but if the contract doesn't mention it, then it is still usually going to work out that the companies can change your work location. If they move it unreasonably far from where you are, then you might have a case, but not if you chose to move away from it or if you could go in easily enough. The details will depend on the situation, but you can assume that they probably have the right to make that change and be correct most of the time.

Maybe, but it would require them to get funds and give them to scammed people, which brings up two more thorny questions:

1. Should governments refund people who got scammed using money obtained from people who were not?

2. If they do, why should crypto-themed scams receive special treatment?

Re: Fast is Bad? Slow is good??

Oh, they can always stick more stuff on. They've done it before. They could either put something else on the end (this isn't the M4, it's the M3A/M3A Pro), or they could stick on more words (M3 plus ultra). Sure, eventually doing that will result in something that looks stupid (M6B plus ultra max), but it wouldn't be the first time as trying to explain the different versions of iPads, nor would it likely be as hard to understand as what Intel and AMD have sometimes done to their processor numbers.

Re: Alternatively...

Or you could recognize what this tool is useful for, which is not exactly the same as the set of things a backup is useful for. Yes, there are some times where you might use either, such as if the disk gets corrupted. Of course, you might not have a backup that's fully up-to-date. A backup from Tuesday is wonderful and will rescue you from plenty of things, but before you restore it, maybe you want to use a tool to try to recover Wednesday's files. If you back up every night religiously, then substitute 8:30 for Tuesday and noon for Wednesday.

Maybe, though, you are doing something else. For example, helping someone else who doesn't have backups. Then you might prefer these tools over a backup of your computer. Or maybe you want to restore your backups, and you need some software to make that fast. Or you don't need to restore a disk, but just fix a file, and rather than spending hours restoring your full disk backup then a bit longer catching things up, you just fix the file and go on your way.

Re: Synonym

Meanwhile you took people expressing derision at best and assumed that they were a lot more upset than they really were. You somehow think that people were distraught after seeing that advertisement, when reading what they said demonstrates that they were not. Most responses I saw in these forums were of people expressing one of two thoughts:

1. This advertisement is stupid (that was my view).

2. This advertisement is insulting (not really my view).

But you will have a harder time trying to argue why the ad was actually a good idea, so since you can't argue against what people actually said, you had to exaggerate their reaction to have something you can contest.

Because, when something is successful, everyone did exactly the same amount to get that to happen? That's not how it works. That doesn't necessarily mean that he deserves to be paid more, because I don't know what, if anything, he actually did to help here. Still, when a success happens, it doesn't automatically follow that everyone who did something to contribute deserves the same payments as a result.

Why do people insist on coming up with these irrelevant questions they know the answer to. You clearly know the ways to answer the questions in all your examples, and you should also know by now that this does not mean that you own the output of an LLM you use. You should know that using someone else's code from a book does not mean you own their code but that the book likely gives you permission to use it, and you do own the code you wrote around them. Using a tool to get things from your brain onto the computer or paper in this case are completely different.

Re: We are well aware

If you think that you not liking something means it's in its decline, I can only conclude that you haven't been around for most of that "wasn't so long" period of Microsoft and Google dominance. Some person making a statement about security isn't going to tank a company that is valued by investors at trillions of dollars and actually has tens of billions of dollars in cash just in case they need it. Neither is my using DDG as my search engine, which I've been doing for about a decade now, going to prevent Google from existing. They have lots of extra mechanisms to continue to exist, including their powerful position in mobile operating systems; the second most popular office suite after Microsoft's; and the fact that, by inertia, paying for default placement, or people actually thinking their search is better, they still have 90% of the search volume.

"we both now that the average store does not have a 100 employees."

Why do we know that? The two stores that do are in suburban New Jersey and Maryland. They are not flagship stores. Why should we assume that these are much larger than normal?

"In AU no Apple store has anywhere near 100 employees and im talking downtown Sydney."

This appears to be incorrect as one Australian store managed to have 150 people on strike from it.

Using which states numbers from 2021 of 70,000 retail employees across 510 stores, that makes for an average of 137 employees per store and a Cook-to-retail-employee per worker budget of a nice, even $900 per year, which at $15 per hour makes 60 hours per year. I don't care how part-time they are. That's not what they earn.

Re: A directory tree managed by software ? No.

As I understand it, it's not your data that goes in those directories. It's installed programs and system configuration that they organize that way. You could put the programs folder on a second disk from the system disk, although you need to sync the main file in /etc which is used to build that program disk somewhere in case the system disk fails. Otherwise, as long as you're comfortable for programs to be in opaque directories, it sounds like this does what you asked for.

No, it's not. Negotiation with criminals isn't forbidden basically anywhere. Paying ransoms is illegal in more places, but you can still negotiate with the people demanding one. There are some groups that have laws that specifically forbid paying ransoms to. The most common such group is officially designated terrorist organizations, which do not include ransomware groups. You could make it illegal and I think doing so would help, but it isn't illegal yet.

Re: Is El Reg a support site for irritated creatives now?

Everyone can have an opinion on whether the ad was stupid or not. I've seen a few people who act like everyone else wants to burn the people who wrote this for their crimes, but most of the people complaining appear to be saying that the ad was a bad one. The same way that I can think that a book was badly written without wanting to punish the author, I can think this advertisement was a bad idea without needing a "support site".

To argue why I think it was a bad one, they used the wrong images. People in other comments have explained how they could try to paint the idea that these things were becoming part of an iPad. A big crushing machine is never used to make something new out of old stuff. It is used to turn old stuff into more manageable garbage blocks. So when a viewer sees someone using a crusher, they're going to think of destruction, not amalgamation. If the creators of the advert wanted people to think of amalgamation, they chose the wrong image. If they wanted them to think of destruction, they chose the wrong attitude.

The other problem is that, even if we assume that they were trying to say that these things were being formed together into an iPad, an iPad does very little of that stuff. I'll accept metronome because I have a metronome app on my phone, and I'll accept drawing board because they have that pencil. The camera and music equipment may be overstating the quality differences, but at least the same function can be performed by both of them to some extent. Try using your iPad as a trumpet or guitar. You can't. Try making a sculpture out of it. You'll get cut from the broken screen and the iPad won't work when you're done reshaping it. If they want to show things being forged into an iPad, it might help if they chose things that an iPad could actually do.

I think they were using the crusher for a different reason than you think they did. It's not surprising to see destruction used to sell something new. When your new product means that your customers don't have to put up with the annoying thing they previously used, then it's not a problem to show the destruction of the annoying thing. Their problem was that they used this for things that people either aren't annoyed by or don't have, so the picture they painted didn't bring the same emotions.

Your analogy is bad. Terraform, for all its faults, works. You can build lots of things successfully with it. Do I wish it was different, having had to use it? Yes, I do. It might be nice if I could define my own functions, because it's a functional language and trying to use one when you can't use the central part of the philosophy is a pain. Still, it is capable of doing the job that people want done.

Could it be built with better syntax and semantics? Again, yes. Probably many people have. Their versions, though, don't get adopted as much because they don't have the premade structures that Terraform and OpenTofu can rely on, so if you're using systems that the original author wasn't using, you have to do the foundational work. Meanwhile, Terraform has the network effects meaning that most companies will build the necessary components for their own stuff rather than expecting their users to do it. Terraform is often used by people who aren't programmers in their own right and would find it difficult to write that stuff themselves.

Can you fix this and produce a better tool that also has broad platform support? Brilliant. People will enjoy that. If you can't build that and all you can do is complain, you may not get anywhere. If you can't even understand the thing well enough to understand why your complaints aren't someone's main focus, you definitely won't get anywhere.

Re: PINs on mobile 'phones

I wonder how much improvement came when IOS changed the default 4-digit pins to a 6-digit pin. You can still go and set the pin length to anything you want, but the one they start with requires six.

Re: Because that's where the money is...

It won't do anything about the hacking. It is a lucrative hacking target because, if the systems aren't up, people get hurt. That is not changed if the government is paying for the medical services; the patients will still get hurt if important systems are unavailable. It is worth considering that another popular target of ransomware has been education, including a bunch of publicly funded schools.

The only reason it might decrease is if the ban on governments paying ransoms applies to them. The problem is that it probably won't because, even if the government is paying the hospitals, the hospitals themselves are run independently. If it would help, the problem could also be solved just by banning private organizations from paying, which I think would be somewhat helpful though not perfect.

Re: (What kind of person is turned on by silly little badges? Dumb scores?)

That depends on what you were doing with it. If it was something where they were answering people's questions, and you were hiring for a teaching position, that could prove that they have a passion for teaching and, if you read the posts, you could get an idea of how well they teach. As jobs go, a teaching position is probably one of the ones where SO posts are most relevant. That doesn't mean that it's necessarily useful enough to consider, but including it may not be as daft as you imply.