Posts by doublelayer

They're just unfamiliar with how any of this works. They are unaware that a registrar just takes money and gets the customer the domain they asked for. At best, they could try to make the registrar look for trademark abuses, which were in use at least some of the time during this operation, but I have a feeling they think the registrar should be policing the content available from the domain they purchased, which is unlikely to work.

Free speech is probably not really the issue here. While I don't really want to have to obtain a license to have a domain name, some TLDs do require verification without giving anyone censorship powers. My objection to it is simply that it won't work; any number of identities can be used by organized campaigns, including stolen, corporate, unclear, and misleading ones, and even if they were honest, it wouldn't likely make any difference. I don't have a problem with what the senator wants to prevent, but his ability to do so at all is limited and his ability to do it by way of domain registrars is dubious.

Re: The trouble with money

That's probably true, but I don't mind that. If a company wants to pay me to build in a feature, as long as that feature doesn't harm other users, I don't have a problem raising it in the list. Sure, it may not be the most commonly requested feature, but the chances are that, even with the extra development, the funding is going to provide users with more maintenance and features they used. If they tried to use the funding to break things, that would be different, but as long as it's something like fixing the bug that affects what they want to do more quickly, I am fine with it. In the same way, if they pay one of their employees to contribute to it and that employee mostly contributes things that company wants, that also works for me.

Re: If they want paying...

That is what I think I said:

"that is why I disapprove of any mandatory payment [...] However, this is not that. This is a voluntary payment to a project you rely on."

As I said in my first comment here, I support this effort. I support businesses and individuals making voluntary donations, and if someone wants to encourage more people to give, I'm usually fine with it unless they're doing something so horrible that it is likely to put people off, and I don't think this group are anywhere close to that.

Re: The trouble with money

Offering to pay someone to put in backdoors is not aided in any way by paying them for normal maintenance. If you offer me donations for the project, thank you very much. If you offer me payments to add a feature, then I'll consider it but chances are you'll get your feature and I'll take the money. If you offer me money to insert something malicious, I will refuse, or maybe I'll consider accepting the money and not giving you what you asked for because what you asked for is illegal anyway, but chances are the risk is high enough that I just won't bother. If I'm evil enough to add a backdoor just because someone will pay me to do it, I'm not going to care whether they donated last year; I'm just going to ask how much they'll give me for access to the users.

The fact that they received a donation before getting the bribe to add malware to the code doesn't make them any more beholden to the donor. In fact, having that donation makes them less desperate for funds, so they are less likely to accept such an offer. I see no reason to expect any connection between the two things.

Re: If they want paying...

And that is why I disapprove of any mandatory payment system for open source software. Well that, and about ten other reasons, some of them bigger, but it's in the list. However, this is not that. This is a voluntary payment to a project you rely on. They're asking for that voluntary payment to be increased, but they're not mandating that any payment happens or taking away rights if they don't get one.

Since the payments are voluntary, not having support is easily justified. If you find that the project is such a buggy mess that you are wasting time and money finding and reporting bugs, then maybe this isn't good enough software for you to use. I've had that experience with open source software before, software where I decided I had to do significant maintenance on it to get it into workable condition, start a similar project from scratch, find another option that can do the task, or not have this functionality. I don't get to bill the provider of software in that case, although I'm much less likely to donate anything.

Even if you had paid for software, you usually don't get to do anything like this. I've had lots of bugs in software I purchased, and in none of those cases did I get to charge the authors for the existence of them. In one case, I did report so many of them that the author returned my money, but that was it.

This requires some research to find the best way to benefit the projects you rely on, and it's not always obvious. In some cases, it's something a group like this could help with, identifying an organization that provably directs donations to actual maintenance work. The other approach that companies can use is paying an employee or contractor to do maintenance work on a project.

Some parts are, but I contend that these people are not. This is an entirely voluntary pledge, backed up by nothing more than the shame felt by people who know what the billboard means and the confusion felt by everyone else who tries to understand the request. They are not trying to make demands they have no right to demand, the way that some open source owners (often not authors, but the companies that once employed them) have tried. Their request is not outlandish, the way that, for instance, Bruce Perens's 1% of revenue every year no matter how little "post-open" software you use is. They aren't harpooning long-held principles of open source like the right to fork, modify, and distribute without anyone's permission.

I support businesses making voluntary donations to open source they rely on. I don't expect many companies to actually do it, but it is logical from the companies' perspective as well as from the projects'. I have been in a position before where an employer wanted to use some piece of open source software, and when we wanted new things added to it, they paid me to add them. Eventually, I was also doing some maintenance work, though in these cases never the central maintainer, on the time my employer pays for. That was helpful to them and to the project, and it doesn't hurt to ask more companies to do that and to increase the amount they give back. I'm not sure advertisements on signs is going to help with that, but the thing they're trying with this campaign is something I would support.

Re: Actually ...

And if, therefore, every processor designer put in custom extensions designed to make it difficult to copy their designs because otherwise any of the expensive effort involved in designing a good chip or ISA was taken by free for others? That's what you would have gotten if IP wasn't a thing. And if anyone mentions it, RISC-V is not a counterexample. The core instruction set is public, but manufacturers' designs are protected by IP and extensions may be as well, though sometimes they choose to be open with those in the hopes that others will use them and require them in their software which would advantage their chips. That does a lot of negative things, for example why I'm worried about RISC-V fragmentation weakening the architecture, but it does mean companies can design new and better chip designs which is necessary for any meaningful progress.

Re: Licence

Neither of those are realistic problems with such a license. The license is of lesser value than one without the prohibition and I wouldn't want to sign one, but it is easily accomplished. First, the license can be non-transferrable without ARM's permission, but if they approve, or more likely if the purchasing company gives ARM some of the money, they can accept it. That reduces rather than eliminates the sale value of the IP, to say nothing of the making actual products value of the IP. The problem of the license being easily cancelled is easily fixed by making it survive an attempt to sell to the same person, to a holding company owned by the same people, etc, and that's if you need to do that at all. There's not many reasons why a company would want to cancel the contract. They've already paid for their end, and if they cancel the contract, they have to stop selling and, if you believe ARM's lawyers in this case, destroy the plans for, the things they built under the contract, so they don't want that thing cancelled.

Re: "remove the obligation to work for a living"

Well presumably it's more of a not giving it to them until they do something you want first. In the theoretical society where everything physical can be created by a machine, including another make-everything machine, the need for people to do something to get that is mostly eliminated*. However, the discussions of what we will do in that condition often skip over the part where no such machine exists. We've had this post-scarcity future in science fiction for a long time. How long has the idea of a robot butler existed? It's longer than we've had the word robot, which is why the idea still exists in a world where there aren't that many butlers. Yet, there are no robot butlers, no matter how wealthy you are. At best, there are machines that can do a small subset of butlerian tasks only when someone has already fulfilled the specific requirements of the machine. If I was sufficiently wealthy and wanted to, I could buy a machine that can make breakfast, as long as it's a specific breakfast, and something to deliver it to me, as long as I've built the routes the machine will take to do so, but the machine will need the ingredients of breakfast in a specific place rather than acting like a human would. If we can't make that, maybe the prospects of a future where there are no physical needs are a bit lower than science fiction would suggest.

* Even if we got make-everything machines, there would still be limits on some things. The one that jumps to mind is land. People want houses and they mostly don't want them in Antarctica. A machine will not make it possible to have as much space as you can use. Maybe the population will fall and we'll end up having enough space for everyone, but that's far from guaranteed. Unless we have an omnipotence machine, chances are that there are things that people want that can't be fulfilled automatically.

Re: > can text

Not all of the devices do. For the ones that have more than phone and SMS, it's common to see KaiOS running them, and KaiOS has both of those services available. I don't have such a device myself, so I don't know how well those work, but I think you'll probably find a few of those around. It is a fork of what used to be Firefox's mobile OS attempt. It's mostly closed-source now and when I looked at the internals, I wasn't that impressed, but it can be sold quite cheaply.

Re: AI sounding the death knell for copyright?

I'm sure, given your opinions on copyright being evil, that you embrace the prospect of the elimination of copyright, either through direct legal abolition or through global failure to enforce it. That doesn't mean that is the inevitable outcome. Those who support the existence of copyright can and should try to prevent it from collapsing. You're calling for a preemptive surrender, but we aren't that far along yet.

People have been making similar arguments for a long time. When the internet made it easier to obtain copies of things you wanted without paying for them, people loved to sound the death knell of copyright, but as things developed, it didn't go that way. Piracy actually became less popular when it became possible to more easily obtain legal versions of the thing you wanted, versions that came with less risk of dodgy sites or poor-quality versions. As the companies that make that available start to make terms worse, it's likely that piracy will increase in popularity again, but that can go in both directions.

As for your hope that some countries will decide not to have or enforce copyright law, you may be surprised to find out that they do sometimes make IP themselves. India was in your list, and it has a large and relatively popular film industry. They want copyright protection on those works. If they decided to be egregious in assisting the violation of others' copyrights, they might find that their own copyrights have lost value. As these countries get richer, more and more of their economies will rely on IP. Their current spotty enforcement is not the same as your preferred abolition of the concept, and there is a reason to think that they will improve it, at least for their own IP, rather than go in the direction you've pointed.

Probably not. From their perspective, what's the point? They sometimes make embedded versions, as in ones that are sold for less consumer-oriented hardware, by taking phone chips and stripping out unnecessary things. For all I know, that might be a binning thing. However, that's usually mid-range chips because they're making more of them and the devices the clients use them for can manage with the lower performance. The other types of variant they sometimes do are more likely to use the high-end cores, but they're also more likely to want to keep the NPU. For example, their XR processors have a relation to their high-end phone chips, but XR devices are likely to value something that the NPU will accelerate, so it probably won't be dropped there either. Is there a reason you want that?

Re: "flagship mobile SoC"

It's likely that they share core technology, but they don't use exactly the same chip for both because the constraints are different. The same works with Apple. Yes, the core designs may be similar or even the same from the M* laptop/tablet chips and the A* phone/also tablet chips, but the clocks are different, the caches are different, the on-SOoC GPU is different, and the memory is different. This is mostly because power and thermal constraints are different whether you have a phone or a laptop. Anything that this SoC has which wasn't already in the laptop cores will likely appear in one soon enough.

This isn't just a president. If, for example, this was used by the president and their protection detail to coordinate routes, that might work. However, the stated purpose was to be used by campaign officials so that things like the Iranian attack on them don't happen again. Campaigns are made up of lots of people who are not trained in security or anything else, working in all sorts of places doing unplanned things. It is more difficult for them to adapt to restricted methods and they're the kind of people who aren't eager to adopt that in the first place.

A campaign is a lot like a company. Consider what would happen if you had to convert an employer to a restricted communication system for all internal messages. If it was a small company where everyone was knowledgeable about security risks, you could probably do it. I think you can imagine how hard it would be and how many people would ignore you if you tried the same with managers who don't want anything that will slow down their messages, technophobes who have become comfortable with something and resist any change, and processes that are considered critical and indispensable which don't yet work through the system you're trying to switch to. I've had to do it before and, even more frequently, I've had to watch the IT people try it and struggling to implement something against organizational inertia, then catch all the people who deliberately bypassed their policies.

Re: really long lines

If they're writing in C, which seems likely given the age and what it's supposed to be, you don't need any line breaks at all. For convenience, set your editor to interpret any semicolon and either curly brace as having a new line after it, but don't actually insert them. Only use /*...*/ comments and do the same with those. Insert a few line breaks so that you don't actually claim that it's just one line.

I'm still expecting that it turns out that ten thousand is the lines of code for some component that is important, but not the only thing in which vulnerabilities are found, or that it can't actually do very much and won't get used. I could see an encrypted text-only message system being built in 10kloc, most of which would be the code for whatever communication system was chosen, but what's much harder to imagine is people using it when they are more familiar with smartphones.

Not if, for instance, people like sending pictures. A lot of people do like that. SMS can't handle them. Likely this OS, if it's actually as small as described, can't do it either. Say hello to WhatsApp or something like it. The same applies if people like videocalls. True, they probably aren't needed, but that doesn't stop people from preferring them to voice calls for some reason. If you're careful to use the secure device whenever possible and to do without things that your secure device can't do, then you're in a good place. A lot of insecurity comes because people are not willing to do one of those things.

Re: Windows key...

It probably confuses the majority of phone scammers who aren't that technically aware themselves, but it wouldn't be much of a protection against a website like this one if they tried for about ten minutes. Linux and Mac OS have key commands that would accept commands, and user agent strings will generally tell them which operating system you're running*. So they could easily present the average user with instructions that will run a script on their computer whether it's Windows or not.

* Yes, you can lie about the operating system, but chances are that if you know why you're doing it, you also know not to open a command window and paste things in it. For someone who was given a Linux system by a friend, they won't have chosen to change their user agent. If you have given Linux systems to your family members but switched the user agents beforehand, you're in a pretty small minority even of those installing Linux for others.

I think your assumption is exactly what they intend but won't get. My guess is that they know there are some people they don't want to lose who will not agree to come into the office and they figure they'll give them an exception and never speak of it again. However, without telling managers that they can do that, they won't get it. Even if they did, workers who aren't aware might not bother asking, or managers might find they can't get an exception approved. So while I think they're planning on exceptions, I think they'll approve far fewer than they're willing to because of bureaucratic inefficiency.

What I mostly expect is rampant noncompliance. People who are really unwilling to return to the office will likely try not coming in to see if anyone gets mad. I don't know what they'll do about that, though in previous rounds covered here, their response seems to have been sending scary emails suggesting that you will be fired any time now, sometimes to the wrong people, then not necessarily following through on the threat.

Since your ability or lack of ability to remote work mostly doesn't depend on where you put servers, I doubt that will have much of an effect. It would make as much sense as saying that a primarily remote AWS is bad because it means it's not good for people working in an office. That kind of argument might work a little for a company like Atlassian whose products are at least supposed to be related to teamwork, collaboration, and project management, but AWS doesn't have many things related to that and those they do have (hands up who can name the AWS videoconference tool, which I assume is only used in Amazon but you can buy it if you want) aren't really what people are using AWS for.

Re: Camera only is bad ?

That is kind of my point. You need to collect that much data, undoubtedly involving many deaths, in order to do a direct comparison in the first place, so you can't do a direct comparison because people won't accept that. Even if you did, people won't follow a purely utilitarian system of "fewer deaths is better, so the method that caused fewer deaths will be chosen". If it's not significantly and provably better, it won't be accepted and people are great at resisting changes to the status quo.

Let's assume that someone, and I'm quite certain it wouldn't be Tesla, made a perfect self-driving system. Even when that system has been put to the test, driving in all conditions, and the only accidents it got into were entirely the fault of something else, for example it was driving along when a massive earthquake struck and toppled it off a hill and into a building, there will be some people who resist its adoption. That will be hard enough to overcome. By painting something as perfect when it's only good, we make that problem worse. By painting something as good when it's actually mediocre, we may kill it before we can get any better. And the levels of quality have to include not only pure statistics but the average driver and pedestrian's view on what is reasonable.

Re: Camera only is bad ?

To some extent, you're correct. A car that is safer than a human can be convincingly argued to be better. However, you have two major problems. People will evaluate these differently because they're a different type of product. If they see them making catastrophic mistakes that they wouldn't have made, they won't be confident in them even if, with accurate results, they're making those mistakes less frequently than humans would. People will freak out over a situation where a human would crash, and that will be hard enough to overcome. You will not help the point by having lots of other examples where a human driver would have been better able to prevent them.

The other problem is that you won't actually know if they are safer than a human driver until you collect a staggering amount of data that is controlled for everything. Set loose ten million self-driving Teslas to drive on large roads, small roads, urban roads, rural roads, at all times of the day or night, in all conditions, then compare the number of deaths caused to human drivers. Then you can use that data in comparison. With existing data where the software is only used on one type of road and with completely uncontrolled and unmonitored conditions, the data is not comparable. Of course, if you try to implement the necessary data collection, you will get some rather indignant public reactions about the experimental not confirmed to be safe things unleashed on the public streets, so you can't actually do what you need to do to collect the data for that comparison. That is why individual situations are considered by road safety regulators before public testing is permitted.

Re: Just not with a Ubisoft game?

That is not what "specific performance" means. Specific performance is a court order to follow the terms of a contract. For example, if I've signed a contract to deliver a certain amount of items to you and I don't, you can sue me. Perhaps I'll be ordered to pay you damages in cash, but I might also be ordered to comply with the terms of that contract and deliver the items, with more penalties from the court if I don't. That would be specific performance.

I am not a lawyer either, and so maybe such a construct exists. I have not seen it used, nor could I find it with some web searches. It seems like a bad idea, but worse ideas have been enshrined in law, so that's no proof it doesn't exist. However, I have a feeling it's going to fall into a similar category as things above, namely that even if it does, chances are that it's not going to apply and it's not a good idea to rely on it. For instance, in the specific case of remote working, an employer can say that they were required to allow remote working for safety, if not by law, and therefore the change was not made by choice. Therefore, their nonenforcement of the come to office bit was not because they didn't want it. The contract says it and doesn't have provisions to alter it. The court can be presented a reason to justify other actions. In fact, you might have had a stronger case if you sued your employer for starting remote work than for stopping it.

Re: History repeating

Those cases have no relation to one another. However, if I try, I am not on your side. If your school mandated fountain pen and informed you that other methods of writing were going to result in a penalty, then you have some good options:

1. Write in fountain pen.

2. Argue that, although they're asking you to write in fountain pen in order to train you to have good handwriting with them, ballpoint pens are going to be common enough that you don't need that skill, and therefore their policy should be changed.

3. Argue that, although you were told to write in fountain pen for handwriting, this course is not related to handwriting and a different form should be acceptable, and therefore their policy should be changed.

And some bad ones:

4. Write in your preferred method without permission and without attempting to argue otherwise, then act surprised when they do what they said they would do.

5. After receiving your penalty, demand that they refrain from enforcing their clear rules, not because you're arguing the rules are unfair, but because you don't like the consequences.

If you want to try an option 2 or 3 argument on AI, you can. We'll all listen and decide whether we were wrong and AI use is more acceptable than we thought. So far, you haven't, and nor have this student or his parents. They've gone for option 5, and you've chosen option 6: make up irrelevant analogies and pretend they apply when they clearly don't and form a coherent 2/3 argument in favor of something.