Posts by doublelayer

Two things, neither completely justified. The first was that, until version 1.3.0, its license was GPL 2 or later. As of 1.3.0, it became GPL 2 only, same as the kernel. Before that, people didn't like the ambiguity involved in letting whatever might show up in GPL version 3 (then unreleased) to be a core part of their system. This was only partially justified because the clarification came in 2006, so it's not like there was much need to deal with it.

The other reason was even less justified, namely that Busybox was a project well-known for pursuing their license rights. If you used Busybox, they would demand the source be released and sue you if you didn't. This rarely if ever gave the community useful code because anyone using Busybox didn't have much of a need to improve it, but it did certainly penalize people who don't comply with a really easy license. This shouldn't really be a problem, and it really wasn't, but some companies can't be bothered to release the source code they haven't changed and contains no secrets. I'm not sure why they find this so difficult, but having tried to get source code from them, I know they exist.

In general, one of the maintainers of Busybox got annoyed at another one and went off to create Toybox. This was in 2006, so before Android really went anywhere. Android had to choose between the BSD-licensed Toybox, run by someone who had added a lot of stuff to Busybox, or the GPL2 Busybox which had lost a maintainer but still had more people working on it. There wasn't an obvious good and bad answer, and it probably isn't that surprising that they went with Toybox. Having done so, Toybox has focused on keeping itself functional for Android, so it's not surprising that they're still using it.

I'm not sure. At the start, this seemed like the old classic "I made something open source [with lots of others' help] and I want to be paid by the people who make money off it. Why can't I force them to do that?". To add a bit of extra spice, there was something a little legally dubious about trademarks thrown in. However, the way it's played out isn't following the normal pattern. There are lots of people who host Word Press for profit. They all say "Word Press" on their websites. Some of them use it in advertising that I'd rather not see anymore. None of those have been sued or had their access to update servers cut. Either this is really about the name of the company, in which case it's not going to go well for Automattic because "WP" is not the same thing as "Word Press", or it's about something else but I'm not sure what it is.

If there's an actual legal thing in here, I don't get it. I'm currently operating on the theory that it's really just a personal whim that's going to go badly, mostly because that's the only explanation that gets even close to explaining most of the events. Maybe Mullenweg hates someone who works at WP Engine. It would make more sense than most of the rest of this.

The identity of the traveler can be and is checked when they arrive. If it wasn't, I could find someone else's ticket purchased directly through Ryanair and impersonate them, since if the ticket was purchased using their site, this process gets skipped. They are doing additional checks on a subset of their passengers that are not required for other travelers.

Maybe they have another reason for doing it, but in the absence of an explanation and the presence of many airlines who don't do this and have no legal problems about it, I have to fill in the gaps. It seems like they're trying to make the process more difficult for sites that allow passengers to book tickets through a third party, and there's a clear reason why they might. Those sites make it easy (easier) to compare prices across airlines and see all the various options for traveling between some locations. If Ryanair's options are sometimes preferable but not always, a passenger who used such a service would only buy Ryanair tickets some of the time. If they can get those passengers to go to the Ryanair site first, they might always buy a Ryanair ticket even when another airline is providing a better option or a better price just because the effort of price comparison is much harder and if the traveler spends too much time doing it, the price could increase.

Re: Bet it is wrong at least half the time

It depends who is using it and to what purpose. In many of the cases where I've seen the technology used or calls to do so, I am not reassured by it being wrong. Law enforcement use is probably the most obvious example, where being falsely identified as a suspect can still be a rather bad event for you. In fact, in that case, accurate recognition would seem marginally less dangerous, though in reality it's just dangerous in a different way.

Re: Patent trolls

In ARM's case, it's pretty easy. Those core designs they make are products. Those products are sold to other chip designers alone and those designers have to make the physical thing, but nothing says that a product must be physical in order to count. ARM has plenty of provable use of their patents in something they sell.

There can be a trickier side where a company does really exist to license out IP. They can buy it from the inventor because the inventor doesn't want to go into the business of manufacturing the thing they invented, then find someone who does. In this case, the question can be rephrased as "when did someone last build a product based on this patent", thereby including any customers of the company who licensed the thing. In both cases, you would also need to consider that someone might be in the process of developing a product but hasn't released it yet.

It's not a good enough test to stand on its own. A no to this question does not conclusively prove that the patent is invalid. It does suggest that it might be, though.

Re: I'm sorry for sounding like an idiot, but…

Probably not, in that WP isn't Word Press's trademark and the trademarks they do have are owned by the foundation rather than the company doing the suing. If they sue about the letters WP, they're going to lose. So they're probably trying to make a case on use of a trademark somewhere else.

Maybe it's their current headline: "Most Trusted WordPress Platform 2024 | WP Engine®" and similar things. I still think the trademark wouldn't apply because they are hosting Word Press, but that line actually includes a trademarked phrase while their company name doesn't. Either way, it seems clear that trademarks are not the actual issue here and is just the way that the fight is currently described.

Re: Emptying Bank Accounts

Probably the latter. Like most other glitches, this one will end and everyone will have the same amount of money they had before. Glitches don't always go that way. It was about a year ago when a different bank had a glitch allowing people to take more money than they had. Those people didn't get to keep that money, and these people aren't going to have their money taken.

Re: "the Microsoft-backed AI house"

It has nothing to do with open source. Claude isn't open source either. Not in real terms, nor in the sort of open but not fully terms that Facebook used for LLAMA. These people didn't do this for open source. Why they did it is harder to answer. In some ways, though, you can still blame Microsoft for part of it. When OpenAI tried to get rid of Altman, Microsoft was one of the reasons why they failed and he stayed on. Probably not the largest of the reasons, though you're free to think otherwise. If you actually want to know this, try to interpret the vague pronouncements made by all involved in that event. It has more to do with it than open source does.

Re: CISO?

Chief Information Security Officer. It's sometimes also CSO (Chief Security Officer). When you already have a CTO (Chief Technology Officer) but they don't know about security, you need another person. What they actually do varies a lot. Sometimes, the C?O people are actually doing some task related to the company. Sometimes, they're just management, so the CISO doesn't actually know about security, they're just the person to whom the security managers report. So while I can expand the acronym for you, I can't actually explain what these people are doing because they're probably doing different and mostly incomparable things for their salaries. Generally the only commonality is that if they get hacked very badly, that's the person who gets fired. Whether that makes sense is also highly variable.

Re: How?

Not that surprising given the original prompt, which basically required it to run some command, in this case nmap, to find the machine in the first place. It had already been told to figure out what command to execute to move down the path, then read the output in order to create the next command, and keep doing that until the job was complete. It seems like it needed some coaching to actually do it, but they were testing a multi-command setup. I'm therefore not surprised about reading output and sending more commands.

Re: Support

Of course you can, often using the same methods that work for Windows 10. Whether that's a good idea is a different question, and one I'm willing to leave to your judgement.

Re: Wrong

How about your pictures. The ones that a lot of social media users like to share? What do you think that will do to your connection, especially considering that users will likely not save them so if they see them multiple times, they'll download them multiple times.

Bandwidth is far from the only problem with this system. Among other things, it doesn't really protect your privacy very much as soon as someone starts to build services around it. Are we using a public model where anyone who wants can follow you? Then everyone who wants can download your data. Fine then, we'll make it private. Some small subset of the data is public and you have to approve anyone who wants access. In that case, it will be slightly harder, but a company could offer a service that will run on the data, then access the data of anyone the user follows. For instance, my company will offer a new program that will scan through your friends' images and run facial recognition on them to show you the ones that you appear in. That needs to run on our servers because the facial recognition models are too big to run on your phone (note to marketing, don't admit that it's really so we can copy all the data). Just give it access to all the pods you connect to, and it will generate those results and send them back to you.

There is also a feasibility problem. So you're going to host this on your computer on your home network. That won't work well for any people who don't have a desktop that's on most or all of the time. I'm guessing you have at least one of those. Now consider the people you know. How many people do you know who have only laptops and mobile devices? The laptops could do it if they were never moved and always kept on, but that's not the most common. I think we can agree that this is probably not being hosted off a smartphone. This will either mean that it's not really feasible to run it for many users or they will outsource it to an online provider. In other words, the way that these social networks started in the first place, because although anyone who wanted could host a website, it took maintenance and infrastructure and having a page on a social media site didn't.

Re: The mark of true intelligence

Sometimes it does, but not enough, and only if your prompt takes a few forms. If you ask it a question, it might say it doesn't know, then tack on some suggestions, often not so useful, for things you could try. It's still a lot more common that it will try to answer your question with incorrect or irrelevant information. Sometimes, it even gets it correct. It isn't reliably wrong, just reliably unreliable. With substantial effort, you can get it to do some things frequently, but having seen how easy it is to get it to completely mess up, I would always be worried about the quality of anything it produced.

Re: but ... how ?

It depends on the operating system in question, but you could open the task manager, select a new process, and invoke something that will open a box on the screen with your message in it. I would suggest msg, which can send a message box to another logged in user, but that would say who it came from so it doesn't sound like what was used here.

Re: give them boring long numbers and watch their egos wither

This is simplistic. Sure, the worst vulnerabilities are in kernels or kernel-adjacent things. But when was the last vulnerability that comes to mind that let someone exploit that when they weren't already running, often at root, on the computer concerned? Most incidents started by exploiting a bug that was even sloppier in something not kernel adjacent to get onto the computer in the first place or tricking a user into running something for them. For the former case, you can blame developers of lots of other applications that do not run at the kernel level and probably don't run as root/admin. For the latter, you can blame the users themselves, but you could also blame the IT guys. After all, there are ways you can prevent someone from downloading and executing a binary, but a lot of administrators do not set them.

Before you pick your favorite and start blaming, know that there are reasons for each of these and they're not always applicable. IT could stop people from certain classes of problems, but only by slowing down their work, sometimes so much that it can't be permitted. Other times, they could add a protection and just don't care to do it. The same is often true about redesigning software; anyone can do a ground-up rewrite specifically intending to secure everything they can, but if nobody will buy it, then they're not likely to. Meanwhile, lots of developers have bugs that could be quickly fixed but they just don't bother. Trying to put this on one company or type of company is wrong in at least two ways: it lets some people off the hook for their own problems and it ignores the reasons why your targets have done what they have which prevents you from fixing even the part you're acknowledging.

Re: Can bots be subscribers?

Probably true, but right alongside a major road is one of the more likely locations to have a wire going to it. Not guaranteed, but it's not the same kind of situation as some machinery that's well off any major road and away from any network cables. Some of those places don't even have grid power. Chances are that, if there is a cable going to it, some people are going to opt for the cheaper service even if it is an old one and the service is slow. If it's a faster line, that will be pretty much everyone.

Re: been there..

In my example I posited a Mac, and when I managed to confuse someone into executing rm * it was Linux, but it makes very little difference to me what operating system I'm talking them through. Either way, there's a chance that they could badly misunderstand a CLI command if they're not familiar with the CLI on their own, and as the rm * guy should have been familiar enough not to run that, I'm cautious about that as well.

Re: Why would anyone want this?

Because printers are somehow still awful to connect to, and to try to help this which sometimes works, they've included lots of hacks to make them automatically discoverable and usable. Otherwise, people who haven't gotten the full printer setup from IT tend to have a hard time using the printers at all unless they're still able to just plug in a USB cable, and sometimes not even then if the operating system can't find or doesn't agree about the driver required. When you consider offices where there is no real IT, or the IT person is not concerned with printers because they got lucky, this automatic setup is often the simplest way to get most of the people printing. That doesn't mean it's the right way, but printers mostly gave up on doing things the right way.

They can't prohibit WPE from using their software without changing their license and making it no longer the GPL and no longer free or open. That doesn't extend to using their website. There is nothing in the terms that forbids them from doing what they have done. As long as WPE can get the source to the software they already have, which they have already because it's PHP, the license is not violated. The spirit is in many ways, but the letter of the license has been followed. Depending on the market, that could be illegal for other reasons. For instance, if Word Press were large enough, this could be considered anticompetitive action that is prohibited. I doubt this applies either, but if it does, it is unrelated to the code license.

I have a feeling they think they can work around this. I.E. if someone is really important but will leave without remote working, they'll tell their manager, their manager will tell their manager, and eventually that person will get an exception and stay on. Of course, that doesn't actually happen because, even if exceptions are permitted, it's unofficial and quiet. Every time someone goes one level up in the tree, they have a chance for the manager they're talking to to decide it's not worth pursuing or to not know that such an option exists in the first place. The same way that Twitter fired everyone who wouldn't agree to ludicrous terms with almost no notice, then realized that they didn't want to fire some of those people, companies trying a blanket policy will lose people who assume they won't be listened to, aren't listened to, or can't get the company to respond quickly enough for their confidence.

Re: Reproduction is prohibited

I was speaking sarcastically. I think those works should be protected and OpenAI and any other company that wants a license should pay for that license. That will expire at some point. If you've actually been building the dictionary for over a century, then the oldest versions will be in the public domain and deserve no protection. The stuff you did recently does.

I think they're trying to find people who are more likely to listen to the recruiting message and eliminate people they wouldn't accept. Theoretically, if you could find people who are more likely to agree and who you would accept if they did, then you could spend more time convincing those people rather than going for mass campaigns. That could lead to hiring more people with the same recruiting budget. I doubt the AI they've got will actually give them that though.

Re: Just reality

The question is not whether it is theoretically possible to manufacture five Starships and fire them at Mars. People who have watched these more might have some idea how possible it would be to attempt and what would happen if you tried. It can be interesting to discuss. It is not the right response to this. The reason is that they're not going to manufacture five Starships and fire them at Mars. That would cost a lot of money and get you nothing at all. Not only are they not going to do it that quickly, they probably won't try to do it at all. They'll do actual tests on Starship, tests that don't involve going anywhere near Mars, because those have some conceivable benefit. Thus, promising to do something that is not going to be tried will get the cynicism because we know it's not an honest expression of expected actions, and we know that because we've seen it over and over again from the same source.

In a lot of cases, they're applying to companies that are strongly remote. They might not have an office in the first place. In any case, I think most companies have stopped getting candidates to come interview in person. It's expensive for the company if it involves a flight and accommodations, it's hard for the candidate if they're working elsewhere, and therefore it restricts the number of candidates you can actually interview. Bringing them somewhere for an in person onboarding could be quite useful, though, as you only have one person you have to do that with. Refusing to turn on a camera, while I can see a few possible valid reasons, would raise a lot of red flags I'd want addressed before hiring someone.

Most of your other points would work well, although you could get around the traceroute by using a KVM instead of remote access software installed on the laptop. The article suggests checking for ones explicitly intended to route signals over the internet, but I could easily hide that so it looks like a simple local KVM with cheap commodity hardware (if North Korea is reading this, let me know, I'm sure we can work something out and there definitely won't be anything sneaky in the hardware you buy from me). Biometrics would probably lock the laptop to a person and require the person to be nearby, but they might be unpopular. Although fingerprint authentication has been an option on work laptops I've had, I've opted for non-biometric keys and prefer to do so.