Posts by doublelayer 9408 publicly visible posts • joined 22 Feb 2018
I'm interested to see how many cars you can find in any category except 6. There may be a few things in 5 which can be shoved, but I'd like to see a category 2 car. Oh, and was there supposed to be a 4 there? You might need a new category system when user-carried is not part of the plans, replaced by user-carrying.
Do you want to explain how a company makes money by having customer details taken by people who will use it for fraud? If it's the obvious: the fraudsters pay the company for that information, would you care to cite a single time it's happened? The fraudsters don't want to pay for that when they can steal it. They can steal it because the company has been lax with their security because they won't suffer too much. Those things work together very well for those who sell stolen personal information. If you want to prove otherwise, you'll have to do more than suggest that I'm stupid; I might be, but you have done nothing to prove that your allegation so demonstrates.
In an indirect way, yes, because they spend less on securing things and have little or no consequences when a breech happens. Directly, no. They're not getting money from having a breech. I'm not sure if you meant that, but others have expressed that view before and it is ridiculous.
I'm not sure that was ever claimed. 3G, for example, was not ever attempting to get 3 Gbps to any device, and it got well over that if we're looking at the network as a whole. The fact that when they started using those names they kept incrementing the number suggests that it was always meant to stand for generation.
I made two points in two comments, and I think you may have mixed the two to disagree with them. The pdftotext example wasn't about a GUI being superior, it was to demonstrate why "man -k" is not a functional solution to finding a command you didn't know about. And no, it did not work well for me in my example. I only found the command because I already knew it existed and was able to figure out what the search term needed to be to make it come up. I pointed out why several logical choices that a user who didn't know the command existed would make completely failed to find the command. I had a second example which I decided not to include because it would have been similar, just a lot longer and less successful. You are correct, however, that the GUI would not necessarily solve that problem.
However, while a GUI won't make it obvious what every installed program does, it does make local option discovery easier for the unacquainted user. You can pull up contextual menus on an object and get a list of actions that can be taken on the object. This is quite useful in finding out what actions you can take, whereas the command line often doesn't have that because they expect the user to understand which commands you can send streams to and what they do. The original example of how to shut down Windows demonstrates this. I don't know how long it took them to think that the big button opens a menu and maybe the shutdown option would be in there, but since there was no other system menu, it probably wasn't very long. Once they opened that menu, they could explore all the other things in there and, knowing what options they had, start to use them. If you don't know what options are available to you, a GUI usually tells you that information more quickly than a CLI does. That doesn't make the CLI bad, it makes it harder to learn quickly, but since the CLI also comes with a lot of power and convenience once you've done that, it's still a valuable skill to have.
"There probably will be times when you really do want to click yes or no to every instance of a word you are searching for and replacing; but the rest of the time, you can't beat sed."
Or the "Replace All" button? Which doesn't require your editor to close the file before you do it.
"That’s against the basic philosophy of Unix: “one command, one function”, but it has become the norm for modern tools, and we’re stuck with it now."
I think that makes the most sense. A package manager should be able to manage packages, which means that it should be able to install and remove them. Is "apt install" and "apt purge" really that worse than "apt-install" and "apt-purge", because that's what you would get if you insisted that the app-install command be unable to delete a package. I don't think the philosophy was that each minor difference in function should be handled by a completely separate program, but that programs shouldn't succumb to scope creep away from their initial function. Installing and deleting packages is one function. Starting, stopping, and reporting on a service is one function.
"GUI design is opinionated...which means you don't always get access through the GUI to all the possible features and combinations, only what the developer decided that you needed and was willing to expose."
That's all interfaces. Developers of CLI tools have exactly the same problem. They run out of single letters for flags, the new option will conflict with an old one and users will complain if any part of the interface changes, the new option requires them to come up with a complex command syntax and write a parser for it and they really don't think the users will use that interface enough to justify that work, or they don't want to write the hundred lines that the new option will require to reject invalid combinations, so they leave it out. That is if they can, for example the other options are available in a config file somewhere or they're writing a frontend to something someone else wrote which has the option. Whenever you run a program, you are going to get the options the developer chose to put in it. A GUI doesn't necessarily have any fewer options than a CLI, and the best way of knowing which one has more options is to know which one came first because it probably got the canonical set, while some developer figured that their version could skip something that they thought was unimportant.
"I'd go one step further than a big red button on the PC itself and go as far as to suggest a dedicated key on a keyboard to "restart current app" would be great"
I will take the opposing side there. The user can learn to close applications. They can learn that there is no restart Outlook button, and that when you say "restart" you mean exit and relaunch. Or you can say "exit and relaunch". Either is much simpler than adding a key to a keyboard that is completely unnecessary.
If we start adding more keys for every situation that comes up some time, the desk will have no space for a mouse or papers because it will all be a keyboard with buttons like restart app, clear print queue, actually check for network interface having a connection rather than have the user assume that their internet is down, enable remote access for the helpdesk to show you what to do, close remote access because a scammer told you to push that button, figure out what application the user wants to use to open that file instead of the OS default because they don't know how to change it, etc.
The man -k command is a pretty rudimentary search facility which usually doesn't work. It can't handle any kind of complex query, and it falls back to hoping you can find a keyword that only matches the command you're looking for with it being quite easy to get nothing or twenty unrelated things instead. Here's an example. I've installed a command, pdftotext, which does what it sounds like. Imagine that someone new has sat down at my terminal, doesn't know that command exists, but wants to do that.
man -k "convert PDF to text"
convert PDF to text: nothing appropriate.
Well, maybe the quotation marks are not right here? They wrapped it because it is a command line argument with spaces in it, but when you do that in a search engine, it means to literally find the phrase. Let's try without.
$ man -k Convert PDF to text
30-systemd-environment-d-generator (8) - Load variables specified by environment.d
Git (3pm) - Perl interface to the Git version control system
RAND (7ssl) - the OpenSSL random generator
__fbufsize (3) - interfaces to stdio FILE structure
__flbf (3) - interfaces to stdio FILE structure
[over a thousand more results removed]
Fine, so maybe a phrase isn't the best search pattern. We don't want a thousand results. What if we use the smallest term possible:
$ man -k PDF
pdfattach (1) - Portable Document Format (PDF) document embedded file creator (version 3.03)
pdfdetach (1) - Portable Document Format (PDF) document embedded file extractor (version 3.03)
pdffonts (1) - Portable Document Format (PDF) font analyzer (version 3.03)
pdfimages (1) - Portable Document Format (PDF) image extractor (version 3.03)
pdfinfo (1) - Portable Document Format (PDF) document information extractor (version 3.03)
[8 more results]
This would seem to help a bit, after all I only have thirteen PDF handling tools installed here and they all came from the same package anyway. However, what happens if I run the same command on, for example, a system where I have a lot of LaTeX tools, which output to PDF. You get pages even with a terse search term like that. The search facility is very broad and the only way to restrict things involves regular expressions, which can work (man -k "PDF.*text.*convert") or can fail (man -k "PDF .* text .* convert"). Yes, the latter search pattern doesn't work because the description we're looking for has PDF in parentheses. This worked because I already knew the right command and could work back to a search pattern. For a user who doesn't know what the command's description has in it, they will have many more problems.
My suggestion is to write a quick script in any language of choice that looks something like this:
for directory in path_environment_variable:
for filename in directory:
manpage = output_from_command(man filename)
synopsis = manpage.parse_line_starting_with("Synopsis")
print(filename +": " synopsis)
The problem comes when you have commands that don't structure their man pages like that, don't have a useful synopsis when they have one, or the many things in there that don't have man pages.
Writing code in the comment box doesn't work well. It was indented properly when I put it here.
A CLI has a claim to being the least intuitive interface to the unfamiliar user, however. If you already know a command exists, you can probably look up a help page on it, but if you're asking a question like "What do I need to perform [action]", you don't have any way of finding that out quickly from the interface. You could look through every binary available on the path on the assumption that it's probably one of those, but those aren't organized in any way, have names that don't tell you anything about what they do, and not all of them will even have man pages. Invoking them to hope that they all have a --help argument and won't, for example, run some program that ignores the parameter is dangerous. Don't get me wrong, I spend most of my day in CLIs and I'm posting here while I wait for another CLI command to finish, but that works a lot better because I have had years of experience with it and I'm using a system where I already know the commands I'm using most often, know what they are capable of, and have DDG at my side in case I need someone to tell me the incantations related to something I haven't worked with before.
Dirty secrets are less important after some unspecified world-ending event. If you have the choice to get some supplies from the bunker because the guards are siding against the owner of them, would being told that the guard was fired for embezzlement really change your view on whether you would like to eat? If the secret was much more severe, you'd also have reason to question whether the allegation was even true (so you're telling me you didn't have a problem hiring a serial killer as your guard?) which wouldn't help either. I don't know what scenario we're really looking at here, but it clearly involves a significant amount of societal collapse. For example, you can no longer earn the support of people by paying them, presumably because money is now worthless, and in such a scenario, personal information is not so important either because everyone is focused on survival. How we get into that scenario is another question, but not one I think they have an answer to.
I have this feeling that if the event is sudden enough that you know you should go to your secret emergency location, it is probably also sudden enough that the people working the airports where your plane is decide they don't need to be working today, or if they do, that your flight is less important than the emergency transport going through that airport. Unless you have a private runway and a pilot who doesn't have a reason to want to go somewhere else, air transport is probably insufficient. Similarly for a ship, they usually take a lot of people to run properly and those probably are not sticking around when something bad happens so you can get going when you say now.
I do wonder how they expect to get from where they live to where their secret bunker is. Sure, sometimes they live in the above-ground part of that place, so if "the event" happens while they're there, then they might be fine. If they're in California when "the event" starts off, it's not going to do them much good, is it? This also depends heavily on what exactly the event is, but I'm not sure they've thought far enough to have any useful answer to that question. If I had infinite money and for some reason couldn't spend it on useful things, I'd consider something like this, but I'd have answers to the questions that caused me to do so.
I think you're looking at this in the wrong way. Email won't be killed off. If it goes, and I think that's going to take a long time, it will die a natural death. Anyone is free to set up a mail server and use it, either using the traditional protocols or using some of the security overlays designed to make spam a little harder which are also available as open specifications. Some providers can make it less interoperable, but they can't take it from you entirely. If email dies, it will be because people have decided that they no longer want to communicate that way, not because someone else made it impossible. True, if the free mail providers discontinue their services, that will make more people abandon it, but those people could have found a different provider and continued to use the protocol. If you're afraid of decentralized things dying, look at the users, or more importantly the former users, rather than the competitors. The competitors can't kill them. They can only entice users to do it for them.
Any legal or policy reasons will apply equally well to recording in person or remotely. If you need consent from all parties to record where you are, that applies whether there's a computer in the middle or not. If the policy says you don't do it when we're talking about the dodgy stuff, it says that no matter how the company does it. If you're going to ignore those things and do it anyway, then it comes down to the ability to make the recording, which is in most cases easy. If you are not going to do it, then you are back to trying to get things in writing. Where you are located is unrelated to this.
Of course, but my point was that working remotely or in person makes no difference to that situation, since you can record with equal ease in those situations if you've decided to do so. It may not always be the best idea, but if you're worried about recording, remote working is no guarantee that it will come in writing. Our friend elsergiovolador is a major adherent of remote working, but I'm afraid it leads to attempts to praise it whether deserved or not.
It's completely unrelated to WFH. If they want to avoid a paper trail, they'll do a voice or video call if they can't have a physical meeting. Either way, there will be no recording unless you make one, and you can make one if it's in person just as easily as if it's online. It's not hard to turn on your phone's voice recorder before having a meeting in person if you decide you need to. I know that you like remote working, but ascribing benefits it doesn't actually have doesn't really help make that argument.
"The problem with this scenario is not at all that the data was obtained illegally, but that you're committing a weird kind of slander by creating the impression that I'm the one doing or saying these things."
I covered this. That's a clear argument if I actually say that the video that appears to be from you actually is you. If I don't use your name, but it just looks like you, then I can respond that of course I've never claimed anything about you and therefore slander doesn't apply. It is still wrong and it should still be illegal based on not having permission to use the recordings of you without permission, and thus the illegal access to the training data is quite important.
"What, would you ban celebrity impersonators?"
As I pointed out, the impersonators and the software are not really doing the same thing, even though saying their intentions are the same is a superficially valid argument. I pointed out the comparison specifically to say that it was different in multiple ways from the programs that make faking speech and video easy. Did I fail to make that clear?
If we decide that modern AI is useful, then that's exactly the situation we're in. My view is that it is not sufficiently useful to justify exempting training anyway, and that even if it was, the companies that intend to make a lot of money from the result of the training can pay for their training data. We usually don't get exemptions for being useful. No matter how useful the code I write, I don't get my requirements for free. AI companies don't deserve an exception.
And how will you find that place to publish? If people are attracted to a publisher because they have avoided the AI-generated books, then what stops a bunch of authors from sending their AI-generated books to that publisher for consideration because, if they manage to fool them, they'll benefit from the better reputation? Any publisher that is successful at gaining that reputation will have to deal with a large quantity of LLM-written books anyway.
I'm not sure there's anything we can do about this, but I'm certainly not willing to take the destruction of copyright with that as the end benefit.
No, it's better. It's a future where rich people who want to pay so that everyone else gets great work for free just pop out of nowhere. Surely, if those people are there, they'll also be generous as well. If we're leaving reality, why not paint the best utopia we can come up with? The writer of that proposal certainly isn't restricted by reality.
The companies who decide that having a work in their training data is better than not having it would pay the person who made that work for the right to include it. They would be free to ignore anything like that and only use free data, and if they decided that they want to use more content, they decide what content and then pay for the stuff they want, rather than trying to decide that everything is free if you happen to be an AI company, a rule that I'm pretty sure they would not agree with should I get a copy of their models.
Consider something else I can do with AI. There are some pretty good programs that, with some effort and a lot of GPUs, can create models of a person's voice and appearance. Let's say that I can find some videos of you speaking online and I use this software to create a model of you. It looks like you. It sounds like you. It is under my control. I can make a virtual person of you say whatever I want. I could use this in an illegal way by actually using it to impersonate you, but let's say I don't. Still, whenever I want a video made, it would appear to be you saying and doing whatever I stated. Should I be allowed to do this if I can find the video online, even if you didn't intend it to be up there, even if you would have tried to have it taken down if you knew it was there?
That's basically what these models are doing. It sounds cleaner because it's text and because it's using data from more than one person, but it is still using data which was obtained illegally. I can pay you to get the right to make a virtual you, and several people have agreed to that, but doing it to someone who has not agreed should not be permitted. The human parallel is also there. Making a computer representation of you is similar to hiring a lookalike actor and a vocal mimic if we only look at the intention, but the realities of the two are very different, both in strength and scope.
If we're getting annoyed at common misinterpretations, I can complain about people who assume that average is supposed to mean the mean and complain when people use it otherwise. For example, when discussing IQ which is specifically built around the median, average probably does refer to the one that's intrinsic to the measurement, as useless as that measurement is. When not using such a measurement, the meaning of average is not clearly defined, but in informal speech it is more likely to refer to a combination of median and mode than to the arithmetic mean. That doesn't make their point any more useful or less cliched, but I'm afraid your rejoinder is pretty cliched as well.
"During a session, requests can carry a session identifier by annotating href and XHR request-URIs with query parameters, and forms with hidden form fields, simply by injecting those when serving content."
That is very easy to break. For example, if this is an online store and I've sent you a link to an item in the store, but you already added items to your order, then using my link will not retain your session identifier and you'll lose your progress. Weirder things might happen when people unwittingly include their session identifiers in links sent to others. Probably most of them will have expired by the time anyone uses it, but there's a chance that if Alice shares a link and Bob clicks it right away, Bob might find himself having more access to Alice's account than Alice had planned. Ways to work around this are of course possible, for example embedding an IP address in a session token and invalidating it if a different IP address is used, but that would risk having a leaked session token including personal information and would now mean that a user on a laptop or mobile device finds themselves losing stored progress when they move to a different network. There is a pretty good reason for not including session-specific data in URLs, and if you're not putting it there, then it has to go somewhere else.
I'm certainly not trying to be a contrarian. I think I'm failing to understand the distinctions that are so clear to you. For example, losing your contract and losing your job don't feel all that different to me. Using myself as an example, in either case, I am still a programmer, I still have the ability to go find someone else who wants to pay to get some code written, but I don't have the relationship that was bringing in income anymore. Therefore, if failing to show up early in the morning can get me fired or have my contract canceled, it feels like a similar level of power to me. The mechanics of how I do the job are different if I'm a contractor or an employee, but I will have similar requirements if I want to keep earning money from that company. If I'm a contractor and the company cancels it, what I am left with that an employee wouldn't have is the structures I set up to do the contract, for example the corporate entity through which I work, but that's not a lot since I, as an employee, could also just set one up if I decide to start being a contractor.
There is clearly a difference between contractors and employees and should be one. I'm not opposed to trying to classify gig workers as employees, although my opinion on it varies with what specifically they're doing. I just don't think the test of how much freedom they have works very well because it seems difficult to quantify that. If I'm working as a contractor for a massive corporation, someone trying to apply the rule probably won't think that I have an equal level of power with that company, but size doesn't necessarily equal the amount of power they have. Many of the other tests that are used are things that a computer could do given some defined inputs, or at least a human could do without having to require too much common sense, while the level-of-control test would appear to require a lot of subjective determinations.
For example, who has more freedom: a person who is tasked with going to a specific location at a specific time and decides in advance whether they'll take it or leave it, or one who gets individual jobs and accepts or rejects them at the time? Using those descriptions, I would say the former is the more restricted, but those are descriptions of a cabling contractor who has to install cable in an office when it's not in use and a rideshare driver who gets to choose the rides they do, and with those clarifications, the driver seems to be the more restricted. You could use a different test, such as whether there is an intermediary involved, but that still wouldn't change all of the ways the worker does control their situation, arguments that those businesses are sure to bring up when this test becomes part of a court case. That is why I suggest we find a clearer way to make that determination.
I'm not sure that comparison works. I can easily tell my boss that I don't care about his requests, at the cost of probably losing my job. A contractor has a similar situation. A contractor that's told that they have to attend a meeting with people to determine the requirements of the project or to provide feedback on an intermediate stage will not usually get to just refuse to do that and keep the contract, but does that mean that the contractor is not really a contractor in that situation? Similarly, the mechanic can look at the task I asked for and tell me to go away, and I can look at my boss's tasks for me and quit. Those end up looking very similar: I don't do the work, I don't get paid, I probably don't get any more work from that guy. So what test do you use to determine whether a choice to leave, which basically everyone has, is that of a contractor or an employee?
"Funnily enough one of the other criteria is how much freedom the freelancer has in undertaking their work. If you act like a boss, you're an employer."
That was their point. Specifically, that a term like that is kind of vague. If you hire a contractor, you usually still have some requirements about what that contractor is going to do for you, including some pretty detailed descriptions of the job you intend that contractor to complete and quite often tasks they'll have to perform that place some restrictions on when they do it. For example, a contractor hired to write a system will receive a lot of information about what the system has to do, on what resources are available for the software, and a list of meetings they'll have to attend to get information which will partially set the work hours involved. Does this qualify or not? If it doesn't, then what does? It is not a test which can be applied objectively.
You can try telling the repair tech that, since it's only hardware, they can swap the screens without any login information, testing by seeing if the lock screen comes up correctly. I'm not sure if they'll accept that, but you can try it. Some other repairs might need them to test things that are only available when the device is running.
"if you are going to offer subsidies for rural service why not just refund the rural users some part of their bill for whatever service provider they choose?"
Because that will just make whatever provider of any quality that currently exists put up the prices, collect the subsidies, and provide nothing more than they already did. These subsidies are only there for building something better, meaning that companies that want them will have to make some improvement, or at least pretend to well enough to fool the regulator.
I'm not sure why you're using Nigeria when speed data in various parts of the US, which is at issue, are available for a longer time. For example, you could use this article or the map it's referring to. One problem that might have is that as more users sign up, they will either have to send up more satellites or decrease speeds for everyone, probably both. As the linked article states, they're already having to do that in some parts of the country where there are more users. If subsidies are used to add more users to the service right now at the cost of decreasing the speeds for everyone and not necessarily having any long-term plans, then the FCC might prefer a different method.
"No-one in the UK would put up with over $100/mo for a sim only mobile service."
Do they have to? I see plenty of much cheaper mobile plans from US providers, including options from $10-$40 per month, with the higher levels including unlimited data though there's probably a catch to it somewhere. Also, we're not really talking about mobile service, but home internet. I don't expect that the FCC's rural proposals will be perfect, but they're intended to provide faster service where there is currently nothing, and if such a service could compete with Starlink, then customers would at least have a choice of two providers, and those providers might try to win customers from the other one in some way that would benefit them.
"I'm not saying Elon deserved the money, but people deserve better access, be it him or anybody else, just for the sake of driving prices down."
If he just gets handed money to serve areas without competition, how does that drive prices down? He'd be pulling from an infinite money pot. Well not as currently designed, but once this one has been drained and the people concerned still have no affordable internet, they'd have to go find some more. Anyone in that area is already free to buy Starlink service at Musk's prices, so how does the government subsidizing that price improve things?
Meanwhile, if they can actually succeed at making a real provider whose fixed costs have been covered, then that will drive prices down much better as that provider will be competition for Starlink, meaning that there will hopefully be some competition to lower prices and get customers in the area. No guarantees that it will be built correctly, but at least that one has a chance of working.
I will try one more time. Governmental abuse is one problem. The availability of tools for that abuse is a different problem. You can have governmental abuse without those private companies if the governments themselves write it, and that would be, or rather is, bad as well. Since those private providers of intentionally abusive tools distribute them to more governments, it tends to enable more abuses because the cost of developing them is spread around. The governments concerned would have been willing to commit abuses anyway, but the tools make it easier for them to do so and to have stronger effects when they do.
If I was trying to "deflect", I wouldn't keep saying that governments are committing abuses, as I have in both preceding posts. Meanwhile, I have yet to see any real point from you, other than somehow deciding that NSO and its ilk are unimportant. They are contributors to the problem, and thus we discuss them.
"Can you explain to me how NSO forces its clients to abuse the tools?"
You're just being stupid now. They make tools whose entire purpose is to abuse people. They're not forcing anyone to abuse them. Governments who want to commit some abuses go looking for tools that make it possible, and NSO is rewarded well for having made such abusive software. NSO forces none of its clients to abuse the tools, and all its clients are committing abuses with them.
I'm not sure what point you'd like to make, but you're not arguing it well. First, NSO had nothing to do with the article's content (wrong) and now, they're just tool manufacturers (wrong).
No, the article was about the private groups that operate with governments to help generate that abuse. NSO is an example of such a thing. The governmental abuse is the result, and private actors are one of the components that generates the result. Both need to be handled. I do think they made a mistake naming Lazarus as one of these because it's not independent of North Korea's government, but the rest of the examples are private and most often work with multiple governments, and probably other groups as well no matter how many times they try to claim otherwise.
It wouldn't be very accurate, since it would at best track criminals cashing out and victims initiating payments, both of which come after the original crime. It also doesn't very much because people gambling on it causes a lot more noise, so fluctuations related to criminal activity are absorbed and somewhere between very hard and impossible to notice.
"You'd really like to trust your personal phone to Microsoft (for example), not to screw up an update? Really?"
You mean of the Microsoft Authenticator app? Yes, I'm completely fine with that. I've had that authenticator, along with several others, for years. The app has never broken, let alone caused damage to anything else on my phone, because can you name any app update that went through the normal procedures* that bricked a phone? At worst, the authenticator would break which is more my employer's problem than mine, but that's never happened with that one or any of the other ones I've used, and I've used at least four for various purposes.
* I'm referring to a normal app with user-level permissions, not for example one installed as part of a rooted device's firmware. I have broken, although not bricked, a device by messing with those, but a) that wasn't an update, it was me deliberately deleting and replacing files in the /system/priv-app directory which you can't expect to be perfect, b) authenticator apps are not in that directory and don't do anything like that, and C) they wouldn't have the ability to do that even if I was able to replace them with code intended to brick your phone because of app sandboxes for user-installed apps.
Which points out how it fails:
"IT shouldn't be able to mandate MFA without approval by the C level."
IT: We should have MFA.
Management: We're busy. Go away.
IT: There are major security risks. We can prevent them or at least significantly reduce them.
Management: Fine, go do it.
IT: We'll need some money and you will all need security tokens on you at all times.
Management: How about we skip this idea?
IT: That's dangerous, and it's not that much money.
Management: Bring it back up at the next planning meeting.
Admittedly, everywhere I've worked full time, IT has and it's gotten implemented, but you can see how it isn't quite as simple as we'd like it to be. I'm not comfortable letting IT off the hook when the management has pushed back, but neither can IT bear all the blame in that situation.
"Besides, there's nothing stopping Google from scrapping free listing and charging listing fees on all apps in Play Store. Rake affected only 3% of big app developers, listing will kill most of the 97% of small app developers whose apps are free. This will end up favoring the big app developers and killing the small app developers, thereby shrinking the supplier base, which is exactly the opposite of what antitrust is supposed to do."
You're making several leaps to get there. Yes, it's possible for an antitrust action to have that effect, but first, Google would not be required to make a change like that no matter how cases go and second, it would be a ridiculously stupid thing for them to do, they know that, and therefore they won't do it. Android wouldn't sell very well if the number of apps was cut dramatically. Lots of other platforms have proved that.
"Updates are available which allow devices to run Android several versions later than the point at which the manufacturers abandon them."
If you're very lucky and find that the phone's systems aren't locked down, that the hardware is sufficiently documented, and that either you know enough on how to build an image from scratch that's compatible with all the hardware or know someone else who does. For the vast majority of people, they have no way of knowing whether their phone could support any of these and for most of them, the answer is no. That a few devices support such a thing does not make it anything but the exception.
Not so much. If that were the case, Chromebook sales wouldn't be primarily from education. If everyone who basically spends all their time in a browser bought a Chromebook, there would be a lot more of them around. People are interested in the OS. Maybe because they have software that needs a specific one, maybe because they want the familiar, maybe because they know that one allows room for expansion and the other doesn't, but they are using some assumption about the OS to make their decision.
Those figures prove the point. Increasing the OS size by 2 GB, even if that does represent a 200% increase, is not making too much of a dent in a 32 GB drive. Even if I start increasing that a lot more, there'd still be plenty of room on that drive. The OS takes up part of it, but a lot of it is stuff the user chooses to put there, whether that's software to do things the OS doesn't already do or files, primarily media. A photo collection can easily take up that size of disk; while I don't have one, I've helped others who have gigabytes of photos so I know people do it. Again, consider what a system would look like if the OS had a separate disk which couldn't be used for anything else, but left the main disk entirely for user software and files. Would a 32 GB disk be fine even if it didn't have to store any OS on it? I contend that it would not.
"If it really is just blatant incompetence, someone somewhere is certainly missing an opportunity to get paid for their idiocy, and that doesn't seem very entrepreneurial at all."
I'm still early in my career and find no difficulty assuming that there's incompetence somewhere in any system. It doesn't even require an incompetent person given too much authority, though those are common as well. It can be as simple as too few people given too many responsibilities, so even though everyone knows that something should be fixed and could do it, it keeps not getting done. This isn't usually a single obvious thing like "someone needs to turn off public access to that server", but usually something larger like "someone should do an audit of all the internet facing stuff we have to make sure we haven't missed something", but since that would take a while and doesn't produce a result that can be noted in an achievements list, it never gets prioritized unless someone decides to do it on their own because they feel it's too important to skip.
Which means that, when you're looking at contracts, you know what they will charge. If it's a higher number, you can look around for the person charging the lower number. If it's a lower number which will increase by an unpredictable amount, you can't make that comparison. Adding in expected inflation is exactly what I want them to do: they decide how much they want to charge for the service, I see all the data before signing up, and we can quickly agree on whether I'm willing to accept that or not. If the contract allows them to change the prices, then it usually does not allow me to cancel the contract because they did, and I am now required to pay whatever amount they come up with.
If they don't like that, they're free to not have any contracts. I have various plans that work like that. They can raise the price any time and by any amount they like, and I can leave them at any time. This is fine with me because, at worst, I pay the higher price for one month to give myself some time to get a new provider, then they lose my business. In my experience, they know that people will do that and therefore avoid doing anything too egregious that would make a lot of customers want to.
I get the risk, although things like a GMail account have a similar level of vulnerability to a password leak. I still fall back to asking what the other option would be. The exploit used last week was unauthenticated, but Apple blocked it and it's not coming back. With that gone, I don't think there's any doubt that any other unauthenticated methods that may exist will also be blocked when Apple becomes aware that someone is using them. Thus, if you're going to use something like this, you will have to enter credentials somewhere. That's enough for me not to use this app, but you speak as though there's another option and I don't see what it is.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
