Posts by doublelayer

Re: Harvest Away......Avoidance Is Possible.........

If enough people do that, they can always come back and ask for another law. You can use a burner phone now, but there are lots of countries that forbid them and require you present identification to have a phone number. They're not universally dictatorships either, though many dictatorships do it. Of course, that doesn't mean that every phone in the country has done that, but it does make it harder. They cannot make it impossible to get around some of this, but they can make it difficult unless you have plenty of knowledge and a lot of determination. The other problem is that if you think you have plenty of knowledge and don't, you could end up standing out like a spotlight. Just because circumvention is possible doesn't stop this from being a bad law.

If we start with the idea that they want cameras at all, and some people clearly do or the open source and private options mentioned in the first comment wouldn't exist, it isn't that surprising that a lot of users ended up with proprietary cloud-based versions. I don't want any cameras, and I'm fortunate not to need any, but let's consider this from the perspective of a nontechnical person who does want or need them.

You can build a surveillance camera on your own from available parts. So can I. The average user, on the other hand, finds that kind of effort difficult and does not see the benefits from the hardware. They are right; the version you build from a Raspberry Pi is likely to cost more, require more maintenance, and have fewer features than finding a company that mass-manufactures millions of dedicated devices. Even if they got one or used a prebuilt camera that only uses local network traffic to collect information, the server portion is inconvenient. If they have a camera on their house, they probably want to see through it when they are away from their house. The typical solutions to this challenge include making a VPN to your home network or renting a server and configuring it to allow remote access. Neither is convenient for someone who does not have servers already and doesn't know how to configure, secure, and maintain them.

Even if they did both of those things, some users may want certain information. For example, something to look for people approaching their house which notifies them, the ability to talk to a person at their door even if they're not home, and the ability to quickly share data from the camera with others if needed. A lot of that is difficult from a web app and would work better with native ones. Now we're into an area where it's not that quick for us to make that from scratch either and we'd likely look for an open source option, but the open source versions can't work with every device in existence because they don't have standard interfaces.

It is not surprising that people who want cameras end up buying the cheap products with software that can do what they want. It is disappointing that they do so from companies that have thoroughly violated their users' and everyone else's privacy. I hope that this is mostly down to ignorance of how bad companies like Ring have been for their users rather than failing to understand the consequences of Ring's actions. Still, we have to look at things from their perspective if we're going to fix things or even just correctly explain why they're doing the things we wouldn't.

Re: Assumptions -- No -- Never heard of them!!

what about "Innocent Until Proven Guilty"

Not a problem from the point of view of police calling for real encryption to be banned. They simply get the local government to pass a law saying that only a certain encryption algorithm (the one that doesn't work) is permitted. Now the people who use something else are guilty and can be treated as such. Various countries go through a cycle of proposing this every few years. Australia and the UK are frequent culprits. The US seems to ignore this particular pathway, having tried it back in the 1990s, and instead just allow their law enforcement to do whatever they want with people's data with very few limits. Either way, they don't see this as a big hurdle.

Re: Given that---

It's not only about killing people. It is also about imprisoning them. Or even charging them if they haven't actually done anything worth charging. Moreover, it's about accessing the communications they shouldn't need, whether that results in imprisonment or charges or not. For example, if a police officer with access chooses to look up someone they know just because they're curious, that person is not likely to be charged or imprisoned, but they have been harmed.

If the police don't kill innocent people ever, that is not sufficient. What you need to be certain of to make this in any way justifiable is that the police are infallible and will never commit any abuse, no matter how small, and will never commit any error that permits someone else to commit an abuse. Are you that certain of them? I'm not that certain of anything.

Some of those bodies are American, but it won't do much good. The stuff China needs to develop chips around an ISA are public, as in I can just download them from the internet and they already have. I don't think China would respect or even acknowledge a legal term saying they're not to do that. Politicians, as expected, have no understanding of what actions are possible or even what the things they say mean. I'm pretty sure that this request came from politicians reading an article that said something along the lines that "China may turn to instruction sets like RISC-V" and just assumed that they could do something to prevent that from happening, not bothering to understand what any of those big words mean.

At most, they could prevent US-Chinese joint efforts to develop a chip. There probably are some, but it's not going to have a big effect if they move all their operations to one of the two countries.

Re: Disappointing

They don't want an open source OS that their competitors could sell to Chinese users and people outside China still wouldn't buy. With one of their own, they can try to keep any additions to themselves, which means more buyers of their devices inside China. By the way, there's nothing unusual with that in the "Chinese mentality" area; Chinese companies are not well-known for universally caring about open source or trying to team up with one another, and that's true in nearly every industry. They can say all they like about wanting to export Harmony OS outside China, but I wouldn't expect it to work. Lots of companies have tried that, a couple of them putting plenty of money into the idea. They all failed.

There are only two ways that Harmony OS will catch on outside China:

1. Huawei just releases the current version of Harmony OS. That is to say, they release a standard Android phone and make sure it says "Harmony OS" on the start screen and settings app. Sure, it will have a Huawei app store and HMS running on it, but it's still Android. Even with this, I don't think it will work well, but there's a bit of a chance.

2. They seriously subsidize the devices to make them cheaper than all the competition, then aim for developing markets. If they don't get developers on board, they'll have to subsidize even more to get them below the KaiOS devices, and that's saying a lot.

I don't think they're going to do either of these, and therefore I think this attempt, if they're even serious about it, will go nowhere.

Re: Interoperability

I think you're correct in general but incorrect about this. In this case, the bill simply requires that the government use an open standard instead of a proprietary thing. That makes it necessary for a standard to be created and encourages its use, but people are free to create an incompatible version and make it available. It just won't be purchased for U.S. government use. This bill will promote the existence of a standard, hopefully a good one, without enforcing it on everyone. I would support it.

Where I agree with you is when laws are passed mandating that nothing may exist that isn't interoperable with a standard. That prevents someone from choosing to give up interoperability in order to get some feature not supported by the standard. This is important to me because, for many of the things that have done this, the thing they wanted to include that wasn't in the standard was encryption, which is a feature I value quite a bit. It's also the most likely place where encryption will be limited by legislation. I think we should have the choice to build incompatible things, but I have no problem with the government refusing to buy them.

Re: A DPRK IP address, you say?

What do you think they'd be allocating that space to? Internal stuff gets internal IPs in the 10/8 block. The small block also means it's really easy to do intensive portscans of it at all times.

Re: And how would that work?

"what would “your Instagram feed” look like without tracking?"

I have some ideas they could try:

1. A list of posts from the list of accounts you selected to follow with a sort box on the top so you can pick between various methods of ordering them (newest, most positively reviewed, most positively reviewed by a lot of people, most reviewed by people in any direction, any other sorters you might find useful).

2. A list like that, but in addition to those posts, you see posts from other accounts that are linked to the accounts you chose to follow. This would use public information like which accounts those people chose to follow.

3. A personalized feed of posts picked by asking you to voluntarily give them some information about what you like so they can search for it. You could push some buttons instructing their algorithm what you like and what you don't like, and various programs could scan for patterns in those then predict whether you'll like certain other posts. They don't need to base that information on what someone else liked if they can use an algorithm on the content. You could deliberately indicate these things instead of collecting and using other pieces of information like how long they think you looked at a thing.

4. An anonymized collection linking views and followed posts, but without including user IDs. It doesn't help when you want to see the full history of someone's actions, but the point is that we don't want them to see a full, or partial, history of someone's actions, nor do we want anyone who breaks in to have the ability to retrieve one.

I don't use Instagram. Do any of these look workable to you?

A lot of modern flip phones have WiFi. Yes, they also usually have a basic web browser, but you are free not to use it, and if I remember correctly from when my friends showed me the experience of using a flip phone to browse, you wouldn't want to use it anyway. There are many phones more capable than this one but without the interfaces of a normal smartphone, so they can often let you opt out of smartphone activities because they either can't install apps or can install them but you wouldn't be able to use them well.

Re: Begging the question

Both of those adverts are intentionally shown to you. There is no infringement. What I'm referring to is intentionally finding and reading an unauthorized version of a work. If you go to a site that distributes unlicensed video, and all you do is watch the video, you've done something illegal. In practice, you'll generally be safe from consequences because people don't really care and those who do are too busy with those who distribute those copies.

There are, of course, exceptions to this. If someone else obtains a copy of media illegally but you don't know that, you'd be able to correctly say that you didn't have mens rea. There are plenty of reasons why you could end up seeing something you weren't supposed to but it isn't a crime. None of them apply to AI companies who wanted to use some content and deliberately obtained copies of that work. Nor would you be off the hook if you deliberately downloaded work, knowing that the copies were unauthorized.

Re: If people want to side load crap onto their phone, they can buy an Android

From the point of view of an individual consumer, Apple's market is a monopoly or irrelevant. It is not the same as a single store. When someone buys an iPhone, they become unable to choose another store unless they replace it. If one store offers something, they generally don't get to lock me in there and tell me that, even though there is another store selling the same thing across the road, I can't use any products from their store with any products from that store.

As for the smartphone market as a whole, while it's not the one the law is talking about, Apple have an oligopoly position. Market regulators usually also regulate those. The laws are usually written specifically to let them. The reason is that, when a market has two real competitors in it and they start to adopt suspiciously similar terms (Apple and Google have a lot of the same terms in their store agreements), then there's not much difference from a normal monopoly. So they also get to regulate the phone operating system market under those rules, such as, for one example I'm just randomly picking out of the air, rules on app distribution that apply to all OSes for mobile phones.

Re: If people want to side load crap onto their phone, they can buy an Android

Governments are supposed to have monopolies on some things, like making laws or sentencing people to prison. That's what we're going for. So yes, well spotted, they tend to be one. Of course, when we see a government trying to have a monopoly or even get involved in something we don't want them to, we complain and try to prevent that from happening, just like we complain when Apple tries to. I'd say our track record on getting results is higher for governments than it is for Apple, though not dramatically.

Re: Time ticking also for

Yes, not being able to remove something is exactly the same kind of issue as not being able to install any competitor to that thing. There's a minor difference in scale involved. As long as I can still install Firefox, set it as default, and ignore Edge, it's not a big deal to me. Yes, the links in the settings will still open Edge, which is annoying. However, I have a recommendation to you. Don't click them. Even if they open in Firefox, they don't send you anywhere remotely useful.

IOS's lack of choice is actually a lack of choice. Microsoft's preinstallation doesn't prevent you from choosing something else freely, nor does it make it harder to do so.

Re: Dependency

I note that you didn't answer my first and larger question: which of Apache or the Linux Foundation are you also blaming and why?

I also note that I said nothing about my opinions of systemd, but you have jumped to conclusions that I have no objections, then jumped to another conclusion that I "seem blind to appalling defects and fundamental flaws". I may oppose systemd's use as well, but by deciding based on no evidence, you confirm that we cannot actually discuss the related but not identical issue of whether choosing to use it should be a blight on an entire organization rather than, for example, the group that chose it alone (many Debian developers work on something unrelated). If you insist on seeing any questions as opposing points you didn't even make, a discussion seems precluded. You would still be capable of answering question number 1, though.

Re: Dependency

Just checking, I see why you blame Debian for adopting systemd. I can even see why you include Canonical, even though their use of systemd is mostly based on Debian doing so. But which of the other two are you blaming for it and why?

There's another question of why choosing to use systemd makes them ineligible to do anything else in your opinion, but I'm not sure it's a discussion for which we'll find a common starting point.

It's not even just the other developers. End users can be pretty demanding as well. It doesn't take that many of them for those doing the work to start getting annoyed at their users and withdrawing from user-focused channels. Nor is it at all unique to open source software, but there's a bit better of an argument for customers of a company to feel they deserve the attention of that company's staff. I don't think we'll ever find a solution to that, but I'm all ears if someone else has one.

As it happens, I don't. I develop software on Linux servers. There are times when it gets tested on Windows, but often, running on Windows is not required and I am free to use Linux-only interfaces.

If you understand what I'm saying, you may find out that I'm not saying "switching to Linux is bad" or "you can't switch to Linux". I am saying that switching to Linux is hard, and that if you want to do it, you will have to have answers for them. Dismissing those hard things will only lead to wondering why nobody accepted your change request.

"I'd be asking more questions about what they produce that can't be replicated with a good program."

Usually, the answer is nothing. However, hiring a programmer and giving them the information necessary to make a good program seems expensive, often more expensive than it really would be, and the Excel guy is trusted and more obviously needed. Sure, if they hired a programmer they could automate this and be on their way, but then the business asks what they'll do if the process implemented by that program changes. They're used to calling on the Excel guy who can change the spreadsheet quickly enough, and they're worried about how long it will take a new programmer to understand the code, understand the process, and implement any changes they need. The Excel guy is also capable of doing other jobs in between maintaining and operating those spreadsheets, so they probably can't be entirely replaced by a programmer.

This does produce inefficiencies, but businesses don't necessarily know how much they could improve unless we tell them. This was the point of my original comment. I didn't say or mean that there are no benefits to adopting Linux or retiring spreadsheets. I didn't say or mean that the costs definitely outweighed the benefits. I did mean that, if we want that to happen, we will have to explain why our option is better, how they can benefit, what they will have to do that will hurt in the short term and why our version is worth doing it, and using business-focused examples rather than saying "Microsoft is just bad" because they don't necessarily agree and don't really care.

Original: "The 3 people who live in Excel all day for whom replacing it would be a stupid waste of time and money."

Reply: "First 3 - make them redundant."

By definition, those people are doing something useful. If you make them redundant and easily hire three new people who can use other tools as well or better, have the institutional knowledge, and take over, great, do that. You don't have those conditions. The people who live in Excel may not understand a lot about computers, but they usually understand a lot about whatever is in those Excel spreadsheets. If those spreadsheets are pointless, then they're not the people asked about in the original question.

So the original question, what do you do about people who are productive and necessary using Excel but either unwilling or unable to become as productive using LibreOffice, what are you going to do about it? If the answer isn't cheap or simple, it's unlikely to get past management when the relatively cheap and simple option of "buy some Excel licenses" is on the table. I've seen a lot of people who seem confused about why businesses aren't switching to Linux where the answer is that they've not even tried explaining the benefits and costs from the company's perspective. If you can't do that, it won't happen. If you can do it and don't, it usually still won't happen. "Benefits" in this case does not include things like the ideals of open source. We care, they don't. They're interested in time, money, productivity, all that stuff. If your costs are going to include firing three people with a lot of institutional knowledge and finding and training three new ones, you'll have to have a big benefit to balance that out.

Re: The 3 assistants with fantastic people skills who effing hate computers

It depends on the desktop in use, and I don't have a full list of which ones can do it and which ones can't. However, I was attempting to make a point about how very small details can end up being ridiculously important to some users. Perhaps it will turn out that any desktop environment on Linux can do keyboard shortcuts just like Windows has, but there are a hundred more tiny things that a stubborn user can complain about. One of two situations will occur:

1. You spend 5 minutes * 100 UI things to painstakingly customize it to look exactly like the machine they used before.

2. You spend probably a few hours training them to use something else, then another hour when they break something, and you hope it ends there.

Either way, change is painful. I'm perfectly happy changing anyway, but as a programmer, I get to hide in my text editor while some unfortunate IT person has to make sure that people understand how to use their machines and that reduced productivity is not being blamed on them. My comment was in response to someone who said that switching from Windows to Linux shouldn't hurt for someone who hates computers. Yes, it absolutely will hurt, as would changing the other way, or changing basically anything else. That's what is not fun about people who hate computers and have to use them anyway.

Re: The 3 assistants with fantastic people skills who effing hate computers

"Assuming you worked in IT it wasn't your job to train them - that's the responsibility of the functional manager."

I wasn't in IT at the time. I was a programmer, working for a different company. I was volunteering some programming work for a charity, and while I was there, an employee of the charity ended up drafting me to look at the machine concerned. So you are absolutely right that it wasn't my job, as it wouldn't be the job of IT. Yet, when IT makes a change, they will be expected to train people, whether it's logical or not, as proven by the times when IT didn't make a change and they're still expected to train people. Pointing out that it shouldn't happen doesn't prevent it from happening nonetheless.

If IT switches everyone to Linux, they'll undoubtedly be doing some training. A lot of people will have questions and confusion that they won't figure out instantly. IT decided to make this change, so they'll have to handle it. It's not that illogical to expect it. The trouble is that, even if that initial training deals with many of the users and they can carry on without more help, there will be some who need a lot more help, and IT has already demonstrated that they can train people on this new system. The work will end up on their list. They should plan for how they will handle it because they don't really have a realistic way to choose not to.

Re: Credential stuffing and password spraying

They didn't mean denial of the site's service, but of the account's service. Let's say that I manage to get your email address used to sign in to these forums. I deliberately enter it on the login page with three random passwords. Now you can't log in for the next half an hour. If I wait and do it again, then you're locked out again.

Fine, so to solve that problem, we do it per IP address. Only my IP is blocked for half an hour. So if I'm password spraying, I get a lot of IPs and try three from each of the nodes, then cycle onto another one. If I rent a rather small thousand-node network, I can test an average of 100 passwords a minute. The spraying attacks most likely to work aren't trying to brute force every set, but using a set of common passwords or ones they already know you use.