Posts by doublelayer 9408 publicly visible posts • joined 22 Feb 2018
I wouldn't pretend that this is the best solution to the problem, but if anyone has a better one, people are here to listen. Most better options are better for some use case and either painful or completely broken for others. The benefit of Snap or things like it is that they can work for a number of generic situations, rather than just one.
Not only is the SSD soldered, but it is used in such a way that if the SSD fails, the computer dies. The bootloader needs to access data on the SSD to run, which means if the SSD isn't working, you are also unable to boot to external media. This means that, even if you have access to the tools needed to remove an SSD from the board and put in another one, you probably can't do it and have the computer still work because you need to somehow prepopulate the chips with the code for the bootloader. Since the computer can't do it itself, you'd have to create a board to accept the chips, solder them to that, write the code, remove them from that board, and resolder them to the Mac.
Outsourcing doesn't just mean to another company. In my comment, it meant running the software on a different machine, which might be rented from a cloud provider or owned by the same company. If you meant your comment apply to using the cloud provider's server, it's not the same as outsourcing since you can easily reserve capacity from a cloud provider to guarantee its availability and, if you're using it for temporarily using a more powerful computer than you want to buy, it's quite easy to move that task to any other provider of big computers or your own. This is compared to the difficulty moving things from a cloud provider if you've put publicly-accessible resources there, which is much harder.
Not a good person to buy from then. I don't recycle electronics professionally, but I do and have handled them for quite a few people. If they're trying to get rid of Apple equipment, I have them reset it beforehand. Whether I'm selling them or more likely giving them away, that is my responsibility to do to make sure they work. If someone is not bothering to do it, it suggests that they're treating their eventual customers quite badly by giving them equipment that might or might not be effectively broken, and if they're doing other checks, it suggests that they might be accepting stolen equipment. Either way, find a better supplier.
Or a different option: they planned to erase it and sell it themselves, earning the money he ended up with. Without context, we don't know this, and I mean that in both directions. This easily could have been theft, but it could equally likely have been that they wanted the equipment disposed of and didn't mind that he took it. I've gotten plenty of hardware by being willing to take it away when the former owner wanted it out of this closet today, please, and I don't care what happens after that. Don't jump to the conclusion that this machine was stolen, nor the conclusion that he did the former owners a favor. Both are possible, and a few intermediate options are as well.
The problem with that is that most of that is caching of some sort or another. If you have a lot of memory, Windows and applications will preload stuff to make things faster. If you start using more, you'll quickly see many of those processes and the system use evicting it to leave more room for your work. Mac OS does the same thing. This means that merely looking at Task Manager or Activity Monitor doesn't give you a great picture of how much RAM is necessary to do a task, since much extra space is and should be used by caches, only some of which is shown to you as caches. The only way to know your memory needs at the moment is to start paging before you're comfortable with it or go through a more laborious profiling of each of your typical tasks.
I don't object to someone buying a Mac because they like a Mac. I've made that decision before, and last time I made the equally defensible decision to buy a non-Mac because Apple had annoyed me with what they did to the Mac it replaced. Either way makes sense. What I find harder to accept is when Apple has two types of laptop, one specifically labeled the Pro model and sold at a price that should come with some pretty impressive professional specs, and it's no better than the base model MacBook Air. Anyone can choose to do whatever they like with their money, but that doesn't mean I shouldn't judge Apple for overcharging those people or tell them that, if they're the kind of person who can use 8 GB of RAM, then they probably want a MacBook Air because the Pro is giving them nothing of value.
"On what planet are you on where you are running a big DB on a laptop?"
Here's one case where you absolutely would: local training of a machine learning model. Normally, that kind of thing gets outsourced to some big servers running Linux, often in some cloud provider's DC, but the point of the discussion the article covered was to show off doing it locally, and people sometimes do. You know what they need if they're going to? A lot of training data and something in which to store it. Quite frequently, that's a database of some description, not just a really big directory.
The point was not about databases, though. That's just one example of something that takes more RAM. There are many such things, from running a virtual machine or two to working with some high resolution video, something Apple's been popular for for some time. That's the kind of work where buying a Pro makes sense, and the entry level Pro is likely to have some problems doing that well.
By routinely keeping open a ton of applications and lots of browser tabs, each with pages with lots of graphics, downloading stuff in the background, and wanting to be able to return to applications later without waiting. Don't get me wrong, memory waste has increased significantly, but when memory was at a premium, we kept things in it less. It was not common to keep programs running when you weren't planning to use them soon, and even if you did, they would be more aggressive about writing things back to disk and evicting them from RAM.
A simple example: I used an audio editor from the 1990s. It could run in a few megabytes of RAM, and most things were fine. If you ran a complex operation on it, though, you'd have to wait a while for it to complete whereupon it would let out a loud ding to alert you that you could stop looking at your email now. It did this, not just because the processor was slower, but because all the data you were editing was stored in huge temp files on your hard drive, which if you were unlucky wouldn't get deleted and you had to go find and clear them. Some operations would limit your ability to use the undo button or would make the undo process another long wait because they would require making another copy of the file and that would use up too much disk space. A modern audio editor uses a ton of memory, but this is because it keeps all that raw data in RAM, including the old data you discarded a while ago, for speed. If you're low on RAM, it trusts your OS to swap for it. This wasn't just audio editors. Anyone remember Office files of the form ~$ocument.tmp? They were hidden by default, but you could unhide them. That was the hack to use the disk as RAM so that the software itself would use less. We have abandoned those hacks and started telling the truth about how much data is being used.
I don't really disagree with Apple that 8 GB is enough for some use cases. There are certainly many for which more is helpful, but there are many people who don't do that much with their computer who won't benefit from it. My problem with this spec is that they're pretending it's still high-end and charging accordingly. Sorry, Apple, but 8 GB of RAM is now the basic amount that computers come with once you get out of landfill range. You get a few points for the speed, but the quantity is not only not special, but it's not even average. I'm convinced that the only reason they have that option is to be able to say their MacBook Pro starts at a lower price of $1599 (US, and I'm using USD here because it's the one Apple starts with and doesn't involve calculating any tax rates to compare it), which is a lot of dollars. You can get a lot more performance for the same price elsewhere.
While Apple's always been somewhat expensive compared to the market, they usually weren't this crazy about it. In fact, they still aren't in many cases. For instance, the Mac Mini still starts at $600 for the same 8/256 GB pairing, although they haven't put the M3 in it yet. They are telling us that the laptop part is a lot more expensive than we know it to be and then overcharging for each small increase in specifications above that mediocre starting point. I won't disagree that 8 GB is enough for some people, but don't pretend it's amazing when it's not.
"Err... no they don't."
Check out that boring page at the beginning that everyone skips. It's almost certainly on it. The specific phrase "stored in a retrieval system" is a popular thing to forbid, along with various other methods of copying it, then a generic term to confirm that they do mean all copying, not just these things.
"Does that include indexing?": No, it is about the content. The title isn't covered.
"You can't prohibit storage of an ebook on an electronic system...": The phrase about forbidding all these things usually includes the clause "without written consent". Library ebook systems receive explicit licenses, with limitations, from the publishers. Publisher-sold ebooks are also covered by license terms which I guarantee are available somewhere nobody reads, either in the book file itself or where you obtained it. Those terms are probably similar and can be loosely paraphrased as "yes, we know this is an electronic retrieval system, but no other ones, okay".
It's less that testing is important and that testing needs to be done properly. A lot of places do testing. Fewer places do testing right. For example, it's common to require unit tests on code, but it's also common to have code that isn't improved with unit tests because they test the obvious. You get a function with some pretty basic control flow and a stack of tests that test that, if you have an if statement that calls another function under a condition, that it does in fact call the function if that condition is true and doesn't if that condition is false. This gives you no useful data, because all that test proves is that you've written the condition the same way two times. It doesn't prove that the condition is the right condition for your situation.
It doesn't even prevent breaking that later. If someone changes that function to have different control flow, the test will probably break. They will be expecting that since they just changed the function. However, with unit tests that only test units, it doesn't necessarily tell you that there is a caller somewhere which is counting on the old control flow and is now doing something wrong, because the unit test on that function specifies what the result is and only checks what it does with that result, which is still correct. To get that information, you need wider tests that test the interaction between units. Thus, you can do a lot of testing and still do testing wrong.
Another aspect is that IT may try to process data using tools that would do it properly, for example writing custom code where there is a single point of truth for the source of the data and a defined process for changing anything, which is more stable and likely to perform better in the long run. However, building something yourself is a lot faster because you don't have to find someone with the programming skills to make that, nor go through the process of explaining clearly to the programmer what you need and answering all those questions. Developing a system that's high quality often takes time that the group concerned doesn't want to spend, and hacks like Excel end up bridging the gap.
As a person who sometimes ends up writing the code for this part*, I have sympathy with the groups here. When I write code that takes data from a form they already have and performs some simple transformations on it before giving it back in another straightforward form, it often seems like there should be a way to do this that's somewhere between an Excel spreadsheet with zero error checking and a custom-built program with a lot of manually-written error checking with an environment in which to run it. I haven't yet seen a low code system that I'm confident does this well, but I definitely understand the desire for it.
* My job mostly involves writing more complex programs, but if they need some plumbing, it can get assigned to me as with anyone else. I also do volunteer work and this is by far the largest subset of programming tasks that charities make of me.
Sure, you can do that. Follow these steps:
1. Go to your certificates list.
2. Select all.
3. Click disable or delete as you choose.
4. Slowly put them back after every annoying warning screen.
The reason that is not normally done is that you don't want to train users that accepting new CAs is a good idea, because then it's much easier to sneak more untrustworthy ones in. So it will never be the default, but you're welcome and easily able to do it if you think you have the knowledge to make that useful.
In a plaintext connection, any listener can also modify without detection. Any data you send or that the site sends back can be replaced with any other data that is chosen. Your browser would not know that. This is one reason that an encrypted connection is better; even if it was an unverified self-signed certificate, only one server has a chance to mess with the data going to your machine. It's not just about cookies and passwords, though those are important as well.
"I think this is about protectionism, and about Arm, specifically."
I don't think it's that either. American politicians have been rushing over each other to find new ways to penalize China for years. In the past two years, it's been all about chips. Every couple months, someone finds a new way to restrict China's ability to manufacture chips. Some of them are passed as trade regulations, while others are just talked about loudly. It can't have skipped their notice that many of the articles responding to their latest restriction have the word RISC-V in it, suggesting that it might help China withstand the restrictions. So they're trying to find some way to take RISC-V away from them so their previous restrictions still work, since they don't understand very well what RISC-V helps them get around and what it doesn't. The most important part here is that they're perfectly happy for the U.S. and most other countries to continue having RISC-V and are not trying to prevent it. They just want China not to have it.
RISC-V is a threat to ARM in the long term, but politicians don't jump to protect a company they don't understand. Maybe ARM has some lobbyists encouraging this, I don't know, but I doubt they'd even have to. Neither is ARM as intrinsically linked to American products. Qualcomm is based there and ARM has a few locations there, but it's not a household name and to the extent that it's associated with a country, it's the UK. The politicians aren't exactly hiding their reasons for asking for this: they'd like to limit China and don't actually understand how to do that, so they're throwing this idea at the Commerce Department in case it sticks.
It's not an unpopular opinion, it's just an opinion that's likely to be wrong. Of course, I can't know what is going on in the minds of these politicians, but I can almost guarantee that it isn't "Open Source = Commie". This is for one particular reason: they don't have a clue what open source means or involves and probably don't understand why people like us make such a big deal about it. In fact, there's a distinct possibility that they don't wonder that because they don't even know that we make a big deal about it.
They aren't fighting this because they think open source is dangerous, RISC-V is open source, thus we must fight RISC-V. In fact, they're perfectly fine with RISC-V. Their logic appears to be that China is dangerous, let's do something about China, China uses chips, RISC-V has something to do with chips, some Chinese companies have talked about and built products using RISC-V, so let's try to stop them using it and keep RISC-V for non-China only, because that must be possible, right? Many things could take the place of RISC-V in that sentence and make as much sense. The thing they want to limit is China, not open source in general or any particular part of it. Their reasoning for wanting to restrict China is certainly subject to dispute, but their methods for doing it are random in their effectiveness.
Politicians, and a large set of the general public, and even a significant minority of technical people, have a bad idea about how easy it is to do various things with technology. They see, for example, that there is proprietary software out there which people, even while trying hard to break into it, cannot turn to their will. They therefore think that, if it's possible for tractor firmware to resist someone who has access to the machine and a bunch of hardware, then surely it can't be that hard to have a chip instruction set that you don't let China have. It's a similar logic that's used when they say that it can't be too hard to have encryption that the intended recipient can use and police can use but criminals can't. Those assumptions are wrong, but it takes a lesson to explain why it's wrong and they don't spend that long on things before suggesting what everyone should be doing. It goes the other way as well, with some people assuming that open source means that anyone can do anything, for instance having utopian ideals about what RISC-V will mean for open source software, user freedoms, and software support rather than meaning that chips will be cheaper to make which might mean they're cheaper to buy. As analogies go, the first post that joked about gravity is closer to the politicians' thinking than the communism analogy.
I'm not convinced that you can make someone interested when they otherwise aren't by giving them something simple, because eventually they're going to ask a question of the form "How can I make it do X". If X is easy, that's great. If X is difficult, you can tell them that it's possible, but that the code is difficult to use. You might even be able to write it for them and give them a simpler wrapper to the functionality which is less powerful but doesn't require much knowledge*. If X isn't possible in this system, though, they may decide that it's not very capable and stop bothering. This is why I think that starting someone with a real programming language that is used professionally is likely to serve better than a limited subset, whether that's a BASIC variant or something else.
* For example, I wrote a set of simple GUI libraries to help someone who was learning to write code. I didn't think the student would be that interested in all the lines it takes to write some text in a OS-defined box with a button, but they were getting tired of printing a line on the terminal and parsing input one line at a time. They were able to do what they know computers can do, and eventually they could build the skills to learn how writing a GUI works. If they're like me, they find it annoying enough that they go back to the CLI, but now out of choice rather than having only one option.
As for the complex steps of logging in and using a compiler, I don't think modern students will be unfamiliar with the log in process, and you can avoid having to start them with a compiler by using an interpreted language, of which Python is the most popular in my experience for teaching. It's like BASIC in many ways, such as being easy to write and run and having a bit too little validity checking before you run it, so it should be similarly easy. We could change the configuration to boot them straight into a Python REPL with one file, so it can be even more like the computers of old (well, old enough that I didn't use them in my childhood).
It depends what you count as interesting. A lot of constructs are more concise in Python, and there are a bunch of libraries for basic graphics stuff which can be used if interesting requires a GUI of some sort. I don't think it's hard for a student who is interested to pick it up any more than BBC BASIC. I'm not sure how it compares for those who are not interested, but I'm also not sure whether making it easier will make the uninterested decide to try it anyway.
"I think administration for school computers is largely outsourced to the local authority"
Maybe, although that's probably dependent on the region.
"and they'll be just as familiar with Pis as Windows, if not more.": Er, why? The local government systems are almost certainly using Windows computers. Did your local authorities switch all their office machines to Linux recently, because mine definitely did not. Whether it's the authority IT or school-specific IT, the chances are that they have Windows machines for staff and few or no Linux devices. They can retrain for Linux, but they probably see that as a cost and don't see why they should. If we think they should, we'll have to be more helpful than this.
"What's the refresh period for school PCs, anyway ?": In my experience, when pieces are falling off them, you can get a new one, assuming there's nothing in the spares closet. Another reason why they'd have to justify buying another set of computers, or to be convinced that they can replace the existing set with Pis alone, which they will probably decide they can't.
On the other hand, any computer designed to get people interested has to compete against computers that already exist. You could give them one of the various microcontroller-based educational platforms, which are a bit closer to the original computer. For example, the BBC Micro:bit is like that: you have to write some code to do anything interesting, but it provides some built-in hardware and libraries to control it so it's not hard to light it up and make some beeps. I still think the Pi's more likely to succeed because computers are more versatile than they were. A child that has a Micro:bit can, if they write enough code, make it light up and make sounds, with some sensors as the only inputs. This isn't very useful, which also prevents it from staying interesting.
I think the Raspberry Pi knew this and therefore provided the hackable Minecraft platform. I've never used it myself, but I know some children have gotten their start with that. They can learn some coding techniques by modifying something they enjoy using, and it's preinstalled on the typical desktop image to make it easy to find. It may not be perfect, but it's something to attract early users that can teach them useful skills. I think that the more you limit the hardware to make learning the only option, the more a student will ignore the useless box and look at their phone, where local coding is difficult or impossible.
All of which is true, but someone was going to have to explain to the school why they should buy another computer, even a cheap one, when they already had these ones. Could the Pi replace the Windows machines for their other uses? Not at the time, it can now, but it will require admins that the other machines don't. They're still going to have Windows admins for staff equipment, so the extra admin for the rest of the machines is mostly small. I don't know how many people tried to explain that to schools, but I'm not surprised that with few people attempting to answer all their questions, few schools saw why they would benefit from getting Pis for everybody. Meanwhile, schools that intend to offer programming courses can also use the computers that already exist. It won't teach them Linux internals, but if they're intended to learn to write some code, that may not be high on the list of expected topics. Nobody was selling them on the benefits of these machines or providing solutions to the tricky bits, so they didn't adopt them, but we didn't notice because we were happy to keep buying them ourselves.
Two groups overshadowed it. One was the people making digital signage, who realized that the Pi's based around a GPU that was intended for TV boxes and thus that it is a pretty great way to build a cheap sign. That led to a large group of industrial users who figured out that, if you have a screen involved, connecting it to a Pi is probably pretty handy. The second group was us. The hobbyists who bought plenty of Pis, but did you buy them for education? I didn't, and most of the users I see online are using them for personal projects, not teaching. That doesn't mean people aren't using them for teaching, and I'm sure some are.
However, there's a reason they might not be. These two groups having had so much success might have blinded us to the fact that the Pi was kind of bad at some of the educational goals for a while. An original Pi running a GUI on a single 700 MHz core and 512 MB of RAM wasn't so great at teaching users to code because they were too busy trying to figure out which part of the system was responsible for it being so annoying compared to every other computer they saw. That's fixed now, but I do wonder how many people tried to use it that way, since the official OS images started in a desktop, so that must be the intended behavior. Of course, we hobbyists know where the limitations are, that those early models were great for CLI use (I still have one running here) and that you could use the GUI if you were careful about which software you ran. Those people who were new to Linux may not have understood why LibreOffice or Firefox, seemingly pretty normal software, were sluggish to an annoying extent. I hope that didn't put educational users off, but since most teachers are not familiar with Linux or programming in detail, I wouldn't be surprised that at least some were.
Admittedly, some of those are not the parts of Singapore that I object to. The detention without a lawyer thing definitely is, and they have others, but I have no real problem with fines for littering. If the people think it's worth the extra police effort to prevent littering, that's fine. I don't like when people do it here either. My concerns about Singapore are more along the lines of excessive laws on the conduct of the media and only one political party that has never lost a majority somehow, maybe related to the last thing.
Treason against which country? And I'd be interested in hearing both why you think that is the case and what you think treason means in this context. I don't see any reason to expect treason from him. Plenty of other nasty things, some of them potentially criminal, but I'm not seeing treasonous activity here.
I have not read those books, although they're now on my reading list, but if your summary is accurate, I don't think it's realistic or desirable:
"citizens, upon graduation, would decide if they wish to have a life defined by Basic (revenue, support, health care, etc.. I guess), or if they want to actually work for their subsistance and attain a career worth something."
The first problem is that I'm unconvinced that we would eliminate work to the extent that this becomes realistic. Of course, technology eliminates certain types of work with some frequency, but it doesn't do so all at once. Meanwhile, more jobs are created to run the technology and by the increased ability to do the things that were once done manually. We've automated a lot of things in the past few decades, and yet the unemployment rate is still pretty low in many of the countries where jobs like manufacturing were lost. Does this mean that we have no problem because everyone just gets a different job? No, because nothing says that those jobs are as good or that getting them was easy. There are lots of problems in a situation like this, but the expectation that there will be more people than jobs we can think of having someone do has been incorrect most of the times it has been predicted in the past. I'm not convinced that AI, even if it improves significantly, will be the technology that substantially reduces the need for labor.
The second problem is independent. Let's assume that I'm wrong and I can look back on this comment a couple decades from now and laugh about how stupid my prediction was. I still think the proposal to choose between a career and support is a really bad option. It leads to a lot of resentment between groups, and whenever that happens, someone will try to exploit that resentment for political power, with the likely outcome that one of the groups will be harmed. I'm imagining the resentment in the scenario you summarized to be caused by people who work thinking that those who don't are lazy and useless, while those who don't work think those who say that are judgemental and outdated. At least if the support was provided to both groups, those who worked wouldn't have an excuse to say that, if they weren't doing something useful to society, they'd have more. I don't think that minor change would be enough. This depends a lot on exactly what jobs were left after that. If we could get it where only the most creative ones were left, then we're probably pretty good because there are enough people who like doing that kind of work to take it on voluntarily. I imagine that at least some of the jobs that take a while to automate will be unpleasant ones, which makes this much harder to solve to everyone's satisfaction.
I think that's misstating what happened. We don't have that utopian dream not because people got in the way, but because the technology didn't do what the dream said it would. It doesn't matter if you have billions to spend on it, you still don't have robots to do many of the things you want done. Of course, with that much money, you can have a bunch of humans doing those things, but that's the point. We don't have the robots envisioned by futurists at the time, so perhaps it's unsurprising that our world still looks more like the 1970s than it does the picture of universal robot service. Robots in manufacturing is really not the same as robots doing every type of manual labor.
Automating the part where you ask the AI to do something obvious is the easy part. That's not going to be the part of many jobs in the future. If the AI can do it and the employer is willing to have the AI do it, sending the information and request to the AI shouldn't require a person. There will be a lot of jobs where humans are still needed, which will include ones where AI can't do it. Unless we improve the quality of AI quickly, this may end up being most jobs, but even if we get much more reliable models, there will be jobs where it can't help. This won't make those jobs fun, but they will certainly exist.
Yes, this is usually true, with the guidelines giving some basic constraints and the judge using the context to decide what the value should be from the provided range. There are some contexts where the guidelines are specifically modified to consider them, but trying to enumerate them all is tricky, whereas assuming that a judge will produce a number that the writers of the guidelines would have been fine with is easy.
I can answer a few of those questions.
"The fact that even though she worked for the NCA she sent messages to people about it that could be read later.": From what we know, she probably didn't. One of the people she told was stupid enough to send a message to someone else which could be read later. She ended up tipping off someone that was too stupid to hide that, but from the information available, she could have told the criminal about the surveillance in person or on some other safe communication method.
"The don't use postcodes comment. That's like saying to Amazon don't use postcodes. How are you supposed to deliver stuff?": It meant to not send postcodes through this app. Theoretically, you would send them some other way, or encrypt them separately (no, they're not smart enough), or some other alternative not mentioned. They were trying to limit the data sent through a compromised system without just dropping it for some reason.
"They reportedly used an update to lift the entire contents of peoples phones. How did people not notice this when their burner PAYG phone ran out of credit rather quickly?": WiFi? In any case, it's unlikely they had that much data to steal. All the text messages I've sent in the past year isn't a lot of data, especially if you compress it first. It is certainly more if you include pictures, but I don't send many of those and it's possible that they started with just all the text and requested images later if they needed them.
"This supposed 48 hour delay and the ability to delete messages. It's a MITM attack. You can't delete data already intercepted.": The only answers I have for this one involve someone not getting it. One option is that she was telling her friends that their messages were visible about 48 hours after sending, so be careful with any long-term messages sent, and they misunderstood and though they could just delete before that happened. The other option is that she saw that messages were 48 hours old when they came through, so she thought they could delete them beforehand. Either way, someone was getting this all wrong.
A few people in these comments have already expressed the view that, if it's in the paperwork, then it must be fair, so that explains the 15%. To some extent, I can agree that if the provider is very clear about the price increases and the customer is aware of the details and circumstances, it can be fair. My bar for this is displaying the information clearly at the time of purchase, not hiding it in a contract between the no hacking our routers clause and the list of trademarks. I still probably wouldn't sign such a contract, but it's a lot better than hiding it.
"They also told me that their service works during power outages (the modem wouldn't have power!)"
In fairness, the modem is relatively easy to power from a battery, and some modems that you can buy already come with batteries in them for this exact situation. Compared to a system where, even if you powered the modem, it wouldn't work without mains power to some equipment near your house which you can't attach a battery to. This may not be the most important, but if you lose power frequently without losing the cables that provide data, then it could be a selling point. Of course, given the other lies they were telling, maybe that wasn't true.
"Trouble is many MNOs now offer 1 month rolling contracts, so can increase rates every month if they so desired…"
I prefer these, because with a contract like that, there is usually no exit fee. If they increase the price, nothing stops me from porting out that month to someone else. They know that, so they have to be a bit careful about randomly changing prices. Compared to a contract that can raise the price and still charge you a fee to get out, a lot of people might avoid leaving because they don't want to pay the fees, then get used to the price increases. In my experience, those that offer monthly contracts tend to be cheaper and more stable than those who lock you in for a long time unless the long-term contract specifically states that it will be one price and the operator may not change it until the contract expires.
"I don't believe for a minute the Integrity API would result in website owners blocking users. That's not a valid concern IMHO since websites have a self-interest in having as many users visit their site as possible."
Sites block users all the time. Whether it's for some security precaution that probably doesn't work, for some browser problem that probably isn't necessary, or some reason only known to one crazy web designer, they do it. For example, I have a site that I pay for access to, and it blocks my login attempts with a message that I could be a bot. Not a captcha, a straight block. This only happens in Firefox, and if I change to something Chromium-based, it tends to work. Switching the user agent doesn't work in this situation. I assume there's some misbehaving script involved here, but the result is that anyone who uses Firefox is being blocked. WEI can similarly be used to look for bot activity, and sites that experience enough of it that they demand bot detection and blocking may use it incorrectly to a similar effect.
I've had a certain debate a few times in these and other forums. The topic is whether blocking IP addresses in bulk, rather than blocking them individually when they do something, is a good idea. I generally take the view that blocking an entire country is unlikely to benefit you and isn't worth the problems to users, but there are many people who still do it. They are deciding to refuse a potentially large class of visitors because, in most cases, they think this helps their server's security (this is where we disagree). That's a more deliberate decision.
In summary, sites block on purpose and by accident, so why would I expect them not to do so with WEI as another tool to give unreliable information?
It probably wouldn't. Most likely, ad fraud was their way of trying to find an excuse for having this feature. If they told the truth: "We want to add a feature which explicitly breaks anybody who isn't using Chrome, then get a lot of people to mindlessly activate it, then take the integrity information and leak it through Google Analytics or something for extra fingerprinting", people wouldn't want it. Sometimes, when they introduce new APIs that don't really need to be in the browser, they can think of a possible benefit that someone could get. For instance, when they decided that browsers should be able to talk to USB devices directly, they could show you how a game written in Javascript could automatically interact with USB gaming hardware or how you could upload code to a USB-connected dev board without learning how to use a serial console. With WEI, they couldn't actually think of any user benefit. They already know some ways to fight ad fraud, such as by looking at the source of the traffic which would get around your VM proposal, but they don't want to bother doing it because talking too much about fraud would just scare the people buying the ads.
North Korea has far more police as well, and they're much more powerful since they can give out death sentences basically at will. It still doesn't make their currency valuable. This is the case because North Korea's population doesn't generate much value due to aforementioned military and police using them as slaves, so there's little to buy with the won you could have. Use of force is the wrong metric here.
"We are nearly at war over the ability to pay for oil in anything other than portraits of Ben Franklin."
No, we're not. People can and do buy it with their own currencies. It does happen that they often choose to denominate the prices in dollars so that, if Russia sells some to India, they don't have to deal with the question of what happens when the exchange rate changes or whose ruble exchange rate you use, but India doesn't have to turn their rupees into dollars before sending them to Russia as long as they've agreed on something else to use.
"Try buying your Chelsea mansion in Roubles right now,"
You can do that. You probably have to exchange them for pounds first, and you'll probably find that UK banks don't want rubles as much as they once did, but you can do it.
"or pricing your ARM IPO in GBP"
ARM chooses the currency they want to use. They could have chosen to do it in pounds and list it in the UK. The reason they didn't is because they chose not to, not because they couldn't or someone external to their ownership refused them permission.
No, the use of force isn't so relevant to the value of a currency. Its rarity and the usefulness of it in a market are much more relevant.
Costa Rica has no military. Really, they abolished it. They're very proud of that. Their ability to use force is pretty low. Meanwhile, North Korea has a huge army. It's armed with all sorts of weapons because they've made little else for the past fifty years, it's the fourth largest in the world by number of troops, unless you count paramilitary organizations, in which case it's the largest. They have nuclear weapons. If they want something to happen in the country, they're virtually guaranteed to get it.
If I offer you the option, which one do you want? Some Costa Rican colónes or North Korean won? There is a right answer.
"Also Beatles singles are not currency so your analogy is nonsensical and invalid."
No, the analogy works. We're debating two parts of Bitcoin. There is its usefulness as a currency, which I think most people here agree is low. However, that's not what we were talking about. We were talking about whether it has value and where that value comes from. A lot of things that aren't currencies have value, and we all agree on that. After all, I expect that your savings doesn't mostly take the form of cash in a box, but rather financial instruments which are worth money and may produce money. You can't buy anything with a bond or share, but those things have value which can be turned into cash. You can't buy stuff with a house either, and turning it into cash takes a long time and the specific amount of cash you'd get isn't easy to calculate. It also has value. Bitcoin also has that power, meaning it also has some value.
Pounds are useful in lots of places, but some of them find it more useful and some less. In the UK, nearly everyone accepts them. In some other countries, some people would accept them, and some would require that you exchange them first. There are many areas that get travelers from other countries that routinely accept international currencies, though the US dollar and euro are more likely to be accepted like this than the pound is. The point is that, though their usefulness depends on your location, they have value nonetheless and you can, with sufficient effort, exercise that value. Bitcoin is also inconvenient to use, so inconvenient that I don't have any, but it also has value. If you have some Bitcoin, you can give it to me and I can use it to buy stuff I want. I'll likely have to convert it into something else to do so, although that's not certain, but it will end up having value to me.
That depends. You can buy quite a few things online, and I'm not just talking about criminals' wares. For example, my domain registrar accepts Bitcoin. No, I haven't used it, and I don't know how painful it is, but they do accept it.
That's not really the right question though. For example, I can't buy many things with pounds because I'm not in the UK. If I go into a local store and present the clerk with pounds, they'll tell me to go away. If I go to the bank, though, I can rather quickly get cash the clerk will happily accept. Just because Bitcoin is inconvenient to purchase stuff with doesn't mean that it has no value. All that means is that it's a poor currency, which it absolutely is, but that's a far more limited statement.
I'm responding to the what if scenario that was presented: what would be different if this man had had a firearm instead of a knife. I stated my opinion: there's a possibility that nobody else would have gotten injured, but I think the intended victim would likely have suffered more serious injuries. If you want to see opinions on a different scenario, you are welcome to posit one. What you do as a result of this prediction, or whether you even agree with that prediction, are not part of my statement.
Unless your ticket says that email is broken, sending it to a specific address isn't any more complicated than any other alternative. If it involves going to an internal website, then you still have to get the URL correct. Either way, if you don't, you'll get an error message.
In fact, I think the email address is generally better. It is usually pretty easy to remember that tickets go to helpdesk@companyname.website, but in my experience, a lot of companies' internal systems have the IT ticket page at an address like support.its.corp.companyname.website/d/login.aspx?a=49&id=1, and if you just go to the root page, it's not the right one.
Or the bounce gets filtered somewhere. I was configuring a mailing list recently and sending messages to it from an external address. The first one didn't get through. I assumed this was because I had just configured the address thirty seconds back and maybe it hadn't propagated yet. I waited a few minutes and tried again, no message. I started wondering whether I had misconfigured the spam protection piece because I was sending from GMail, and that can sometimes be a problem. I went to check that config. After doing that, I sent a third message. It didn't go through.
A while later, I was using the keyboard to navigate between mail folders, which was fortunate for me, because as I moved past the spam mailbox, it checked with the server and showed me the three bounce messages the list had sent me, all of them telling me in clear terms that I had not switched the list to accept incoming mail from external servers. I had expected that any bounce message would have been sent through since other mail from that server was being accepted, and it caused me to waste plenty of time.
As I said, being able to guarantee the security of anyone who ever does a service for you would be great. Unfortunately, actually guaranteeing that would require the audit from hell. Sorry, I mean it is impossible, but getting close to it requires that. Do you or your employer provide services to other companies from time to time? Are you confident that every one of your systems is perfect, both from technical flaws and from organizational ones?
For incidents where you are responsible for losing data, it's perfectly logical for someone to start with the idea that you are to blame for it. For incidents where someone else does, you have a higher burden of proof to indicate that you should have known that the place was being negligent. In your personal life, you have a lot of companies that store your data because they are the only feasible option and the alternatives are no more likely to be able to guarantee security. For example, the landlord from whom I rent housing probably has more information about me than they really need to keep, and I have no way to confirm that they have stored any of it securely, but I also have no way of guaranteeing that if I were to rent from someone else. This is an unfortunate fact, but if we're going to play the blame game, we have to do a proper analysis of who made which mistake and whether a reasonable company would have known that was likely. Jumping to the conclusion that it's my fault if my landlord's database of identification documents is cracked is letting them off the hook by transferring the blame to someone who could not have prevented it, and you may be doing it with the supplier here as well.
Do you mean this specific incident, because if you do, you do realize that it was a company other than Okta that had the system from which the file was stolen. I'm sure your employer outsources some part of its business, and it would be great if they could make sure that every supplier had perfect security, but that doesn't make them the cause of any supplier's failure.
In my experience, I think the question should be "how many times in a lifetime do people really need the "airplane mode" button?". A work laptop of mine had one attached to one of the function keys, but this laptop didn't have a cellular modem in it. So that button would turn off... the WiFi and Bluetooth, both of which are perfectly fine to use on an airplane. The OS should still have an airplane mode control since it's a convenient way to disable the wireless systems, but there's absolutely no reason why they would need a key for it.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
