Posts by doublelayer

Re: Puzzled....

There are a lot of methods you can use to try to find your library in someone else's program. This ranges from the easy to check for and resolve: do they include a copy of the library in their program's folder as a .so, .dll, or similar format. Some of them are a bit harder: if they have statically linked something and removed names, do they have similar or identical messages, function names, etc. Some of them are difficult to check for and hide: do their code have machine code that would be produced by a compiler running on your code, indicating that they're using either the same or similar instructions. In most situations, you don't have to do the hard part; if you already have reason to suspect that your code is in there, you can probably find out quickly.

The reason that this doesn't happen often is that we rarely get told about it. If I have something public under a GPL license and someone violates it, I will probably not be told that they're doing so, so proving that they do will fail at the first step of knowing anything about them. That works for a company that wants to avoid license requirements or more frequently a company that doesn't bother thinking about license requirements, but anything big enough will consider their obligations and at least have a legal argument if they're not going to be following that license.

In this license situation, people could always just ignore the new license and use it as before. The problem is that many of these are using software that is popular among large companies, either for their own use or because they rent hardware and people like to run it. In either of these situations, you don't have to look too far for a list of places to check because providers will have to use the name of the software so people know what is available. If you had done this license swap with a program called ExampleDB, you could probably just do a search for "cloud provider ExampleDB" and get a list of targets.

Re: This will be really unpopular, but

Nothing stops you, and sometimes that happens. However, when it does, it tends to result in stupid fights between different groups. For example, when Amazon started a project to fork Elastic into OpenSearch. Some people assumed that Amazon was being malicious, a lot of people attacked them for making money on renting out hardware on which that software ran, and Elastic took as many steps as they could to make sure the new version of Elastic Stack wouldn't work with that version. This meant that people who used either version was now dealing with a bunch of people who had strong opinions about what should be used and a company intentionally trying to break things for one side (doing so by breaking things for their side as well because changes to one program will always affect its users). So yes, it can be done, but there is a reason why people aren't always pleased about the opportunity.

Re: There's an opportunity there

Admittedly, these portable SSDs are a way, if an expensive one, for people to make backups. When I've gotten people to start backing up, it would be more convenient to get them using a RAID array and automatic backup software like I've got, but it's also a lot of work, expense, and network configuration. Buying an external hard drive and remembering to copy stuff to it periodically and leave it in a safe place is easier and still counts as a backup. If their complaints are correct, then someone doing a simple backup might find that their backup has failed at the time they're trying to use it to restore. It's a bit badly targeted to complain about users not backing up when the problem is failure of backup drives.

Re: Cue the litany of complaints

I definitely commiserate about those reviews. They make judging the quality of any storage device nearly impossible, because you'll be inundated with confirmation bias of people who only ever bought $manufacturer drives (all three of them) and they all worked great, or they bought two other drives from $other_manufacturer and they both failed (possibly in reasonable failure cases because there are no details provided). At some point, you might end up just buying whatever device is the cheapest made by a manufacturer you're confident is a real one and not someone selling refurbished drives as new.

However, I have seen this particular problem noted in a number of places recently. I can't throw any anecdotes in myself as I don't have this or any other portable SSD, but if anecdote frequency means anything, there may be something more to this malfunction.

Re: Why do people call a small outpost a colony ?

Admittedly, so would equipping the airlock with safety systems to prevent that from working, for example by not allowing multiple people to fit and requiring that the person inside the airlock activate the open out function. Old fashioned methods of murder like stabbing or striking are still available though.

Re: Why do people call a small outpost a colony ?

I think your approach is very good, but I disagree with this bit:

"The Norwegian resupply voyages were probably on the same order of time, cost and difficulty as a routiine supply by spacecraft today."

Somewhat expensive, yes. Also a chance it might fail to arrive and be lost entirely, yes. Similar difficulty, I don't think so. They already had ships which they used to sail around a lot, and they had at least a few places where they could stop mid-journey to make repairs. I don't know how long such a voyage took either, but voyages from Iceland to Greenland at the time appear to be rather short, although quite dangerous. Clearly, supply from Norway itself would take longer, but not anywhere near the time requirement of a supply run to Mars. One of the possibilities of other problems causing the collapse of settlements on Greenland were pirates operating from more southerly parts of Europe, and if people can make that journey without owning that colony just for the trade and plunder, then it's not as hard as a space journey is now.

Re: "neurotic, reactive, social, or agreeable"

I think the psychopath would consider what things would be like after the killing ended and they were now stuck without anyone else, and then nobody will be sending new supplies because they'll either think that everyone died or know that the person who is there has just murdered. As with a lot of other people, there's no real reason for the psychopath to want to go.

Re: Why do people call a small outpost a colony ?

There's also the question of who wants to go through the challenges that are required to have that self-sufficiency. The first step is to survive with basically nothing on an inhospitable planet where if anything goes wrong, the chances are that you die a drawn-out death. We generally don't have to do that here. This means that any people who actually colonize will need a pretty good reason to want to go there for that first step, and I don't know what that will be. Sure, there are people who say they'd like to go because they would like the bragging rights, but these are the same people who wouldn't like to do any of the unpleasant jobs that would be required. The mission can't consist of a bunch of "captains" with no support staff. It's not like the moon where all the astronauts had to do was show up, drop some equipment, and leave, getting back to the comforts of modern society in a couple weeks. Mars colonists are going to have to deal with a lot more adversity.

Yes, banks make money by charging more in interest and pocketing it. That is not money creation. That is taking more money from some people and giving it to them. The creation by leverage construct is what I was talking about in my last comment. It's a convenient model when creating some graphs, but it's not what happened. That money hasn't been created out of nothing, later to be destroyed. It has been borrowed from a depositor, later to be paid back. This is obvious when you consider the other possibilities: if it is not paid back, they don't have as much money as they started with. They have lost money that their depositors gave them and will need to deal with this in some way, whether that's making less profit, taking out an insurance contract, or going bankrupt. They have only moved money because they cannot create it.

Re: Monopoly money

Oh, that can definitely happen, but not because the bank accidentally credited you £1k. Generally, that experience will start with the bank making lots of errors with your account, locking you out, sending your money off, all for completely spurious reasons that you can prove incorrect. Then, as a way of saying "please don't sue us", they give you some compensation for the damage caused. It ends up being in your favor, but it doesn't start that way.

In some areas of economics, it is convenient to consider lending money as creating it and the paying back of a loan as destroying it. It's the same simplification that means we teach Newtonian physics even though we could start in with the changes that have been made to it even when they're not important at the scale we're teaching. However, outside that area of study, including in other parts of economics, it doesn't work like that.

Banks don't create money when they back a loan. They take on an asset with speculative value, which they can only do as they have the liabilities (deposits) to cover it. Central banks which have control over the supply of currency do have the power to create or destroy money, but individual retail banks do not have that power. The last time it worked like that, things went wrong really fast; each bank simply printed its own money, which meant that, as soon as one bank manager realized that this would go wrong, resulted in that manager printing and spending as much as they could. There's a reason we have national currencies now.

Re: Oh, that is an edge case, we'll have to retrain on that

There will be nothing but edge cases. It will eventually learn some words and get very happy about banning anyone who used them. For example, it won't be able to process language that talks about crimes. Two days ago, I wrote the following clause in a comment here: "if I want to steal something, I can scan my credentials to unlock the door, pick something up, and walk off with it". In context, I am talking about levels of physical security in order to make an analogy with computer security. Out of context, a human will recognize this as a very useless guide on how to commit theft which provides no real information. A bot won't understand either of these and will have to decide whether this is prohibited content with nothing to go on. The outcome will be close to random.

With GitHub, you can add a new commit to your main branch which deletes all the files instead of the readme and changes the readme to point a link to somewhere else. You then take your full git history and transfer it to wherever else you decided to go. It's not that difficult. I've done it at least once. The reason I haven't done it to all my repos is that I don't care enough to bother. I think some people may be in that camp.

Re: I never get tired of say it

I'm not sure what relevance it has to this point. Zoom could self-host their infrastructure in their own buildings, and they'd have the same ability to intercept and abuse customer information. They could self-host in your building and still have that ability. How does the use of the cloud make this any better or worse? In this case, you could argue that using something proprietary made it worse, or that using something not encrypted made it worse, but cloud is not really connected to any of the problems they're pointing to.

Re: and the booby prize is ...

I don't agree with the lengthened copyright terms that you're complaining about. However, that doesn't make them illegal. You're simply arguing that, because he's dead, it doesn't motivate him to create any more art? That's true, but it could have motivated him to create more art when he was alive on the basis that the profits from it can also go to his children, so if he were to produce some art right before dying, it wouldn't immediately become public domain. Some artists would care about that, and some would not. I am not convinced that we have to care about that. However, just because I don't agree with the law doesn't mean that I can use tortured arguments to try to prove that it's not the law. That's what the writers of the laws, especially the Disney corporation, intended it to say. If we don't like it, we have to change it, not argue that it never meant that or that a limit is not a limit.

Re: "artists such as Frank Sinatra .." etc

Copyright and patents have a lot more similarity than you claim. Both consist of a limited-time right, guaranteed by the government, to be the sole provider of something that's not physical, which you must prove* is original work, which can be claimed only by the creator or someone they have explicitly transferred ownership to, and after it expires, the thing it covers becomes available for anyone to use. Your comparison between a car and a cloud doesn't have anything close to that list of similarities.

* They're not great at correctly determining whether it's original or not, but your patent can be invalidated for prior art, and your copyright can be invalidated for plagiarism.

I don't know where you got either of your ideas from, but both of them are pretty clearly wrong. For example, that if you don't make a profit, you don't have a leg to stand on. That's not a thing. If you do what the law says you shouldn't, then it's illegal no matter whether you benefit. If I steal something from you and am unable to sell it, I am not innocent. If I violate copyright and don't profit, I'm also not innocent.

Also, you appear to have trouble with literal interpretation of words:

"The U.S. Constitution specifically states "limited time". 50+ years is not and never will be, limited."

Yes, that is limited, since there is a finite amount of time after which it ends. It would also be limited if they said "Copyright to consist of a time period lasting a hundred million years", because it has a definite ending point. I have opinions on how long that limit should be, on which we're more likely to agree, but arguing that it's not limited based on the clear limit is a pretty bad argument.

Re: Stay out of (realisable) USA jurisdiction

It is possible, but that doesn't automatically mean it will work in all the cases we get now. A documentary can be rather cheap to make, or it can be very expensive. If your payments have to go into getting a camera and pointing it at a guy who is talking and editing in what's effectively a PowerPoint presentation with existing video clips, it won't take many patrons to get it recorded. If it involves taking several people to a different continent where they will be filming for weeks, it will take quite a few more. For things other than a documentary, the costs grow faster than the willingness of patrons to incur them.

It is much easier for millions to pay a small amount when they want to consume the content than for a few hundred to pay really large chunks in the hope that it will be created. When those hundreds are doing so with the expectation that the millions will at least partially pay them back, they manage it. When those hundreds are doing it just for the love of the work, they probably don't see why they have to pay for the thing we will all enjoy watching without supporting.

Re: If you must drop Windows...

"It's also a case of sensible, safe defaults. When you install a Linux desktop, the result is quite tight in that there's nothing running that would allow external access - depending on distro, even SSH needs to be enabled first before you have that path in."

Just as Windows doesn't turn on RDP unless you go into settings to enable it. It doesn't prevent someone from doing that, though, and if they do and don't focus on security, it is a wide open door.

"Secondly, you can 'just' run an executable, if it's not in the package manager it's much harder to do."

Do you use Linux? You know they have the concept of an executable as well? You can download an executable file and run it. You can download a shell script and run that. You have a few other languages that you can pretty much guarantee are present (I'm thinking of Perl and Python) and run those. None of that requires it to be in the package manager.

I use Linux often, especially for systems where security is necessary. I like it because it is easy to audit the system for security risks and to change its operation to limit them. Linux is strong from a security perspective. What I dislike is the people who seem to assume that Linux is automatically the key to security and base this off incorrect understandings of what it provides and how easy an insecure Linux system is to compromise. They appear to believe that simply replacing Windows with Linux makes everything secure, and if enough people with this attitude actually get to do it, we'll give Linux an undeserved bad name as that system that everyone's been hacking these days because inexperienced people deployed it without looking at their risks.

Re: If you must drop Windows...

"Pound for pound Linux is way more difficult to compromise than Windows. Its just a fact for life,"

This is heavily dependent on the configuration of the system. The comparison is not really viable either, as you can't enumerate the hacking potential. However, as I interpreted the original comment, we weren't talking about external penetration but the security of a box where the user has already executed an attacker's malware, in which case the initial infection stage has already passed.

A lot of the attacks that work against Windows have direct parallels on Linux. For example, one way attackers find and infect computers are unsecured RDP ports left open to the internet. This is relatively easy to prevent, extremely easy to detect, and in most configurations it doesn't happen at all. The direct parallel on Linux is the open SSH port with password authentication, which is equally easy to prevent and detect. As anyone who has a Linux machine on the internet already knows, there are lots of attackers looking for those ports who will attempt to log into any server configured as such. In a lot of infections, the writers of the malware are relying on the user to install the initial infection, rather than finding an unauthenticated remote login method. Some of the tactics that are popular for infecting Windows will not work on Linux, but that is not the same as saying that Linux doesn't have vulnerabilities of that kind or that they're more resistant to exploitation.

Re: If you must drop Windows...

"A compromised desktop is usually the vector that breaks the "hard shell/soft center" approach that most companies deploy and establishes a penetration beachhead inside the organisation to host an APT, so I'd say here too a Linux desktop would offer substantially less risk."

That substantially less risk is due to what? We're already positing an attacker that has malware running on the user's computer, so why would that computer running Linux instead of Windows do that much? In both cases, the malware can copy their files, inspect their actions, copy their passwords, intercept their mail, and access things on the section of the network their machine is on. Linux doesn't have different security policies on any of those things. It would have a different set of bugs between that machine and other things on the network, but that's no guarantee that an attacker can't find them, especially as there are plenty of successful attacks against companies that spread from Windows beachheads to Linux infrastructure, so spreading from Linux ones shouldn't be much more difficult. The largest asset is that attackers who already made a Windows loader malware will have to make a new version that targets Linux.

Re: All I'm saying is...

Probably that you should be very careful about saying something's secure before you rely on it being secure. How many times have we had a three-day gap between someone claiming unhackability and a hacker proving them wrong.

To some extent, lying will have helped them. Had this actually been a new OS, then I wouldn't have bought any security claims, whereas starting from something that people have been securing for years is a good way to get some security from the start. However, if someone told the Indian government that it was invulnerable and they believe it, they are still at risk.

Re: What's the difference...?

I don't think there's really much difference, but as I understand it, "pyramid scheme" is more often used for something where no product exists, whereas "MLM" is more often used when there is some product being sold to someone using the same structure where they get salespeople to work very hard to sell something useless while not paying them.

It does contain 22.2 million people, so there's a large sample size to draw from. For context, there are four times as many Floridians as there are Scots, so patterns aren't necessary to get this many fraudsters from a large set of people.

Re: Count Me In

"We all knew what IM looked like, back when BlackBerry Messenger was all the rage. Mandating a standard such functionality (not BBM itself) as a license condition for network operation should have happened years ago, just like a network operator is supposed to support phone calls..."

I disagree. It makes sense for a phone network operator because they will be given a lot of limited resources, whether that's a monopoly on providing service to the public (the wired model) or a large chunk of spectrum which only has room for a few companies (wireless). On the internet, there is no real limit and no central authority giving anything away. The great part of the internet is that I can put whatever bytes I want through it and expect them to arrive, so I don't need to apply for my protocol to be accepted before it can be used. I don't agree with a mandated standard for that reason, but there is another reason for it: feature support.

We've had IM for quite a long time, and it generally works the same, but it lacked many features we have today. For example, encryption. A lot of people want end-to-end encryption, and any attempt to create a single standard encrypted protocol would end up having to specify a key management system, which is likely to prove fragile. Meanwhile, multiple encrypted IM systems can figure out their own key management, and we can pick between the models as is useful. Even outside of encryption, there are other features that people might want, or want to avoid, in their IM. Is IM just for text, or can you send images as well? If you can send images, can you send files? Do the files go somewhere or are they streamed directly across? Does it come with video or audio communication? Should the identifiers be phone numbers, email addresses, some new address format, or a combination thereof? Is there a part of the structure which allows for per-message billing, and what data collection is needed to facilitate it? Is there a distinction between intra-country and international communication? What if Canada adopted one standard and Germany adopted another, but someone wants to communicate between countries? I prefer letting the users pick between options for one that supports the features they want and is convenient for their use.

My point is that people often don't like being told that they were not as good as someone else, even if it's true. What you suggest turns any performance review period into a "here's why one of your colleagues is better than you" experience including a full league table, and nobody likes those. Not to mention that, for most complex jobs, it is relatively easy to make up a lie about a non-discriminatory reason for different levels of pay, whether it's true or not, so any disparity you ask about will have one whether or not the actual reason was justifiable.

It looks like the request was for a list of names, so you are allowed to know who works for the police, just not every other detail about their jobs including their salaries. Why you want the data is another question, as it's usually pretty easy to determine either whether a certain person works for the police or which members of the police were involved with a certain situation, but it looks like you are allowed access to the full list if you find that data useful.

There are potential benefits, but I also foresee some problems. If someone deservedly gets paid better than others, will the others simply accept that their performance was better, their skills unmatched, their work ethic stronger, or will they feel they've been treated unfairly? If they do, how would you suggest handling that without either withholding what you would have given to the stronger employee or dealing with more people quitting, which places more work on everyone who stays. This is just thinking of the problems from an employee's perspective as that's my position, but there are problems from the company's as well which aren't necessarily indicative of malpractice on their part.

I'm not blind to the benefits of transparency of salary data, but I think it might cause quite a few problems. I think you probably do as well, which is why you limited it to employees of the company; some people advocate that financial information be available to everyone in the general public, but I think a lot of things would go wrong if that were attempted. I think the more limited version would produce fewer problems, but that some would still exist.

Re: Star Trek style warp drive can never work

What, you mean that people writing science-themed entertainment shows in the 1960s weren't very good at theoretical physics as we know it today? That's a disappointment.

Of course, we have a lot of questions in physics that we don't understand yet. For example, whatever dark energy is, whether it's a single phenomenon, multiple combining ones, or a mistake in existing models, it seems to allow things to move in ways that the existing models suggest they can't. Maybe that will turn out to mean that we could also do so. Or maybe it means that we could try to do so and die in interesting new ways. Or it could be like fusion: a fun way to spend decades getting nowhere, but it will be here in about twenty years. Be careful when you say that physicists can prove for certain that something is impossible, because physicists have said that at previous times, and sometimes, physics has proved them wrong.