Posts by doublelayer

Re: I never get tired of say it

I'm not sure what relevance it has to this point. Zoom could self-host their infrastructure in their own buildings, and they'd have the same ability to intercept and abuse customer information. They could self-host in your building and still have that ability. How does the use of the cloud make this any better or worse? In this case, you could argue that using something proprietary made it worse, or that using something not encrypted made it worse, but cloud is not really connected to any of the problems they're pointing to.

Re: Monopoly money

Oh, that can definitely happen, but not because the bank accidentally credited you £1k. Generally, that experience will start with the bank making lots of errors with your account, locking you out, sending your money off, all for completely spurious reasons that you can prove incorrect. Then, as a way of saying "please don't sue us", they give you some compensation for the damage caused. It ends up being in your favor, but it doesn't start that way.

Re: and the booby prize is ...

I don't agree with the lengthened copyright terms that you're complaining about. However, that doesn't make them illegal. You're simply arguing that, because he's dead, it doesn't motivate him to create any more art? That's true, but it could have motivated him to create more art when he was alive on the basis that the profits from it can also go to his children, so if he were to produce some art right before dying, it wouldn't immediately become public domain. Some artists would care about that, and some would not. I am not convinced that we have to care about that. However, just because I don't agree with the law doesn't mean that I can use tortured arguments to try to prove that it's not the law. That's what the writers of the laws, especially the Disney corporation, intended it to say. If we don't like it, we have to change it, not argue that it never meant that or that a limit is not a limit.

Re: If you must drop Windows...

"nothing is actually executable by default"

Yes, there's the execution bit to be set for some files. Most likely, the first file to be sent will be a shell script, which is much easier to execute because, although the execute bit is useful, it is not required. That script can download an ELF from somewhere and call chmod on it, then run it. It's not a complex bootstrapping process if you're dealing with the kind of user who doesn't recognize that the file called "report.docx.exe" is probably dangerous and clicks through the security warning Windows will show.

"I would not say it's impossible but it's a tad harder than when using Windows and depending on settings even requires a rights escalation to install."

What escalation are you referring to? If you mean to get root privileges, yes it will need that, just as a Windows program will show a UAC warning on all machines. On a corporate machine, the general user is unlikely either to have rights to root or admin privileges and will be unable to accept that escalation request. On a home machine, it should be clear enough that this isn't normal, but not all users have the experience to know that you don't just enter your password every time a screen tells you to. To install itself with the user's permissions, however, doesn't take that. The binary simply has to copy itself somewhere and add in something to start itself. A simple method is to put itself into part of the user's home directory and add itself to their login script, but depending on what access they have, there are a number of options such as adding a job to their crontab, to intercept some other program, etc. Persistence using the user's permissions is certainly possible. Once it has that, it will have to find some way to spread or elevate permissions, but Linux and the general utilities have had plenty of privilege escalation vulnerabilities, just like Windows does.

Now, with a properly configured system, these risks are not necessary. The user's home directory could be marked in such a way that ELFs can't be executed, although shell scripts still could. Maybe it's just me, but I don't much like shell scripts and I wouldn't like the idea of trying to write complex malware in that, so that's a defense. But before we praise Linux from making that option available, remember that Windows can do that too. The reason people don't do it for nearly every Windows box in existence is the same reason that, should they switch to Linux, they probably won't there either. The systems have options to secure things that aren't often used, so while it's great that they exist, we can't assume that this will mean they will be generally used.

Re: We have expensive real estate.

As I understood the context of those quotes, they were referring to the choice to change from assigned desks to hot desks in some of Google Cloud's offices, not requiring people to come in. Of course, by making that change so they could have fewer offices, they also made the office worse. This is the general problem that I have with people advocating the office. There are some advantages to working there, but if they try to skimp on the office so much that they destroy those advantages, then they might as well just have everyone work from home and save the spending accordingly. Requiring that everyone comes into an office that they all hate isn't going to provide any of the benefits of working from the office or from home, but making a decision either to have an office that works for the employees or not having one at all are more likely to work.

Re: Realistic goals

Telling them is certainly easier. I have been doing it for months. So far, people haven't cared too much. Not even when I send them AI-written essays and surprised them with a fact check. I still know people, not many but they exist, who go to GPT to answer questions. For now, it's the intersection between people knowledgeable enough to use a frontend to it* and lazy enough not to use search engines, but as it becomes easier to use such models, that will likely only increase.

* Not that it is very hard to use such services, but for now, you still have to make an active decision that you want to use one of these chatbots and to pick a frontend, whether that's the official frontend for which you need an account or one of the various third-party ones which seem surprisingly popular for a program that simply takes your text, pastes it into a session, and sends some text back without changing it. There are a lot of people I know who can't answer a question as simple as "what search engine do you use", and for now they don't use GPT or its ilk. With the popularity of these models at companies that also make operating systems and browsers, I don't have confidence that this will remain the case.

Re: generative AI right now

I don't particularly value LMMs either and would be happy if all the companies building them all decided to stop today. I feel the need to contest you on the point that they're a "pyramid scheme". They are many things, including some possibility that they're duping investors, customers, and the public, but a pyramid scheme is a specific, structured fraud and places like OpenAI aren't doing that. They don't have people trying to recruit a lower level and passing money up to a higher level, so calling them a pyramid scheme suggests that you don't know what one is or what they're doing and distracts from the rest of your valid points.

The suit exists because they engaged in a few deceptive practices which people didn't understand. The initial story, which isn't the whole truth but did happen, is that Apple slowed down their phones (to delay the boot problems) but didn't tell anyone. When people complained about their phones being slow, Apple told them to buy a new one rather than admitting what had been done. By the way, we aren't talking about devices that were six years old when this started happening. The batteries would reach the level of degradation where the throttling was enabled in about a year. This leads us to the next deceptive practice.

The batteries they put into affected devices were not good enough. I don't think this was deliberate, although some have alleged that it was, but I assume Apple specified batteries that couldn't provide enough additional voltage to run their boards. Had phones started failing as quickly as they did, a lot of people would have been covered by the warranty, including everyone who had the extended Apple Care. By slowing down the CPU without telling people, they were able to delay the problem until that coverage expired. I owned one of these devices and never disabled the CPU throttling. It still eventually got to the point of repeatedly crashing, rebooting, going from 60% battery to 4% battery in five minutes, etc. It just took a bit longer to reach that point. Does this happen to any old device you have? I've used laptops to the point where their batteries last very little time, but they still don't spontaneously fail like that. People have suggested that this was Apple's attempt to avoid warranty claims for another hardware failure, something that Apple has done repeatedly.

I don't think they were malicious about this or knew from the start that they were going to limit their phones in that way. However, as Louis Rossman has said, when Apple repeatedly has hardware flaws and avoids warranty requirements on them, and each of them just happens to earn them money, then it becomes reasonable to ask whether it was deliberate or if they have failed in their duty to their customers. There is consumer protection law to handle this in a lot of countries.

Re: Count Me In

I still disagree with basically all of your points.

"Whereas the telephony industry has been highly successful in ensuring that any telephone can call / SMS any other telephone, anywhere on the planet, the Internet industry has been infected by greed, self promotion, and the inevitable lack of interoperability."

From my point of view, the internet industry allows me to contact any computer that agrees to take my connection and transmit to them, and if we agreed on what protocol we're using, we can communicate just fine. Yes, there isn't one single protocol that communicates with anybody, but I can, in fact, use any of the options equally well or I can build my own and it will work too. The internet industry needs interoperability between the links that allow my packets to flow, and they have it. This is why I can have a video call between me and people on two other continents, encrypted, through my own server, and I don't have to pay the prices I'm still charged if I were to make a single voice call to one of those people using the phone system which has its one standard and is much more greedy.

"You do agree with mandated standards - you depend on them entirely, just to be able to make posts here (for example)."

Not really. I use a lot of standards, but not mandated ones. I use the WiFi standards because it's convenient, but if I had implemented my own point-to-point wireless protocol, it would also work. I use the Ethernet standard because that's the ubiquitous cable, not because someone told me that other cables were forbidden. As for TCP, UDP, DNS, and HTTP, all of those are standards which are optional and maintained by people who make them available, not demanded. Should I decide to implement my own network protocol over the basic IP level (also not mandated, but it's what my ISP supports), I am free to do so, you are free to use it, and if we do, we can talk to one another over it.

"The fact that we've not been able to move on from SMS/MMS is because the companies that do this say there's (presently) no point having the costs of implementing a richer IM layer as part of the next mobile G, because the large tech companies have fragmented the market and locked people in."

I agree with them for a different reason. It's not worth adding another version because we now have network communication, so we don't need them. There are advantages to a communication system that's not tied to phones, so you could send a message from a computer that doesn't have to hand the communication part on to a phone. If I want to send you an SMS, I have to use one of the weird email-to-SMS bridges that some providers probably still have, and if you want to reply, there's a chance that the bridge doesn't go the other way. If I want to send you an email or use one of the many other chat systems that are generic, I can do it from anything with a data connection.

Oh, and on the encryption front, you're correct about the provider having the ability to damage the software you're running, which is one reason I don't use WhatsApp even though it is encrypted. Using open source software and/or decentralized clients helps with this. I have the knowledge to check that, as I'm sure you do as well. Dismissing it based on that risk isn't very convincing when the alternative is no encryption or really any security at all.

Re: How?

You organize your data so you avoid it, but you don't have locks on everything making it entirely impossible to upload something you shouldn't. Your success in not posting stuff that shouldn't be public is due to being careful, and the steps you take are designed to make that easier.

My problem with the calls to fix this in software is the assumption that, somehow, computers have to make careless users harmless. Somehow, if a user is physically capable of causing a problem with the system, then it's the system's fault. This is not used in a lot of other parts of the world. Take physical security. There are some people who work in extremely secure facilities where they may not take anything in or out and they're subject to lots of scans to ensure they haven't. Does everywhere you have worked do that? My offices have not; if I want to steal something, I can scan my credentials to unlock the door, pick something up, and walk off with it. This doesn't mean that, because theft was possible, the security system is at fault. If we took that attitude, you'd eventually reach the point where every employee or visitor would have to have MRI scans on entry and exit. At some point, designing the system to prevent idiots doing stupid things is worse than working a bit harder to have fewer idiots and to make sure they understand information about whether what they're doing is stupid.

Re: Look at me!

I'm quite sure they will. Russia has basically nothing they can be that proud of except for the fact that they have a much larger nuclear force than even many other nuclear powers. This is how they can still count themselves as a superpower even when nobody else would. That is the kind of incentive that is needed to make sure you keep hiring people to maintain and operate the facilities even when there is basically no realistic situation in which those weapons would need to be fired.

To be fair, either of those can kill you. Most isotopes of uranium take a rather long time to decay, but they can also kill you with radiation (and poisoning, but you can probably more easily refrain from eating it). However, the ones with really short half-lives, while more dangerous at the start, are also the ones that will quickly turn into something else without having to be stored for a long time. Depending on what that something else is, it may not be radioactive anymore and therefore the radiation risk is eliminated.

Re: Spreadsheet imports

This kind of thing wouldn't surprise me, especially as a lot of software that accepts spreadsheets as input have lots of available columns. If they were importing something structured, like XML, JSON, or SQL of some sort, then those fields would have names they could check against. I've seen spreadsheets that looked like this:

<itemname>, 0, 0, 0, 0, 0, 29.99

With all the zero columns being for fields that you weren't using. When there are already columns like that, one more doesn't stand out too much. This is one of the things that caused me as a child to stop using spreadsheets to store information when it got too big and use a format that wasn't as prone to user error, although that also taught me a long-lasting fear of nulls which don't always mean the same thing.

Re: Limited life span?

"You are incorrect. All Chromebooks released after 2020 now have an 8 year support life from the release date. Even the £150 ones."

I stand corrected. It doesn't make me feel that much better about them, but it is a bit better than when it was less than eight years, so some points back to Google there (they're still on negatives).

"The second problem you list "no technical reason for the end of support". There isn't for Microsoft stopping providing Windows updates either. Or Apple providing MacOS or iPadOS updates. Yet, they both do?"

This wasn't always the case. For example, it wasn't the case for Windows until Windows 11 happened. You could install Windows 10 on any compatible hardware, even a Pentium from 2000. It wouldn't work well, but you could do it. Even when they did add that in Windows 11, they didn't do it very strongly, as bypassing the hardware check and installing it anyway is a quick process that still works even though people have been doing it for two years. A similar argument applies to Mac OS, where you can install new Mac OS versions on old Macs and they function. I don't approve of Apple's cutting of support, and I have complained about it frequently. The fact remains, though, that you can install modern Mac OS on Macs that don't agree to install it and all the features will work, whereas you cannot install modern Chrome OS after the AUE death date. You can, of course, install Chrome OS Flex and lose several features that they could quite easily leave in. My argument remains the same: Google is worse for no good reason.

"Which it I am referring to is obvious."

To you, perhaps, but I am at the very least the second who doesn't know. At first, I assumed you were referring to the Asus model, either having found its price or having mistaken something else for it. Now, I'm not even sure of that since you indicated that you didn't have the price of that but still think it was obvious.

There are a lot of SBCs out there now, and many of them are at a similar price point to the Pi, although in my experience their specs and software support are usually not as good. For example, there are really quite a lot with quad A53 CPUs, which is getting a bit old now. The quad A55 is certainly better, but it's still a six-year-old core and intended for the little half of the cores. Of course, this isn't necessarily a problem depending on what you're doing with it, as for a lot of networking or automation, the A53s are fast enough and the machine is connected to mains power; I have a few doing that kind of task. I sometimes want higher performance or better power efficiency, though, which is why I've been waiting for better SBCs to come out eventually. The ARM-based SoCs that manufacturers have been making are really great compared to the ones we have access to.

Still not the downvote guy. I don't bother with this much either because it's not as much about what I'm doing right now than what you need. If I'm available right now, I will go read your message. If I'm really busy right now, I will ignore your message (there are ways to get my attention if it's that urgent, which it probably isn't). If I'm only slightly busy, then I can quickly determine what is going on and whether I think you can wait, so that's what I'm going to do. Rather than having you make the judgement, I prefer that you send me your question. For one thing, if you ask a question and I'm too busy to answer it, then when I come back to it a few minutes later, I can give you the answer even if you're not there.

Re: Our global internet is being killed off by governments.

I think they'll find it very hard to get people to adopt this voluntarily. My best guess is that they'll talk for a while and eventually give up. However, we are talking about the country that really likes turning off the internet for whole states* for weeks, so I don't think more sophisticated censorship is inconceivable.

* By states, I mean places with larger areas and populations than some countries. It's usual for the people cut off from the internet to count in the millions. Also, those shutdowns don't tend to be universal, because it more often applies to the mobile networks than terrestrial ones. A lot of people only have mobile connections, so that isn't as easy to deal with as those of us for whom home internet is generally available.

Re: Looks like I'm safe!

I wonder what statistics are available about use of public WiFi. While I don't go to places with those networks often enough and most of the time, I'm not trying to connect, I remember using them somewhat frequently a few years ago (I have a VPN) which now feels less necessary with a mobile plan with more coverage and a less limited data throttling policy. I'm sure there are places that don't have that level of mobile coverage or quality, but for the many countries with developed networks, I wonder if public WiFi has become less often used in general.

I didn't say you had to trust me or them. I didn't say all their statistics were wrong or falsified, although when you see statistics from lawyers, you know they are the set that support their case. That may be the only correct way to view the data, but it also might be very wrong. I do not want to convince you of a particular point. I will, however, explain some things you questioned.

First, you don't understand why I said that 16 employees created the divide they're talking about. Here's how I got that. There were, as the article states, 248 people over 50. 60% of them were fired. Of the set below 50, 54% of them were fired. Had they fired 54% of those over 50, that would have come to 133.9 people, which we can round to 134 although I rounded it to 133. They actually fired 149 people, which makes 16 more than my original rounding of 133. Therefore, the difference that they are pointing to, which is 6 percentage points, is 15-16 people. This may but does not necessarily indicate a small sample problem. For a simplified example, if they fired the three-person team mentioned in my original comment, you could say that they fired 100% more women than men, but the difference is one person, which makes it more likely that it wasn't for that purpose. This is a simplistic understanding, as there are plenty of reasons other than simple chance that could have been used. Some would indicate discrimination and some would indicate normal running of a business. If the sample size was large enough, assuming that some other factor was necessary would make sense. Since it is smaller, that is not as evident and other factors must be investigated.

The difference becomes larger in other sets. For example, the female-to-male divide consists of 221 people, which is a much larger sample. That still doesn't necessarily indicate discrimination, but that is much less likely to happen by random chance. By far the best number they have is when they limited the numbers to engineering roles. The reason for that is that, if there were a lot of women and few men on the moderation team, then when Musk decided to demolish the moderation team to get started on destroying the business early, the women would end up in a worse situation for a reason that will not count as discrimination in court. They will probably have to make a lot of similar subsets to demonstrate discrimination when controlled for what kind of job was being done by the person who got fired.

Bringing in random chance is already a problem, since even with the extremely poor quality that was used during the process, people don't get fired by random chance. Calculating how likely this would be if the decisions were made using dice is not the right way to determine discrimination or not anymore than you would expect your raise to be determined by flipping a coin. You still might be treated unfairly, but it would be due to decisions of your employer that they didn't want to give you more money, not valuing you accurately, or discriminating against you, none of which is random. When you start comparing something to random chance, you open yourself to lots of arguments about what counts as a positive result which will dramatically change the random value. When that comparison is of no value, it is often not useful to bring it up because you'll end up in a stats fight.

She probably didn't identify herself for the same reason I wouldn't. I don't really want to be questioned by the police. The stolen phone example has already occurred to me: someone found a phone on the ground and brought it to me because they thought I would have the skills to locate its owner. The phone had been reset and locked by Google's anti-theft mechanisms, but wouldn't tell me identifying information about the owner. Now do I want to try activating a stolen phone on my network in the hope that Google tells me who to return it to instead of deciding that I stole it? I brought it to a mobile store, asked them if they could find the owner, and left as soon as possible. I don't know what if anything they did with it, but I certainly don't want to be the point of contact for the police on a situation that isn't related to me. The best case scenario is that they record information about me in a system that's likely unprotected and will be leaked in a few years.

"I really can't wrap my head around why they're so determined to allow untraceable guns."

It's typical reaction to a strongly-held opinion. They think "I don't like restrictions on guns. This is a restriction on guns. Therefore, I should not like this". If it stopped there, they might think twice and figure out how weird it got, but they've added another statement to their syllogism: "I do not like restrictions on guns. I hate the people who suggest restrictions on guns. This is a restriction on guns. Therefore, I should not support it and I should hate the person who does". At the point that they've added a bad person who can be blamed, they don't feel the need to keep thinking about whether the idea they just had makes sense, even under their previous opinion of guns being great. It's not limited to that opinion, either.

It's a common logical failing that affects many of us, including me. Not about guns in my case, but there are things that I strongly support, and I am more easily prone to making quick decisions about things related to those without considering all the factors. I try to remind myself to review things that I've made instant judgements about to reevaluate whether that was a good judgement. I'm not great at that, nor are many others I know. Some others I know never even think that their opinions could be wrong, so as soon as they form one, it is set in stone and may never be questioned.

Re: It couldl all have been so very different

Yeah, that's not what happened. Russia has had a lot of opportunities to be involved with the west. Most of the time, they've been invited to work with those countries on international issues and they've taken that opportunity. I'm not sure which specific incident you're thinking about this time, but not every time that they aren't given a chance to join in is a permanent snub from the rest of the world saying "you might as well turn yourself into a country that everyone else hates". Russia's current isolation is a result of repeated attacks on other countries with which they have no legitimate cause for war, not the openness or lack thereof from the United States. In fact, while they were conducting those attacks, they received a lot more approval and support than they deserved because countries in the west kept hoping that, if we didn't close them off, establish closer ties, keep helping them improve their economy, make sure they never feel in the cold, maybe some day they'll stop invading other countries. That failed.

Re: Lifespan

I accept your premise, but I disagree with the conclusion. You estimate that a device can be kept for four years. Theoretically, that means Chromebooks are fine, since they'll get 6-8 years of support. The problem is that the longest times are for the flagship models, the ones that cost as much as a Mac and you're certainly not buying. That leaves you with the standard 6-year support cycle, and they get that support from some time of the manufacturer's choosing, which isn't when you obtain them. You can go and find Chromebooks sold as new which are already four years through their lifetime (I think the manufacturers started counting before they finished making them). Those tend to be the cheapest ones, you know the ones that a cash-strapped school might buy so everyone can have them. Now you've got machines which you think will last four years, which the school will budget for lasting four years, and which probably will continue holding together for four years, but you'll only get two years of security on them. Even the worst Windows laptops will have security updates for that time, even if they're annoying to use. I haven't tried the low-end Chromebooks, but I wouldn't be surprised to hear that they're also painful to use, especially having seen Chrome's hardware requirements.