Posts by doublelayer

Re: FFS

Are we reading the same article? The unions are targeting Tesla. That's the entire point of what they're trying to do, hence why they're not delivering license plates specifically to Tesla, not anyone else, and a different union is only refusing to unload Tesla vehicles. So when he says that Tesla is the target of the union's actions, he's completely right. Not that he does anything right after that bit, but that part of his statement appears undeniable. This makes me wonder why you express a different view. Did one of us miss an important fact here, or are you making a point I'm not understanding?

I can't really see why a business should bother. You can run everything on a $100 Android tablet, but not very well, which means you'll probably end up outsourcing some of it to a remote desktop somewhere. If you're doing that, why not spend slightly more on the computer and have most or all of that run on that instead? Similarly for the choice between a tablet and a laptop. Why use a cheap tablet and separate peripherals when, for around the price of all that stuff, you can buy a laptop which has all of those and is more easily transportable?

I imagine that any cost savings on the hardware will be wiped out by getting all the software to run well in an Android environment and more frequent hardware replacement. I, for one, do not want my business software running on the average Android tablet running who-knows-what software, no security updates, and no ability to apply a reasonable corporate standard to the above. Not to mention that many businesses are willing to buy laptops, Windows, Mac, or Chrome OS, that are much more expensive than they really need. If they're willing to pay 50% more than they need to, maybe the cost savings on a one-off purchase for several years isn't very concerning to them.

Re: Er, is this article 15 years old ?

But Amazon wasn't building them then. It's not that the concept is new, just that another company has decided to make them, and maybe they'll have more success as they also provide the remote desktops and surely somebody must be running them. Meanwhile, I've worked at companies using AWS but they aren't using AWS-located desktops any more than anyone was using Microsoft's Azure remote desktops.

Re: "the video version also impacted nervous systems"

In my experience, watching someone else and being watched myself are pretty different, even if I'm watching someone else while I'm being watched. There is a similar difference if I'm participating in a meeting, where I'm supposed to be doing something, and watching something passively, where if I stop paying attention then at worst I have to rewind it a bit.

Comparing watching television or online videos and a video meeting is not going to get you far.

This was a generic example, but look at it. Does this sound like product documentation? It looks a lot more to me like the documentation of an internal process. Yes, it would be nice if internal processes never had bugs that the documentation worked around, but it's much more acceptable there than in a released product, since the people using it can be required to follow the procedures.

In addition, the example phrase was a bug. It could have been anything else: instead of crashing, the "general type" or whatever we want to call it is undesirable but needs to be left in for some edge case. Or it is one phrase that refers to something outside the interface you're working with in the middle of a lot of text that all refers to that interface, so a reader assumes that everything they are doing is located in that interface. Basically, if there is some detail whose obviousness is significantly lower than the other details, it can help to accentuate it. When the details it's mixed with are extremely obvious, it can be logical to remove them and only state the nonobvious ones.

I disagree about the docs being identical, because if you actually do know what you're doing, it gets really annoying having to read through too much obvious stuff.

To make a new image, open the main interface, click on "Image", then click on "New". In the "Image Name" box, write the name of the image. Image names should be memorable. Set the scheduled build date for the image. If you want to release the image immediately, you can click on the "Now" button. Otherwise, set the day, month, and year to your release date and optionally set the time using the hour and minute controls. If you don't set the time, the image will be released on midnight of the date you selected [which the hour and minute box say]. Select the image location using the "Location" control. [Five more paragraphs of this]

After a while, you either skim or skip it entirely, and that means you miss the line in the fourth paragraph that says "When you're setting the image type using the Type control, selecting the General type makes the resulting system crash". Meanwhile, concise documentation for people who don't need to have every label repeated can just say "Create an image. Do not select general as the image type as that causes a crash."

Re: "source-available" or other semi open source licenses

The part about not being allowed to use the software in a way that competes with the business. It's in this license. It is not in the GPL V3, AGPL V3, or any other version of the GPL, AGPL, or LGPL. That's the difference, and that's the point we're all discussing.

Re: Financialisation versus origination

That article is not the only source on what open source means. One major source is the licenses that implement it. Commercial uses are specifically mentioned in them.

"Use of open source without paying its contributors can be viewed as wage theft in the UK, however, there seems to be no appetite for regulators to enforce law nor I am not aware of any contributor taking companies using the software to court."

The reason they don't is that it's not wage theft unless you have some agreement that I'm owed wages. If you use the code I made available for free, I am not owed wages. If I do some work that is useful to you, but you didn't agree to pay me for it, I am not owed wages. I am owed wages when we've agreed that wages are to be paid or when I am mandated to work. Neither applies if a company uses available open source or if someone contributes to their open source software.

Re: "source-available" or other semi open source licenses

It's not. It's considered a fully open source license, at least based on the OSI definition. Things like the BSL do not comply with that definition, but you can see and modify the source, so that's why they categorize that as semi open source.

Re: Financialisation versus origination

Basically everything you said is wrong.

"Open Source has always been about free for personal use."

Most licenses, the ones that go back decades, specifically include the fact that you can sell the code, you can sell the use of the code, and various other clearly commercial rights. It's not new. They restrict how viable a commercial product can be, since you can't be the only one to sell the code, but they very clearly include it.

"Rather than taking an apprentice, they can publish "open source" project and let the public contribute. Then often if they like the work of some contributors they offer them work."

This has a right and wrong part:

Right: This is a way to get free work.

Wrong: There's any problem, legal or moral, with that. The only free work they get is from people who deliberately choose to do so. Nobody is making anyone do that. If nobody is interested in solving their problem, they don't get their problem fixed. They can hope that someone comes along and takes a liking to their code and they can snap that person up, but if that's their plan, it's not going to work too well.

Re: Isn't there an obvious flaw?

Yes, that can happen, and it has for most of the big cases. Amazon forked Elastic's products and made OpenSearch. Terraform has been forked to make OpenTofu. Basically, the quick switch to proprietary is not necessarily going to bring the cash the companies want, but it is virtually guaranteed to cause chaos in the community of users and contributors who now have to decide which fork to use. In Elastic's case, they deliberately introduced breaking changes to try to prevent OpenSearch from being compatible with their version, which caused some extra chaos for both projects.

Re: If Only

No, people don't see that as non-free, as it's trivially accomplished by not having a contributor license agreement that reassigns copyright or gives unrestricted rights. Linux, for example, doesn't have the copyright to every part of the kernel, and therefore can't change the license without some difficult effort. This might lead to a backlash against CLAs. At one point, a CLA made some sense because it allowed a central project lead to control the project even if you, the part-time contributor, got bored and left. Now that the concern is that the central project lead will switch to proprietary, giving them that control seems less desirable.

Re: "proprietary gatekeeping wrapped in open washed clothing"

"Nobody paying attention will run along with this. This is just Big Capital pulling the wool over the unwary."

The concern is that it will spread. When someone announces something open source, there's no way of knowing whether it's about to change license or not. If there's any corporate structure, then someone could buy or otherwise gain control of it and completely change the terms. If people start to avoid anything that looks too much like a company making open source software, you run the risk that larger open source projects get fewer users and developers. While it's always been possible for open source software to die, it usually happened by a slow loss in continued updates rather than an overnight switch to proprietary.

Re: So what about all the students reading books to write papers?

The argument is that reading a book as a human and processing the book in a process called "training" aren't the same thing. Thus, just because one is acceptable doesn't mean the other is. It gets philosophical when we start to ask what the model is really doing with the text it is ingesting, but it should be clear that I can't use whatever copyrighted information I want just by calling whatever my program is doing training.

Re: Rome or Vatican?

Of those states, one of them is not just a city, but a city and surrounding area including several islands without urbanization yet. It is a state that only has one real city in it, but not a state that's entirely enclosed in a city. Another is a state that is entirely enclosed in a city, but that city is not enclosed in another city, which is what they were talking about. So there is only one state that fulfills their criteria.

Re: For best results, use a password generator that can give you a long, random string"

"The most fundamental rule that is not being imparted is:

a password is not to give you access -- it's to deny access to others, so don't make it obvious.

But I've never seen that stated plainly in any password policy I've seen over two decades of consulting."

I didn't think we had to, since that seems rather intrinsic in a definition of a password. I think users know what a password is for. They either don't care as much about the desire to make it secure or don't understand how password security works, and the latter is a point on which we can help, but I think they understand why they've got one.

And you assume that they're providing their customers' passwords why? Did you read that in the article? Did you read that in their statement? Does it make any sense whatsoever, given how password managers work?

They didn't.

Re: What about sites that force you to make it easier?

I usually assume the worst with sites like this. One reason this could happen is that someone copied and pasted some validity checking code for no reason, but the most plausible reason I can come up with is that the password is stored raw in a database and they're worried that some characters will mess up an SQL statement, meaning the service is vulnerable to SQL injection and has my passwords in plain text. Maybe that's not true, but if I see those requirements, I assume that they hold and act accordingly.

Re: Streaming Passwords

This is true in my case. If I expect that I will have to enter a password on something with an annoying input device, the password is likely to look something like hzycdkbkfamxptdjdl. Length makes it secure, but by having no characters that aren't on the lowercase keyboard, I don't have to keep switching layers to enter it. This is, of course, if I have the luxury of encrypting it and looking it up only when needed. I imagine that people who have to enter it frequently or share it with others don't bother with that either.

I'm not sure it's as simple as email addresses rather than an internal communication system, but either way, that's a good target for investigators to go after.

Re: You write this as if

They are a business in most respects, other than having a corporate entity that pays tax, but nearly everything else they do is done like a business. That doesn't prevent them being scum, and they certainly are.

Re: Who benefits if this changes

I don't think it works that way because 401K accounts aren't a pension which pays out specific amounts. They are tax-advantaged individual investment accounts. An employee who contributes a certain amount can invest and withdraw from that money subject to certain legal requirements, and someone who put less into it simply has less to work with. Since there is no common pot, the forfeited funds can't be put in one unless they stop using 401K accounts altogether.

Re: Two questions for the price of one

Just because something's been reorganized and turned into floats doesn't mean the original data is not there. If things were that simple, I could eliminate piracy and copyright in one plan by making a suitably annoying obfuscation system. The way you can determine that the data is still there is when models like that start to reiterate the training data verbatim. They have been known to do so, sometimes on their own and more often when prompted with a starting point. They have to do some calculations to reconstitute the original work, but it's in there.

"Isn't the copyright holder reimbursed when the trainer buys the book in the first place?"

So far, no, because they didn't buy the book. They found illegal copies online and used those for free.

Even if they started buying individual copies, buying a copy of the book doesn't necessarily let you do whatever you want with it. For a very simple example, if I buy a copy of a book, I don't get to start printing and selling my own copies and saying that the author got their compensation when I bought the first copy. There are limitations on the use of the content of the books, and it is not clear whether AI training qualifies. I think it should not, but the law doesn't clearly answer either way.

Re: Is it legal? Who cares. *Should* it be legal is the question to debate

True, we should be discussing that, but it's likely not to happen until some court has decided what the current law says. Once a decision has been made, lobbyists for AI companies and publishers will start to try to change the law to better serve their companies, and we can start having that conversation, not that our views will be at all important to the politicians making the final decision.

In the spirit of having that conversation, I'm on the side of copyright here. I don't think the benefits of more articulate programs outweigh the costs of effectively telling anyone that, if their program is large enough, they can use anyone's copyrighted information in any way they please. We all know that this power would only be available to companies that are large enough; if I ran a copy of the Windows source code through as training data, Microsoft would not agree that it's acceptable, even as their friends at OpenAI effectively do the same to lots of others.

Re: Two questions for the price of one

That's not the argument at all. This is not about temporarily copying the text into buffers during processing. It's about two other copies:

1. The copy in the training data, which is not temporary because it's kept around for months to train models on, if not forever so it's available for subsequent models.

2. The storage of the processed work, which in many cases includes most or all of the work, just sliced into pieces, in the final model.

The copyright holders are claiming that point 1 is a violation of their rights because the companies did not get permission to obtain the work at all, and that point 2 is also a violation because it involves the storage and reproduction of their work. There are arguments that the second is not a violation which I don't find convincing, but either of those can be a problem for those who use copyrighted material as training data.

Re: IP is an industry

Whether it is valuable is not important. It could be valuable, and thus we find it useful to protect it. If it's crap, then nobody will buy it and its protected value will still be low. If it is not, the people who put in the effort which resulted in it not being crap deserve to benefit from that effort.

And yes, there will be an IP litigation industry, just as there is an industry for any profession, including ones that rely on negative aspects of our world. There is a toxic waste disposal industry, a fraud prevention industry, a repair of electronics after their manufacturer has dropped support industry, and an IP litigation industry. If we had less toxic waste, fraud, premature obsolescence, and copyright and patent violations, then we would need less of those things.

Re: Two questions for the price of one

"If it were instead a breach of contract with such a stiff penalty, that would seem to open the door for very onerous EULAs."

I don't see that as any stronger than an open source license. It's still based on the copyright rights to the content, and rather than applying a license to modifications you make, it limits your ability to store it on a different system. Not to mention that most of the ways you could store it on a system that would actually incur their investigations would themselves be copyright infringement, and they would go after that instead. While their term technically means that scanning it is not allowed, they're unlikely to do anything to someone who did for their own use unless that person also published, sold, or made a commercial derived work from those scans.

Re: Support for a federal law? Eh? It already exists.

If a child learns enough to use ADB to disable that overlay, they're likely to know plenty of other ways to do whatever they want on that or other computers. ADB use is not that common for kids, or for that matter adults, and if they're going to do it, it requires another computer on which they could probably do whatever the phone is blocked from doing. This is really not a realistic concern for how such a feature could be disabled, and if this is really concerning to you, you might suggest that the provider of the overlay blocks the ability to change developer settings, therefore preventing the child from authorizing a computer for ADB control in the first place.

This is not a convincing argument for why the device needs to have special software baked in for parenting reasons. No desktop computer has it either. Even if you're the kind of parent who builds a customized Linux image that has very specific permissions set up, it wouldn't prevent some child from theoretically finding an exploit that allows them to escalate their permissions and disable your work, but that this is possible doesn't justify requiring someone else to write it for you.

Re: So whats the balance?

"I can no longer trust that a lost iPhone is secure cos somebody can replace the magic-security-pixie / fingerprint reader"

That's not how that works. Here's what would happen:

1. You lose your phone or I steal it from you.

2. I take it apart to replace the fingerprint reader with one that I've designed at great expense to work the same way the Apple-developed one does but always accept my fingerprint. Somehow I manage this even though the part is not open and so making that would require difficult and expensive reverse-engineering.

3. I put the phone back together, never having turned it off.

4. I scan my fingerprint on my compromised reader. Nothing happens, because the reader is not hot-swap capable. The phone won't read from it unless the sensor is present at boot.

5. I restart the phone to pick up the new reader. The phone restarts and demands the passcode, since without an active session, biometrics can't decrypt the phone. My reader won't be able to get through that.

In short, your scare story is completely invalid. Not to mention that there are several other ways to design a phone that would prevent a sensor swap from breaking encryption. For example, you could put the encryption key in the sensor, and then swapping the sensor locks the data away since it doesn't have the key. Users who need to replace the sensor can decrypt with their code before swapping in another sensor and re-encrypting with that. There are lots of options other than preventing the sensors from working.