Posts by doublelayer

Re: Powershell ?

They target Windows because the people they want to get information about are using Windows. If the people were all using Linux, they would target Linux. Malware that does target Linux has been successfully written and deployed against Linux systems, including many strains of ransomware. Did you also think that Macs don't get viruses a while ago? Do you think that now?

That depends where the code is being used. For example, they're blocking contributions that would add support for the hardware they produce in the mainline Linux kernel. That means that they can't sell the hardware as compatible with mainline and have to patch themselves. Fewer people will buy their hardware if it has that limitation. In other cases, there is probably much less effect on them, but it happens automatically because the people have been sanctioned. GitHub doesn't have an office of people discussing whether a certain person being banned will affect Russia's electronics industry. They have a list of sanctioned organizations and they push the button to ban people connected to them. They assume the people who made the sanctions list know what they're doing.

Re: Ridiculous

"these would-be FOSS contributors are not even living in a democracy. What would you do in their situation?"

I would do as thousands of their countrymen have done and leave the country. It's not fun for Russians who despise their government to pick up and live in one of the countries that still accepts them, but they do it. Some did it to save themselves from the draft, which I don't have any problem with because by doing so they also save the people their drafted selves would have to shoot. Some of them would never have been drafted and left before the draft intensified, but they left for their own consciences.

Now that I've said what I'd do, let's look at what he did:

"You may rest assured that this "sanctioned corporation" takes no part in this awful war,"

There's a reason it's on the sanctions list. No, it didn't send troops to Ukraine, but it manufactures electronics necessary to build weapons and as a precaution, it was added to the sanctions list. I don't have a problem punishing the company, which does not automatically extend to punishing its employees directly but they may be disadvantaged as a result. But he goes on:

"and even if making civilian server products can be viewed as somehow taking part, that part is definitely far less than what, say, BMW or Bosch took in WW2, yet nobody seems to have cancelled them or at least remembered what they've done, let alone their individual employees."

We remember what they did, but that was many decades ago and, you know, it ended. When the war was still ongoing, do you think people in the UK were importing a bunch of BMW cars? They were not. They were not allowed to.

"All this is stupid, xenophobic and racist. Especially you labelling me as a terrorist on the basis of my ethnicity."

And a completely incorrect statement of what happened. Nobody called him a terrorist and it wasn't about his ethnicity. They blocked his account in a sweep of sanctioned organizations and it's about his position. I know a person who is also Russian in ethnicity and contributes to open source software, but because she doesn't work for a sanctioned company or support Russia's invasion, she hasn't been banned anywhere. He knows all of this, and he's making this up because he doesn't have a response for the real reasons why he's been affected.

Re: long-term Windows users are used to this and will barely notice

"To clarify, the "walled garden" I was referring to the operating system, where the core operating system, drivers and sub-systems can only be sourced from Apple."

You can install drivers and kernel extensions from third parties. By default, you will need to get a special certificate from Apple to do this, but they still allow you to build them and a user who is willing to deactivate their security checks can use unsigned ones. They have deprecated some interfaces used by kernel extensions and migrated behaviors to system extensions, but the ability to attach others' system modifications is still there. I don't think this qualifies for walled garden status as IOS does, where you cannot add something to the system unless it fits in narrow approved channels and Apple has approved every step of the process.

Re: Seems pointless

"Microsoft still haven't done it, despite the likes of iOS and Android demonstrating the virtues of not being tied to one architecture."

You might be surprised what would happen. IOS is on one architecture: ARM64, Apple chips only. They've switched once, from 32-bit ARM, and that might be termed a change, but it's not guaranteed that they could just push a button and have it all recompiled to X86 or something else. Android does use interpreted byte code in many places which makes porting easier, but a lot of applications use compiled components that are architecture-specific. Take apart an APK of an application you use sometime and check what's in the lib directory. There's a chance there isn't one and there's a chance you see a long list of architectures (if Google wrote it, there probably is), but for most apps, expect to see armeabi-v7a and maybe arm64-v8a if they've produced optimized code for 64-bit, and that's it. Those apps will need a recompile if the architecture changes and emulation isn't good enough.

Re: lovely machine

When you call it a "lovely machine", what are you referring to? So far, you've indicated you don't like the software, the processor, and the price. This seems mostly incompatible with calling it lovely unless you're particularly enamored of something else, like only having two ports or having non-replaceable batteries and RAM.

I'm not that impressed with it either. I'm glad they're using some open firmware for ARM, so maybe eventually we'll have more generic support for alternative operating systems, but since we don't have that, I'm not that interested. It's also expensive for something that's not a great machine. The only benefit I can see is the battery life if you don't use emulation, which is nice but I don't really need it at the moment.

Re: Now hand it to the FOSS desk....

It's probably useful to do, because I have seen at least once where Liam commented on someone else's story and several people assumed he wrote it and accused him of contradicting himself when what he really did was not entirely agree with the original author. Clarifying that he's the author makes it clear that it's not another person employed here, though looking at the username would confirm this.

Re: long-term Windows users are used to this and will barely notice

I agree that Macs are not a walled garden and the original complaint is baseless. However, I have to disagree with "Apple even tell you how to [get around software they block]". No, they don't. I know how to do it, and one reason is that I've been called for assistance by everyone I know who got hit with the message that Mac OS gives when you try to run something untrusted. The message that makes it look like the file's been corrupted and does not tell you that you have to open the menu and select "Open", even though you just did that by clicking on the application, then possibly go into the settings to change a policy, then go through that menu again and then it will be trusted. They don't tell you how to do that. Still, because it is still supported, it would not be fair to call them a walled garden. Just a garden whose gate latches are weird and confuse people.

Re: long-term Windows users are used to this and will barely notice

I think it's a good option, but it's useful that, when updates are available, normal user-managed Windows installs give you the option to shut down without updating as well, an option that corporate-managed machines often ignore. The reason is that, if it's a laptop and it usually is, I might need to take it with me. Having it installing updates while closed in a bag and not plugged in is inconvenient because the machine can overheat or lose power. My solution to this would be to put it into sleep mode instead of shutting down until I'm ready to install the updates. I understand why companies do this, because I've seen enough people who would never install updates except when being threatened with violence so I'm aware that my acceptance and compliance is not universal.

Re: Shakespearian question?

I don't vote very often (I still haven't on your posts or anything in the thread), but I think the buttons make sense. There are many cases in which I disapprove of something but can't really argue against it. Here's a simple one. When a security event happens, there are often people who will post a comment like "They deserved it". I don't agree with this, but what should I say in response? If the person who said they deserved it didn't post reasons, I don't have anything to rebut. I could post "They didn't deserve it and I disapprove of your blaming them", but the downvote just shortens that. It will be equally divisive whether I post that message or press the button, because I'm still disagreeing. Instead of twenty copies of that useless rejoinder, we can see a simpler count and leave the wording of the response to anyone who feels they can respond to such a statement in a more useful way. This is why I don't mind the system as it exists today, but it's a subjective opinion so I don't expect you will agree with my reasons.

Re: The whole premise of this article is bullshit

The comment was intended to discuss the benefits of cloud servers, so it wouldn't relate much to manufacturing unrelated things. If your product is software that runs on servers you operate, a website that handles a bunch of visitors, or anything where your need for servers is related to the demand you have, then you can benefit from cloud's ability to scale and could consider that as a potential option.

If your business is making airframes, then your servers are likely not that important to you, because only a few people want airframes, they only want a few of them, and they won't care all that much if your order form makes them wait thirty seconds to confirm their request has been submitted. If you make software that thousands of people use daily, then it won't be acceptable to make them wait like that, so that company would care a lot more about their ability to scale than the airframe company. The same applies to people who use servers to present content to users. For instance, if I had to wait a long time every time I clicked on an article or posted a comment with the possibility that I'd get HTTP errors half the time, I would be less happy with this site. They use CloudFlare to help with some of that scaling problem in case they get a lot more readers than typical.

Re: Shakespearian question?

"At least have the guts to thumbs down and follow up with a reason why you're giving it."

I can generally summarize their reasons. Any time you see a thumbs down, it means "I don't agree with something in this". That's their reason. Why do they need to spam the forums with lots of copies of "I disagree with you"? When I disagree, I tend to post a response, but that's usually when I have counterarguments to your arguments that I feel are worth talking about. For the same reason that they don't have to post lots of "This!" comments when they agree with you and can just push that upvote button, the downvote button is the way to express disapproval without necessarily having to post a lengthy response.

I didn't vote either way on your comment or any other comment in this thread. However, I can probably explain why some of the people downvoted and didn't leave a comment. They might disagree with the idea that someone is bad for disagreeing with a company's decision to give a platform to someone else. They might agree with the disapproval of the person concerned, or they might think it's irrelevant. That is not a comment that needs a lot of explanation; one person says they care about this detail, and other people either don't care or feel the opposite way. Comments saying "I feel the opposite way" are content-free, so they use the button instead. Presumably some people avoided posting "I feel the same way", and they pushed the upvote button.

If you disagree with my explanation and you want me to understand why you think I'm wrong, post a reply. If you just think my approach is wrong, but it's a subjective thing that can't be defended either way, here are some quick vote buttons.

Re: But...

"If everything you need for your business is at the other end of a service that's down, you're stuffed."

That's true, but that's equally true with an on prem system. Unless the people are there to fix it whenever it breaks, you can have the same situation and it's just as bad. I've experienced this from the maintainer's and the user's sides. I maintain equipment for a charity that doesn't have a full-time person to do it. I have a full-time job as a developer at a different company, so my maintenance usually happens out of hours. When their on prem server (in my defense, not one I set up) failed during working hours, they had problems while they failed to get my attention because I was in meetings and then had to work with my instructions on what to do over the phone because I wasn't able to be there in person. Obviously, a company will probably have more than one part-time volunteer IT admin, but if the admins who know the system are unavailable, it can be broken.

The cloud can also be broken, but the admins are there to get it back up and generally do so quickly. I've used a cloud service that had an outage, and without having to do anything, it was back to normal in a matter of hours. Had we deployed services in multiple regions, we wouldn't have been affected anyway, but this was a test environment. That point is the most important one. If you can't withstand the service failure, you need to have redundant and backup systems, whether it's on the cloud or in the building. Neither one will prevent you having that dependency.

Re: Best place on earth for radio recordings.

I don't want them to go away and I don't think the people expressing surprise want that either. I have donated to them in the past and I benefit from their services. Still, with the level of copyrighted work they're hosting, it doesn't surprise me that they've got people angry at them about it.

One of its problems is that it doesn't behave like us. If someone asks a question here, I decide whether I know the answer to their question and whether I can write a good response to it. Maybe I'll only write something if one of those is true, but if both are false, I won't hit that reply button. GPT doesn't ask those questions, can't understand the answers, and always tries to make a reply. It's going to generate more wrong answers even with all the people who don't know what they're talking about simply because it lacks the ability to decide whether to respond.

The other problem is that when I have real filters, where I understand that something is wrong so I never claim it, GPT only has rough filters that understand that certain clusters of words are probably wrong so avoid those, but if it phrases the same concept in a different way, its filters don't work. Unfortunately, I don't think I can claim that humans generally have functioning filters for wrong (either factual wrong or moral wrong), so maybe that is more of a similarity with us than I'd like it to be.

Re: Isn't that Configured Backwards?

It could be either type of emergencies. For example, if there is damage to the wire bringing your phone connection to your house, which could be caused by a variety of things, then your mobile phone will still work in an emergency of that nature (yes, its wires can be damaged as well, but they likely have more backups than you do and if that tower fails, there's likely another one in range that can be used instead). If an emergency happens that involves both systems operating on backup power, then the landline can be the emergency option if the batteries run down as expected.

Re: Wifi calling on? Really?

To be fair, they did basically start with some examples that, in their generic form, can be paraphrased as "unless you have no or bad signal". Since you have no signal, you would fall into that category of people with a good reason to use WiFi calling.

I had that situation at one point and enabled WiFi calling to deal with it, and I have to admit that I had several problems whenever it was operational. I'd answer a call and could hear nothing for the first five seconds. I seemed to have several seconds delay before an incoming call would make my phone ring, meaning I had less time to pick up before it went to voicemail. I had people reporting that my sound quality was worse even though I was using the same microphones on the same device and my WiFi was fast and low-latency enough to be able to handle it. This may have improved in the five years since I had to employ it, but I was glad to switch it off when I went somewhere that has signal.

Re: Good luck with that

"Perhaps the mad rush to kill off GSM, UMTS/HSPA, and CDMA was actually a mistake?"

The problem here isn't intrinsic to VoLTE, so I'm not sure it's fair to blame the shutoff for something that Samsung's code caused. It was going to be turned off at some point eventually, and people have been making VoLTE-capable modems unaffected by this exploit for quite a while. I'm not sure how long a deprecation should be extended for a a just in case backup option for a problem not caused by the new version.

Re: Not sure compliance would help

That requirement for installation information only applies to GPL 3 or LGPL 2.1. Linux uses GPL 2.0 only and does not require installation information. A Linux image that you have the source for but cannot install on the equipment offered does not break the license for Linux. They will need to find a GPL 3.0 component in order to have a right to installation instructions.

The GPL applies to any code that is deliberately licensed under it and any code added to or linked with that code. Crucially, it does not apply to code that interacts with GPLed code with a method less direct than linking. Depending on what components are covered by the GPL, this can lead to different effects.

Let's take a common case: they have a firmware image that boots Linux. Linux is covered by the GPL, so they have to release the source to Linux. If they've modified Linux, for example by putting in extra code necessary to use their hardware, they have to release that too. Not that they always do, but they are required to. When their image starts, it runs an application they've written that is not part of Linux. It uses Linux's system calls to function, but it isn't integrated into the kernel. For now, let's assume that program doesn't use GPL libraries in it. They do not have to release the code for that program, even if it runs on Linux. This is just an example. There are other situations, but this one is common for embedded firmware.

Your assumption: "If that's the case there must be huge numbers of systems that break the GPL. Pretty much everything now seems to run on Linux!" is simultaneously correct and not exactly correct. Firmware that's effectively closed and uses Linux is not a problem if they release the code for the GPLed parts, which in many cases ends up being either completely or almost unmodified copies of the Linux code you can already get. That's not always true, but most of the embedded Linux devices you see all around you have not done anything interesting to the kernel and their required code releases wouldn't be very interesting. Even though it wouldn't help anyone, few of the companies that are required to release that source actually do it, which is why there are GPL violations nearly everywhere.

Re: why is it so hard to follow a simple license?

People still use the LGPL on some things. I am one of those people. In fact, when I do it, I'm deliberately trying to leave that option to the people who use my library. Even though that's true, the original point overstates it a lot. The code they've mentioned so far isn't using the LGPL, it's using the GPL.

Unfortunately, in many cases, companies that release GPL source code aren't providing much of use. You can get a copy of the Linux source, possibly with a few changes, but the application that is run on top of that Linux kernel and does all the important stuff is proprietary and they won't give you anything from it. Even if you search through all the source they gave you, you'll find a bunch of code you could have already gotten from its canonical sources in most cases. It's much rarer that companies include GPL source directly in the binary they want to hide from users, thus requiring them to GPL that part of the code. This is one reason I don't understand companies that don't comply with the license; most of the time, if they did, they'd be giving up no secrets whatsoever.

Re: Good reasons, or just reasons

Exactly, which means that by not updating those components, Sailfish will have to navigate around the older Android components. I'm not sure if that's why the page on Gemini OS support says that Sailfish is using version 3.0 while the Jolla website informs me that version 4.0 has been out since early 2021. Maybe that's not the reason that it's still on 3.0, but still, I'm getting indications that the Gemini is stuck on older versions of software on all of its operating systems despite being actively sold by its manufacturer right now.

This would not be considered acceptable with other hardware. If Microsoft informed you that your laptop just wasn't going to be supported, so no Windows updates, and not for any technical reason but just because they didn't feel like it, it wouldn't be normal. When we buy X86 kit, we generally know years in advance before it will be dropped by Windows* and it's basically certain that the hardware will break by the point that it's dropped from Linux. There's no guesswork, and if we find one running an old version of software with security holes, it's almost always because the user or administrator decided not to bother installing the updates rather than the manufacturer simply not providing any.

* Windows does now drop support, but we were given four years notice that they would, and that applied to equipment that had already existed for two to three years at least. I'm still not happy about it. Before that, they would tell you that the hardware was likely not going to work, but you could insist on installing Windows anyway and it would try to run Windows 10 on your Pentium with 512 MB RAM. This appears to still be true, but their comments on the matter have changed.

Re: Purpose

There may not be a problem, but consider removing some corner cases from your list. For example, in a situation where you can write in a notebook and not take it out of a secure location, this tablet would have to remain inside the secure location as well. Also, since it has an upload feature (I don't know how secure that is), that adds another asterisk to the security that the users should understand.

It can still be suitable for use cases as long as users understand the limits. Still, I wouldn't have thought that meaningful encryption would be too hard a feature to add.

Re: Good reasons, or just reasons

That helps a bit. As I haven't used Sailfish before (I have never had one of the few supported devices), I tend not to include it. Still, the Android software is what they ship it with, and unless I'm misinterpreting their rough Linux page, the software from which the Linux versions get their kernels. This means that, by failing to update their Android images, they're not only leaving the users of the Android software with insecure software, they're artificially hampering their Linux users as well, and given that a quick check on Wikipedia confirms that Salefish is also using Linux, probably that too.

This would be bad enough if they had just dropped the product and expected users to buy a new model if they wanted something newer, but no. They're still selling Geminis (although not ones with English keyboards, so if you want one, maybe one of the other languages for which they evidently made too many is close enough). They've built a computer, with the software update requirements of any computer, and they're now failing to meet those requirements. As much as I like the concept, and I find all their hardware at least somewhat enticing, that's not something I will support.

Re: not heartbroken, yet heartbroken

The Unix philosophy works well in software because there's relatively little cost to having multiple programs in one computer. If I write one utility or two to do a set of tasks, the resulting binaries are likely about the same size as the combined one, and all you have to do if you are using them together is set up the communication between them.

That doesn't work so well with hardware. Let's say that I have implemented a Newton-like system for interpreting handwriting and you'd like to use it with this tablet. Too bad, you can't. That's not exactly true, of course. You can upload all your writing to a server, either a cloud-hosted one or one in your own house, have it perform the operation, and sync the results back down. That adds lots of latency, because now the software won't be running in real time. It also adds dependency on whatever communication system is used to do the transfer. This isn't a problem if you don't want the feature, but there are benefits to combining features in hardware that are much smaller when all the components are software. This is why we have the general purpose computer instead of the electromechanical calculator, word processor, and digital document communication device on our desks.

Re: The US doesn't understand China a bit.

The real anthem is more martial, with instructions to soldiers to march against the enemies (when originally written, it meant the Japanese invaders of the 1930s and 1940s). An interesting fact about the anthem was that, during severe lockdowns and protests about them a few months ago, some people were using the first line of the anthem, which loosely translates as "Stand up, those who refuse to be slaves"*, to call for protests. Chinese internet censors therefore had to put in blocks on their own national anthem, or at least its lyrics. Maybe they should consider changing the words to match Pratchett's.

* The official government translation into English is "Arise, we who refuse to be slaves!". Others translate it differently, but the meaning is basically the same.

Re: I am a Rock; I am an Islaaaaannnnnnd

It would involve a lot of destruction and a lot of sacrificed Chinese soldiers. Both are the kind of thing that lead to civilian populations being rather unhappy with the people running the war, which would mean that a democratic nation is less likely to do it, and having done it, less likely to keep doing it long enough to have results. As Russia has demonstrated, when you don't have to worry about your people throwing you out of office, it's much easier to make them die in order to gain a shattered part of someone else's country. China has a lot of people and they don't really need all of them to keep living, which means that they can consider a war which would be rejected immediately by other countries on the basis that the body count would be way too high and the pain of the populace too extreme.

Re: In order to stop another country from destroying you ....

The fabs are not the only thing on Taiwan that China would like, but they are quite valuable and would help them a lot. If they had the chance to snap those up quickly, they certainly would. Destroying them has two advantages for deterring China's invasion: China would no longer get to add them to its manufacturing assets, thus giving it an even stronger position in more products, and they would no longer have access to the TSMC products they use. Just as other countries would suffer from the lack of TSMC-produced parts, China imports plenty of them and would no longer have that source. Leaving them intact during an invasion would allow China to have a strong position in advanced semiconductor manufacturing and to both deny access to the results and to have as many as they want.

This doesn't mean that a consistent threat to destroy them would certainly prevent China from invading, but it would be a large item in the "reasons to wait and invade them later" list, and the items on that list are the strongest barrier to starting that invasion since the barriers "people there don't want you to" and "they pose no offensive threat to you" aren't major concerns for China.

Re: In order to stop another country from destroying you ....

"... destroy what they're after first ..."

More destroy what they're after if and only if they are going to take it, and make it so clear that you will do it that they realize the invasion will deny them what they want. If you could reliably do it, it would work, but I'm guessing the level of reliable is too high for Taiwan to make that promise so consistently. This also depends whether China is ruled by someone crazy enough to prefer a shattered Taiwan under their control over a functioning global economy and not having democratic nations pondering war with them, which for a while has been there. Now that they're no longer trying to replace people, it's just a test to see if Xi comes down with Putin syndrome or not as he ages.