Posts by doublelayer

Re: Useless feature

It's most definitely a useless feature. Your suggestions, also, are not so useful:

"improving firmware security (Rust firmware": Why? Rust's security benefit is avoiding memory safety problems, which do indeed lead to security problems like buffer overflow vulnerabilities. That's a lot more important when input is received from another program, but you don't tend to get multiple programs running on a keyboard. The method for attacking it is mostly absent, and would either rely on any programming interface (which may not exist and is likely not prone to buffer overflow anyway) and user key presses (requires physical access). Writing keyboard firmware in Rust isn't likely to do anything different.

"encrypted USB connections": Not why, this time. More what? I mean you could set up an encrypted serial connection to a program on the computer which decrypts the signal and simulates the key presses, but why do you want to? The only way sending an unencrypted signal over a cable is a problem is if there's listening equipment quite close to the cable. That equipment could also use acoustic methods to hear what keys you pressed if it can't point a camera at you. It's not like wireless keyboards that need encryption both to avoid a more passive listener and collisions with other keyboards. Encrypting your communication on a cable that's right next to you just makes the keyboard harder to use with a computer without doing much for your security.

We don't need that much security on keyboards. Focus on the stuff they're connected to.

Re: Hackable?

I have the same question, but on the opposite side. How easily can I hack it? Not just installing a new theme, but doing some computing of my own on it. If it's got a CPU and GPU in there, that's kind of pointless unless I can compile some code without having to limit myself to their theming system. This keyboard isn't for me, but if I was going to buy it, I'd want to be able to write firmware which takes control of all the hardware and lets me do arbitrary things with it, not just changing the lights.

Re: A couple of solutions, offered for free.

In order to do it, you will need:

1. A desktop that you intend to run all the time, taking on that power cost.

2. A desktop that you don't expect ever to have problems that would interrupt your service, meaning that using it as your own desktop where you might damage something or even need to reboot isn't a great idea.

3. A network connection that stays on at all times, including when you're not there.

4. Your ISP to give you a dedicated address which you can host stuff on on your residential contract.

5. Some equipment such as a UPS to automatically recover from power failures.

6. A plan for what you'll do if your power or network goes down when you're not there.

7. The technical ability to run the mailserver software.

A lot of people are missing one or more of those. My ISP doesn't let me run whatever servers I want. I don't have a plan for dealing with a downed network connection if I'm traveling, but I'm also not willing to let my email become unavailable until I come back. I could manage the rest of it easily enough, but these problems cause me to use a server located somewhere other than my house. The general public is likely to lack even more of these items.

Re: Hope

"It's the same way that I'll see stuff being offered for free on Craigslist and it's obvious that the person is really looking for somebody to come by and haul everything away at no cost to the person posting the listing."

That's sort of the point. You can have this stuff that I don't want, and I don't need you to pay for it, but you need to come get it. You are incurring a cost in time to obtain a useful item. I've had people retrieve unwanted equipment to scrap it for parts, and it is most definitely their responsibility to deal with the bits they don't want. If they don't want the item, they won't go and get it. This is nice because I don't have to throw things away when someone will actually use them.

Re: …puzzled?

Not all big religions have confession systems, and those that did didn't have organized systems for sending important confessions to someone who could handle them. Not that it wasn't ever used for blackmail purposes, but that's not what made religion powerful.

What made religion powerful was that people believed in the religious figures and trusted the clerics knew what those figures wanted. If the clerics say that the guy who can sentence you to an eternity of torture wants you to donate a lot of money, and you believe that the torture is a real option and that the cleric is speaking truthfully, you give a lot of money. Bring in social and legal pressure for people who don't believe one or both of those things and you have pretty good coverage. You don't need to leverage confessions for that, especially as people who don't believe in the power of the religion are unlikely to confess something they don't want someone to know.

That would probably work, as long as the ISP resists the temptation to make it a significantly larger bill or charge per month. I've never used an ISP-provided email (I don't think my current ISP even offers them), but I see enough of the things around that people must lose stuff when they let them expire.

Re: A couple of solutions, offered for free.

It does, but I had the misfortune to use that and won't again. I had a PDA in the mid-2000s, the kind that had WiFi (802.11B) but no cellular connectivity. It had a mail client that only supported POP. Therefore, my choices were as follows:

1. Download all the mail currently there to the PDA, with delete from server enabled, then handle it all there. Using a computer later was a pain.

2. Download all the mail to the PDA with delete from server disabled, and then have to deal with it all again on the computer when I used that. Nothing synced information about which messages I'd deleted, moved, responded to, etc. I used it, but as soon as an alternative became available, I stopped.

Re: Centralised service, centralised problem.

"Expect to see a decoupling of the 'Google account' used for sign-in to phones, apps etc. from the actual email service well ahead of this so as to limit potential regulatory issues as much as possible."

It basically is already. You can set up a Google account with a different email address. It's just that almost all Google accounts are Gmail addresses and that, if you go through the typical registration process, they ask you to choose your Gmail address instead of entering your own email. You can still get to that form if you want, and if it became a regulatory issue, they'd start saying that more loudly.

Re: I wouldn’t know how to pick one that was likely to stick around.

The number of complaints about a service is also correlated with the number of customers. If you find a service with few or no complaints, it might also be so small that losing a few customers could take it down. If you can find one with a lot of praise and few or no complaints, there's a reasonable chance they made up the praise and also have few customers. There is no simple solution for figuring out how long something will stay up. You have to research them more thoroughly and have a plan for what you'll do if they tell you they're going away (and hope that they do tell you).

Re: A couple of solutions, offered for free.

That would be nice, but let's be honest, it wouldn't do much for the e-waste problem. I'd be able to get several for next to free as everyone else abandoned them. Most users don't want to set up a self-hosted server for it, so many would be junked anyway. Also, if Amazon just gave out the keys and let people play around, even fewer people would actually do anything, as they'd have to work out the way to best make use of the hardware. Properly open sourcing the platform, including nicely documented drivers, examples, and backends, would take a lot more effort that it's clear Amazon won't bother with.

I like it when companies release source for stuff, but few of those projects ever result in a useful result. Reverse-engineering replacement firmware is hard, and there aren't enough skilled and inclined people for each one.

Re: A couple of solutions, offered for free.

Feel free to use only one, but don't expect others to do so. Being able to read my email on a phone when I'm out is useful. Being able to read it later on a laptop when it's more important is also useful. I'll continue to use multiple ones, but you aren't required to do that.

Re: A couple of solutions, offered for free.

The critique wasn't about whether to use Google, but about whether self-stored mail data was going to work for the general user. I run my own mailserver, and it's a server. It's online at all times to receive data, stores it there, and I have to pay for it. Running that off a desktop isn't feasible, and a lot of people don't have the expertise to do that. Whether you use Gmail or not, it's likely to keep using servers rather than self-hosted on clients.

Re: rebooting the system

Yes, this is the other side of the coin. I've had occasions where I've said something along the lines of "If you don't start reading that word for word, I'm going to make you spell every word in the message". That usually gets them to read exactly what it says, although in a particularly angry tone. Of course, by the point I have to say that, I'm annoyed even if my tone doesn't reflect that, and on every occasion when that's happened, the error message contains important details. There will come a time where the error message is one of those vague ones and I've needlessly accused the user of summarizing it unnecessarily, but that hasn't happened yet so I'm happy to apologize when it eventually comes up.

Re: Bye bye Pi

They are comparable, but depending on the use case, there are some major differences. Both support WiFi and technically there is hardware support for Bluetooth LE on both, but the ESP32's Bluetooth stack is thoroughly tested and the Pico's is absent (hardware support but no official driver). The ESP32 also has a lot more memory on the chip which can be important if you're using it to retrieve data over the internet; it's not that important if you're sending packets but if you're using HTTPS, that uses quite a bit of RAM. It all comes down to what it's used for.

In my uses for the Pi, an ESP32 is usually not viable, as I want a full OS with a lot more resources available to me. It is, however, interchangeable with the numerous other SBCs that run Linux made by other companies. I haven't needed to buy one recently, but it is quite possible that the next SBC I acquire will be from someone else.

I've worked in an open plan office. If everyone came in, the noise and chaos were disruptive and I wanted to work from home. If nobody came in, there was no point being there so I wanted to work from home. If a few people came in and they were people I worked with, things worked, although there was still some potential of disruption. If a few people came in but weren't the people I worked with, it was pointless again.

I've also worked where there are offices, and if everyone came in then it helped with working together and didn't create a disruptive environment. Walls kept the noise from a million conversations from drowning out my thoughts and permitted me to have a meeting without necessarily disrupting everyone who worked in the area. More people chose to come in when there were separate offices. Imagine that.

If you're a manager who wants people in the offices, consider whether people actually work well in the offices. In both cases, there will be some people who just don't want to come in, but there will be a lot more take-up of the idea if the offices aren't unpleasant by their design.

Re: I hope there's an option to block this nonsense.

Someone doesn't know how to use a computer, but can make an appointment online, has a smartphone, and knows how to enable a different app store, even through Apple's security warnings, but can't read instructions? Those factors are mostly incompatible with each other. By the way, if they know how to mess with their app installation methods, they can also figure out how to use the browser that comes installed on every smartphone, so their lack of a computer is not a factor. This person would be confused how to do anything if they're unaware of computers and can't read the instructions they were sent. In this case, there is a big problem, but it's not where the app is listed. It's that someone incapable of following a process they need was sent only one option for doing so, an option that relied on them having hardware they might not have, which would be a problem. Fortunately, that's not how such things have been done, and this is a made up example you're using to make a flawed point.

Re: Apple could...

If your friend uses local backups, they might have an older version coincidentally backed up which they can add. I'm not sure if that is portable across devices (I'm assuming not), and few people bother with iTunes syncing or backups, but it could be worth a try.

Re: I hope there's an option to block this nonsense.

"Which app store do you think those daily-living apps will launch on within the EU? Apple Store? Or only on the “European competitor” App Store? You know the answer."

I do, but it's not your answer. Governments have been happy to put their apps in the normal stores forever. Let's look at Android. Which store has the government apps? Is it FDroid? No. Is it EUStore? No, that's not a thing. It is, in fact, the Play Store where they put them all. So I wouldn't expect them to want to build another.

Let's say they do anyway. Given the level of success such things have had before, I doubt that would ever happen. Let's assume, though, that I'm wrong. So what? If you find you need an app that's not in the normal store, you can either live without it or accept enabling that store just to download the app you need, then not using it for anything else. If it works anything like Android, you can enable the store for the app you decided you want, install that app, then disable the store and the app still works.

Re: I hope there's an option to block this nonsense.

I've got a magical solution for anyone who doesn't want to use third-party app stores. It's a bit complicated, but I think anyone reading here can manage it. Just follow these steps:

1. Don't turn it on.

Seriously, that's all that's involved. They're not mandating that every possible store is preinstalled. They're not providing for automatic installations. What they've asked for is a switch which Apple can bury in the settings, put scary security warnings around, and which you have the freedom to leave turned off. Nobody would be required to sideload or to use anything that Apple doesn't run.

Re: Thanks for nothing EU

Then don't list there. Problem solved. Everyone will have the Apple version preinstalled. Everyone who uses apps will have some that you can only get from there, so everyone who wants your app will check for it there. This is the same as on Android. I get a lot of apps from FDroid, but if I need something specific, I already know that you can only get it from the Play Store, so I get it from there (via an anonymized connection, but it still comes from there). People who don't want to release as open source don't have to use FDroid for me to know how to install their app.

Re: Is it even Communism

There are differences between communism-themed dictatorships and other types of dictatorships, yes including fascism-themed ones. We've never seen a non-dictatorship communist state, and I think the evidence is clear that such a thing isn't possible, but there is still a difference between a state that intends to organize itself to look (or even to be) communist under the top echelons of the dictator and his supporters and those that don't. China used to look like the former, and it was really bad. They don't look much like that anymore, and it's still bad.

"coin mining is hopelessly uneconomic on a general purpose CPU"

Correct. Basically anyone who is intentionally doing it is using the VMs they've got with lots of GPUs attached. Those cost more, which is probably why Azure has accepted miners before, but with the crash in prices, they've probably had some people not paying their bills as suggested in the article.

Meanwhile, if someone is doing CPU mining, then it's probably that someone is using unauthorized resources, from an external attacker having found a way in to an untrustworthy admin who thinks the increased CPU usage won't be noticed.

Re: Not trusty

"If a machine pretending to be a human is to be successful, it should at least behave like the sort of human that people can trust"

I don't think this is their problem. Something that sounds like a human, could do things, but also slipped in some advertisements would probably do much better. Right now, the problem is that the machine isn't pretending to be a human. It refers to itself in the first person from time to time, but it acts robotic, doesn't remember anything, and gives the same scripted responses to almost everything you could say. Talk to one for three minutes and it becomes really obvious how not human it is, and talk for another five and you learn that it's not a robot that can actually do anything very useful. I'd like it if people automatically rejected such things on privacy grounds or even had a subconscious feeling that something's manipulative here, but in reality, I think they just discover that the device is a curiosity at best and that they don't need one after all.

I think you have a better idea of this than the article does. I don't have any devices intended for voice use, but I do occasionally use the voice interface on my phone. Here are the commands I issue:

1. Call [person].

2. Set a timer.

3. What will the weather be today.

4. (rarely) Send a message to [person].

The first one is designed to save time finding the person in my contact list. The second and third are similarly reducing the time and mostly used when I'm doing something else with my hands. And that's all I need it for, meaning a tiny model that recognizes pre-defined phrases would be just as capable as a conversational bot with thousands of scripts written.

There is one aspect where the obviousness of the manufacturer's influence might cause a problem. I know someone who has an Alexa device and occasionally asks it to play music, but they don't have whatever Amazon's best music service is. This means that, when they ask it to play something, the device usually responds by informing them that they can't get it, but they could if the user buys a subscription. It will then read out the standard information about the subscription, such as that there is a free trial, how long it lasts, that it would renew automatically, and what the cost of that is. You have to wait for its thirty-second speech to end before you can tell it no. I'm not surprised that this person has put the device in a drawer and never turns it on now.

Re: Alexa:

The phrase "pod bay doors" does not appear to be in my lexicon.

Fine, I had to modify the quote a bit, but it's a lot more likely to be what Alexa would say. It was originally "cargo bay doors". I'm going now.

Re: "... they serve their makers more than they help users"

"while having a conversation with my brother by phone, and without saying the key word to wake the darn device, 'Alexa' just chipped in with information about the topic of conversation without being prompted. So anyone who thinks these don't listen and process except to pick up the key word need a wakeup call: They're listening, processing, and can/will respond without the keyword ever being uttered."

I don't like or use these devices, but you've jumped to the conclusion that they're sneakily listening in when what actually happened is that something you said sounded like the wake word to the basic listening software. Sneaky listening devices don't start answering questions you didn't mean to ask, but devices that incorrectly think that you tried to activate them do. There are privacy concerns, and theoretically their manufacturers could turn them into bugs when they want (research has demonstrated that they're not doing so right now, but that's no guarantee of anything), but your experience has caused you to mistake a bug for evidence that it isn't.

"the one feature missed is the mic 'off' switch."

It's a button on the top of each device. Press that and the microphones are disabled. If you are afraid that Amazon's designed them to lie about it, then maybe you have a point (people have checked it in teardowns but I'm not one of them so won't promise anything), but if you distrust Amazon that much, maybe you shouldn't have them at all. I don't trust or have them, and yet I expect that the button to mute the microphones will do exactly that.

Re: Would have preferred Pi 5 announcement

I'm neither an expert on tax law nor work in the UK, but I'll point out that there is a legal difference between "provide service" (grey area), "work for" (what IR35 is ostensibly meant to deal with), and "sell goods to" (the situation between Broadcom and Raspberry Pi). I've heard enough to think that IR35 is wrong a lot, but the comparison you're making is still invalid.

Re: Would have preferred Pi 5 announcement

"Not long ago they had the best SOC for the money."

I'm not convinced about that. There have been more powerful chips used on SBCs for as long as it was obvious that people wanted to buy Raspberry Pis. I'm not sure how you decide what performance and price intersection is right, but their competition offered faster chips at all points. Until the Pi 4, their chips were pretty uncompetitive. Even when that was new, depending on workload, they were still uncompetitive (for example, RasPi's SoCs have always omitted encryption acceleration, but nearly everyone else's products support it). They have been more consistent about being inexpensive and easy to buy (supply chains excepted, but lots of local distributors and not having to pay half the price in shipping that takes a month).

Raspberry Pi has never really tried to be the fastest board out there, and it's served them well. I wouldn't expect them to change that just because some new boards show much better benchmark numbers. They can correctly point out that those boards tend to cost more and use more power than theirs, that the software landscape for them is more chaotic than the Pi's, and that they don't need to change their design in order to consistently sell out of the models they do make. I don't think they're aiming for the perfect board, so their next version is unlikely to meet all your or my expectations. Fortunately, we do have multiple other options to consider. My last SBC purchase three years ago wasn't a Raspberry Pi, but it still works.

Re: Would have preferred Pi 5 announcement

Raspberry Pi isn't going to adopt RK3588 just because it's faster and more efficient. Among other things, they want images to be compatible with every board, which is easier when using basically the same architecture and is not compatible with a SoC whose boot process is so different. Also, they've probably got a good relationship with Broadcom given that every board has had a Broadcom CPU and GPU on it. Abandoning that in favor of a competitor is not likely. It's also worth keeping in mind that the Pi has never aimed for the fastest chip out there and has frequently lagged other companies on raw performance. I don't know when the next Pi comes out although I wouldn't expect it to be soon given the production difficulties, but it's not likely to give you every feature you want.

If you want the RK3588, there are several companies who build SBCs around it, some explicitly designed to be similar in size and peripherals to the Pi. You can have those now and many have more availability. Don't hold your breath for the Pi 5 being announced when you want it or having every feature you think it should.