Posts by doublelayer

Oops, someone's missed how they've been focusing on technology as a weapon for over a decade, how two of their top universities are almost entirely technology-focused, how they have acted when they want certain skills (you wouldn't think such an education system would produce people capable of making a nuclear arsenal either, because you forgot that they study physics there as well), and how, a few years ago when they were trying to look more open, there were companies explicitly outsourcing technical work to North Korean companies.

Your summary is accurate for a lot of people, because they don't focus on giving good educations to people they won't trust and they have a large list of people who are to be denied trust, but when someone is found in the trusted group who demonstrates skill with computers, which they have imported and set up in many schools, that person gets doomed to a life of technology-themed slavery instead of the farming or construction-themed slavery a lot of others find themselves in. The country doesn't have millions of skilled IT people, but thousands of people skilled enough to pass an interview and start collecting paychecks, some of whom are actually capable of doing the job, that they have.

Re: Another another bad point

What's wrong with those? I've got that, the port works with all cables without an adapter, it allows the computer to be a little thinner in case that's important, and the only downside I can think of is that it feels about the size of a USB port and could lead to someone plugging a cable in there if they didn't notice the cut-out on one side. If that's a way to get RJ-45 ports onto laptops that's more widely adopted, it works fine for me.

Re: Whats the point

Has the news of blocked supply chains not gotten to you yet? They're in high demand and a lot of people have precedence over them when it comes to getting components or manufacturing capacity. I have not purchased a new one in three years due to this shortage, but nevertheless I have a few hanging around. One of them is a 4 (with 2 GB RAM), but all the others are less powerful. I'm not the reason you can't get one, nor really are the foundation that would probably be happy to produce more if it was feasible.

The comic is clearly referring to those laws, including the firm order as set forth in the stories. I don't remember the stories showing what happens in the preserve robot > preserve humans scenario, perhaps because the answer is so obviously bad for humans that it's not worth investigating. Many of the stories also called attention to the weakness of the laws, one which becomes all the more obvious when dealing with either human-like AIs or something with limitations (either technical or artificial) as would be seen if we built robots today. I don't feel XKCD's quick joke either mistreats the original stories or is even all that redundant to them.

It depends what chain of adapters you've got, but either it will all support the PD signals and negotiate voltage, or some link will not support them and it will be restricted to 5V with the maximum power output determined by the source device and the actual used current determined by physics. An adapter can prevent charging if it doesn't support it, but it can't choose to overvolt unless someone's deliberately made it to ignore the standard (in which case that's a problem you could have with anything).

"It would also mean that the disks would be the same dimensions as regular disks which was handy for storing them."

I really hope they were still easily distinguished, because otherwise that sounds like a recipe for getting confused why this floppy doesn't work in that older standard-only drive. It reminds me of a time when someone mixed a stack of blank CDs with some ones that had been written to, requiring me to insert each one to find the ones with actual data on them. Although I arrived too late to prevent that, I did get there in time to prevent them mixing in the blank DVDs too.

Re: Groundhog day

"Say what you like about DOS, the small size of the attack surface made it much more auditable, and it persists in embedded for this reason. I'm sure I'm not alone in appreciating the benefits of a generic and very compact OS for certain applications."

Well, I have a lot I'd like to say, so I'll get started.

"the small size of the attack surface": No. The attack surface was small because basically every possible attack was accepted. The OS has no privilege system and lets any program that runs on it do whatever it wants. That's not having a small attack surface. That's having no defenses and pretending they're the same. They're not and nobody knowledgeable would equate the two.

"it persists in embedded for this reason": You don't work in embedded, do you? It does not persist in embedded. It exists in legacy hardware all over the place, but it's not used in new embedded hardware. There are a lot of small embedded OSes. Many are RTOSes which DOS isn't. There are several with security features baked in, and some with a DOS-like no limits systems because they only run the one program. Those things are also both smaller and more auditable (and actively audited) than DOS was. If you scale up, there's embedded Linuxes, some use of BSD, and you sometimes see Windows CE or the later Windows 10 Embedded. The only time you see DOS on a new build is if it has to interact with something old that nobody's going to replace, and such things are expensive and very custom-made.

Re: re: Agile development.

Does waterfall exist? As far as I can tell, waterfall is a word meaning "Something the Agile people don't want to be associated with Agile". In fairness to Agile, I'm not sure it exists either. I think most places that claim to use Agile do whatever they want with some of the words used. Still, it's weird to see so many people arguing how great Agile is while telling me that everyone I've seen calling themselves Agile while getting bad results is not actually doing it and defending any part of the manifesto that suggests negative things as not meaning what it says.

The cost probably doesn't, but you can put on a module to connect to a phone network and send the data in SMS or use the existing WiFi in the mentioned chips. The mobile system will cost more including service for it, but battery life won't be increased much if the data is stored and the device briefly enabled to send it in a batch.

Also, it's worth considering that the anecdotes we've seen haven't involved someone being stalked for months on end. A lot of the stuff that's come out has been short-term stalking over hours or days, for which month-long battery life is less important.

Re: Tips?

As far as I can tell, the tipping system works as follows: someone decides to hire people but pay well below what they otherwise should, and they label this with a tip box on the interface that people correctly translate to "You wouldn't want the person doing the work here to be paid almost nothing, but unless you give money here, they will". Then that box never moves, even when things change such as wages increasing or the company deciding it will make the part they pay dependent on how much tip there is. In the end, the user has no clue how much the person will get paid if they don't tip.

On a side note, I ordered some electronic components from a small site about three years ago. After selecting my components and paying for rather expensive shipping given this was before the COVID-snarled transportation times, I was brought to a page asking if I wanted to tip. I don't know who would have been paid if I selected to do so. I wonder how much free money they got by putting that option into their otherwise completely standard online checkout process.

Re: "the cult of HIS HOLY STEVE"

No, it's multiple independent religions with crazy adherents, but this time the lawyers forgot to include the "Thou shalt have no other gods" clause so some people subscribe to both. Still worth pointing out that some people might use the products of one without believing that the company can do no wrong and often aren't forced into changing that view; work that into the analogy if you can.

The junk can stick around a long time depending on what it is. Search for any reasonably common technical issue and you'll find lots of articles that are years old and weren't very useful at any time but are still in the search results and have ads on them. That page has a long lifetime. Other farms might opt for something that lasts a shorter period but attracts a wider set of people, but there will be plenty of people who will put up with the long game of finding something people will always search for and publishing as many keyword-filled posts of dubious usefulness about it.

Re: In memoriam, Michael Crichton

"When does the report come out that the sole human test subject was given a nuclear battery to power his implant?"

In fairness, that wasn't a sign of cutting corners in the research. At the time the book was written, plutonium power systems for pacemakers were being used in some patients because it decreased the need for surgeries to replace dying batteries. Neither batteries nor surgeries were as good in 1971 as they are today. The researchers in the book did a lot of things wrong, but the nuclear battery wasn't one of them.

Re: Why have a $10,000 limit at all?

If such software is made, it won't be sold in the App Store. One of three things will happen:

1. It's sideloaded through a corporate certificate requiring a profile to be installed, based on a corporate license. It won't be listed on the store at all. Any price can be charged for the company to set up the profiles.

2. A free client app will be listed on the store, and it won't do anything unless it verifies that the user is licensed through an external mechanism. Any price can be charged for that external license as long as the user can't buy a license inside the app. If they're paying over $10k for it, they can buy a license with a browser or likely something even more complex and activate it inside the app.

3. The app is actually free because it's only useful with the purchase of some expensive equipment, desktop or server software, or continuing service, for which the developer charges whatever they want.

The AI is only as useful as people find its results. If people start valuing art generated by AIs over that generated by humans, then things don't look good for artists. If AI starts generating code that solves real problems for businesses, not great news for developers. Neither has really happened yet; AI art looks cool and has been used, but people still value the work of human artists, and code produced by this tool correctly answers some basic tests but it hasn't spat out any of the tools companies hire programmers to make. If it gets to that point, the situation will change whether we want it to or not, but the fact that it's proven incorrect enough to need a ban from a site where wrong answers are already common indicates it's not happening just yet.

I agree with you that a strong independent media sector is important, but I'm not as convinced that this law does anything about it. I hate Facebook a lot, and if we just decided we'll take their money and give it to someone more deserving, it sounds great. That's not how laws should work though. The major question is what Facebook is doing that they shouldn't be. If that's quoting snippets of articles, then let the law forbid or regulate that, but in that case, Facebook responding by no longer quoting news stories should also be an acceptable result.

As I see it, the law currently has the problem that it also includes linking, not just quoting. It's structured as if to say "linking and quoting is wrong and you should pay if you do it". However, if Facebook responds by no longer doing what the law says is wrong, that's not the answer people hope for because they no longer link to news stories. The law could be changed to only include quoting, and that would probably lead to a better result (Facebook no longer allows quotes but still links people to news sites which can then collect advertising), but the writers of the law don't appear to want to go that way. When Facebook responded by blocking news in Australia, the politicians who passed the law that made that necessary protested that Facebook stopped doing the harmful thing they were just complaining about. If this law is intended to punish, it should be specific about what things are being punished, and no longer doing those things should be as good an outcome as paying money while continuing to do them.

Re: increased positioning accuracy is deemed to be worth the cost

You're right about that, but the OS could be designed with more granularity to prevent abuses. The problem is that an app given fine control of Bluetooth hardware can, in some but not all cases, determine location. Here are some options to help with this:

1. Provide more options for apps to do something with Bluetooth that don't require full control. For example, if they're going to connect to a single device, have the OS do the connection and just give the app the one connection to work with. That app will not have the ability to scan around for beacons and therefore couldn't track location.

2. Split the permission. Just because an app really needs full control of Bluetooth doesn't mean it should automatically have access to satellite navigation receivers too. One permission could be "Fine Bluetooth WARNING may leak your location", with the other permission separated. If I allow an app to use my Bluetooth hardware but I have no beacons in range, it won't know where I am. If I'm forced to let it have all location access, it will get that data no matter where I am.

Just because full control of Bluetooth hardware can leak location data doesn't mean we can't improve the situation.

Re: it was impossible for anyone to track down the idiot responsible

If you're not sure why it's there but there might be a reason, find the person and ask. If you are sure it is not necessary, no need to find them just to blame them for having it. Unless it looked like deliberate sabotage, it was likely a mistake and their response about it will either be "I don't remember it" or "I don't remember it, but you're right it needs to be taken out".

"my bigger concern is that a hacker remoting-in can disable the TPM as I did: it's just a regular setting which may have the effect of disabling or even doing a reset of the hardware sync that allows everything in Windows 11 (and possibly win 10 on a shared platform) to function."

If they're trying to do a lot of damage, they have other ways to mess with the user than trying to turn off the TPM. It looks like you need local admin or BIOS access to turn that off, so at that point you could trash the registry, the boot sector, or just run pre-built ransomware. The latter has the advantage of a possible payment to the attacker even if their main intent was causing damage. Those methods would probably be more reliable at causing damage to an individual machine, and if they want widespread damage, it makes more sense for them to do nothing to the machine while using it as a beachhead for spreading to other targets on the network.

Re: A "clean and unused" prototype Apple-1 that actually works

I stand corrected. I missed that somehow in my first reading. I'm still not sure how they could be certain it was unused before it was restored, but they can know it's running (for now, but I wouldn't hold out a lot of hope for it having an enduring continuing run). I doubt that will matter though, as it's still unlikely that someone will buy this in order to turn it on.

Re: Trust and CA's

"Who are *paid a lot more* and sit in suitable governmental position. Like a subcontractor to DoD, like in this case."

Please reparse the original statement. Who are the "people who know a lot more"? It's not the issuing CA. It's the browsermakers or OS cert providers. The people who knew enough to detect dodginess, were paying attention to figure it out when I and I'm pretty confident in saying you, were not diving into this company's actions, and the people who took the action to block it. Even though I work in security and I'm guessing you have a technical background, I have not studied the administrative background of CAs, which these people are doing. Yes, they know a lot more than a lot of people, including us.

Re: Broken? No thanks.

"I'm 99.9% certain that I can speak for us on this matter, especially seeing as TINU."

Well, apart from my not having a clue what "TINU" means (I doubt it's Tubulointerstitial Nephritis, and the only relevant acronym I could find online was "totally incompetent, not useful" which doesn't really fit either), I don't consider you to have that right. You're a pseudonymous person online. I only have your word for it that you were around for early experiments with the internet, and since I don't know your identity, I also don't know what your role was. If you had a minor part which allowed you to see the early experiment, then I wouldn't assume you know the views of all the groundbreakers. Let's assume that you had a central part. I still wouldn't assume your opinion is held by everyone else who could have expressed such a view a lot more strongly had they wanted to.

If you really did design the internet, thank you for it. It's not perfect and it never will be, but I doubt a redesign would really fix the issues that we face with it anyway, since many of those are political or economic rather than technical. Like all of human invention, it will be a mess of different standards, attached together with tape, with bits falling off from time to time, and still providing more by its chaotic availability than it would being stuck in a quest for unachievable perfection. Although if you have an internet 2.0 plan lying around, maybe we can consider spinning up an experiment of that one for a possible replacement or at least some cross-pollination.

Perhaps, but how many people set it on an autorenew? This came up when someone suggested Twitter would lose the person whose job it is to renew theirs (it expires in January) and El Reg's expires in four months. Still, I doubt anyone has to manually renew either, so probably many people have set theirs just to automatically renew each year and doesn't need a ten-year buffer.