Posts by doublelayer 10235 publicly visible posts • joined 22 Feb 2018
They have demonstrated that they can activate a lot of voice assistants, but all but one of them is going to talk to the user while executing the malicious commands. That gives the user a chance to hear that something is going on, and more importantly, for most of the interaction, they can simply shout no to cancel it because most of the questions, such as authorizing a transaction or confirming a lock are going to ask a yes or no question and the local voice will be more easily detected than the ultrasound.
The only one they can activate without making a loud sound is Siri, but that one will pose some extra problems. Unlike some others which listen for anyone saying their wake word, Siri is activated by pressing a button or by a specific voice. Activating the voice wake word requires the user to train the phone to recognize their voice specifically, and it then doesn't generally activate on someone else's voice. If you have a friend with an iPhone, try it and see if theirs turns on. This means that an attacker can't just create a single track to activate Siri on any device, and if they don't already have a recording of the victim saying the wake word, they can only hope to activate with other samples. This might provide some insulation to practical use of the attack.
"Nope. Closest model is paying for services. Businesses tweet to drive traffic, subscription fees and ad revenues. Businesses would expect to pay for TV or radio ads, why should they expect the Internet to do that for free? Especially when again, they've been busily implementing paywalls,"
Because posting on Twitter isn't advertising. They also advertise on Twitter for which surprise! they pay money. Posting on Twitter is free. Twitter is within its rights to make it not free, but they haven't, so people don't voluntarily pay them for the privilege. The paper could pay for a tick icon, but like everyone else's tick icon, it is worthless. I don't pay for worthless things and neither will most companies.
"look on the bright side, if the NYT, Pelosi or even the Whitehouse lose their ticks, it'll make it easier for them to deny they ever said stuff."
No, it wouldn't, since it is still easy enough to check the history without a tick icon, but given your list of suspects, I doubt you ever do that level of research.
"here we have a bunch of people who could afford to pay refusing to do so. And the only principle in play seems to be that they're cheap."
Maybe their principle is that they don't pay for nothing, and right now, their tick means nothing. It no longer serves to verify to people that they are who they say they are, since it only translates to "they give us money". If El Reg came out with a new feature where I could pay them something and they'd turn off the ads, I'd consider it (I'm blocking the ads again because something must have gone wrong with the ads in the past, but still I'd consider it). If they had a plan where they took away my badge icon which I didn't ask for but I could pay to get it back, I wouldn't be paying. It's not because I'm cheap, but because the badge icon has no value to me and a meaningless blue tick may have no value to the people who have lost it now that it no longer means what it once did. It may not have had much value to them even then, but it certainly won't now.
"what is there in the process of creating a statistical model that is explicitly saying "do not be creative"?"
The goals set for the model to meet. In most cases, the people making the model didn't try to create criteria for the model creating something new. The only criteria they put in were for likelihood of similarity to existing text for chatbots or likelihood of corresponding to captions for picture bots. Neither was trying to have their system create stuff from scratch.
That would be difficult to do anyway. A lot of creativity is basically taking a random idea that is biased by but not directly from learned experience, then subjecting that idea to testing. My brain can come up with a lot of random things, but a lot of those things either need refining to make them good ideas or are just rubbish. The important aspects to human creativity which any computer will need to do are idea creation and idea filtration. So far, neither has been performed by the models. They could do idea creation by pointing a random number generator at their input, but that wouldn't be biased toward good ideas so it would generate a lot of bad ideas. They put only a little effort into filtration, but they filter undesirable output after creating it, not by filtering the original concept which is why ChatGPT will occasionally output something they tried to filter out while humans tend to have more reliable filters for what they consider good or bad things to say.
"Brains cannot be magic. They must be statistical machines."
Not everyone will agree, but we can forget them for a moment, because I do agree. Brains are statistical machines connected to some pretty good biological sensor arrays.
The problem with this argument is in the next, unstated part. Basically, you're implying that since brains are statistical machines, then a statistical machine should be able to emulate a brain if it's big enough. No, not necessarily. If you build a statistical machine to do something other than what a brain does, you'll get different results. If you build one to do something much more limited than a brain does, you'll get a much more limited thing out of it. We have a machine built to emit some text, not one intended to understand the text it's emitting. Similarly with other famous systems that make pictures or music. They weren't built to come up with ideas for written or drawn things then make the results. They were written to guess at the wanted response from an input phrase and spit it out. Scale them up and they will find more pictures with more comments or more answers posted online by humans who knew what they were talking about, but they won't get creative. This is not because a computer is incapable of creativity; that's again a thing on which people will differ but I think a computer could do it eventually. It's not going to be creative because it was written not to be. You can't build a brain that way.
Some regulations of that kind exist in law and you take them for granted. Other such regulations were loudly supported, but didn't get passed. The degree of regulation will depend on the country and may strengthen, weaken, or do both in parallel. I'm guessing that, based on other posts you have made where you indicate that you view your employer and every employer as an enemy always diametrically opposed to your welfare, you don't think there is enough regulation out there. I will agree as far as that there are regulations that should exist but don't, but don't let that make you think that no beneficial regulations have come to exist from the advocacy of the past.
"As long as the change was approved no fallback"
The problem as I've experienced it is that, if they don't understand it, they don't approve it. The change request can be written and sent for approval, but you'll hear nothing. You can bring it up manually to people who can approve it and they'll all say something like "I don't know what that is, and maybe it can be turned off, but wait for someone else to confirm that". Getting the change approved can be difficult. If it's hardware, I have an alternative. Accidentally disable the network port or unplug the network cable. It's an easy fix if people complain because you didn't even turn it off, but you can put it down to unknown failure of something old that wasn't monitored and use that to justify updating it.
"What possible reason can she have for even thinking such a thing is in the benefit of the school or the students?"
Well, if it did happen, it would be beneficial in the way that any large chunk of money from any donor would be. A lot of schools don't have massive budgets, so that could help provide some expensive upgrades.
"Why does this lady apparently think that Musk would want to get involved in funding some random charter school?"
I have no good answer for that question. My best guess is that she was one of those people who thought and since this has just ended still thinks that Musk is a great person. Such people are out there, but I can't explain why they think what they do. Musk has on occasion done something to help others, only when it would be flashy and bring a lot of attention to him personally, usually less than he claimed to do, and sometimes not actually providing any benefit, but maybe she took those few examples and extrapolated that he was a prolific philanthropist. This is where research would be useful, but she doesn't seem to be the researching kind.
I come back to reply to this comment and notice I made a typo, and that classic one that involves a few characters and totally reverses the meaning:
I said: "It's also not compatible with their being right about what would have been better."
I meant to say: "It's also not incompatible with their being right about what would have been better."
I didn't mean your article; that was a good description and covered interesting aspects. I was referring to the 1991 article you linked to, which I think is a great piece if you want to hear about views and opinions but doesn't provide much reliable context for understanding what happened.
"TP compiles really fast, but one of the ways it does that is to not be able to continue past that typo."
I see that as a bit of an asset. When I was learning, I made such typos more often, and I found that compilers weren't very good at identifying what to do after pointing out a typo. It would probably be fine with a semicolon, but if there was a missing parenthesis, it would likely generate hundreds of spurious errors that would go away as soon as I put the parenthesis in the right place. I tended to run the error output through a script that would identify the first three errors then cut off the output.
When the winners forget they've won, or that they were fighting, that means that the losing side get to write some of the best summaries of the war. One famous account is a 1991 article called Lisp: Good News, Bad News, How to Win Big, which says:
The two philosophies are called The Right Thing and Worse is Better.
And an entertaining article that is too, but it's not a good summary of anything. Right from the start, from the quote I use, it's obvious that they're setting up a straw man as the method they don't like. They weren't being subtle about that either, and I'm almost entirely certain that they knew it and assumed readers did as well (the alternative is that they were some of the most irritating and self-deluded people in all of computer science, and I trust that they knew what they were doing).
This makes the article fun to read as someone who came along too late to participate in the war. It's also not compatible with their being right about what would have been better. If I ever use hyperbole to complain about things I don't like*, I'm doing it to make my comments less dry but I still have a reason why I didn't like it and that reason might be justified. However, by taking this attitude, it ends up lacking a lot of important context if you're trying to understand or summarize what really happened. If you say your thing is good compared to an alternative you've just made up, it does not show the reader why it is better than the real alternative that exists. I contend that the description is wrong. It's a great piece, but it is not one of the best summaries.
* For example, I could say something like "JavaScript's developers looked at the idea of error handling and decided that they didn't want to do it and they didn't want anyone else to either". This is not true. There are error handling methods in the JS specifications and people use them. I just don't like them compared to those used by other languages, and I've seen way too much JS code that doesn't use them and needs to. Treating the quoted statement as a fact would demonstrate misunderstanding of the language, but readers can understand that I mean it as a lighthearted way of expressing a less extreme point that, at least in my opinion, is still valid.
Fake cryptocurrency and real but worthless cryptocurrency at least look different, so I contest the oxymoron. It doesn't mean you should buy either, but one has the possibility of making or losing you money basically at random while the other has a certainty of losing you money very much not at random, mostly a 100% loss immediately.
"It should be quite easy to fork an open source e-mail client to incorporate about 75% of what Facebook does and most of what Twitter does using the e-mail protocol to create a distributed, encrypted social media system. Get on with it, someone."
How about you? You appear to have an idea for some of the parts I don't have one for, like how to make history public when you're using decentralized resources with no server to store the thing. Even Mastodon needs someone who wants to create a central server to store and connect to the rest of the network. I haven't put any thought into this as I don't use the existing sites and thus have little motivation to make something to do the same thing, but if you have, I'm sure there are some people who would work on it with you.
There are, but not all of them would work. You need each of your points to be easily identified by a computer and impossible to identify from the user. If I notice that my comments come back with typos I'd never have let through, I might assume I missed it the first time, but it would become obvious after a few of these showed up. If it was spacing, there are a lot of programs that can respace a file for a specific style, so as soon as I noticed that there were some weird spacing things, I might run one of those even if I didn't suspect tampering just to get this weird spacing out of my way. Some of these things don't apply to a generic text string. For example, there was the famous incident where a lyrics site watermarked the lyrics they distributed by using both ASCII and Unicode apostrophes which has the advantage of being invisible to the reader, but that tactic would break a compiler.
Not only do you have to be careful about where your watermarks are and that they aren't too obvious, they have to work in a file that's constantly being changed. If you planned to have one bit of your identifier be whether the first character of a comment on line 17 is capitalized, then you have to track the comment so that an extra line at the top of the file doesn't break it, a plan for what you will do if the file is changed and there's now a new comment on line 17, and a plan for if a programmer removes the comment line entirely. A refactor of a module that destroys a lot of your identifier could be hard to deal with automatically. This doesn't make it impossible to do, but it does add difficulty.
You could do that, but if my employer or any other employers I've worked for wanted to, they'd have to change the way they operate. Every employer I've been at has either had source control using git or something equivalent or, in one case many years ago, didn't have anything and when I said that we should be using source control, they said I could use whatever I wanted. This means that I can rewind through all the changes out there, so if I wanted to hide that it was mine, I could artificially discard some commits to make the point harder to identify. Git's commit system is also not going to natively handle watermarks because each modification would change the structures in an obvious way. They would have to patch it to handle them silently and could easily find it hard to do so without breaking things unexpectedly. It could still be done, but it's not going to be a turnkey solution.
I suppose, but this relies on politicians having a way to deal with it other than saying "Let's pass a law saying that phishing is bad and giving unlimited spying powers to every police officer in the hope that fixes it". I don't have that faith. In fact, I only have a few, limited ideas that I could provide if the politicians asked me how to put a stop to it. My ideas would probably decrease it a bit, but I can't pretend I have a plan for eliminating all or even most of it. Maybe we should start thinking of plans now so we can have ideas ready for when politicians ask us, or maybe we should just give in to the fact that politicians never ask us.
"What was the use case to make hexadecimal encoded JavaScript possible in the first place?"
There was none. That it executes is a bug. That it can accept hexadecimal encoding is just proper use of HTTP. I can put regular characters on a URL unless they need to be escaped, but I can also put any of those in as hexadecimal using the same methods that are there for the characters that need escaping. The following URL is a valid one and it will result in the non-obfuscated one when parsed by any HTTP-compliant server software without any special code needed:
https://my.domain/?a=%61%6c%65%72%74%28%22%49%20%6d%69%67%68%74%20%62%65%20%6d%61%6c%69%63%69%6f%75%73%22%29
I'm not sure that proves a point, though. It can be upgraded to 8.1, sure, which is a little better, but it's still stuck on a version five ones earlier from the current version. But it's old hardware, so why should they keep supporting it? I think they should do that for a while after discontinuing the hardware, but they haven't done that. I can tell you where you could get another Gemini: from the manufacturer's website where they're still selling these things as new*. I blame Android for the problems that Planet have had keeping them up to date, but I also blame Planet. Both parts of this could have done much better than they did.
I think you're demonstrating a trend here, willing to excuse any bad standards if you like something else. I think Planet's hardware is interesting and I'd kind of like one even with their software support record, just as I want mobile Linux to succeed and would like to run it. That doesn't mean I should forget about the problems that each has and pretend like those things don't matter. If I can't be honest about the software's weaknesses, I can't fix it for those people who won't put up with anything to get the one feature they really want. And if I am recommending hardware for someone who wants a mobile device with a keyboard, I'll mention Planet but I need to tell them about the abysmal software support or I'm being dishonest with them.
* You can buy a Gemini, but last time I checked which was a couple weeks ago, they had sold out of some of the English keyboard options. You could use one with a different language or it looks like at least some English versions are still available, just not the popular ones.
I am referring to the general case. You still could make calls with a headset. If the phone call system doesn't work because of a software problem, it's not that easy to solve. Hence, if it's your microphone failing then it's a problem to be handled by you personally, and you can decide whether you want to buy a replacement, try to fix the mic, or not call people very often. If it's a software problem, it now affects every user and, unless they are good at fixing things the original developers couldn't, they likely can do nothing about this problem. If UB has a telephony problem, and I don't have any information that suggests they do, it is not a good idea to downplay it the way you have done, even if it's not that important to you.
I agree with you that writing off an operating system because of a bad device isn't a great policy. However, I think this part might be correct:
"And your Android had a tiny amount of RAM and storage vs iPhone? I simply don't believe you if you're comparing similarly priced phones."
From the original comment, this was in the relatively early days of Android phones. Back then, I still had a flip phone, but I remember the specs of some of those early devices and I've seen some after they were decommissioned and they could be terrible. For example, I was asked to erase a bunch of Android 2.3 phones for a charity which came equipped with 256 MB of internal storage. That's inconceivable these days when an Android image regularly takes up over 10 GB of space on the internal flash. Even then, most of that space was reserved for the OS, so every one of the phones had a 2 GB Micro SD card for the user's files. I know that because I still have the things here. I erased them and I now have as many 2 GB cards as I'm likely to use for the next decade assuming they don't go bad.
Sadly, I don't know what specific phones these were, but I found a lot of early Android phones with such specs. I have found models from 2011 from at least four manufacturers with 150-400 MB of internal storage. I don't know how painful those were to use, but it can't have been good. They were probably cheaper than iPhones, but if you had a discount from a provider or were buying older models, maybe they were more directly comparable. For example, the iPhone 3GS released in 2009 originally had a base storage version of 16 GB. A year later, they added an 8 GB version. It's true that the 3GS had 256 MB of RAM as well, but I'm more prepared to assume that Apple optimized their OS for that amount of memory than to believe that the consistently memory-hungry Android did so well.
If your modem doesn't work well, it's not just the phone call feature you're losing. That's why those who never make calls should still probably care about whether their software can support that relatively basic functionality. And if by some miracle that's not the reason it doesn't make phone calls, then it would have to be related to the audio hardware which means that you probably can't use VoIP services either and you may lack, for instance, sound in recorded videos. Since I don't take many videos, this isn't that important to me, but it's still a core feature for any device where the manufacturer put a camera and a microphone in it, so it's not impressive if something that basic fails to work.
However, it was the recommendation to just buy a dumb phone that I thought was the disingenuous part of that. Software which cannot do a relatively simple task isn't good software. It might be flawed software that won't affect your use case, although for the reasons expressed above I doubt that's the case this time, but it is still very flawed. If desktop Linux crashed if you used a trackpad or connected more than one screen, you could still use it, but it wouldn't impress people and we shouldn't expect it to. If mobile Linux can't do something as simple as make a phone call, it's similarly porous. We're talking about an activity that is so easy that basically no review has to talk about it because every device they're reviewing does it just fine. I don't know how well UB handles phone calls because I don't have hardware that can run it. From at least one review, it does have the software to make calls. Rather than refer to that or better yet, find information on whether it works well, the author chose to defend it by basically saying that, even if it didn't support the feature, who cares. That's what I found disingenuous.
We all have different requirements. I would really like to run Linux on my phone, but I have never had a device that is supported by one of those projects. Maybe not buying flagship phones is incompatible with getting much hope of porting. The last time I attempted to port myself, it didn't work and I broke things quickly. Fortunately it wasn't permanent, but it was a complete failure to get things running. Maybe I should try again. I've been toying with the idea of buying a PinePhone which I know will support a lot of variants so I could find one that's good and support it. It is going to have to work at some things though.
Is it? Good heavens. I make calls a few times a year. I dislike phoning people.
Well there are still plain old dumbphones if that's what you want.
I think that's disingenuous. I like calling people a lot more than you do, but a phone that is incapable of making phone calls means that, even if you have to call someone in an unusual situation, you can't. Whether or not you use it often, it's a core feature. After all, you still call sometimes, so if I told you that beginning tomorrow, your phones would never make voice calls again, I'm guessing you wouldn't just shrug it off.
It's also indicative of other functions. If the device doesn't make calls well, it's probably not that they couldn't figure out the microphone; that's pretty basic. It's probably a symptom of support for the modem, and if the modem isn't working optimally, you'll also have problems with SMS and mobile data. I'm assuming that your pocket computer usage does make use of mobile data, and you're not just looking for a pocket WiFi-only computer?
I think renaming is sometimes advisable because the projects aren't run from the same group. For example, the Lomiri devs aren't the same group as those developing previous versions of Unity, they may not be maintaining compatibility with old versions of Unity, and they're making a different product. For example, distros that are still shipping the Unity desktop are using older versions of the software, built with the desktop in mind, and this version is intended more for a small touchscreen interface. Not that you can't use this version on a desktop, but there's probably a reason people aren't.
When a big enough change is made, it makes sense to not have multiple projects with the same or similar names. In an ideal world for me, the name would be meaningfully changed if the project isn't trying to upstream their changes to the original thing by that name (the reason why neither WebKit nor Blink are called KHTML even though they both started there). It helps someone know which project is the original and which one took a different path, especially when they have diverged enough that the two pieces of software aren't compatible with one another anymore.
I'm afraid I agree with you about the reliability of Linux-based smartphones. I'd like them to get here, but I wouldn't count on it happening. It's a slow process, and a process that may not be able to get fast enough to ever become useful the way Linux on a desktop or server is. Even the technical user sometimes wants to use a phone to call people, and if it isn't reliable, they'll become annoyed.
"I don't think the issues are technical at all."
I'm afraid you're mistaken. Let's take a few examples as challenges.
First, build me a system that encrypts a video call among multiple parties using PGP. Can you do it? Sure, eventually you can, but it will take some effort. Are you going to use a centralized server to distribute the video or will you run decentralized. The former has the advantage of not overburdening the clients that might be mobile phones. The latter has the advantage of not requiring the server to operate and facilitating self-hosting. If you're not using the server, how do you identify the users you want to send the keys to. This is why apps with video call features, which all the things mentioned in the article have don't operate together.
Now show me how you plan to get keys around. I've done PGP email. I have my key, and I have to give it to everyone I know. I could always use the PGP business cards that some people had, but I never did. I could arrange with a friend to introduce us on a channel somewhere with their keys serving as a secure exchange, which means that we will need a mutual friend every time we meet someone new. Or I can do what I actually did, which was to send my key in an unencrypted email and just hope that nobody intercepted things until after we had set it up. I just sent a message on Signal to someone I know personally, but not well enough that we've pre-exchanged keys. I could do that because I knew her phone number. If I had to deal with keys first, how would the nontechnical user do so? For that matter, how would I do so even when I know what the keys are for, because I'd have to first set up an insecure communication path to provide my key and get hers, and any attacker could pose as me to do that.
There will always be technical tradeoffs between a very secure system and one to which the average user can simply log in and they're there. Signal and most similar apps chose the latter using verified phone numbers as authentication tokens, and PGP is the former. There are some improvements we can make to both of them, but we cannot just combine the approaches.
Your examples aren't interoperable for the same reasons that these apps are not. I can't call your email address from my phone. I can't email you a voicemail. Sending an audio file as an attachment isn't the same. If I encrypt a message and send it to you as an SMS, your email client won't decrypt it. The things you mention aren't interoperable; they're decentralized. I'd be much more interested in decentralized communication apps than in enforced interoperability.
If you're using any of these apps, whatever one it is, it means you have a phone capable of running the apps (or you found a way to make them work on a computer without one, something I'd also like to see more work on). That means that you can have any number of alternatives there as well. On my phone, for example, you can find Signal and Jitsi icons. I can't group together people in video calls placed on both of them, but I can call people on either of them as I choose just by opening a different application. This means that, should Signal break because their centralized system goes down, it doesn't break my self-hosted Jitsi installation or the app that connects to it. If the two had to interoperate, then either Signal would have to connect to a self-hosted version and deal with possible problems or attacks raised by that or that Jitsi would have to drop support for self-hosted versions. Neither option appeals to me.
"All they need to do is use a genuinely secure standard and compete on their interfaces."
Yes, but the problem is that the interfaces we had were not secure. Phone calls, SMS, and email were the main standards when these apps started showing up. The former two have no cryptography unless you cobble your own together, and PGP on email isn't understood by several clients and can be confusing to nontechnical users. The next apps to come along happened to include security, but it wasn't the point. WhatsApp was popular at first not because it was encrypted, in fact for a while it wasn't, but because it made communication cheaper in a land of paying per message, especially for those who send messages internationally. By the time that Signal showed up, WhatsApp was being eyed a bit too closely by Facebook, so even though it had become encrypted, people who cared about their security were edging away from it. There isn't a standard that all of these apps speak because many of them were designed in a time where they needed to fulfill a requirement that, in their mind, the existing options had failed to meet. Each new feature that needed to be added would require adjusting the standard, which isn't feasible if every other app has to support them immediately.
If we're adopting a standard, I suggest we make an easier to use wrapper around email; it's already decentralized, so if we add some cryptographic validation, that should handle text messaging. Except we also want secure audio and video calls, so email is out. So maybe we can use something like Jitsi's protocol except that's self-hosted and doesn't have a global network. So maybe we should use the Signal protocol like WhatsApp also does, except that will use different keys if you're sending through Signal-run or Facebook-run servers, and you only know which key to use based on which app you're employing and maintaining a centralized database of keys would introduce privacy risks. So it looks like we might have to take some of the underpinnings and make a completely new one so that apps we trust and apps we don't are all part of one network. Maybe there's a benefit to having disconnected ones for people to choose from after all. I'm all for standards, but not single mandatory standards for something as simple as text communication.
It's not your PII. Any of that would be sent by your devices and isn't subject to this limit. This limit is for how much of someone else's data can be sent via your network, data that will be sent by their devices somehow. This mesh network doesn't increase the amount of PII sent out, and if we want to fight that (and I am happy to participate), we have to fight the source of the privacy losses, most importantly Ring cameras but other Amazon IoT junk is also included.
Having heard stories of people who went on vacation and came home to the impact of a leak that had been undiscovered for days, I think they would disagree. One of the stories told to me concerned people who lived in a place with cold winters such that it also involved a lot of ice having formed afterward. Of course, my guess is that detectors for that are probably not installed unless you've already experienced it (I certainly don't have them). That doesn't justify Amazon's system here, just the leak detectors that can notify absent owners.
I guess you can always use the forgot your password system on the login page to do it, but they really should have an internal method for known password changes. I also don't remember hearing about a breech and a quick search didn't tell me about it. I visit this site a lot. I'd assume the chances of seeing a report if they posted it here would be high. Did your password manager have more information about when and how the breech happened and how they know about it?
"The whole 155 years nonsense just translates to 'life' so I don't know why they bother."
Usually because the crimes in question don't allow for life sentences or place restrictions on when you can have them, but when you add up all the fixed terms that the crimes do call for, you get a big number. It still has meaning, because if you only did one of them, you could get a 5-15 year sentence which is not life and the effective life sentence only comes when you have a bunch of them. Also, there are regulations that apply to fixed-term sentences that don't apply to indefinite ones, which is another reason why indefinite terms have to be authorized in the statutes.
They tend to run as many charges in one trial as they can, so if the jury finds him guilty on all of the counts, the sentence can be a very high number, but if they acquit him on some of the charges, it would be much shorter. At the rate he's going, they're going to have to get him off of most of the charges for it not to be an effective life sentence.
It's a pretty easy distinction:
Not keeping evidence: Sorry, we didn't store that.
Destroying evidence: Sorry, we didn't store that even though we had a legal requirement to do so, the people involved knew about that requirement, and the system was already set up to store it by default and had to be deliberately altered in order not to.
It's the second one.
Well, since the job losses they expect are not going to happen, I'm not sure it's worth worrying about. They just assume that something will follow the trend of another thing despite the fact that they don't understand either of the things involved. However, let's take your hypothetical and run with it anyway.
"I mean what would happen if everyone in the World just turned around and said, we're not going ot buy anything but food..no flights, no money in the banks, no cars, no computers, nothing....what would these fools [investment bankers, presumably] do?"
That's not going to happen either. It's almost definitionally impossible. So everyone decides not to buy anything. The premise already holds that none of us have jobs, so I'm not sure how we would be paying for the things if we bought them, but fortunately, we're not buying them so this isn't a problem. It will soon be a problem when we can't do any of the things that require these objects. Old computers are fine for a while, but eventually they break and if we're refusing to buy things, we can't buy replacement parts. Getting everyone to agree to live a spartan (as in ascetic) life to stick it to some annoying fictional bankers is not very palatable to the general public. Should it happen, I'd put money on the actual response being screaming and minor violence (hopefully not to the level of the other Spartan).
But if we all agree to live our ascetic lives of eating and basically nothing else, then the people with all the money can do whatever they want. They own the places that make food and they own the companies that own the real estate in which we live, so they have a source of any money we pay for those things. Since we're not buying anything else, they can have their pick of any item we didn't ask for. Basically, if your theory happened, it would create a perfect world for any materialist with money out there.
"They [non-paying users] [...] don't appeal much to advertisers. Whereas a smaller group of verified users requires less resources, is easier to control, and might well be very attractive to advertisers."
I'm not sure the advertising industry works the way you describe. Sure, a smaller set of targets you already know don't mind wasting a subscription payment is more valuable than a bunch of randoms, but that's the case because, if you can pay for number of ads delivered, you benefit by sending them to good targets alone. If you can't target them, however, you want as many impressions as you can get; a lot of them will ignore it, but the more people see the ad, the more recognition your name has. Cutting the number of users won't lead to celebration in advertising departments. Those who target already have or think they have better ways to identify good prospects than just the people who pay Twitter, and those that don't target appreciate that millions of people see their advert.
I can see that some people would think the single 13-inch model is too small, but I don't understand why the 16-inch model they've just introduced doesn't solve that problem. How specific do the sizes have to be to handle people who want a small one and someone who wants a big one? Incidentally, in case it helps, the 13-inch screen actually measures 13.5 inches diagonally. That seems to me like a small difference, but so does 13.5-14 so maybe it's more relevant to you.
I can't say I understand this. I would agree with you if they had taken the keys away, the way Apple did when they thought a strip of touchscreen would be better (I still don't get it). That has very little muscle memory potential, assuming that the touch positions are static and don't use the screen part. However, with half-height keys, there is still tactile indications where the keys are, they're still the same length across, and they work identically. I also can't think of any laptops that don't make those keys a bit shorter, so part of the problem may be that I've gotten used to that and don't notice any problem. I'm also a heavy user of keyboard commands and I don't find the shorter function keys causing any problem as I use them.
Since the keyboard is removable, it should be possible to make a different layout that also fits into the case. I'm not sure if you'd have to redesign the input cover (the part with the keyboard, power button, and trackpad, or if you'd accept a keyboard the same size as the original keyboard but with the keys positioned differently. Either way, it wouldn't require changing the computer to make this alternative keyboard. Unfortunately, you're the only person I've heard express this preference, so that is probably not enough demand to have Framework do it themselves.
I assumed the change was from someone who sleeps later such that when they wake up, the sun has already risen. If they move the clocks back, that's one hour more of the sun being up where they would be awake to meet a work schedule aligned with the clock. For anyone who wakes up before sunrise, this isn't important. In fact, for anyone who doesn't, it's still pathetic to play around with clocks instead of just doing whatever religious rituals you decided you want to.
For the record, they mostly did that but did try lending out unlimited copies before. They thought it made sense in the early days of the pandemic in 2020, and it didn't take long for a lot of publishers to get even more angry than they are today.
This might be one reason publishers aren't willing to settle the matter with the IA, although being publishers, they might have enough profit motive not to settle in any case. The publishers might think that doing something more obviously against copyright law might help their argument that the IA isn't working in good faith, and since the publishers can't point to a specific part of the law that makes the controlled one copy per physical book lending explicitly illegal, they might try using that argument instead.
"Transformative" in the case of fair use doesn't refer to the transformation the reproduction can make on society or the reader of the content, but what happened to the copyrighted work. It's meant to indicate the difference between copying the entire thing and quoting a section, starting with two pages then making up a new story for the rest of it and swapping some commas to make it not exactly the same. It's attempting to codify common sense into law, which never works as you'd want. In short, to argue fair use, you have to prove that you're making something different. Pointing out that your non-transformative use has a lot of benefits for people is not part of the law and a judge won't accept that as justifying a fair use defense.
"What better than to offer the Archive protection within Russia?"
Many things would be better than placing such a wonderful resource under the control of a dictatorship. I'm not particularly interested in watching Russia's censorship organizations loose on the IA.
"The transition from rentier (monopoly) economics to a proper market-driven set of business models truly compatible with market-capitalism, I have sketched elsewhere."
And when you have, I have objected to the unworkable dream you've sketched out. The dream where people continue to make stuff and give it away for free because a bunch of nice rich people pay for it out of the goodness of their hearts. If I can write any utopian idea and pretend it's a plan, it would be great, but it's usually better if we stick to the bounds of realism.
"Law lacking power to enforce is nothing more than recommendation."
This law has the power to enforce by massive fines with a government that has the ability to collect those fines. The Archive follows the laws; they're not about to go underground. I don't like the decision either, which is why I'm hoping that they can find a path out of the penalties.
"Just possibly, the Archive shall be obliged to close down. Yet, that would be a terrible outcome for the rentiers. Widely, they would be perceived as having destroyed a noble effort to share knowledge/culture fairly."
Maybe, but that wouldn't be a big blow to them. It would be a much bigger blow to me and a significantly larger one to the operators of the organization. The general public isn't going to stop buying books just because some publishers sued a site they haven't used. I get that you'd like this success to spell the death knell for copyright, but the facts don't work with that interpretation. I disagree with you that doing that would be a good thing, but regardless, this case will not get us closer to that world.
Most library ebook systems use a different mechanism where the libraries purchase ebook licenses from the publishers. Those licenses have a variety of terms and probably vary a lot by publisher and country. For example, the license can limit how long or how many times the library can lend the book before needing to buy a new license, how many copies can be lent simultaneously, and when the license becomes available. I have heard, for instance, that publishers sometimes don't agree to sell any ebook lending licenses for new releases until the book has been on the market for a while. Therefore, anyone who wanted a copy when it was new would have to buy one. Meanwhile, a library lending out copies on paper could just go and buy some as soon as they hit the shelves.
The Internet Archive is trying to lend out digital copies of the book without getting a license to do so first. The publishers are trying to argue that owning a paper book doesn't give them the right to do that. Unlike software, it's not as if the publishers put in a EULA before you could buy a book, so whether or not the right exists will depend on laws that were written well before this was conceived by publishers or libraries. The law doesn't say whether that's allowed or not, so both sides are resorting to legal arguments that are tangentially related to the case and hoping a judge will decide one sounds convincing. Maybe at some point a law will be passed to clarify what rights exist and what rights don't, but I wouldn't count on it being soon.
"archive.org is useful to preserve things that might otherwise fall into the bit bucket. To keep things from being "erased from history" use archive.today or archive.is instead."
If you really want something archived, archive it on all of them. That way, if something happens to one of them, even something as basic as a database not syncing properly, there are backups. I don't know about how often the IA removes data, but they must face a lot of copyright claims and having seen some of the stuff that's uploaded there, some of those claims are entirely valid. I'm curious what examples you would provide that aren't legitimate copyright claims. Like it or not, even if it's being done to scrub something from the record, if it's the copyright holder who wants it scrubbed and they didn't use a license that explicitly waived that right, they have the right to have it taken down.
They're not responsible for ensuring you followed the law. The publishers are arguing here that, since it's hard to confirm that you're not breaking the law, therefore you shouldn't be allowed to do something that makes breaking the law possible. I don't think that particular argument is very strong. Sadly, neither was the Internet Archive's attempt to claim that copying a paper book into a digital file is a transformative activity covered under fair use, which normally involves much smaller uses like posting quotes in a review or making a parody. I'm not an expert in copyright law, and both sides are going to need one to have a chance of resolving this in the way they want. I'm hoping the IA can find a way to continue, or at least can escape large penalties, but they will probably need to drop some of their more expansive arguments to do that.
Might I suggest that you haven't done any calculations on this?
"In the UK the official year-on-year inflation rate is said to be around 10.4%. In reality it seems to have been a weekly 10% increase on food, sometimes 50% overnight."
Do you know what that would actually look like? People have really experienced that, but I can guarantee that you have not. If there was an average weekly inflation rate of 10%, then something that cost £1 a year ago would now cost £142.04. Has that happened? To anything?
"Supermarkets say it's because of inflation. I am more inclined to believe it's their price gouging which is driving inflation."
There's some of each, but you can see some of the causes in the increase of raw commodities. For example, at the beginning of 2022 wheat cost on average $7.58 US per bushel. When 2023 started, that had risen to $8.95, about 18% up. The destruction of Ukraine's wheat industry didn't help with this. That increases the price for items made from wheat without the retail outlets having to do it. Not to mention that, if you're in the mood to assume that every price increase is due to someone's greed, you are ignoring all the links in the chain at which a price increase can be inserted and putting it all on the one link you have direct contact with. It wouldn't be that hard to trace the price increases through the chain, but you need to acknowledge what the real increase has been before you can take that step.
Also, you don't appear to understand how such stores work:
"it looks more like they are doing everything possible to maximise profit": They would be, since they really like profit, but let's look at what you think they're doing to do so.
"removing own and 'no-name' brands,": Nope. The ones they make themselves mean they get to have a higher profit margin on them and they make more profit. The no-name brands they don't make also tend to be from places that cannot command customer demand and thus the stores get better profit margins from the sale of those as well. This change decreases their profitability, and it might have something to do with the fact that larger companies with their own brands may be better able to obtain resources when there is a shortage.
"keeping shelf stock low,": Sometimes this helps, but mostly when they would waste some by keeping more. If you would stock up if they had more available, they'd make more profit.
"limiting choice,": I can't argue with this one in general, but as we've already covered the choices they removed, I'm not sure I need to.
Some cats will eat dog food. A cat I had as a child didn't complain when we spilled some extra dog food and she got to snack on it. However, it would not be healthy for the cat to eat only dog food because it has a lot less protein which is necessary for the feline digestive system. Even if you have a cat that isn't picky about what kind of food it eats, you should use food intended for cats to ensure it contains necessary nutrients.
Those modules aren't standardized. You could build a socket into which you can place an RP2040, but it would only let you swap in a different RP2040 at the moment. Other chips could be designed with the same set of pins, but they'd have to make sure their chip had the same peripherals as the RP2040 or it wouldn't work. Since it's not a standardized socket, I'm not sure it would count for their complaint.
I would think that they would recognize how much they'd lose if they did that to the people using microcontrollers. If I worked at ARM and was pushing this policy, I would have applied it to the Cortex A series but would leave the Cortex M one alone. It's a lot harder to change out the higher performance cores that have been optimized whereas swapping to a new ISA for a cheap microcontroller that doesn't have to be too fast or efficient is easier, especially because manufacturers can continue to use old chips that are covered by the previous license while they test on the new ones. This is one reason why I'm not sure we have all the details, including a possibility that they're not going to do all the things the rumor suggests they might. Then again, there are many choices I would make based on a programmer's understanding of what would make money which professional managers don't do, so just because something seems stupid to me doesn't mean they won't still do it.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
