* Posts by doublelayer

240 posts • joined 22 Feb 2018

Page:

Democrats go on the offensive over fake FCC net neut'y cyberattack

doublelayer

Re: Pai is still damaging society

That is not how any of that works. Net neutrality means that the people running the communication systems can't send some traffic faster than they would ordinarily, and the reason for that is that the only way to do so involves taking something else and slowing it down. It is not that you can't buy faster speeds; you can. Get more powerful servers and high-speed data links and believe me, you'll see your speeds skyrocket. What the net neutrality people advocate is that you can't buy someone else having a worse time. For example, there is not an "expensive car lane" that allows those who have paid more for their cars to bypass traffic, even if they pay for it.

This is usually the reason that companies want to have the ability to change speeds; coms company C wants more money. Video streaming company V wants their competitors out of the way. If V pays C to make all of V's content faster, thus making it a better experience than competitors W, X, Y, and Z, then eventually people stop buying service from W, X, Y, and Z. The two possible options are for W, X, Y, and Z to fail, causing consumers pain because their options have been lost, or for W, X, Y, and Z also to pay C for faster connections. This makes the services of V-Z more expensive, as some of the money the people pay has to go to C for the we-won't-choose-to-kill-your-business tax, and it harms any other business that wants to stream video. In fact, it hurts any other business, period.

2
0

Meet the LPWAN clan: The Internet of Things' low power contenders

doublelayer

I have doubts

I looked into some of these a while ago--I had a system which could benefit from communications at a distance, where there was no WiFi. However, I couldn't justify it, as all the components I could find required a lot of investment in hardware at each point. When you keep in mind that the computing part of a lot of these were raspberry pis, it perhaps makes more sense why I wasn't exactly impressed by the $20 US LoRa boards I found. Of course, I'm not mass-manufacturing these things, but a lot of the IoT things used in industry could probably be set up in a way such that they don't need these. For example, factories and hospitals, as listed in the article, are environments where devices could easily use WiFi connectivity. They are indoors, so in a place that likely already has networking, and a place that has electricity sufficient for the machines to transmit on the comparatively power hungry WiFi. There are lots of cases where something like this could be necessary, but I seriously doubt it's going to replace devices that use more common and less expensive technology.

Another issue is that open standards are a lot easier to develop for. If I build something that can use WiFi, I know it will work with the network infrastructure already in place. If I'm doing things locally, as usually these things will do, there is no data limit problem. Given that anything considering using something with maximum message lengths less than a kilobyte won't be sending video or something like that, WiFi connected to the wider network still won't have a data limit problem. Meanwhile, all these systems seem to require some type of central infrastructure, which is either provided at a lot of restrictions or has to be constructed by the user of the devices. It's a lot of work to do for most applications, so unless the range or power is absolutely necessary, I doubt they get used as often as the predictions estimate.

1
0

If you drop a tablet in a forest of smartphones, will anyone hear it fall?

doublelayer

Because tablets aren't as useful as the companies thought

Companies seem to lose track of what products are going to be useful to everyone and which ones aren't. Then, the sales slump off and they all ask why as if nobody's considered it.

Laptop computer: Hit. People want a lot of computing capacity in a package they can carry with them.

Smartphone: Hit. People want a lot of computing capacity in a package they can carry on their person and use portably or in motion.

Tablet: Let's give them a sort of middle amount of computing capacity running an interface designed for pocket devices, but make it big enough that it can't be carried without a bag or conveniently used for short periods on the road. Why doesn't everybody want one?

Smartwatch: Let's give them a small amount of computing power, and they also carry it on their person, but it does less than the other thing they already carry on them. Do people not understand they should want this?

Of course, all these things that aren't going to attract everyone have use cases that work for some, but businesses shouldn't just expect everything to sell at the same rate. It's not going to work like that, especially if the thing they expect to be their standard is a revolutionary device like a smartphone which has achieved extreme levels of market penetration.

3
2

You want to know which is the best smartphone this season? Tbh, it's tricky to tell 'em apart

doublelayer

Re: Tricky indeed...

I disagree. Android is insecure in all sorts of ways, and google, as well as various others if they can get a chance, will collect a very large amount of your data. Apple doesn't collect as much, has more restrictions on third party collection, and has fewer security problems. Apple therefore makes a more secure product.

However, there are a lot of good reasons to dislike IOS. The fact that it's secure doesn't make the lack of choice, the lock-in to apple, the ridiculous expense of the hardware (although certain droid manufacturers are giving apple a run for your money there), or any other annoying elements better. There are trade-offs, but I see them as security versus all the useful features android has that apple doesn't. Security vs side-loading. Security vs removable storage/battery (some conditions apply). On and on.

Also, just because apple's phone is more secure than most android phones doesn't mean that apple is good. Apple could do more to protect their customers' security, and they could easily collect less. I would like to see both. For security changes, I have a very long list for android to do.

2
1

Nah, it won't install: The return of the ad-blocker-blocker

doublelayer

Re: Advertising from mobile 'phones

It is possible to remove this, but the setting is hidden so that most people don't try to find it. Also, it has an irritating habit of switching itself back about once a year. If you send relatively few messages from your phone compared to your computer, you're liable to send out a few before you notice that the thing is back.

7
1

Wearable hybrids prove the bloated smartwatch is one of Silly Valley's biggest mistakes

doublelayer

Re: re: That's bollocks, it really is.

I don't know what the best use case is for you. Consider these:

Why do people use smartphones over older cell phones?

Me: I like having my email there. I listen to podcasts on the go, and the phone can just download them rather than my syncing something to get them. I like that GPS is just on the phone. A feature phone doesn't do that. For me, the reduced battery life is worth it.

Someone else: I need to have facebook and twitter open at all times. A feature phone can't do that, so smartphone it is.

Another person: I like basic photography, and the best cameras are on smartphones. Also, the photo software on phones is most convenient for me, rather than syncing my photos to desktop.

A fourth person: I want to watch video while I commute. I need one of those massive screens to do it, and a strong data connection. For all those reasons, a feature phone doesn't work.

None of these people agree, and they probably have different kinds of smartphones, but they all have one.

As for smartwatches, I technically own one. However, it is a $20 watch (the Xiaomi Mi Band) which I use as an alarm clock. It vibrates instead of making a sound, which I like. It can't annoy people, even if I've forgotten to turn it off and I'm not there when it goes off. It can do notifications and has fitness tracking features. I don't use them. In fact, I'm so used to using my phone for time that I didn't ever use the watch for that. After a few weeks assuming I might, I no longer even wear the thing except for an alarm.

Others might want the fitness tracking. Others want the GPS on your wrist. Others want the voice assistant. Others want the watch to play music. Many others don't want any of these use cases, either mine or the others. That's a thing that you decide.

2
0
doublelayer

Re: Smart watches should be simple

For most use cases, you will not be fine with a weekend's battery life. For one thing, anything that builds a battery with the goal of it lasting a weekend will have a battery that really works for twenty hours. If you're going to build a battery for a weekend, don't accept it until it lasts a week in testing. Some watches are capable of tracking sleep schedules, so you don't charge it at night. Useless feature? Fine. How about that watches can use their vibration feature as an alarm. A silent one that doesn't wake up people who sleep nearby, especially if you're a sound sleeper. Incidentally, if you like that idea, I recommend the Xiaomi MiBand 2 (max $20) with the gadgetbridge app from fdroid.

There are a lot of convenient things a smartwatch could do that would reasonably use up battery and make a month-long life untenable. However, if your users also have a smartphone that does a lot of that, there has to be some discussion as to what things the watch can leave to the phone in the interest of having a good battery life and a good set of features. Telling the time is critical. Most people who buy these watches want notifications. Do they use the watch apps? Do they reply to messages with the watch? Do they really need the watch to connect to cell towers, or would having a WiFi chip that is turned off unless requested be good enough for emergencies like my phone died?

It's not just cost, although that's a problem too, but the fact that the more features nobody wants are shoved into the thing, the slower it runs and the faster it dies. You probably wouldn't buy a laptop that I built where it has three hours battery life, but it also has processors of many different types so you can look at how your code runs on each different platform without leaving the interface. And also it has two independent bluetooth interfaces, making it possible to connect to more devices and turn your computer into a bluetooth peripheral that still has connectivity as a host itself. These features, while you could probably think of a way to use them, aren't in demand. The cost of them, less battery life and a more expensive computer, don't justify it for you.

2
0

People hate hot-desking. Google thinks they’ll love hot-Chromebooking

doublelayer

Re: hostile to the future

We aren't anti cloud. Some people might be, but most of us are realists about what it can do well and what it can't.

Cloud has good use cases. Using a cloud for some systems makes a lot of sense. For example, cloud can allow you to deal with things that could take out your systems. A few cloud images, properly balanced, across different geographic regions and perhaps different providers, can give you a lot of certainty that your system will stay up virtually forever from an infrastructure standpoint. It allows things to continue working if something has gone wrong with your in house equipment, and it gives you an online backup that is fast to recover.

There are also some people that I, at least, would prefer to be on cloud. For businesses that don't have IT employees and have a few systems or even just one, there are great advantages to it being in the cloud. The responsibility of managing a system that they don't understand and keeping it secure and functioning can be helped by having a more experienced cloud provider manage some of that, assuming they're not going to hire an IT person.

However, there are major problems with the cloud:

Cloud is slow. Any data that you need to send back and forth is going to be slower when dealing with a cloud provider. That can really mess up some things by making people irritated. If you need a file of any size, it can be really annoying to have it sent to you each time, and the delay while it's saved can be equally disruptive.

Cloud is expensive. When you are dealing with cloud, you pay by the month (usually), for each gigabyte of disk and bandwidth and in some cases for cputime. That can be fine if you want to use something small, but if, for example, you want to have all your company's network disk in the cloud, rest assured that you'll pay for all those files as well as each time a user opens or saves one. A physical disk may cost a bit at the beginning, but really not that much and you can do plenty of things with it.

Cloud is dependent. If some guy with construction equipment wasn't careful, or if the telco didn't properly advise them, your internet line could be damaged. For a business with modern computing and in house tech, many things could be disrupted. Any internet communication systems wouldn't work, which probably includes the phones as well, and people who need to access the internet for their jobs couldn't be particularly productive. However, people who don't need to access the internet as much would be able to continue working. The files they need and many of the systems they use are still in the building, so they work. With cloud, that cut cable has paralyzed the company until it comes back. The files are gone for now. Communication is down, but no systems in house means there is no intracompany system that's still up. Many people will have been disrupted.

Some things could benefit with the cloud. However, taking that fact and using that as a reason for everything to be moved is pointless. Servers sitting in a server room will work just as well as servers sitting in amazon's room, but you have more freedom with the local servers, and more of their activity helps you. Decide what cloud things you want, without buying into a one size fits all myth.

7
0

Don't panic about domain fronting, an SNI fix is getting hacked out

doublelayer

Re: How does Encrypted SNI protect against censorship from DNS Providers?

It works like this:

This is the current system, assuming I live in China:

Me: [to DNS server that is not censored] I'd like the address to www.chinadoesntlikeme.com please.

DNS: Here you go.

Me: [to internet system run by China] I'd like to contact the server found at x.x.x.x (insert xxxx:xxxx:xxxx:... if you want) and request the page located at www.chinadoesntlikeme.com/ please.

China: No.

Me: [to internet system run by China] I'd like to contact the server found at x.x.x.x and request the page located at /

Server at x.x.x.x: Welcome to amazon AWS. You can get to this server; just not the sites China doesn't like.

This is the replacement system:

Me: [to DNS server that is not censored] I'd like the address to www.chinadoesntlikeme.com please.

DNS: Here you go.

Me: [to internet system run by China] I'd like to contact the server found at x.x.x.x (insert xxxx:xxxx:xxxx:... if you want) and request the page located at "Q2Vuc29yc2hpcCBpcyB0ZXJyaWJsZS4="/ please.

China: Oh no. We need to let people get to the server, because there are plenty of useful things there. But maybe they're going to get something we don't want them to have. What can we do?

China: We'll let you through for now.

That's how it's supposed to work. However, I'm doubtful. I haven't read the system, so I am not familiar with the way the encryption is being used. However, I have to ask the following questions, and if I actually get the time to read about the system then hopefully I'll find the answers.

1. Why can't China do the encryption themselves and find out what the request for a site they don't like would look like? That implies that it changes in such a way that the originating computer knows how to send such a request, but the system China's using doesn't.

2. Will China change over to just retrieving the site requested, then comparing it to a request that they send. They could just compare them and if they are the same or similar (random junk produced to look different) they could decide to not send the page to the machine.

3. Could China block all these encrypted requests such that only standard requests get through? Is there a way to force them to accept it?

4. Does China have enough power to prevent the big cloud providers from using this? They have enough power for apple to crash their own phones when the Taiwanese flag is seen, AWS to give root accounts on all Chinese servers to a third party, and similar for pretty much every company that does business there. I assume they'd find a way for such a system not to be installed.

4
0

PC shipments just rose, thanks to Windows 10

doublelayer

Re: I purchased a New PC this year...

I'm glad that's the case for you. My personal win10 machine and VM are also stable and working fine, even while updating. However, a lot of people's aren't. I might suggest that our boxes are running better due to thorough management and knowledge of how windows works. However, the OS needs to be more stable than that for the person who doesn't know how windows functions or fails to do so, as they'll still be using a machine one way or another. Compared to other operating systems the person may have used, windows 10 has a lot of mechanisms for failing that a windows 7, XP*, older MacOS, or Linux user might not expect.

*XP functionality is only expected from about 2003 through 2011. People still using it should expect a lot to go wrong.

2
2

Leatherbound analogue password manager: For the hipster who doesn't mind losing everything

doublelayer

I see your point, but any good system will send you a link that you have to click on, and then you reset your password from there. Short of jumping in ahead of you, which would be a bit obvious, they can't know your password. Of course, they can take some good guesses if they have an evil turn of mind.

2
0
doublelayer

Re: Passwords are outdated

This does not work. Here are the problems:

Facial recognition: Systems can be fooled by photos in some cases. Models can be created from video footage and sent to the systems. If compromised, the user can't change their face.

Smart cards: Relatively expensive. Must be written by extra hardware, so a copy of data on the card is usually available. No reader for most cases where they are needed.

More clearly, keys are considered useful because they have what passwords have. They're hard to just guess in most cases, so they act as a delay. They won't keep someone out forever if they are determined, but they make it hard to just open the door. When there is a problem with them, they get changed. Keys and passwords can be hidden. Faces can't, and smart cards can only if every system they get used on are trusted.

3
0

Microsoft might not support Windows XP any more, but GandCrab v4.1 ransomware does

doublelayer

Re: High-tech options

Usually. It definitely includes disabling, by force if necessary, wifi, bluetooth, and ethernet. However, depending on the use case, some airgapped systems may need USB or similar for reading or writing data. For example, a machine might include access to systems that analyze data securely. This can't be infected, but it does need to read data from somewhere. If there is too much data to enter manually, it might be brought in on a USB disk or optical disk, either of which could be infected. Security of airgapped machines is thus also very important.

2
0

ICANN't get no respect: Europe throws Whois privacy plan in the trash

doublelayer

Re: As an EU citizen..

You should have the right to have your details private. That's the right that is due to you. If I am a company that you deal with, I shouldn't have the right to take your information and sell it without your consent. Even if I need to have that information to do what you paid me for, that doesn't mean I can do anything with it I please. The cookie warning is useful--even if they don't let you say no, you can know not to go there again and to clear your cookies, although I'll admit that I care less about cookies than many other things that are done. The GDPR statements about who has your data, why they have it, and what they are going to do with it provide information that lets you determine whether you trust them with your data and what precautions if any you will take when dealing with them.

Now, onto having the right to know who owns a domain name, no, you don't have that right. More clearly, you don't have the right to know who owns a domain name if that person doesn't want to tell you. Consider a parallel: if you have a phone number and you don't know who it belongs to, you have no right to that information. If it is not listed by the owner somewhere, nobody you ask knows or is willing to tell you, and you can't get the person who answers to tell you, then you're out of luck. I have no obligation to list my phone number somewhere. I have no obligation to answer correctly if someone calls me up and asks who I am. Similarly, you don't have a right to know where I live, where I work, etc. You can find out yourself. You can ask and usually you will be told. I may release that information if I choose, where you can find it and use it freely. But you don't have a universal right to know.

9
0
doublelayer

Re: ...that will cause the Internet to fragment

No. TLDs are already split up. The country specific ones already work on that basis, where data is removed from the public database by certain registries (including .uk). This is fine. However, GDPR means that storing data on EU citizens and making money off them for any domain names must be done while respecting their privacy. Therefore, who gets .com? EU people have domains in it, but ICANN is not going to give it to you. If ICANN don't change and they keep .com, they violate EU law and can be taken to court. If ECANN take control of .com, their only way to do this is to take control of parts of DNS as well. We could even get into a situation where both have a .com and someone has the nightmare of making that work out. Two places that both regulate domain names is asking for chaos, and the results of chaos on the internet are usually some country saying "We'll just do this my way and everything will be fine as long as I'm happy with it". In the interest of that not happening, ICANN, either change whois to comply or just scrap it.

2
0
doublelayer

Re: Break it all

I have to wonder whether we really need whois anymore. Does anyone still use it to contact people? Anyone who has a dodgy site can just buy anonymity anyway, that is if they don't just put in junk.

Recently, I decided I wanted a domain name that turned out to already be taken, but it wasn't being used. There was no system at the end, so I thought there might be a chance the people who registered it didn't need it anymore. So I did a whois on it to figure out who they were. Fortunately, I got neither junk nor a "privacy service" company. I actually found who owned the domain. And it was a company. I don't know why they have it, I don't know whether they are still planning to use it, and most importantly, I don't know how to find out. The addresses provided are all the main company (which has very little to do with this domain name anymore if they ever did). Somehow, I assume that sending an email to the address listed in whois, which is the same one as on their contact us page, and telling them that I'd like to buy a domain I don't think they're using won't be particularly productive.

I'm wondering, therefore, whether whois is really of use in communicating with someone at the place that has the domain. I can see how this might have been helpful during the early days of the internet, when there were rather few sites online, but now that a lot of this is done automatically, I see little use for the system. Do any of my comments section countrymen have a purpose to keep it around?

9
2

Who fancies a six-core, 32GB RAM, 4TB NVME ... convertible tablet?

doublelayer

Re: 10 TB of total storage?

The only thing I can think of is editing a bunch of raw video, which I assume can quickly fill up storage. Other than that, probably not.

0
0
doublelayer

Battery?

As much as I'd like one of these super-powerful laptops, any review of them should some tech-knowledgeable journalists get one hinges on the battery life. Running with such power isn't really necessary for the laptop user unless they also intend to utilize the portability aspect quite a bit. If they just need that power somewhere, they can use a desktop, and if they need that power in a variety of similar locations (say, an office building where the machine gets taken between dev lab and presentation room), they could use a reasonably powerful machine remotely accessing something more powerful. However, something like this would be optimal for someone who needs that power on the go or when network connection is lacking. That usually means that they would be operating for a significant amount of time on battery. If this is like some other capable machines, in that it runs for about an hour, it probably won't serve the needs of its major customer.

0
2

Every step you take: We track you for your own safety, you know?

doublelayer

Re: Corporate Security

The fact that you can think of a reasonable use case for the software, for which I commend you, doesn't make the software all right. The problem is that you are thinking about how to actually use the software for its stated purpose, which is to make people safe. If I had to use it, I'd definitely prefer to have you running the system and dealing with the results. However, the people who are actually buying this are almost certainly using it to track their employees in a way that is very creepy.

For an analogy, consider keyloggers. You could use one of these for a variety of legitimate purposes. You could use it to help correct frequent errors. You can use one (I've done this) to identify users by their typing style. You can use one to have an audit trail of things entered into systems that don't make it simple to collect one otherwise. All of these uses are possible, but usually keyloggers are used to steal passwords and related information, and saying that it will be used for other purposes followed by, essentially, "trust me" shouldn't just be taken at face value.

This has been done before. Companies that wish to break the law but make it look legitimate make excuses for what they're doing. The people who make software that allows people to test their malware against antivirus never say they thought malware writers would pay them for it, but instead market it as a service for software writers. The people who make malware that enables stalkers to track all phone activity market it as security software. People who make malware that allows people to spy through webcams market it as a convenient way to turn that old laptop into a home security camera. These are deceptions. It would be great if everyone deploying a system was like you, having the safety of the employees in mind, but they aren't, and that reality is important to deal with.

19
0

SD cards add PCIe and NVMe, hit 985 MB/sec and 128TB

doublelayer

Re: Super fast...right

OK, thanks. That was very helpful. Of course, the fact that A) MB is often printed in lowercase by many systems, B) bits and bytes are atomic such that a millibit and a millibyte are nonexistent concepts, and C) the point I was making is not related to abbreviations, but merely a translation from the units used by hardware manufacturers because it is more related to the engineering and it makes the system sound better to the units used by people actually using the systems involved (I.E. all of us) make your point significantly less useful. Still, I appreciate the pedantry and will consider myself justly chastised for my inaccuracy.

0
3
doublelayer

Super fast...right

I wonder why I'm not buying the extreme speeds they claim. I'm not sure. Maybe it's something to do with:

USB 1:

Speed rating: 12 megabits per second

Speed in real numbers: 1.5 mb/s

Real speed (relatively good): ~350 kb/s

USB 2:

Speed rating: 480 megabits per second

Speed in real numbers: 60 mb/s

Real speed (relatively good): ~4.5 mb/s

USB 3:

Speed rating: 5 gigabits per second

Speed in real numbers: 625 mb/s

Real speed (relatively good): 25 mb/s

You can get faster speeds from these ports--if your device can send at their high rates, you will get data that fast. Still, the type of storage devices that are most frequently used on these (not talking about backup hard drives that cost more) are not capable. Flash drives don't go anywhere near the speeds the ports should let them, and neither do SD cards. Just because the standard can support it won't make SD cards SSD speed. Even if it has been proven to work via someone actually building a prototype, no cards actually providing that functionality will become available.

Also, I'm guessing these "extremely fast" cards will have the same problem that affects current cards that are high speed and high capacity: they're great for storing lots of large files, but if you need to store a great many small ones, they become slow. No problem for a camera, especially those ones that take massive raw image files. No problem for my main use case, audio recorders that are frequently called upon to record for hours. But it is a problem for anything trying to run an operating system off one. Not many operating systems have files that are individually larger than about 128mb, but most do include lots of files hovering between 10 and 100 kb. For the SD card to run the OS, it will need to handle that well. Oh, by the way, do you think all those devices using SD cards will get off their addiction to FAT32, because we're already at the point where that file system isn't useful.

0
2

BlackBerry KEY2: Remember buttons? Boy, does this phone sure have them

doublelayer

Re: Here he goes again ...

I can see a small reason for a flip style, but not for a clamshell one. Things like the gemini that offer a tiny laptop, sure, but not a phone doing phone-style things. The benefits I see with the flip style is that you can have some protection of anything delicate, you have more distance between the microphone and speaker so it actually fits your head, and flipping open to answer and closed to hang up is rather nice. However, the phone would have to be relatively large to accommodate that structure with the kind of screen sizes people want nowadays. I'd be fine with a 4-inch screen, but the buying habits of most others, as reflected in the phones being produced at flagship level, clearly disagree. As little as I want a 5.5-inch phone, I want it even less if it is much thicker, which it would have to be. This leads me to the other problem I have with the flip style for a smartphone--there is a lot of surface area for rather little volume, meaning that things like batteries would likely remain in one piece, powering the other. This makes the modular idea rather limited and means the extra thickness won't host extra battery, which is the reason I'm willing to accept that. In addition, current flip designs wouldn't make it easy to have a single flat surface when flipping open, which makes it difficult to orient the screen at a comfortable angle without having to deal with the other half. That other half would be difficult to orient for typing such that the screen is also conveniently positioned. I'm all for flip phones, but I'd like them to remain the small non-smart variety. The flat screen type, in my mind, best fits the way people use smartphones.

1
0
doublelayer

Re: Buttons

That may be down to bad design. You either need enough buttons to do the job or a configurable interface (touchscreen usually) with optional buttons with straightforward functionality (I do not want a touchscreen volume control, thanks). Those devices trying to go the middle route and have two buttons for something where ten would be more useful, with patterns of press first button, then immediately press and hold second one, then tap first three times, are giving buttons a bad name that is not deserved.

1
0

'No questions asked' Windows code cert slingers 'fuel trade' in digitally signed malware

doublelayer

Re: PKI done properly costs money

I don't think so. You seem to be saying that, if we just got over it and cheerfully spent the money, things would be better. These certs aren't free, and the problem's still there. Perhaps one reason we'd prefer the certification process to be free is that all the power for whether the code we wrote is trusted goes to someone else.

The same is true of https. Sure, you can see having a certificate that isn't self-signed as an indication that the server is likely to be who it says it is, but if you're really in a situation where you can't be sure of that, you have bigger problems. If you're getting DNS poisoned to bounce you or someone's taken over a domain name, the problem is big and needs to be dealt with more strongly. Meanwhile, an HTTPS cert of any type provides the user an encrypted connection to the site and protects them. You have to choose where you go, but https://www.iamevil.scammerparadise.net is still going to be risky no matter whether they paid someone to verify that they owned it.

1
0

Dot-Africa saga going to jury trial... thousands of miles away in America

doublelayer

How about no .africa

Regardless of exactly how corrupt ICANN was in this case, it is my opinion that the application for .africa should never have been approved. There are only two groups that should have the rights to .africa:

1. A body selected by a vote of all African countries (that's going to happen).

2. AFRINIC.

What logic did ICANN use to say that some company or even country should have the rights to a TLD oriented at a continent? That should belong to the continent involved.

11
1

Chrome sends old Macs on permanent Safari: Browser bricks itself

doublelayer

Re: One in twenty users?

Sort of but not exactly. Since 10.9, new versions of the OS are free and can be installed relatively easily. It's not like windows 10; it will actually run pretty much the same. Since they didn't leave any models on 10.9 (everything on 10.9 supports up to 10.11), they supported it for less. I believe they still release security patches for 10.11 because older machines have reached the last supported OS. Incidentally, I'd recommend everyone running less than 10.11 upgrade to it, because it is significantly more stable, and that nobody upgrade from 10.11, especially to 10.13.

2
2

So you're doing an IoT project. Cute. Let's start with the basics: Security

doublelayer

Re: If you don't connect it to the network, ...

But they make it look like connecting it to the network will be helpful. That means that nuts like my parents, who had decided to test out some streaming services, tried to get the TV to stream them for them by having it connect to the network. Of course it didn't work, but now I have to find out how to get this thing back off the network. Somehow, my suggestion of giving them a raspberry pi that they could just connect an HDMI cable to was not seen as helpful.

0
0

Ubuntu reports 67% of users opt in to on-by-default PC specs slurp

doublelayer

Well, that was useful

And here we have...what we already knew we would have. People are using computers that look like computers we deal with on a daily basis. Even discounting the fact that most of these are probably VMs, the specs they gave us are the specs of any number of standard machines. You have the laptops (most standard-price ones are 1366x768) and desktops (connected to monitors at 1080p). And you really expect that everyone's using just one monitor. I have a friend who uses her ubuntu setup with three monitors. She's not going to power up all three just to install ubuntu; she'll turn on one, install it, then use all three when she has a real reason to do so. Meanwhile, they did get a report from me; a VM, running at 4gb ram, connected to a monitor at 1080P. What a surprise. I can really see the point of collecting this.

0
0

Trainee techie ran away and hid after screwing up a job, literally

doublelayer

Re: Key word is "Trainee"

"but giving them a crappy task that needs little or no training, (except, making the tea for the workers on a site can be a very skilled job to get right, getting everyone's tea made to exactly how they like it, i.e. more or less milk, 3 or 5 sugars)** is part of the training...."

It seems really pointless. Primarily, I'd assume that people should just make their own tea. If there is something that needs to be done by one person so that everyone can do that, fine make the trainee do it, but if that's the main thing they do, it feels like you can't be bothered to respect the skills they are supposed to be enhancing. Theoretically they were hired to learn things because they showed promise. If you're going to use them as a person to do odd jobs for which their experience is by and large pointless, then you might as well have hired someone who didn't have the skills. They'd probably have been somewhat cheaper, there are many people needing the job, and they would have knowledge of what you were going to ask them to do.

"back in the day of apprenticeships, all they did in a machine shop was brush up and clean the machinery until they knew all the names of the parts. it would take time to learn the skills to work on actual client works..."

Exactly! That's what I'm talking about. Sure, they're doing something that is relatively easy, but they are learning something relevant. This part is called X. It is part of that thing over there, and it performs task Y. This is how to clean it properly. Once you've cleaned it, so that we can use it again, you'll learn what part Z does and how you can use parts X and Z together. They may have learned faster if their supervisor just taught them, but that wouldn't be efficient.

In the end, they got the benefit of knowing what was going on, their employer got the benefit of their work, and either they continued to work together, in which case both were successful, or the employee was able to use extra experience to get or set up a career for themselves. Meanwhile, someone who is used as cheap labor for making tea or similar completely unrelated tasks gets next to no benefit. They have learned nothing, so all they get is something to put on their resume that shows that they worked on something. It's single sided toward the company, but there are very many options for it not to be. That's why I have a problem with it.

5
0

Canadian utility makes blockchain upstarts bid for their ravenous rigs' electricity supply

doublelayer

Re: Server Farms and Mining Rigs should be...

But what if it's summer but it's been chilly for a bit. Might I fold some proteins then?

0
0
doublelayer

How does this work?

If they intend to charge me extra, what stops me from lying about what I'm doing? No, these servers aren't mining, they're running machine learning workloads. Or collecting data for a massive search engine over a database. Or anything that requires a lot of processing. In fact, the electricity company might have trouble figuring out whether that's processing power or power from something else. True, there aren't many things that run 24/7, but how could they tell that a given kilowatt for one of those things was for mining versus anything else I could use it for.

8
0

Amazon tweaks its word processor for easier online Office edits

doublelayer

Re: Past its sell by date?

Please don't. I use libreoffice too, but return it in a format that isn't bloated and slow. PDFs break a lot, are ridiculously large for the data stored in them, and usually require far too much software to read.

0
1

Schneier warns of 'perfect storm': Tech is becoming autonomous, and security is garbage

doublelayer

Re: One day, ...

Ok. Now I'm curious. Since I can't think of anything that would get rid of all computers while leaving humans, what type of situation can you think of where computers would be banned? And does your theory also account for the populace to comply with said ban? I'd really like to hear your theories, because I'm not thinking that way at all.

2
0

In huge privacy win, US Supreme Court rules warrant needed to slurp folks' location data

doublelayer

Victory! for now

I'm very glad to hear this. I hope this is the first step in the advancement of most privacy-respecting regulations, as more and more data is deemed to be personal enough. Here's to the spirit of this decision living on for as long as possible.

39
0

How a tax form kludge gifted the world 25 joyous years of PDF

doublelayer

Re: PDF is clunky.

Whatever reason they may have had for losing the document, their mistakes were not the point. The point is that PDF files, although they are lauded as being useful on any platform, frequently lack the feature of making their content available if you don't want to just look at them. Some PDFs have text that can be extracted, but the number that don't is higher than the number that do. If I want to use the contents for some reason, be that copying and pasting code, quoting accurately, or sending data over something where text is more convenient*, PDFs frequently won't work. Sometimes, this is done for security, because I suppose it would be harder to violate copyright with something where copy and paste are made impossible, but usually it's down to someone messing something up or being a control freak because I should view this document in the font they like. With any text-based format, you have the freedom to make it useful by converting it to any format that would work well. The greatest risk is that it won't look as nice on the other end. With a PDF, the message seems to be that you are not allowed to do anything that the original document-writer didn't think of allowing you to do.

*Recently, I wanted to give someone some of the documentation for a system they were using. The only problem was that they were on the other side of an e-mail exchange. I can't send the PDF file because it's 48 mb and there's a limit on attachment size. This file was sent to me, so I don't have a link to it online. I could post it somewhere and let them download it, sure, but copying and pasting the ten-item instruction list would really have been more convenient.

2
1

Hot new application for blockchain: How does botnet control sound?

doublelayer

Re: No worse than something on a web page

Good point on the light node way, I was not aware that was a thing. I suppose that eliminates my objection.

On the subject of reddit, I was using that as an example, but the point was that you couldn't kill the mechanism. You post a message in a monitored thread (give the system a list of two hundred or so to check, from any account. Every message gets read and decoded. Therefore, all you need to control the system is a key that can sign/encrypt a command and knowledge of the threads used. Reddit/whatever platform it is using can find your message and delete it, and also block the account, but you don't need either of those. The message was already read and acted upon, and you can send another message just by opening another account and posting with it. Perhaps reddit will take things down too quickly, but all you need is some online forum thing that allows new accounts rather easily and doesn't pre-check posts. Posting here, for example, wouldn't work because the first three posts are moderated manually. That doesn't hold for many other methods. One other benefit of the online posting way is that the periodic killing of posts helps the commander. There is little chance of the program getting an old instruction and acting on it when it shouldn't.

0
0
doublelayer

Re: No worse than something on a web page

But the only way that will work is for the malware writers to use an existing blockchain, which will be massive. If a bot has to download the entire thing so they can find the messages I'm sending, things will be rather slow. I don't think there's a convenient find-transaction feature of the blockchain, because that would require someone else's processing to allow the search. You'd need either a blockchain that is unused enough for processing of it to be fast, or one that is very concise, which makes it hard to encode messages. Instead, you could have a few channels (I'm thinking threads on posts or maybe reddit discussions) where the bot reads them and attempts to decrypt any post with a key. You just need to create an account, encrypt your message, and drop it in. It will be removed by moderators in an hour, but your swarm will have picked it up by then.

0
0

WannaCry is back! (Psych. It's just phisher folk doing what they do)

doublelayer

Re: Super virus able to run on any platform

I'm not sure if your being serious or not... but there is no software. They're lying. They just dropped the operating systems they could think of into their message (see first comment for full text) under the theory that that would be helpful.

1
0

(Cryptographically) sign me up! Android to take bad app checks offline

doublelayer

Re: Has a disadvantage too

Even if it encourages more people to share binaries, it should prevent as many malware-infected ones from being there. For me, that will be a benefit. I tend to prefer having no google account set up with an android device and avoiding the play systems entirely, but there are things I can't get in fdroid. For example, some google packages are useful to me but don't come installed. I just have to hope that whatever site I get the APKs from haven't infected them (by the way, anyone know whether there are some trustworthy apk collections out there?). For me, this will be somewhat helpful.

0
0
doublelayer

Re: Cole's Law

But most of them do have app stores. It's just that all apps are free and you can go elsewhere. Really, for those installing apache on a linux box, how many do you think went and downloaded a source or binary from apache's site, and how many did apt/yum/pacman install apache2? That's usually more convenient, so that's almost always what I do if I want something straightforward (just the default version) or running as a service, rather than just something to run myself.

0
0

Script kiddie goes from 'Bitcoin Baron' to 'Lockup Lodger' after DDoSing 911 systems

doublelayer

Not quite a master hacker, but still needs a harsh-ish term

This guy may not be particularly dangerous, but anyone who deliberately attacks something in a way that harms emergency management needs to have that enforced. If the people running the system are right that operations were impacted, his little stunt could have caused real damage to many people's lives.

Also, how painful would 36 months without a network connection be? On the bright side, I'd get to avoid those boring e-mails.

15
0

Apple takes $9m kick down under after bricking iPhones

doublelayer

Re: weird decision by Aussies

Regarding the argument that the fingerprint sensor might be insecure, that's a risk that is taken when parts are switched. You have to understand that the cheaper part might be problematic, or in fact that something might be dodgy with it. However, the risk doesn't mean I can do whatever I'd like. For example, I can build you a hard drive that contains sneaky ransomware on board. Use it for six months and the ransomware activates, encrypting the disk and booting your machine to ask for money. The fact that I could do this doesn't mean you are justified in never buying a disk again, nor does it make it logical for you to say "Any disks I approve are fine, all others aren't". If I buy a disk, I assume the risk for it. If it turns out someone's sneaking ransomware into them, find them and report them.

1
0
doublelayer

Re: Ouch, ouch, ouch, ouch, ouch,

I don't think so. If I "repaired" something with a part that doesn't work, then I'm the one at fault. However, what was installed was a touch sensor that, while not the one made by apple, did the job it was meant to do. All apple did was to go in and break it. They probably could have gotten away with allowing the driver for the screen to become deprecated and fail, as they aren't obligated to support it, but writing code that essentially does

if (screen.manufacturer != "apple") {

brick_phone();

}

isn't OK. A better analogy would be if your computer broke, a friend replaced the processor with another one that did processing just fine and with the same instruction set, and I, as the software writer, chose to decide that I didn't like that and I'd just make it fail for you. You can't do something the sole purpose of which is to break someone else's thing.

22
3

Now Microsoft ports Windows 10, Linux to homegrown CPU design

doublelayer

There's a chance, but not a big one

The way I see it, microsoft have chosen a good time to think about switching over, as they are at a relatively pivotal point. This is similar to the many stories about their thoughts of running windows 10 on arm. I don't see a reason this has to fail, but I can see lots of ways it could. The last time microsoft tried it, for example, they got windows RT and it didn't succeed. They will need to realize that very little is going through the windows store and that the rest needs to be available. That means either getting devs to recompile a lot of things or making a compatibility layer. However, if they manage that, I see no reason this couldn't be a new architecture.

However, given microsoft's track record with this and their current software base, I doubt it will happen. Apple could switch to arm because their low-end users get their software from the appstore, and their high-end users use software made by companies that have enough money to recompile and test the new code to death. Linux can switch to most things because the software can be recompiled by anyone and patches provided by anyone with the knowledge and inclination. If microsoft makes this available, and things start to break, it may fail at that point. They aren't really providing something that we couldn't get before, so it will need to be very good for it to get the chance to become better.

2
0

Google-free Android kit tipped to sell buckets

doublelayer

Re: someone can tell me

That doesn't really get very much of it. Here comes a big data blob out, and another one in. What was that? Was it spyware sending your data to a C&C, with the next set of data coming back? Or was that your music player syncing your playlists, or even just checking for updates? There are many devices that would be caught by something like that, but the more you attempt to have the thing online, the more data it will send that you can't make any sense of. If you can't be certain that the connection to the cloud for the GPS data to be interpreted (that's something that won't run on a watch for a while) doesn't also contain anything sneaky, worry is justified.

3
1

Meet the Frenchman masterminding a Google-free Android

doublelayer

Re: And about time too...

While I'd really like an open source, everything free, no slurpage system that takes the world by storm, I know that won't be happening. I'd be very satisfied if we could have such a system that is at the level of linux on the desktop. Sure, people in general aren't using it, and remain open to the many problems with the current players, but it is a thing that can do most of the things people want to do, can be installed on most relevant hardware, etc. If we had something that could live comfortably on phones, could be installed on them without fighting them, and had access to the services we need, I would be thrilled. Most things would not need their own applications, because their websites will do most of that. However, we will need apps for the standard videochat and cloud storage software to complement the apps that do more standard on-device things (without a good mail client, contacts manager, calendar, and phone/SMS client, there is no chance).

I have gotten as close as I will probably get to this with a blank android system (no google play apps if I can manage it, firefox as browser, all apps installed from fdroid). I'm sure there's a lot I probably don't want to know about in there, but I don't have a way to get any closer.

1
0

Unbreakable smart lock devastated to discover screwdrivers exist

doublelayer

Re: As I was reading...

Maybe, but there are plenty of things that would be useful. In the case of a thing I considered backing, a phone case that records phone calls and can also act as a convenient audio recorder. That's something I could use, as I find it handy to start a recording with a press of a button, which my phone can't do (unlocking, opening app, and pressing a button is fine but can take a few seconds which annoys the person you want to record, and won't work if you're on the phone. It is a product I want, the price seems fine, and the people are near their estimate of how much money they need to make it, so they should have enough. I don't know what happened in that case, because I didn't end up supporting, but all I know is that they haven't made any of these, the page is dead, and I'm disappointed because I can't buy it.

1
0

Dearly beloved, we are gathered here today to mark the life of Slack for Windows Phone

doublelayer

Re: Windows Phone ... 7 ?

It was the application in the microsoft store--I.E. it was running on windows 10 mobile (maybe windows phone 8.1 too, but I haven't checked). Frequently, windows 10 mobile is still called windows phone, both because microsoft has been known to do it and the fact that windows 10 mobile sounds weird. Windows mobile was a thing, but it is nothing like windows 10 mobile. Meanwhile, windows 10 mobile and windows 10 are alike only in that they require too much background junk and have cortana on them. Windows 10 mobile and windows phone run on similar devices, in some case the same devices, made by Nokia two to four years ago (they are still making them, right? I haven't really heard anything about it). Hence, windows phone can refer quite clearly to the latest windows thing that runs on phones.

1
0

Apple hauled into US Supreme Court over, no, not ebooks, patents, staff wages, keyboards... but its App Store

doublelayer

On balance, I have to support apple

In general, I would like apple to allow a lot of things that they don't. The fact that they have monopoly rights over what can run on their hardware does limit what can be done with them. However, there are two major points that, although I dislike them, I think tilt the balance toward apple.

First is the point that this applies to pretty much any device. Computers generally allow any software to run on them, but that is the exception, not the rule. There are a lot of devices that have a monopolistic method of allowing things or not. I can't go outside amazon's system for things to run on their echo speakers. I can't decide to install my own software on nest's thermostat. I can't erase my android phone and put something else on it. Of course, I may be able to do these things under some conditions if I go to a lot of effort to break into the system, but that also applies to apple, as I can jailbreak my phone and use any number of appstores. In general, I think precedent says that you can build your system in a way you like. Your customers can break into it on their devices, but you don't need to provide them the means to do it. Frankly, if this argument is accepted, I'd like to see a similar action filed against every android phone maker with locked bootloaders.

The second reason is a bit less formal, and that is that this is apple's main selling point. They haven't hidden this fact at all. They guarantee that any app in their store passed their vetting process, which could be used against certain apps because apple doesn't like them, sure, but is more likely to be used against apps with real problems. I think there are similar contracts in many places; microsoft's contract of "You must not sell PCs running Linux or we won't sell you windows" comes to mind. For example, if some store came out with a product and sold it there and nowhere else, could it be argued that they have a duty to sell it in other stores?

7
2

What can you do when the pup of programming becomes the black dog of burnout? Dude, leave

doublelayer

Re: we're not freaking magical wizards

I agree, but more because the statement is just wrong. The general public don't see dealing with systems as fighting demons. To judge from the general attitude, they consider it as either building something (those being the courteous ones), putting roadblocks in their way (the annoying ones), or doing something that requires no skills at all (those being the stupid ones). Also, I have never considered a system or program I'm writing to be like a puppy or any other animal. With animals, I get a sense of life, of personality, although that's mostly made up by me, and independence. I view programs as something I am building. It may at some point be independent of my actions, and there may at some point be enough code in it for something it does to be sort of lifelike. However, it's not living enough for me to consider it like an animal. If you want a parallel that works for me, although this is probably very subjective, I'd suggest a system as a piece of art. I have an idea of what it will be, I take steps to get there, and the completed work is designed by my imagination and different from my original blueprint.

5
0

Page:

Forums

Biting the hand that feeds IT © 1998–2018