Posts by Charles 9

Re: Legit purposes?

It's not BS at all. If one can MAKE the laws, one can do as one pleases. Ink on a page and all...

"And don't get me started on how little love I had for them when they rolled out whichever version of Android it was that messed around with the SD access permissions for third-party apps."

Don't blame Google there. IIRC it was the same version that allowed for encrypting the storage devices to allow a Lock-and-Erase that was actually effective. With that in place, Google discouraged app devs from using external storage (less likely to be encrypted) as a security measure. I actually DO encrypt the internal storage on my phone to take advantage of this.

These days, internal storage is enough to store all the apps I would ever need. As noted, I keep the external card (unencrypted , in case of Murphy) for low-priority stuff where its security isn't really an issue (after all, who cares if my media collection is stolen; it's just a copy).

Unless the SD is just full of low-priority stuff like media files which are easier to pass from phone to phone as you progress. And that still doesn't excuse the lack of removeable battery, which based on firsthand experience is a serious longevity and safety issue. Having pulled out plenty of bulging batteries in my years, I've made it a prerequisite.

Re: This is worse than backdoors into encryption

You say this as if this was anything new. We're talking human beings here.

Re: While better than a back door

Thing is, were the tools still in active use at the time or were they a couple generations out of use?

Re: Bollocks

Funny. I keep FF up for weeks at a time without an issue (have to keep a window open to keep an obscure, slow-to-reload page active), and I only have 8GB and a Core i5. Oh, and it's only using 500MB, with two windows (one Private) and multiple tabs active. WITH numerous Add-ons active including NoScript and uBlock Origin. Does it matter that it's v54 (32-bit)? And as for the interface, I frankly don't see what all the fuss is about. I LIKE the Hamburger menu, I reload with the keyboard, and if I need the regular menus, a quick flick of Alt opens it right back up. Ever tried to print a webpage from Chrome? It doesn't use the OS-standard print dialogs.

And no, I'm not a shill or anything. I simply, honestly and truly, prefer Firefox to anything else. Nothing anyone else has said has convinced me otherwise.

Re: IMO It is an engineering fault for their failure...

And then they get flak for pwnings that occur BETWEEN the Patch Tuesdays, some of which are SO severe (and already in the wild) they're forced to scramble to issue an Out-of-Band patch. Putting you in a vice: break your machine or get pwned. And let's not forget all those people who wouldn't update even if it meant their lives (or livelihoods); they've demonstrated an inability to stay current, when self-preservation doesn't work, you're forced to use other means (and no, you can't use Darwin since that would bring with it collateral damage which could end up boomeranging back to YOU).

Re: yea we know

"It's a bit like helmets and seatbelts. I think they are a good idea and that everyone should wear one, but I also think you're all big kids and if you want to take a chance, it's your life."

NO, because no man is an island, and your life has an effect on everyone else, so disregard for oneself is by extension disregard for EVERYONE: bad for society.

Re: MS Paint

"Maybe Microsoft should try to write a report in Paint 3D and tell us how that felt."

And if they say they LOVED it and wouldn't use anything else?

Re: IoT devices uses default passwords

But what about people with bad memories who suddenly need to get into their routers and can't...because they forgot the password? The problem with your solution is that you have to account for stupid who will still complain if they can't get into the stuff they bought outright with their own hard-earned dollars tout suite.

Re: Maybe I'm growing into a grumpy cynic but...

Sounds all nice until the real world butts in. You know the old saying, "Good, Quick, Cheap. Pick any TWO." Problem is, the bean counters and higher-ups usually call dibs on the Cheap and Quick, figuring paying for the occasional flub is less than doing it Good. Leaving you kinda backed into a corner.

Re: Requires an incentive

But then, how do you stop Amazon and eBay. If you try to push them, they could push back and tick off lots of customers (and by extension, constituents), causing them to complain to their governments for being heavy-handed.

Re: Requires an incentive

And if the retailer has no physical presence, either, because it's an E-tailer stationed out of the country?

Of if it's a gray market where the devices are obtained straight from a manufacturer website again out of the country?

Re: Maybe I'm growing into a grumpy cynic but...

Oh? What about formally proven software?

Re: Of course it won't happen anytime soon

Simple. A car can kill someone. DIRECTLY, as in run them over. Until common IoT things cam directly kill someone, legislatures won't jump in.

Re: Misses the point

But they still won't hold a candle to rubber-hose cryptanalysis and obtaining the data "outside the envelope".

Re: US Portions

"Please explain. After paying for food here over rather more decades than I care to think about it comes as something of a surprise to find I never owned it."

Think about the old adage about bad beer; you don't BUY it, you just RENT it for a while. Similarly for food you eat; you don't buy some of it it because most it doesn't stay inside: leaving eventually one way or the other.

Re: no systemd here

So what happens if there's only ONE way to fix something AND it REQUIRES breaking everything?

Re: It's a phase young programmers go through

"No chance, they'd merge. And we'd definitely need to shoot what staggered out."

More like nuking from orbit, and even then there's no guarantees. It could evolve radiation resistance like a tardigrade.

Re: replacing init with something "sane"

"I would argue that it wasn't "init" that needed replacing, it was "rc"."

I was going to say, replacing the idea of fixed numeric runlevels with names (which can still be numeric) could at least be seen as a gradual progression (nothing too different from what's being used now, after all) and would allow the introduction of configurable flexibility (more than 5 runlevels if need be, or less if you want to KISS the system some).

Re: no systemd here

IOW, gestalt faults (or gestfaults, for short). Things that never show up individually but crop up when put together (the whole is worse than the sum of its parts). And that's another potential fault point for a process chain: "trusting the welds", so to speak, since you can't be sure the two programs were built by the same teams with the same goals and same philosophies and expectations. If they don't, and they don't explain everything, an edge case can hit where the sender sends something the receiver doesn't expect.

Re: no systemd here

Well, if the UNIX philosophy is "Do one thing and do it well," two questions bug me. One, how can one be sure the one thing a program is doing is actually doing it RIGHT. Doing one thing but doing it WRONG presents weak links in a process chain. Second, explain busybox.

Not quite. Each downloaded already had a license direct from the source, meaning they were LEGALLY entitled to a copy. Does it matter from where the copy comes?

Re: Complete or not at all...

Proportion doesn't matter so much if it's a matter of low incidence but high consequence.

That's still savings in labor costs. Now it's just a bottom-rung handler, not a tested, certified commercial driver.

Re: That's why NIST deprecated SMS authentication

Why the thing against forced password rotations (which IIRC are meant to close and/or detect any unknown breaches)?