What I do
> Just what is it you lot actually do anyway?
What I do is avoid Oracle products and services to the greatest degree that I can.
5648 publicly visible posts • joined 20 Feb 2015
Yes. And even worse than that, the additional attack surfaces are being manned largely by people who don't generally have system security in the front of their mind, and often don't know how that should inform their behavior. So those are particularly vulnerable attack surfaces.
> Yet people seem to accept mobile banking and paymemt systems are secure.
Yes, they do. Those systems represent tradeoffs between security and convenience, and people are deciding that the tradeoff is worth it to them. That's fair -- we all decide the level of security that we're comfortable with. Elections are different, though, in that security risks with election systems involve everyone, not just individuals with accounts.
> Make yer minds up, either it is possible to make secure mobile apps or it isn't.
I think my stance was clear -- my mind is made up. It isn't possible to secure mobile apps to the degree that is necessary for election systems.
This was a ruling in the California state supreme court. While Apple could technically appeal to the US supreme court to hear the case, unless it involves federal law in some way, or a dispute between the states (and this does not appear to involve those), the US supreme court will almost certainly refuse to hear it.
> Github is hammering home that this original git working model is dead and buried.
Not hardly. I use Git heavily, but I won't touch Github with a ten foot pole (the reasons I abandoned Github are not only still there, but increasing). There is nothing they can do that would kill the original model of git for me. They're only affecting users of Github, which doesn't constitute anywhere close to the majority of Git users.
Yes. Unlike the claims the US makes with regards to the 5G nonsense, it will have to actually have solid evidence for these claims.
The possibility remains, of course, that the US has no such evidence and are just harassing Huawei. They could drag Huawei through the courts for a long time without such evidence. Ordinarily, I wouldn't think this was a likely scenario, but given the the weird hardon that Trump has for trashing Huawei, this seems like a possibility.
> Kraken does not know if the people that left the reviews are ex-employees who signed a non-disparagement contract taking away their legal right to speech.
Correct, which is probably why they want Glassdoor to reveal the identities, in order to make that determination. Also, it's established law that non-disparagement clauses in contracts (in the US) cannot restrain people from stating their opinions. In other words, the clause can prevent you from saying "the company is criminal", but not from saying "the company behaves in a way that I consider intolerable." Well, they can say they do, but courts cannot enforce that because it's a first amendment violation. That's the case that the EFF is making.
In this case, they're suing because the people who left the reviews are ex-employees who signed a non-disparagement contract. Kraken is alleging that those review violate that contract. That isn't any better, but it isn't a case of Kraken suing a customer for leaving a bad review.
> Does anyone in the US sometimes worry that this kind of shenanigans might act as a damper on innovation and new ideas?
Yes. And it's not "might" -- it absolutely does. I can't even count the number of times I've encountered people who had fantastic ideas but decided not to pursue them because of the fear of tripping over some bogus patent or another.
> If the citizens want 5G, they're not going to be happy with the city pushing the costs up.
Correct, which means that the citizenry will force the city to levy smaller fees. If the citizens don't care (and, at least in my part of the country, most couldn't care less), then everything's good. I don't see the problem here.
> Unusually, the FCC seems to be doing its job here, lowering the barriers to tech rollout.
That isn't the FCC's job.
> Portland might not think its additional fees were too much but if every other city in Oregon were making similar demands or nationwide, this is prohibitive.
So what? If cities set the price so high that nobody is willing to install the system, then the system doesn't get installed. That seems like the sort of thing that cities should have the right to decide. The FCC is acting like rolling out 5G is some kind of national security thing that needs to be forced on everyone. It is not, and it shouldn't be.
> However continuing miniaturisation has now made all of this impractical
It really hasn't. It's as practical as it always has been. The only difference is that you need to learn a slightly different skillset than with the older through-hole components.
Personally, I find working with modern SMD components easier than working with though-hole components in a ton of ways, and I have poor eyesight.
> You must be quite young.
Why, thank you! But I'm the opposite of young. When I first learned to program, I did so on punched cards (not kidding!)
> 10 years of life might of been doable in some cases, but system speed increases and RAM requirements were rolling in much faster than they have been since about 2000.
You're talking about a different thing than I. I was talking about how long the machine will continue to function, not necessarily how long you actually use it. That said, I've never owned a machine that I stopped using before it broke badly enough to not be worth repairing. When I needed to replace it with something faster, I'd just put the old machine to a different use. I still have a couple of machines that were manufactured in the '70s that work just fine today. 10 years is nothing.
> Hence service departments that actually repair things disappear, and the need for service manuals (which if any good are expensive to produce) disappear too.
For my key pieces of equipment, I'd absolutely pay some exorbitant amount for a good service manual. It would have quite a lot of time.
> We'll still consume lots of kit, but expect it to last out the decade
I have always expected the kit I buy to last at least 10 years (with periodic minor repairs). I've rarely been disappointed, and the few times that I was meant that I didn't buy more gear from that manufacturer.
My current smartphone is 6 years old, and my primary laptop is well over 10 years old. Both are still going strong, just as they should be.
> but what that actually means is they prefer more relevant ads.
So much this. And "relevancy" is context-dependent. If I'm on a tech site, an ad for related tech is more likely to be relevant to me at the moment than one that isn't, regardless of my other interests. Plus, I don't block ads -- I block tracking. If a site is showing ads that don't rely on Javascript, then those are ads that I'll actually see, regardless of relevancy.
But I can't help but toss this in -- if the price for privacy is that ads aren't relevant to me at all then that's perfectly fine by me.
> I guess the problem today is that nearly all the web advertising is the equivalent of the inserts in the mags
That's not the problem I have at all. The problem I have is the spying that comes with the ads. If print magazine advertising spied on me, I would have had the same reaction to that as well.
This effort by Google is intended to preserve their ability to spy. They just want to move where the data being collected is processed from their servers to your machine, that's all. Doing that makes it no less objectionable.
> I don't generally walk about naked in public, but there are people who I'm OK with seeing me that way.
Right -- the people you've given permission to see you naked.
> If Google can insinuate itself onto that list of "select people" - if not for you, then at least for a significant number of its users - then it can totally square that circle.
If someone has not given Google their informed consent, then Google has not squared that circle even if a significant number of its users have given such consent. Google is still being abusive to those who haven't.
> the system depends on Web Bundles (websites packaged as a file),
"Web bundles" are an absolutely terrible idea that needs to die. That they may be used in order to further erode privacy makes them even worse.
> that new APIs are "a necessary part of the broader goal of stopping tracking on the web."
No, they're not. This is a bit of a disingenuous argument. They may be a necessary part of finding a way for Google to be able to continue doing business as usual while reducing tracking, but they're certainly not necessary to top tracking.
> He maintains that the client-side JavaScript from advertisers would not be allowed to touch the surrounding page or network.
Perhaps. But can that JS phone home? Can it collect data (such as for fingerprinting purposes)?
> "I think something like TURTLEDOVE is feasible, and is necessary for dropping 3p cookies without trashing web sites' ads revenue,"
That may be the case -- Google seems to be trying to drop third party cookies while replacing the functionality of third party cookies -- which pretty much makes dropping those cookies pointless. Personally, I couldn't care less if web sites get their revenue trashed because they're reliant on this sort of advertising. This sort of advertising is an attack on users, and sites shouldn't be able to benefit from it. Of course, we all know that by "sites", what Google means is "Google".
I've been following what the online marketing press and sites have been saying about all of this, and it's getting even more frightening and antagonistic. What they're talking about now is coopting sites that require users to log in with accounts, so that the marketers can make use of that first-party data themselves. What this means is that those of us who are concerned about privacy need to stop having accounts on such websites.
> The problem is that most admins of those servers either dont give a damn or their managers dont give a damn
I understand. I don't think that fact justifies these sorts of actions.
> And the only way to force that is to break the servers at the browser.
So don't force it. The browsers breaking shit just to force the hand of others is unacceptable.
Since I admonish Google for being heavy-handed in similar ways, I'll admonish Mozilla as well. It is not the web browser's role to decide what is or is not acceptable, and I resent it when they do.
Fortunately, I use neither Chrome/Chromium nor the "modern" Firefox (in small part because of this sort of nonsense), so this won't affect me. But it irks me just the same.
> Space is not owned by America (much as they think it is), it is available to all nations.
True. But what Musk needs US licensing for isn't the use of space, it's the use of US ground stations and launching points. No US permission for anything is needed if neither of those things will be used.
> In practice not without the whole world knowing that you're doing it.
Nations that restrict internet access don't keep it a secret as it is. I don't think that they'd care if the whole world knows they're jamming starlink signals. Doing so wouldn't be illegal, after all, as the nations can make whatever laws about this that they wish.
> We can mitigate the astronomical inconveniences and it will be a small price paid if it helps keep that 'non-dystopian future' option alive.
This isn't going to do that.
And precious little of what I see Musk doing can realistically count as working to "save the world". He a rich boy playing with rich boy toys. In his defense, if I had Musk's money, I'd do many of the same things -- they're cool! But I wouldn't try to fool others into thinking it was for altruistic reasons.
> I fear that in a few years we will be down to Chrome and Firefox. And a few years after that to just Chrome.
Indeed. Already, large portions of the web are unusable unless you're willing to enable JS (and thus expose yourself to spying). Those sites are unavailable to me already.
Sites that only work with Chrome or Firefox are equally unavailable to me. If there are no sites left that can work with other browsers, then the web becomes nonexistent to me entirely.
I do completely expect that this will happen in my lifetime. It's too bad. It was a good run while it lasted.
No, it was reimplemented, not ported. This was necessary in order to maintain reliability, maintainability, and performance.
The amount of code was not monumental, but it was significant. The reimplementation was performed by three engineers working for about 6 months (including QA).
Oh, this is entirely the US way. As used in the US, "socialism" is largely meaningless -- it's just an an insult on par with "asshole". In practice, the US doesn't mind "socialist"-flavored policies as long as it benefits large corporations, particularly if it only benefits large corporations.
> but being told what to wear does go both ways.
In my view the issue isn't that a dress code was specified, it's that "short skirts and high heels" were specified for the women. In other words, they're being told to sex it up. If they'd just said "dress is business casual" or somesuch and left it at that, there would have been exactly zero problem.
But, really, the deeper problem isn't that short skirts & heels were specified, it's that nobody saw that this was a bad thing to do.