Security professional here. This is legit a good call on their part. It's because those types of addresses won't bounce emails but aren't necessarily in your control; it's very, very easy to spam those petition forms with mail@ for a million real domains without bouncing the emails, making them seem legit.
You own your domain, obviously, so it's really as simple as creating a forwarding/alias address of "changeorg@domain.tld". If creating a forwarding/alias address is that much of a problem for you I suggest that you likely shouldn't be hosting your own email in the first place.
Your laziness isn't a good reason to be upset with a company taking steps to reduce their security overhead significantly
Yeah I agree that one seems silly on the surface but for their specific situation I understand why: services like Gmail allow using a + to create faux-labels. So for example foo@gmail, foo+bar@gmail, and foo+baz@gmail all get delivered to the same account. For change.org that's a problem because it allows a single email account to fill out the form many times.
Ideally, they would simply truncate everything after and including those symbols but it's possible other services have different rules (maybe yahoo let's you prepend faux-tags instead of appending them, or something like that) so simply blocking their use altogether could be the more robust solution
I wonder how they handle gmail addresses with dots as you can put dot in anywhere and it still will redirect to your email.
I've setup (for few services which don't allow + sign) emails like foobar@gmail.com, foo.bar@gmail.com, fo.o.bar@gmail.com and they all come to my inbox.
I imagine because it can't be used to add additional junk characters to the address, they probably just strip them out before doing their string comparison
For the same of checking uniqueness it's probably fine to just ignore them. Yeah, it sucks if johndoe@obscure.domain and john.doe@obscure.domain can't sign the same petition but outside of the big email services I imagine that kind of collision is pretty rare
Eh, honestly I think blocking plus addressing as a workaround to block people from using multiple identities on the site is very weak argument and ignores completely the reason plus addeesses are being used in the first place, tagging.
And the addition of "-" just tells they don't really know what they're doing, considering it's not only valid but also very common symbol in email addresses
I don't think the reason they're being used is relevant to their problem though. "Think like an attacker" wins the day here: as an attacker, I don't care what it's meant for, only how I can use it to my advantage. If it's something they observed as a problem, I understand why they would want to stop it.
As for "-", yeah, I don't have a particularly good explanation for that one except the assumption that it's something similar to + addressing on a different service.
"-" is the default delimiter in qmail. I administer a system, where both + and - are valid recipient delimiters for historic reasons and we can't really get rid of it.
Believe me, it has caused all kinds of problems, where we have to go deep into the finer differences between aliases and virtual aliases and transport maps in postfix to route mails correctly. Especially since we have a lot of Mailinglists with - as a valid character in them.
So to summarize: the assumption by changeorg is valid, however the execution seems rather flawed.
Yeah, I can't say their solution is the most elegant but it certainly makes a kind of sense when their criteria for success is "maximize participation while satisfying 'uniqueness' critics"
The local parts of email addresses are standardized, and there is an RFC handling subadressing as well, see RFC 5233 - it's not like Gmail invented this behavior.
Also, RFC 5321 clearly states (2.3.11) that the local part of an email must only be interpreted by the receiving server, so that part should not be parsed, modified or mangled in any form - the assumptions poor web forms or validation libraries make these days are incredibly annoying and simply not compliant.
So no, non of your suggestions are good, let alone ideal. Ideally, people would simply implement the specs and stop making lazy and false assumptions. In the case you cited, it turns out email validation is simply not the proper tool to limit how often the form can be submitted. Similar websites use e. g. text messages.
Requiring SMS validation is a massive barrier to entry and not a viable option for a service like Change.org that relies on a certain level of participation.
There's literally another comment made at almost the same time as yours complaining blocking the use of + and such is too high a barrier to entry and just the devs being lazy. Meanwhile your suggestion is raise the barrier to entry even higher if you care about uniqueness of submissions
It's a no-win situation for Change.org so they went with something that meets their business needs. Can't really expect much else from them tbh
I'm aware of that, but let's be honest here: social and political changes are not introduced, let alone solved, by technology.
You said it perfectly: this is about business needs. I'd like to argue to make the barrier for entry even higher (tie it to a form of citizen identity) and mandate the petition must be reviewed / acted upon once it has become significant - frameworks like this do exist already in several countries.
Everyone has multiple email addresses today, does that not fundamentally erode the validity of change.org as a platform for direct democracy then?
I do believe this is the case, so I'd love if another website would at least stop violating already existing standards and force their erroneous interpretation of how email addresses work down our throats.
Oh yeah don't get me wrong, I think change.org as a product is hot stinky garbage. I don't take anything they produce seriously lol
I just don't expect them to do anything differently under the current circumstances is all heh. And their business is married to the design at this point, so I don't see them pivoting any time soon. As you suggest, they need a competitor that can do it right to come along and actually produce some kind of meaningful results in the political arena, but that's a whole other can of worms.
I literally have an idea for this, and am kinda just sitting on it until I find the right people. I've been on the lookout about 10 years now for a) someone with a comprehensive understanding of constitutional law and b) someone with a comprehensive understanding of political finance and lobbying, both of whom also need to be progressive and interested in 501(c)(3) work. A bit of a unicorn :p
Calling "acquiring and setting up an email domain and configuring the mail server for wildcards" "basically no extra effort" is a bit disingenuous compared to "solve a captcha for a Gmail account"
I'd assume one needs to verify the email by clicking a link, so to spam user1@domain.tld, user2@domain.tld would mean you need access to those inboxes. That means you need to go through the effort to actually create those emailadresses on whatever freemail service you chose, or you need to host the emailserver yourself and have all mails run into a catchall inbox.
Hosting your own emailserver is definately not "basically no extra effort", even for a lot of tech-savvy people, paying for a hosted email service using your own domain is easier, but also seems like not a good investment just to spam a petition website.
The foo+bar@gmail.com functionality, however, is pretty well known tool - even by non-tech savvy people. Even some people I know that I consider basically tech-illiterate have known this for years, they have told me when they found out about it and asked me if I was aware of this functionality.
The first one I mentioned requires preparation, setting up email accounts or an email server, the second one is basically already set up for most email users and ready to go, the latter is therefore definately a lot less effort to pull off.
Spamming user+1@gmail, user+2@gmail takes absolutely no technical knowledge whatsoever - anyone can do it with 1 gmail account.
Spamming user1@domain, user2@domain etc requires 1 of two things:
you can sign up for multiple email accounts using a third party service. You're going to run into trouble with Gmail or other big providers if you start creating accounts en masse.
you create your own email server. this requires someone with selfhosting knowledge and some basic coding (or rather server config) experience.
You're not wrong, but this isn't really a security matter, it's an "apparent uniqueness" matter. Their goal, I assume, is to satisfy critics enough that a given petition's participants are sufficiently unique while keeping the barrier to filling out the form as low as possible. So they end up in a situation where neither of perfect, but they're both "good enough" for what the business needs.
I dealt with this in the anti-cheat space: my goal was never to remove all cheating, because that's too expensive (insanely so). My goal was to make the public believe they weren't playing against cheaters too often. If the solution was forcing the cheaters to perform at a level that was just below the most skilled human players, that was actually a success, because if the players can't differentiate between cheaters and pro players, then they can't effectively determine how prevalent cheating actually is.
Part of me hated that we had to treat it that way, but another part of me understood that if I pushed too hard on "eliminating cheating" my department would become more costly than it was worth and they'd pivot away from gameplay that needed anti-cheat at all
I spent about a decade in the enterprise software development space, so I totally get it. I couldn’t put it into words as well as you did, however.
After watching the FCC bigwigs debate robocalls several years ago, I’ve become a believer in a future where your internet access is always authenticated to your real life ID, dark web excepted of course.
In their case, it was posited as a best-in-class solution to the problem of spam in the telephony space. Same logic applies to email. I mean, look at what Twixxer did with the verified checkmark requiring a credit card. The trend is already there.
I get the fear of being de-anonymized on the internet, but it may be the case of something we hate being something we need, when you start to throw deepfakes into the mix.
Funny you mention the robocall thing... I'm literally leaving a company that works on that problem (though not as their primary business) Wednesday. It was a short stint - mostly because they are resistant to solving massive technical debt problems and I'm not trying to doom my future self - but what I witnessed was....depressing. Getting anything done was like pulling teeth, and that's with the recent FTC pivot to taking this stuff more seriously. STIR/SHAKEN is a reasonable start but it still has almost no teeth behind it.
I'm with you on the identity issue. I mean, if we're being really honest, the only people losing out by not implementing strong personal identification verification are the legitimate end users because the threat actors have gotten so unbelievably good at fingerprinting user behavior. And it's only going to continue getting worse. With ML growth as unfettered as it is, there is nothing we can do. So I'd much rather take the reigns and make identity verification a robust feature instead of a bug we can't squash.
Kudos for looking out first your future self - I had to leave the field entirely after it got to the point where I couldn’t stand to look at a computer anymore. Still can’t for more than an hour, two years later.
I intend to reply more later, because this does deserve a longer reply, but I am short on steam.
In the meantime, have you heard of login.gov? Check that out. The day that .com gets a hook into that is the day that identity problems are (mostly) solved.
Yes! I LITERALLY just set up my stuff there a few days ago for TSA Precheck and CBP because I'm heading to Japan next month. I love what they're doing.
Heh, I saw it on news.ycombinator.com back when it was announced- they have made strides if you can access TSA now!
In the beginning it was just a form for every manner of authentication and then a big CTA, essentially telling other .gov entities to start making project requests.
Risk management is the name of the game, as always, eh?
That’s a slick technique for anti-cheat, heh. What did you think of the Call of Duty “fake data” approach? That cracked me up - things in game that only cheaters can see, so they end up self-reporting themselves as cheaters lol
As it ever will be, much as it may pain our moral sensibilities.
Re: CoD - I loved it. Laughed my ass off. Absolutely a big fan of creative approaches to getting cheaters to tell on themselves. I proposed something similar to my team when we had a problem with players manipulating the position of objects in the world so they were directly in front of the player: add an object of the same type inside map geometry and attach a "kill volume" to it, so it was like a landmine. Move the object in front of the player and they instantly die :P Wish we'd done it but couldn't get the level designers' time to implement it unfortunately
One we did do though: back when the product I worked on was on PS3 one of the big problems was hacked consoles spoofing platform entitlements (the thing that tells the game what purchases they should have access to). So we added an entitlement that couldn't be acquired in any legitimate way, and gave you a specific item in game. Then we just checked player inventories once a week for anyone with that item and banned their account, their console, and any account that played on that console for a meaningful amount of time. Did the same thing with an item you could only get to by clipping through geometry. Even put the word "intrusion" in the item's name haha.
The cheats are so technically complicated at this juncture that the creative stuff is often the most effective. I mean, people are literally voluntarily installing hypervisor rootkits to run the cheats, so they can talk to their drivers below even the kernel. It's so hard to come to with technical solutions to a problem like that that doesn't wind up costing massive server processing power to validate every input.
Haha that is a great idea! Give the landmine kill a special animation just to make sure that the cheaters get the message or let them figure it out in time lol?
Heh, did you share that inventory technique on news.ycombinator? I could have sworn that I read a story there a team doing that.
I know exactly what you are talking about - I was digging into the modding of this one game and happened upon a cheater’s forum. Blew my mind that the first step was to completely gut your computer’s security lol. But at the same time, was enlightening to see that. Seems like some of the work has been moved to the Anti-Cheat systems, but I’m guessing that there must be large gaps in what the AC can actually do for you at the application level?
Let em figure it out. Wasting their time is a core strategy in reducing their impact and will to continue cheating
I certainly didn't share it myself but it's possible my old boss did!
TBH, in my very personal opinion the third party anti-cheat apps are like 50% placebo. Just makes people feel better. They are very protective of their "secret sauce" but I can say none of them are anywhere close to perfect. The thing they're best at is taking the easy stuff off our plates so we can focus on the more difficult problems of hardening the game itself and analyzing telemetry.
My understanding is that signing a petition and creating an account aren't necessarily linked, and it's up to the person who created the petition whether verification is required.
After signing the petition, they pop a large notification about needing to validate my account by clicking on the link in the mail they sent. If I didn't do it, the signing wouldn't count
Right I'm saying I always thought that was an optional feature, determined by the person who created the petition. I don't think it's a universal requirement for all change.org petitions
I have been using catchall on my domain since 2002. I have never told anyone any of my real accounts. When I have to send an email, I just add that account (change@ whatever), send the e-mail and delete the account afterwards, rebanishing the company to my catchall. I’ve had it scripted for ages.
When I do get an unsolicited email from let’s say ShittyCompany Inc, I set up a rule to forward all incoming shittycompany@(mydomain) emails to info@ shittycompany. This way they just spam themselves. Takes 2 seconds to run the script and I never see emails from shittycompany again.
Web developer here. The problem here is not with emails but with change.org's business model, which is reliant on lying to people that their petitions actually mean anything. But, anyone with half a brain cell can easily spot that they don't have any legal backing whatsoever nor do they do any kind of identity verification, therefore those petitions are completely worthless. They might as well not give a fuck and allow cheating. For all they care, it only boosts counters and makes them appear more popular than they actually are.
Technically correct is the best kind of correct.
If you copy something you are not entitled to because of copyright, it's copyright infringement.
With theft the originally owner loses what is stolen, with copyright infringement the owner only loses the license fee for 1 copy.
Not the same thing, and calling it theft is purely a propaganda term invented by the media industry.
It should also be noted that copyright laws usually have all sorts of exceptions for fair use such as satire, education, etc. Typically, keeping and even using a copy without permission is legally allowed under certain circumstances.
Just a word of caution. Even if you have a valid fair use claim they have to be adjudicated and the legal costs can get pricey. Worse if you’re found liable.
Check out Lawful Masses on YouTube for plenty of examples of copyright trolls using this as a bludgeon.
It's just a fear tactic. If enough people self represented themselves individually the companies would die. You can't draw blood from a stone... which the average consumer is basically close to. The recovery rate vs the lawsuit fees would destroy the entire legal system if people stood their ground.
Canada decided to have none of that. Downloading without keeping a copy (streaming) was basically thrown out as copyright infringement, the whole lost income idea was generally laughed at, and the final result was a maximum judgement of $500 for all non-commercial copyright infringement prior to the suit. Which basically would pay for about one hour of the plaintiff lawyer's fees. We don't get a lot of copyright suits like that in Canada any more.
With theft the originally owner loses what is stolen, with copyright infringement the owner only loses the license fee for 1 copy.
There used to be an anti-piracy lobby group in Australia literally called "Australian Federation Against Copyright Theft". I always had an issue with their name since they were really against copyright infringement, not "copyright theft" which is just a nonsense term like you said. It's been ruled several times by courts both in Australia and in the USA that it can't be called "theft" (e.g. https://www.techdirt.com/2013/12/02/surprise-mpaa-told-it-cant-use-terms-piracy-theft-stealing-during-hotfile-trial/).
I like to think of it as something similar to watching a football match from the other side of the fence. People who paid the ticket, are loyal fans. People who didn’t pay, but still want to see the match, probably aren’t even part of the target audience. Some of them might be, but that’s a small number.
So, when the football company says that they’ve lost the sales of x number of tickets, they are actually saying that if those people had enough money and if they cared enough, they might have paid this amount of money.
Right, so I suppose George Lucas was stealing from all the movies that inspired his work when he made Star Wars. Or when Mel Brooks made Space Balls, as a more blatant example
Mel Brooks’s works are protected under the Fair Use provisions for satire under the DMCA. Lucas never copied anything directly, but, if pressed, much of his work is “heavily inspired” by works in the public domain and/or could be argued to be “derivative works”, also covered by Fair Use provisions in the DMCA, although any claim of copyright violation would be pretty difficult to make in the first place.
not in any legally reasonable way, and certainly not by anyone who understands how AI (or, really, LLM models) work or what art is.
If it’s not redistributed copyrighted material, it’s not theft
but that's exactly what OpenAI did-- they used distributed, copyrighted works, used them as training data, and spit out result, some of which even contained word-for-word repetitions of the author's source material.
AI, unlike a human, cannot create unique works of art. it can old produce an algorithmically-derived malange of its source-data recomposited in novel forms, but nothing resembling the truly unique creative process of a living human. Sadly, too many people simply lack the ability to comprehend the difference.
it can old produce an algorithmically-derived malange of its source-data recomposited in novel forms
Right, it produces derivative data. Not copyrighted material.
By itself without any safeguards, it absolutely could output copyrighted data, (albeit probably not perfectly but for copyright purposes that's irrelevant as long as it serves as a substitute). And any algorithms that do do that should be punished, but OpenAI's models can't do that.
Hammers aren't bad because they can be used for bludgeoning, and if we have a hammer that somehow detects that it's being used for murder and then evaporates, calling it bad is even more ridiculous.
Some safeguards have been added which curtail certain direct misbehavior, but it is still capable - by your own admission - of doing it. And it still profits from the unlicensed use of copyrighted works by using such material for its training data. Because what it is producing is not a new and unique creative work, it is a composite of copyrighted work. That is not the same thing.
And if you are comparing LLMs and hammers, you’re just proving how you fundamentally misunderstand what LLMs are and how they work. It’s a false equivalence.
but it is still capable - by your own admission - of doing it
...
And if you are comparing LLMs and hammers, you’re just proving how you fundamentally misunderstand what LLMs are and how they work
And a regular hammer is capable of being used for murder. Which makes calling a hammer that evaporates before it can be used for murder "unethical" ridiculous. You're deliberately missing the point.
And it still profits from the unlicensed use of copyrighted works by using such material for its training data
I just don't buy this reasoning. If I look at paintings of the Eiffel Tower and then sell my own painting of the building, I'm not violating the copyright of any of the original painters unless what I paint is so similar to one of theirs that it violates fair use.
it is a composite of copyrighted work
It's stable diffusion, not a composite. But even if they were composites, I'm allowed to shred a magazine and make a composite image of something else. It's fair use until I use those pieces to create a copyrighted image.
Lol… I hope you didn’t sprain something with all those mental gymnastics. In the meantime, perhaps you should educate yourself a bit more on AI, LLV’s, and, perhaps, just a little bit on art.
OK, if you think what you just said made sense, then you either didn’t read the link you just posted or you clearly didn’t understand it. And you certainly have no clue what you’re talking about.
But you’re certainly helping to make my point for me
AI, unlike a human, cannot create unique works of art. it can old produce an algorithmically-derived malange of its source-data recomposited in novel forms
Find me a single sentence in that entire article that suggests AI art is composites of source data
You can't, because how it actually works is wildly different than how you want to believe it works.
Mhm, I'm sure that's why you couldn't find a single sentence about compositing images
DALL·E 2 uses a diffusion model conditioned on CLIP image embeddings, which, during inference, are generated from CLIP text embeddings by a prior model.
I admit that you misinterpret my response and have been throwing a psychotic, childish, name calling tantrum for hours, and you really need to take a break from the internet until you learn some self-control.
You already provided the evidence in your link. It’s not my fault you don’t understand. Also, it’s not my job to educate you, nor to soothe your bruised ego.
I recommend some ice cream. Perhaps that will make you feel better.
And I provided evidence the article says something wildly different than what you want it to say, and all you have is "read it again until it says something else" lol
No, you didn’t. All that you proved is that you didn’t understand what the link said. But that’s what I’ve been saying over and over.
Also voting with two accounts is pathetic
The fact that you’re so insecure that you think that’s what’s happening is what is pathetic, and so is the fact that you’ve been crying about this for two days.
To be fair, I can actually sort-of see a specific point here:
They are legally required to offer you that cookie choice. If you block that choice, are they in violation of the law even if they cannot apply cookies? Just because their site does implement tech for it (even though you're blocking it, but the law cannot know that) and they cannot show you the popup allowing you to reject the tech (since you're blocking it)?
Weird thing. Doubt there'd be a clear answer without someone dragging someone else in front of a court for it, plus that's of course not why CNN is blocking us here, but it's an interesting thought whether they are even allowed to let you on if they cannot present you with the GDPR choice.
Yeah. GDPR should have been implemented as a mandatory part of HTML or even HTTP that interacts with a builtin browser feature. Let the user make the choice once, in the browser, and let the browser tell the visited site what's allowed. Statutory compliance would mean something like
browser detects and warns about cookies which do not appear to be in compliance with user's preferences (optionally: browser can block cookies which do not appear to be in compliance)
browser detects sites which do not implement the spec at all, and warns the user about that
regulatory body checks for compliance on any site with over X number of users
regulatory body checks major browsers for compliance
Yeah. GDPR should have been implemented as a mandatory part of HTML or even HTTP that interacts with a builtin browser feature.
Well, it kind of is. The Do Not Track header has recently seen a court win in Germany (source):
It turned out that the judge agreed with vzbv, ruling that the social media giant is no longer allowed to warn users it doesn't respect DNT signals. That's because, under GDPR, the right to opt out of web tracking and data collection can also be exercised using automated procedures.
And it is basically the same in California too Source
GPC is a valid do-not-sell-my-personal-information signal according to the California Consumer Privacy Act (CCPA), which stipulates that websites are legally required to respect a signal sent by users who want to opt-out of having their personal data sold.
Then why can over 100,000 other sites show their cookie banners as required by GDPR while Firefox + unlock origin is active, but somehow one of the largest media companies in America "just can't do it" without disabling your ad-blocker?
If they really couldn't do it, they would do like Home Depot did and block anyone in europe from accessing their site.
This is not about GDPR at all! This is exclusively about forcing you to disable your ad-blocker so they can make more money from offering a bad browsing experience.
I finally made the plunge to Linux desktop for all work in 2016 and have not looked back (and occasional windows VM, extremely rare now.) Even Arch is now perfectly fine as a workstation which surprised me. Recommend EndeavourOS to streamline the install process but it's Arch underneath.
I've been running Linux since I could afford a 386 in '94. (and learned years later a 386SX would have run it as well) Every time I need to work on Windows for an employer the 1st thing I do is find who can help mne fix windows when I break it. (I seem to be pretty good at that, although it doesn't seem to be a huge skill)
I'm a Linux user since '94, the 1st Android phone I got (company phone) was rooted, the 1st one I bough ran Cyanogenmod and I even developed Cyanogenmod for my 2nd tablet. (1st was crap) yep, free software user. (and kind of developer)
True. I have a Samsung, which does do some shitty ass things like remove the option to turn off data access to apps, but even they allow "sideloading" (I don't even like that term -- it's just installing software in the normal way to me)
Most Android components can technically be FOSS, but the it's monolythic nature makes it very hard to get from those FOSS benefits.
Best example is TV using Android, phone using Android, but cannot change the interface without hacking half-baked thing like custom ROM.
Google does indeed use Google Play Services to gate-keep the Ecosystem while keeping Android technically FOSS. Still better than Apple in this case, but hey... would you rather be hanged or beheaded?
No but many of them. Play Services gets more and more functions that used to be part of the Android operating system. Some very basic functionalities are assisted GPS or Push notifications.
So? Companies can and have removed features like that at the behest of some dickwad in power. Don't take anything for granted. We need to heavily regulate them. Or hell take games. Capcom is currently adding DRM to 12+year old games. Garbage like that should be forbidden by law instead of relying on shitstorms to get companies to comply.
Despite not being forced by governments, no android phone uses a shitty proprietary charger port, nor have they ever. And last night I discovered side loading is possible on my fucking google TV device. Again, no laws require this, it's just called not being a fucking prick.
Not always. Consumers given choice they should go for the product that is best. That way companies have to make the best product. That's competition working.
Like when ps3 offered free online but xbox didn't. That killed the xbox market as everyone could choose a similar product that was cheaper.
Or when apple forced everyone to use their products people went to the Samsung because you could do what you want. That killed apple.
Or when some companies offered subscription model like Microsoft Office, everyone went to alternatives and that killed Microsoft Office.
Honestly I blame people. We had all the information and just laughed in the face of reason. We are choosing to spend more for a shittier product.
From Apple’s perspective it’s not shitty, it’s part of their brand. Apple products are all about stupid proofing. Its hard to fuck it up, its hard to download a malicious app or virus. Preventing side loading protects people who don’t know what side loading is. Believe it or not that’s the majority of users. Side loading wont effect profits but thats because the large majority of their customer base will never use it. Those of us who want it are a vocal minority trying to screw up their entire business strategy, so of course they won’t give it to us unless they are forced to do so.
Maybe it will help you be less pissy about something you cant change. Accept the fact that Apple will never change due to this fundamental business strategy and move on to a company that doesnt rely on babying their mindless customers. Or I dunno, fuck it, keep pissing in the wind and crying about smelling bad.
Yo you and everyone else replying to me need to slow down and read carefully. I’m telling you you cant change it SO GO BUY SOMETHING ELSE. Holy fuck, the shit I said above is not a compliment to apple. If you don’t get that then you are Apple’s target audience cause goddamn ya fuckin need stupid proofing.
Where do we draw the line between a functioning computer and chromebook? an IoT device? Stupid-proofing should not come at the cost of basic functionality.
Preventing side loading protects people who don’t know what side loading is.
No, it does not. Users attempting to sideload an app would obviously be warned, not to mention various other methods of malware scanning / sandboxing which can alleviate that non-existant issue.
Those of us who want it are a vocal minority trying to screw up their entire business strategy.
Creating Fisher Price computers is not a valid business strategy, and serves as a detriment for all users regardless of proficency. User freedom is beneficial for absolutely everyone.
Users attempting to sideload an app would obviously be warned, not to mention various other methods of malware scanning / sandboxing which can alleviate that non-existant issue.
Hope the sandboxing is really strong.
Vulnerable people can be walked through malware installations over the phone, or via guided workflow.
Also, naughty nations/employers can pre-load spyware onto devices they require people to use.
Definitely excited to see what the best use cases are but will await headlines this year about misuse.
It absolutely is a valid business strategy, Apple has been winning with this strategy for like 15-20 years now. Their shit IS Fisher Price computers and Fisher Price phones and ALWAYS HAS BEEN. Most people are fucking dumb and it is designed specifically for them. So for the love of god go buy something else. Please. I’m begging you and everyone else who thinks they are smart - STOP BUYING APPLE STUFF! Like holy shit do something inconvenient for once
Any women who (who we're already assuning I'm interested in enough to take on a date) won't go on a date with me because of my phone's OS are dodged bullets imo.
I honestly don't get why people use apple. People have explained it to me and I think I just don't get the reasoning.
People would tell me on the age of illegally downloaded or someone legally bought mp3s apple was better because you can't play your mp3s you have to buy them again off apple. Or that apple is better because you can't use something and instead have to use apples device which isn't as good and more expensive but it's white! Like I can't get a fucking white one.
People would tell me on the age of illegally downloaded or someone legally bought mp3s apple was better because you can't play your mp3s you have to buy them again off apple
Idk why people told you that but it's never been true. iPods didn't give a shit where the mp3 came from, only that it was loaded via iTunes.
i have used an iphone once in my life when i was a kid, and my only memory of it is thinking something was broken because i couldn't open the filesystem on my PC
You’re giving me flashbacks to the online training my work makes me do every year.
I almost failed the first of 7 courses because I made the mistake of trying to do actual work while listening to the training, and didn’t realize there was a 5 minute timer for inactivity on the video player. And no, there was no additional time provided to complete the training. It was mandatory but essentially had to be done on your own time.
It was mandatory but essentially had to be done on your own time.
In the US, if you are an hourly non-exempt employee, that is overt wage theft in all 50 states. If a task is made mandatory by an employer, they must pay you for the time you spent on it.
I know this doesn't help you now, of course, but it's good to know in case you run into it again and feel like pushing back with a report to the Dept of Labor.
It was mandatory but essentially had to be done on your own time.
Fuck that, training and any kind of policy testing should absolutely be on company time. I always throw shit like that in a general/admin bucket in my time card.
Sounds like the unemployment insurance website here in Florida. I had to use it during covid and it was one of the singularly worst experiences of my life.
That's the goal. Make government not work, then complain it doesn't work, let's either get rid of the whole thing or let some big strong man "fix" everything.
When T-Mobile moved to unlimited with the ONE plans, they gave You "unlimited" tethering at "3G speeds", which turned out to be 0.5Mbit/s, an unusably slow speed in 2018.
The Magenta plans gave you 5GB-50GB of full-speed tethering before dropping you to "3G speeds". The current Go5G plans are similar, with a limited amount of usable tethering data before you're, for all practical uses, cut off.
Before the ONE plans, there technically was no hotspot usage limit, but since you had a limited amount of high-speed data, your hotspot was effectively limited to whatever your plan gave you.
All the US carriers limit hotspot usage, partly to prevent someone hooking up a computer to download 50TB of pirated movies while clogging up the bandwidth for everyone else on that tower, and (moreso) partly because they're greedy.
3g speeds are fine, no clue what you’re talking about. I literally tether all the time and when I hit the limit it’s still completely usable, even for YouTube. And getting to that limit is well above the 5gb from ATT. Like I said, att is shit, T-Mobile doesn’t do this and hasn’t for years.
Literally every carrier on the planet limits hotspot data in some manner. This isn’t a US thing.
Lol. They totally do. Their best plan without going arm and a leg for unlimited gives you 50GB a month before dropping to near nothing. Up to a year ago it was 40GB.
Edit: wait, you might be right. As I understand, net neutrality is for the last mile ISPs, not the L1/L2 providers. So uh... what I explained below isn't relevant. Eh, I'll leave it in case people wanna learn stuff.
It was a bad explanation, assuming you had knowledge of network infrastructure things, but it does make sense. I'll explain things if you're interested.
Net neutrality is the idea that ISPs must treat all content providers equally. Your phone is not a content provider (most likely. You could run a web server on your phone, but... no). YouTube, Netflix, Facebook, TikTok, and your weird uncle's WordPress site are content providers. Without net neutrality, ISPs can say, "Hey YouTube, people request a ton of traffic from you on our network. Pay up or we'll slow down people's connections to you." The "neutrality" part means that ISPs must be neutral towards content providers, not discriminating against them for being high demand by consumers.
For the L1 and L2 part, that's the networking infrastructure. The connection to your home is just tiny cables. I don't recall how many layers there are, but it's just "last mile" infrastructure. The network infrastructure between regions of the country or across the ocean are giant, giant cables managed by internet service providers you've never heard of. They're the kind of providers that connect AT&T to Comcast. These are considered L1 or L2 providers. The data centers of giant companies, like Google for YouTube's case, often pay these L1 or L2 providers to plug directly into their data centers. Why? Those providers are using the biggest, fastest cables to ferry bits and bytes across the planet. You might be pulling gigs from YouTube, but YouTube is putting out... shit, I don't even know. Is there a terabyte connection? Maybe even petabyte? That sounds crazy. I dunno, I failed Google's interview question where they asked me to estimate how much storage does Google Drive use globally. Anyway, I hope that gives you an idea of what L1 and L2 providers are.
I'm not a network infrastructure guy, though. If someone who actually knows what they're talking about has corrections, I'd love to learn where I'm wrong
Net neutrality is about service to last mile customers, but it is based upon interconnection agreements across the L1 and L2 level.
ISP's pay for a connection to L1 and L2, so their users (who pay ISP's) can access content on those networks. Websites pay for a connection to L1 and L2 so their content can be available on those networks.
ISP's want to also charge websites for access into their networks of users, in spite of the fact their users already pay them for access to the website content. If some websites don't pay, then ISP's will provide a lower service to their users for those websites. Net neutrality says ISP's should not do this.
Differentiating between locally used data and hotspot data has nothing to do with this. Hotspot data is about the device the data is going to, not where the data is coming from, and typically (or at least traditionally, maybe not so anymore) a PC will use more data than a phone. A PC is more likely to have large multi-gigabyte downloads (eg games), although these days video streaming is perhaps the main bandwidth hog and is generally equal across all devices.
A home internet connection is expected to serve all devices in that home, while a mobile internet connection is expected to serve only that mobile device (excluding mobile broadband options, which serve multiple devices but are typically more expensive). The ISP's network is designed with this in mind.
It is more reasonable for an ISP to only provide data to the phone you're paying for than it is for them to throttle websites you already paid for. However, really both are kind of bullshit - usage limits in general are completely disproportionate to actual costs.
Are you talking about net neutrality in general, or a specific campaign that used the term?
Net neutrality means all bits are equal.
It does not matter where a bit is coming from, where it is going to or what it is part of.
No portion of any net neutrality bill anywhere calls for hotspot data to not be capped by a cell carrier. It doesn't eliminate any caps for anything at all. Net neutrality means they can't change the speeds dependant on what sites you're accessing and that they can't block any sites, give free data to access some sites and not others, or put them behind a pay wall. It has nothing to do with general hot spot data caps, or cell phone data caps.
Net neutrality isn't going to do a thing about this kind of stuff. In a best case scenario, you'll end up with overall data usage limitations - no more 'unlimited mobile data'.
ISPs meter data usage because it's pretty much the only way they can impose some form of limitation on a finite capacity to provide such data to you and other customers - other than data rate limits (read: slower speeds). They can't guarantee data rates in almost any setup, because ultimately, while 'data usage' is a bit of an artificial construct and 'data' is not in any way finite, the pipes that deliver the data certainly are of finite capacity. Mobile data capacity - and in fact, any wireless medium - is a shared medium, the more people try to use it simultaneously, the less pleasant it's going to be for each individual user. Ask Starlink users in many US areas how overselling limited capacity impacts the individual user.
Mobile data usage also has different usage patterns than if you're hotspotting your PC. You're not going to download massive games or other bandwidth hogs to your mobile. You probably won't be running a torrent client either. So they can give you unlimited mobile data because you're simply not going to put as much of a strain on the infrastructure with pure on-device usage than you will with hotspotting.
This isn't a defense of what AT&T is doing. But net neutrality isn't going to force them to suddenly be all ethical. It's not going to make them provision infrastructure that doesn't fall over at the first signs of higher-than-usual load. And it certainly can't change the physical realities of wireless data communication. In an ideal world ISPs wouldn't be so greedy and/or beholden to greedy shareholders to be cutting corners, and instead provide sufficient infrastructure that can handle high demand.
And to those who are talking about their workarounds: you may not like it but you've signed a contract. That contract stipulates acceptable use, and if you're found to be breaching the contract terms, the other party is within their rights to terminate the contract. Again, in an ideal world these contract terms would be more balanced towards the needs of the customer, but in the meantime your best recourse against unfavourable contract terms is to take your business elsewhere. And if you can't do that, everything else is at your own risk.
But where are they offering it? Big cities and densely populated areas where people have options and therefore won't swarm to the product? Or are they offering it in small, remote towns where there's not a lot of competition?
Where I live, mobile home internet is not available outside of metro areas and larger cities, and in the regions mobile towers are chronically underprovisioned and overloaded.
I am an older folk. I grew up with an Apple II. I just have gotten used to autosave being on automatically in pretty much every word processor I've used since probably the mid-1990s. I just can't imagine why they decided to not have it on when you install it.
Yep, my thoughts exactly… my company doesn’t want us to use OneDrive because of some security fears, so none of our work has autosave. Just because it’s 2024 doesn’t mean everything has autosave. Even working in a browser doesn’t always have autosave, I use some online programs daily that you have to remember to Ctrl + S.
I think your memory might be failing on this, because we’re about the same age and autosave wasn’t really a common feature in the 90s. MacOS didn’t introduce autosave until OSX Lion in 2010, and Microsoft’s auto-recover (which was their only feature even close to autosave until office365) wasn’t introduced until the 2000s and didn’t work properly until 2007.
I just can’t imagine why they decided to not have it on when you install it.
Different generational audiences expect different UX about their software, as this topic has aptly shown.
I'm sure there's a bunch of people who would be pissed off at the fact that they only want to control when a save happens (by default), and not the app.
Personally I would expect it to be on automatically (normal modern UX), but also after I've written big blocks of very important text I'd do a manual save, as I don't know where in the interval cycle between automatic saves I would be at (when's the next autosave happening). Best of both worlds, basically.
Finally, only because I'm talking to you right now, as far as you and your child goes, only you as their parent knows what's best for them.
Take heart that if you're trying, you're already halfway there, as many parents don't even bother.
And don't take the negative downloading you're getting on this topic as a criticism of your parenting skills, aholes on the Internet trying to keep the world exactly how they expect it to be from way back when, and are so hung up on responsibility to a fault, are not the best sources for knowledge on how well or poorly you're doing as a parent.
I am an older folk. I grew up with an Apple II.
I as well. Still have fun memories of loading Choplifter into my Apple via a cassette tape recorder.
I was going to say, it was absolutely drilled into our heads to save after every paragraph.
My high school teacher would occasionally flip the breaker for the computers in the school computer lab just to give those of us with bad saving habits a hard reminder.
Young folk who have lost hours of progress in robotics programming projects too... Once is enough to learn your lesson. The inevitable second time is traumatizing. By the third time, you hit Ctrl+s five times after every paragraph.
I don’t think OP’s kid is gonna learn the lesson here. Sounds like Dad was handling the typing for her, and then when things screw up he’s blaming others for it. Not a good environment for a kid to learn in.
And “save as” every few times (or every time if the document is important).
I lost a lot of work hours once because I was using a program that saved a backup copy every time you saved (so that you'd always be able to recover the previous version), and the damn thing crashed while saving, thus corrupting both the save file and the backup. Never. Again. Hard drive space is less expensive than my time and what's left of my mental health.
I worked as a kitchen designer and for each customer’s meeting I’d made a new file with everything the same except the date in the filename. So worst case I’d lose a day’s work.
Auto save with Google Docs style snapshots has so little overhead I'd hardly consider it a trade-off. We have insane amounts of disk storage and extremely reliable non-volatile memory. The only reason against it that I can conceive of is confidential data you don't ever want to exist outside of volatile memory.
All modern word processors use auto save and it kinda blows my mind libre does not do this.
I'm barely an adult and I do this. I think it's less your age, and more the type of programs you tend to use—ei. programs where you may not want things auto saved, for me game engine, but there's plenty of examples.
I know a large js obferscator has auto detection code, try loading dev tools in first then loading the site on the tab so it doesn't detect the sudden viewport change
Having experience with electromechanics - I have seen times where this was done on purpose to make sure that people aren't trying to reuse an incompatible plug for charging purposes. NiCd doesn't charge the same as LiFePo, Li-ion, etc. Charging voltages, polarities, stability of power output, etc.
To be fair though, they just need to make everything USB-C anyhow. Especially shavers.
I know a lot of RC brands did this too. They didn't want people blowing up their Li-On batteries with old chargers, or getting complaints because it takes three days to charge.
The only issue I have with USB power solutions is that it's also capable of data transfer, which is bad. Imagine a dystopian future of being tracked by companies and governments by the places you plugged your shaver in at, of all the stupid things that could happen.
If the only thing keeping a battery from exploding or corroding is a 4cm^3 box with a prong on one side and hole on the other then the people making the devices just need to incorporate power regulators into their designs.
Are you going to remove outlets and strip walls every hotel you ever visit to check for data? Because that somehow sounds both sane and also unhinged, good luck with that.
Why would I need to? 110v outlets aren't regularly equipped with Data transfer capability. And last I checked, there weren't any USB-C -> 110v data transfer dongles available...highly doubt a hotel is gonna retrofit them for collecting your shaving habits.
Because that somehow sounds both sane and also unhinged, good luck with that.
I think you may have a horrible misunderstanding about how the real world works. As well as the specifics of USB-PD, and other such things; like paranoia, and schizophrenia.
Nothing you just said has any basis in reality or reasonability. Most people charge devices off of USB-PD power bricks, which are not going to be converted to transfer data across 110v lines for the purposes of collecting the data from your shaver. The amount of infrastructure and added cost that would bring is absolutely moronic at scale, and much more easily done through wifi or bluetooth, without even bothering with data-over-power.
Amazon has the "Sidewalk" network, and you wouldn't even need to do anything fancy other than put a $2 ESP32 or NRF into the shaver to communicate and transmit data...forget trying to hijack it over USB...
Bro usb has data transfer capabilities. But if you connect to a power brick, which basically converts AC to lower volt DC and delivet power. It might be a problem only if you directly connect usb to wall withouth the power brick
Ah my apologies, when you said "power brick" you meant a converter for a wall outlet. That term isn't standard in my region so I assumed you meant an outlet with USB capability, which is what I was discussing. They're actually becoming very common, so I was expressing my distrust in making them a new standard.
You're right, it totally is. Almost nobody uses it. For good reason; it's prone to noise, slow speeds, circuit division, and licensing costs. It's an argument of practicality here...it's not practical, it's not profitable, so it's not gonna happen.
I mean... If it has a USB socket and I can plug it into my PC... Surely it was intended for that. After all the USB ports on a PC are just as capable of delivering power.
Sure may be an unusual solution to charge a shaver but you could do that.
Exactly. It's going to be the most uncommon thing though. Convenient in an emergency if somehow you have a spare PC for charging and not a USB-C power brick...somehow...
But there's not enough people doing it to justify what this guy is suggesting.
It's also completely unnecessary since there are better devices for tracking and shenanigans available. Why bother with a shaver that has neither a camera or a microphone or is tracking location for anything when you can use a device that has all of that. Like pretty much every modern phone on the market, more so smartphones.
Regarding that other thing... In practice it could be that you are staying in a hotel room for any reason really but you forgot your power brick, still need to shave, but have a PC for one reason or another and a spare cable to use. However unlikely that is, but it's not unheard of to forget the phone charger when going on a trip.
I was never at any point talking about barreljack or any other intermediary power supply adapters for the devices. You are the one talking about that. Go talk to somebody else about it. I am talking about the potential of USB becoming so commonplace as a means of power supply that wall outlets start using it as a standard, which would be bad.
I was never at any point talking about barreljack or any other intermediary power supply adapters for the devices.
Correct, you was talking about how it is scary for you that USB can be used not only to charge device, but also to transfer data. To which I replied even barrel jack can be used for transfering data.
Even more: you can use USB PD 2.0(but not 3.1, at least not out of box) over barrel jack.
USB is capable of data transfer but only if there's compatible hardware in the device. The shave it doesn't have any capacity to transmit data so what's it going to do there's nothing to track all they get is "someone has plugged something that requires some power into this port, but I don't know what cuz it doesn't have any brains"
It is important to be wary of ways that you could leak data but at the same time it's also important not to go all paranoid tinfoil hat
It could have something like a unique identifier with some extremely simple and cheap components, and if the wall outlets of the future become USB then the business could have the ability to log it and sell that usage data to advertisers, as well as identify guests beyond just the information given during check-in.
Which sounds really stupid until you remember Google was found out to be counting people's steps taken.
But they'd actually have to put hardware into a razor to enable that and to what end? It's not useful info to know when you are shaving, and you already carrying a phone around in your pocket surely that's the biggest point of data leakage fix that first before you start worrying about all these conspiracy theories.
This dude doesn't believe in the "conspiracy" that companies invest in devices purely to track them and their habits. They just woke up from a coma since the 90s.
To be fair though, they just need to make everything USB-C anyhow.
Careful what you wish for. Putting advanced electronics into very simple devices will just make them fail a lot faster.
Some old device just needed 12V over a barrel jack to run some motor or light and charge the battery and it lasted a decade - only failed because the battery got old. New one now needs a state of the art power delivery chip to negotiate the right voltage and current, and all over a very fine pitch connector that will fail if you look at it wrong. Not looking good on the durability front at all.
No, shavers should not use USB C. Because in developed countries you cannot have USB in the bathroom. We have special shaver sockets and they're not USB compatible.
Then you should refine your laws. Because my shavers all use USB C; and the EU has mandated USBC in specific products, and it wouldn't be a bad idea to expand that.
This is ridiculous. It is truly ridiculous. How can something that enables the user to efficiently control their AC cause “significant economic harm”???
We're discussing this over in !homeassistant. This absolutely has to be about them losing access to data they can sell to 3rd parties. The hOn ToS will no doubt have a clause that enables this.
The tos applies to their service, that is, they have a cloud service, and you have to abide the tos to use it. It doesn't factor into hardware or software specifically but their hardware and software might not work without the service
They want to advertise that their stuff is "cloud enabled", while offering the shittiest service possible and putting as many roadblocks as possible to minimize its use.
Having people use their services efficiently is increasing their cloud services bill, can't have that.
Personally, I've restrained myself from buying into IoT, and if I'm going to do so, I'll make sure it can be controlled locally without depending on a cloud service, and through a hub I can fully control. I need to be able to disconnect my modem and operate everything even if the WAN is down.
They probably want to pull a Chamberlain and sell a bunch of crappy buggy, inconsistent, error-prone addon services for $60/yr after you've already purchased the product.
But yeah, lesson mostly learned. Don't support companies who only offer cloud-dependent services because they will definitely turn on the customer when they reach the natural ceiling of people buying the product and start looking for extra ways to squeeze their customers.
Or go the BluAir route and offload all the processing onto the cloud. They sell the new machines for the same cost as the old machines, but they're dumb as a bag of bricks. If not connected to the cloud, none of the automatic settings work correctly. When you contact customer support to troubleshoot why it doesnt work on auto mode, the first thing they have you do is delete it and reconnect it to the app. No care about updates. Its just a fan on a wifi switch now. Total junk.
I basically run my house IoT setup as you desire. My smart switches are a mix of Tasmota (open source firmware, running totally locally) and ZigBee (an open protocol for IoT interoperability). The whole lot is controlled by a NUC running home assistant. My doorbell camera also streams directly to the server.
Home Assistant basically acts to glue everything together, and provides nice, easy to use GUIs. It can also bridge between networks. It's easy to have all your IoT things on an isolated network, with no internet access. Only the HA install can see both networks.
I've also been careful of WAF (Wife Acceptance Factor). If the internet goes down, almost everything keeps working. If the NUC dies, the switches still work as dumb switches. The bulbs all default to full brightness neutral colour.
It used to be most used esp8266 or esp8285 modules. Unfortunately, tuya have created a pin compatible module that explicitly can't be replaced easily. They've pushed it hard with their ecosystem, so it's all over the place.
There are still a lot of esp based devices about, but you need to be careful of anything with a tie in to tuya.
They do now do a hardware option, though I've not used it. In one of my setups, it just uses the native ethernet, as well as a usb adapter. The software doesn't have any issues with this.
To control Zigbee/Zwave you'll need USB dongles. They did start offering their own hardware (essentially a purpose built Pi) but I'm not sure if it includes either of these radios.
My Home Assistant software and smart devices all are controlled locally and cloud access isn't used but there are other, much more important reasons to avoid running it.
You should avoid it because Home Assistant is an addictive monster. It starts as a hobby and then the next thing you know you're putting temperature sensors in your refrigerator and setting different brightness levels for your bathroom lights depending on the time of day.
Seriously though, the software gives an amazingly useful single dashboard for things you might use everyday including lighting, HVAC, alarm systems, weather, currency exchange rates, and entertainment systems. I use it every day.
Do you... set your thermostat based on the day's currency exchange rate? Do you wake up and say, "Honey, I can see my breath; the Euro must be down. Alexa, call my broker."
Lol - that's possible. I spend time in Mexico and Canada so I keep the exchange rates on my dashboard. Easier than looking them up every time.
I could set my the thermostat higher on cloudy days in the winter or more usefully, increase the setting when our cell phones are in the house and decrease it when we're away. One guy put a vibration sensor on his nightstand and tapping on the stand turns on his bedroom light. There are way too many possibilities, useful and not.
They probably can. I'm sure they've covered themselves with some bullshit ToS that governs the use of the cloud service itself, and acceptance is implied when you use the service.
There's a part of me that really wishes it could be challenged, though, by pointing out that leaving the cloud service open to public consumption without some form of authorization should simply be a case of tough titties to them. Lock your shit down if you don't want people like us using it in ways you didn't intend.
But, as we all well know, once lawyers get involved, it's simply too hard to fight this sort of shit.
Genuine question, since the code itself doesn't infringe on IP (I think) wouldn't the user executing the code be responsible for accepting the tos, not the repo.
The repo is just static non-compiled text files, it afaik isn't actually communicating with their servers and therefore wouldn't be able to accept any tos (implied or otherwise) (I don't know if there are any actions, ci/cd pipelines, or deployments that would be in violation though)
I think it's because the dev might've reverse-engineered the calls to the cloud service, and that may be where the legal sticking point is. Not a lawyer, so not 100% sure - will be interesting to see where this goes.
I saw elsewhere the dev has insurance, and they're going to cover a lawyer, so they may very well fight it.
As a writer of software code and also of contacts (freelancer), I’m intrigued by the challenge of writing a TOS to prevent reverse-engineering an API.
In some way you’d have to represent the interface itself as the intellectual property, or something. Normal copyright covers copies, but this would be sort of like covering complementary parts. Like you invented a lock, and you’re trying to copyright or protect the set of keys that could open that lock.
The only way to stop the advancement of legal red tape is for people to consciously, willingly decide to take legal risks.
The reasons lawyers take over everything is because we do everything they tell us to do. Their job is to minimize our legal risk, and by doing everything they tell us to, we put legal risk at the highest level of priority in our own decision-making.
A conscious decision to, say, take the risk of a lawsuit or something, is the only way to be free of lawyers’ control.
They could have done what Chamberlin did with MyQ and just locked the API down so that it can't be used outside the app. What a ridiculous strategy that won't backfire at all.
Yep, good point. That's still a bit of a dick move, but a completely legitimate one too. If you don't like people like us having a play and developing our own capabilities against the service, you can re-assert your ownership and lock it down.
Siccing lawyers onto a dev who is helping your customers use your product in new and improved ways is just plain fucking stupid.
As I saw somebody once say, "The US is a 3rd world country in a Prada belt." If we didn't have that big chunk of post-WW2 money keeping our economy chugging along all these years, we probably wouldn't look all that different from them.
I have the same issue, but I am also in the EU. however, I just used an extension to spoof my user agent and now it works fine. there is some weird behavior sometimes, like when I call someone it doesn't actually ring the other person etc.
No Cap, I used to have an old HP Pavillion where the case had to be pried apart for servicing and there was a screw on the Battery connector that would keep the computer from starting unless it was put back after battery removal. They work fine without batteries, but not without the screw. ¯\_(ツ)_/¯
The new chromebooks need special cables to unlock, either you have the skills and supplies to build a cable and adapter board or you buy a cable from a random company that is rarely in stock
I didn't think it too hard but it ended up being kind of fruitless, those things have almost no harddeive and I mostly did it to fuck around with Linux. Chromebooks, at least that one, had something like 16gbs and equally weak CPU to match (granted it might have changed since then but woof.)
The whole point of a chrome book is to push you to use Google’s online services. I think you are still better off if you can do that with Linux running the machine.
Same, I did this back in college because my Windows laptop shit out and I couldn't afford another proper computer. I ended up duct taping an external drive to the back.
Right. If it's not getting updates, then it's only a matter of time before it has a critical security vulnerability. If not Linux, then what? Will GNU Hurd run on it?
In practice, you tend to need something not too out of date. Just about any distro ships with internationalization support, and the fact is that it takes a lot of RAM to do that. A Pentium 1 may not support enough.
I did an install on a Pentium II a few years ago. I used Debian 2.2. Since I had used it back in the day, it seemed easier than finding something more modern that would work.
In reality, only some Pentium 1 compatible motherboards can support enough ram for you to actually run Linux on a Pentium 1. Even if you don't run into ram problems, you'll run into bios related problems. I would suggest anyone trying this in 2024 to not even attempt it unless you can get a socket 7, and preferably a later socket 7 motherboard at that. The closest thing I can come up with to a reason not to drop support for 486 (the cpu before the Pentium 1) is that a 486 is a lot more possible to put on a custom pcb than a Pentium 1. Some of the more basic arm cpus aren't even as powerful as an upper tier 486 (but better arm cpus aren't that hard for hobbyists to get). Anyone die-hard enough to want to try to run Linux on a fully custom made computer like that would have better results using an arm or risc-V chip instead.
I am curious why they're dropping support for 486 but not Pentium 1, pentium 2 and anything not capable of SSE1 or later. mmx isn't even that good but I guess gcc does technically support it.
I wonder if they're going to drop 486 support in gcc as well. It can still compile for 386. You have to seriously strip down the kernel to run Linux on anything that old. Maybe 486 users (all 2 of them) should switch to Temple OS.
Ubuntu is nearly 20 years old so we wanted to see how the first versions compare with the upcoming LTS. Unfortunately installing Warty turned out to much harder than we thought it would be.
I don't usually like all the Linux posts on Lemmy, but this is 100% the correct answer here. The computer will likely run a lot better if you do everything right!
Mildly Infuriating
Top
This magazine is from a federated server and may be incomplete. Browse more on the original instance.