Ranty McRant Thread 2

[red assassin]

Agreed. A legitimate need, as in the case of National Security or a Crime should, somehow, be provided for.

But, you know the nature of such security schemes - They're designed to actually be secure. Tell someone in charge of creating such a scheme or encryption that you "want it to be ironclad and secure, to protect the user from harm, but I also want it to be accessible anytime I need to access it without their direct input and, preferably, without their knowledge..." and what are they going to say?

Personally, I think the general strategy currently being attempted is like asking a friend for a loan of a hundred-thousand Quatloos. No, your friend probably can't loan you that much, but it makes it much easier for them to agree to loan you five Quatloos, which is what you actually want. Except, in this case, certain agencies actually do want "all the things, all the time" and are arguing strenuously for that, even though they know it's just not possible to do while keeping data truly secure. And, if they succeed, it's not going to allow them to catch the real criminals, since some guy in another country can simply invent a better Whatsapp that doesn't have to obey the silly restrictions of another country.

There is no "win" scenario for this situation, right now. And, if there is one, someone is going to lose. So, who shall it be? Who should it be? Who do we default in favor of it there is only going to be a binary solution?

I don't buy the claims from tech companies that there's no possible compromise solution and it's all or nothing. A master key (per device, or per batch, or whatever is practical) held by the vendor, or split between the vendor and law enforcement, and used only when provided with a warrant is completely workable, provides citizen privacy equal to or greater to any pre-smartphone options for storing their data, and provides for law enforcement etc access when necessary. The usual response is something along the lines of "but what if the key gets compromised, then everything would be terrible", but the thing is, all the vendors already hold these terrifying backdoor master keys - they're the code signing certificates they use to sign updates. All parties involved are well aware of this, as it came up in the battle over the phones belonging to the San Bernardino attackers (though was never resolved). Proposing something sensible along these lines would likely have got everyone out of legislating and given the tech industry some control over how exactly the keys function and who holds them, and yet here we are.

[pjknibbs]

The usual response is something along the lines of "but what if the key gets compromised, then everything would be terrible", but the thing is, all the vendors already hold these terrifying backdoor master keys - they're the code signing certificates they use to sign updates.

A code signing update is not the same as a encryption key for the information on your phone. If a criminal somehow got hold of one of those keys they still couldn't decrypt the information on your phone--they could potentially install code that would transmit your keystrokes or something to them, which would be bad enough, but randomly reading encrypted text still wouldn't be possible without the relevant key having been entered. Once you have a master decryption key, all bets are off--if a criminal gets it (and these things have a way of getting out) they can read anything on anyone's phone.

Personally I still have a Nokia e63, which I don't bother to encrypt (even if that's possible), but I also don't have critical information like bank details or that sort of thing on there.

[Morkonan]

.. they're the code signing certificates they use to sign updates. All parties involved are well aware of this, as it came up in the battle over the phones belonging to the San Bernardino attackers (though was never resolved). Proposing something sensible along these lines would likely have got everyone out of legislating and given the tech industry some control over how exactly the keys function and who holds them, and yet here we are.

So, should all certificate issuers be, in fact, third-party government agencies? Problem solved? (That's really only a way to get the operation to unravel the encryption used, right? That wouldn't be a direct way to access the encrypted data, itself, without the use of the program that created it, if my assumption is correct. Forgive my ignorance. )

I remember watching the Congressional hearings on all this. Admittedly, I probably fell asleep somewhere, but I watched a lot of it, especially when the Fab Four lined up and started talking. (FBI, NSA, CIA, Homeland Security) One thing struck me in particular. I don't remember which one it was, but it went something like this:

"Well, we could do something like that, but that would mean we would have to send people to the physical location, with the warrant, and retrieve specific information relating to that individual/data, if it was actually stored at that particular location, which we may not know. We'd rather not have to set up satellite offices for every data center in the U.S. and hire all those agents and budgets and money and money and budgets... We'd rather be able to do all that from our desk." (OBVIOUSLY PARAPHRASED )

Later, there was some walk-back and certainly a lot of "No, we certainly don't want blanket access to everyone's family pictures and bad poetry! I'm sorry if you misunderstood me, but that's probably because you're not familiar with "compewtor.""

The "creep" there, as in scope, was a bit palpable, at least in that first hearing. In my singular opinion, I think there was careful walk-back and a probably sincere desire to induce some calm and agreement. But, the thought was there...

The whole point being, for that session, the spectre of doubt rose because the easier it is for them to get access to the data, the more likely it is that they will access it. That might happen without clear legal authority to do so or incidentally, in the course of doing something else, stumbling across the fact that according to Fred's GPS for his phone, he drove 85mph in a 65mph zone and should be issued a citation for that... This was, of course, denied and a lot of effort was made to address the concerns everyone had in lieu of Snowden's revelations, which were obviously a point-of-interest since the focus was on "privacy."

I have no doubt that we have sincere, honest, and hard-working government employees that wish to do the best that they can do in order to protect the citizenry. I know this is true. But... we've never had a perfect success when vigorously exercising those principles. Never. We've put Japanese citizens in internment camps. We've brought poets and filmmakers up to Congressional hearings, questioning their "patriotism" for speaking against the government or having a friend who joined the Communist party on a lark. We have done things that are against our stated principles when pushed to the limit of stress and anxiety, just like anyone. And, all those things were "wrong" to do. We made those mistakes and we will, without a doubt, make more.

That is why, no matter what, it must be difficult for the government to gain access to a person's private information. Yes, they should be able to do so in cases of immediate threat or crime. BUT, whatever the case may be, it can not and never should be "easy." There's got to be the equivalent of an air-gap. There's got to be something that keeps someone from pushing a button somewhere and "looking hard enough until they find something to charge someone with." We've been there and it's just not a place we want to go again.

Heck, most of the data available is probably really bad cat pics, homemade pr0n, or 500 page internet arguments about Trump, anyway. Still, though - It can't be made easy to get, otherwise it's no different than a boot kicking in a door.

PS - I never mean to go long on these things, but I did. Of course I did. It's just that I am a firm believer in limiting the powers of government. But, not in a bad way, just in a way that conforms closely to our Constitution. In that, I'm a "Conservative" I suppose. Maybe slightly a "Libertarian?" But, those guys can get crazy weird and I'm really not that extreme. The government should have legal access, if warranted, but it shouldn't be easy so that we can more readily prevent abuse or misuse.

[red assassin]

A code signing update is not the same as a encryption key for the information on your phone. If a criminal somehow got hold of one of those keys they still couldn't decrypt the information on your phone--they could potentially install code that would transmit your keystrokes or something to them, which would be bad enough, but randomly reading encrypted text still wouldn't be possible without the relevant key having been entered. Once you have a master decryption key, all bets are off--if a criminal gets it (and these things have a way of getting out) they can read anything on anyone's phone.

I'm not sure the difference is as significant as you think - if you have control of the operating system you can just swipe all of the data as and when it's decrypted in the normal operation of the phone. But at any rate, I was suggesting specifically a mechanism based on the code signing keys, not a master decryption key, as a possible compromise solution - it doesn't help if the device is powered off and set to require a password to decrypt on boot, but it would be sufficient otherwise.

So, should all certificate issuers be, in fact, third-party government agencies? Problem solved? (That's really only a way to get the operation to unravel the encryption used, right? That wouldn't be a direct way to access the encrypted data, itself, without the use of the program that created it, if my assumption is correct. Forgive my ignorance. )

That's an option, but I was suggesting that the vendors retain control of the keys, they just agree to use them when presented with a warrant.

[Morkonan]

Since the forums are performing marginally better for me today than they were a few days ago... a Rant Post is in order! (Not about the forums, though.)

This friggin' thing: Hidrate Spark 2.0.

That's friggin' right! It's a "2.0" release of a friggin' water bottle... Oh, but that's not all! No, this $45 friggin' water bottle (PRICE REDUCED FROM $54.95!!!) is designed to let you know when you should drink water. Who'da friggin' thunk it? It's an amazing technogimcrakalogical world we live in these days... devoid of reason.

It's not like friggin' billions of years of evolution has not bred into living water-drinkers an innate ability to detect when the organism may need to ingest water. Friggin' NO! Instead, it is assumed that we need a "Thirsty 2.0" friggin' version of Evolution. (Don't worry, we'll get that soon enough. The gene-splicers are on their way.)

But wait, there's more! It not only has a "glowy thing" to tell you when to drink water, but it lets you set your friggin' water-drinking "goals" with a Bluetooth app that you install on your phone... Goals. For Drinking. Water. I am positive that when that little glowy light comes on, someone is going to rush to tip up that water-bottle in a panic and crash their car into a stadium full of nuns and schoolkids, killing hundreds, just so they can be sure to reach their friggin' "water goal" for the day.

HAVE YOU SET YOUR DAILY WATER-DRINKING GOALS YET, YOU SLACKERS!

What friggin' moron will buy this piece of electronic app-driven crap?

Seriously, I want to know. I want to know what mouthbreathing fetal-alcohol syndome poster-child is going to rush out and spend $45 (PRICE REDUCED FROM %54.95!!!) and then install a Bluetooth app (Data-Privacy rape kit not included or is it? Probably just a matter of interpretation) so they can be reminded that they have not yet met their day's water-drinking "goals."

Let's not talk about the fact that this item is currently "on sale" from the previous price of an already-low $54.95!!! SAVE NOW!

Look... I really am not out to offend everyone who religiously monitors their water intake, retention, I/O charts and sets water-intake goals for themselves. Oh wait... Yes, yes I am. STOP BEING STUPID! Really, just stop. Unless you have a medical condition or are a victim of extreme age, which reduces many of the autonomic signs you receive concerning dehydration and poor nutrition or calorie intake, just stop... It is not necessary and it can even be detrimental for your health to set some arbitrary or idealized "goal" for water intake per day. Your body is designed to tell you when you should drink water.

You need enough water to keep you from becoming thirsty and, in extreme conditions where you are expending a lot of "energy" (Remember our "calorie" definitions from grade-school?) or are sweating profusely while your body is attempting to lower core temperatures you probably need to supplement that a little bit to avoid possible, not highly likely in a normal situation, "dehydration."

Holy crap, I write the "D" word!

"Dehydration" is something that today's kids treat like "The Monster Under The Bed." But, forget "The Monster Under The Bed" since there's no room for it anymore underneath a friggin' "futon." (Or, Ikea beds, if you have the misfortune to own one.) Back in my day, we kept fully hydrated by a mix of sugary, fattening, high-caloric "Kool Aid." Or, for those unfortunates that didn't have "Kool Aid" it was water out of a garden hose... I still remember what that water tasted like, mold, fungus and all... It tasted like "Summer."

Scientifically speaking, you only need to drink water when you need it and your body will tell you unless certain illnesses, age-related conditions or extreme situations exist that would act against the evolutionarily-reinforced mechanism called "thirst." Some man-bun treadmill-humping cross-fit-mythology fanatic does NOT need to run along with a water-bottle in his hand in absolute fear of having his pee actually have color to it one day. NO!

But... this company will sell these in droves. They'll be paraded around the gyms and park running-tracks like a badge of achievement. Their owners will worship them as the Little Green Light goes off, reminding them of its lifesaving goodness. Each little blink will give them the reward that they seek because their parents didn't hug them enough as a child. They will prance into the office, prominently displaying their competitive advantage to their peers by setting this $45 security-blanket on their stand-up desk. Gone are the latte mugs and noise-cancelling ear-buds... The exterior universe can not impact their internal lives as long as they stay true to their Hidrate Spark 2.0!

[Chips]

TBH, happy for people to pay $45 for a water bottle, it may mean they use less throw-away ones, which cumulatively over time cost them more AND creates more non degradable waste.

If they're easily sold super expensive stuff because it has some pointless function, then let them do so. Better they do this than buy endless plastic bottles of water.

At least they refill it from the tap. Unless they're really special and buy bottled water, to refill their refillable thing.

People at work have "mug for life" - yes, mug indeed. I just took in a pot mug from home. It's also "for life", but didn't cost me nearly a tenner.

Some people just need things to spend money on. Kinda like buying store coffee on their way to work. Make some at home, or make it at work. The idea you must have a costa / starbucks is hilarious. But they gotta spend that cash.

[Morkonan]

TBH, happy for people to pay $45 for a water bottle, it may mean they use less throw-away ones, which cumulatively over time cost them more AND creates more non degradable waste.

Not that I completely disagree on the focus of your point, but we must be careful about how we interpret something's environmental footprint. That $45 "water bottle" might have the environmental footprint of thousands of PET "disposable" water bottles. And, it may not be able to be recycled, unlike most of those. It has rare-earth elements in its circuitry, uses disposable batteries, requires many different chemicals and energy used in the molding/extrusion process, eats up processing power from your phone and its battery, and the data is collected, requiring more power and an active internet connection, powered by all those powerlines from the transmission point to the eventual destination, where it is collated, examined, the data used in other applications or sold to others.

Something as innocent and "green" seeming as a re-usable canvas shopping bag used for groceries can have a deceptively huge environmental footprint that is potentially greater than the seemingly endless legion of plastic shopping bags one would use over the lifetime of that "All Natural Green Earth-Friendly Tree-Saving" canvas bag. Use paper - It's the most environmentally-friendly choice... .for disposal and environmental biodegradability, in a limited sense, considerations only. There are different sorts of footprints and they all must be considered. Plastic bags are actually a heck of lot more "environmentally friendly" than people think, but there's no one "always win choice."

Some people just need things to spend money on. Kinda like buying store coffee on their way to work. Make some at home, or make it at work. The idea you must have a costa / starbucks is hilarious. But they gotta spend that cash.

Uh... Starbucks is delicious... I used to have one large Mocha every darn day, which is about a thousand calories I guess. So what? It was friggin' delicious and not something I can make at home unless I bought some barista slaves or something.

Yes, some people just have to buy stuff. But, this thing is stoopid.

The whole point wasn't this water-bottle in particular, it was just that people should use a bit of common sense. One doesn't need a "reminder" to drink water in any sort of normal situation and condition, including rigorous therapeutic/preventative exercise. One doesn't need a "water goal" per day, which is a silly concept that has long been debunked as superstitious nonsense. One especially doesn't need some app triggering a blinky light on an overpriced vanity water bottle, either. If one must spend such money, one should instead donate $40 to a well deserving charity and spend the remainder on a cheap water bottle and then paying attention to what their body tells them they need to do. IMO, of course.

(And, it's a "rant thread" post which I try not to take too seriously. )

[Chips]

Oh the reminder to drink and other electronic parts are just "value added"; it's ubiquitous. Necessary? nope (never knew dehydration was such a common issue...), but a vast majority of things are basic items that have "value added" to it in the form of some convenience people become convinced they then cannot survive/deal without.

You'd certainly not enter the water bottle market without convincing people its worth parting your cash for. As said, it aint. Nor are "lifetime mugs" sold by the likes of Costa/Starbucks or other establishments.

[Morkonan]

...As said, it aint. Nor are "lifetime mugs" sold by the likes of Costa/Starbucks or other establishments.

I have two Starbucks mugs. Why? It's fookin' hard to find a decent coffee mug these days. (At a "real store.") So, there's a Starbucks in my local grocery store and I didn't like the mugs the grocery store had on the shelf, but the Starbucks mugs were decently sized and comfy to hold.

The ones the grocery store offered were... They looked dangerous, like lead-coated, slightly-irradiated, mugs of death. That may be an apt description of the coffee I make at home, but that doesn't mean I want my mug to look like that. Plus, anyone who has a coffee mug that only holds a one-cup measurement of coffee isn't living life to the fullest!

I love "value added" stuff. I just want it to be "value added" and not "I paid too much for something that I won't use." Would I buy a lawnmower with a turn-signal on it? Heck yeah! Why? Because it's funny! Would I pay an extra $200 for that "value added" feature? No.

PS - Something comes to mind. It's a Japanese art-form that makes seemingly useless or crazy things for common everyday needs. And, I can't remember what it's called. :/ Any netizen has seen the result of this art-form at least a few times. Anyone remember what it's called? Application? In the case of this specific art, it's the "artistic value" of the inane, ridiculous, funny item and not what it actually does or its usefulness. For instance, what if this water bottle beeped to let you know that you were drinking from it? Then, it "booped" when you set it down on a flat surface, to let you know that you had set it down on a flat surface? THAT is "art" and worth paying a little bit extra for...

[radcapricorn]

your wrong
you'r wrong
you're things
there things
thats they're things
their angry
seperate
persue them
cerebus
nukular
to much
to week
last weak
to pounds
sweat candy
wear were you
bare with me
higth (yes, that's "height")

None of those are typos. None. Not a single one of them. Don't even try convincing me otherwise. They're not. One per paragraph is a typo. Several per sentence, twelve per post, loads in every third thread? No. They're not typos. They're far, far worse. And they're everywhere, don't even need to turn over any rocks. Any forum, any social media site, everywhere.


Why am I even bothered? Why the hell do I care??? This is not even my language!

[Morkonan]

...
Why am I even bothered? Why the hell do I care??? This is not even my language!

If people don't care enough about you and your experience of reading what they have written, then why should you care what they wrote?

Ignorance can be offensive... It doesn't meant that public demonstrations of ignorance are intended to be offensive, but you're still allowed to be offended if you wish.

[radcapricorn]

Yeah, I'm actually inches away from just using whatever filtering options a particular site provides. But it doesn't offend me, it appalls me.

[pjknibbs]

All the ones you list are wrong, true, but one might be wrong deliberately--"nukular" is a spoof of the way George W. Bush pronounced the word "nuclear".

[radcapricorn]

Really? Thanks, I didn't know that, will try sparing that one

[Alan Phipps]

My pet hate: 'turrents' for turrets. Don't ask me why, it just is.

Also how many instances of tooth-grinding grammar/spelling are actual typos and not that ever-helpful app's context-checker/auto-correction changing what you typed into what it thinks you meant to type?

[Gavrushka]

I struggle with homophones and homonyms, even though I'm technically adept otherwise. It must be faulty wiring because even words that are dissimilar end up replacing the correct one. - I enjoy novel writing, and a couple of my worse oopses were 'bowls of Hell' and 'the handmaidens erected the marquis for the Queen...'

What irritates me, however, is when people hyphenate or even separate what should be a single word such as god-forsaken (godforsaken) and tip-toed (tiptoed.) I edit for a lot of writers, and I've yet to come across one, no matter how proficient, who doesn't do it.

[radcapricorn]

Hah, I myself typed 'turrents' many, many times, but for me I know it's just faulty muscle memory, and I always correct it. I'm also now very careful each time I'm trying to declare a variable named 'count', because I don't want a repeat of a funny, but not all that well received check-in. That's also faulty muscle memory, I swear

[Morkonan]

<- Has a comma addiction.

<- Also arbitrarily hyphenates word combinations.

Granted, there are some pretty sensitive rules for commas that change a little bit as one steps over international borders. At least it seems that way. But, I'm comfortable with it, since a LOT of authors murder commas much more frequently than I do.

[CBJ]

Hah, I myself typed 'turrents' many, many times, but for me I know it's just faulty muscle memory, and I always correct it. I'm also now very careful each time I'm trying to declare a variable named 'count', because I don't want a repeat of a funny, but not all that well received check-in. That's also faulty muscle memory, I swear

My programming nemesis is the word "buffer", which I invariably type with my left index finger 1cm too far to the right.

What irritates me, however, is when people hyphenate or even separate what should be a single word such as god-forsaken (godforsaken) and tip-toed (tiptoed.) I edit for a lot of writers, and I've yet to come across one, no matter how proficient, who doesn't do it.

Working with German-speakers means that I spend far more time than I'd like to splitting up words that have been strung together.

[radcapricorn]

My programming nemesis is the word "buffer", which I invariably type with my left index finger 1cm too far to the right.

Oh yes, that one slips in quite often.

Working with German-speakers means that I spend far more time than I'd like to splitting up words that have been strung together.

Illegalcommodity advancedsecuritydecryptionsystem?