litchralee @ litchralee @sh.itjust.works

帖子

121

评论

1,128

加入于

2 yr. ago

This doesn't answer OP's question, but is more of a PSA for anyone that seeks to self-host the backend of an E2EE messaging app: only proceed if you're willing and able to upkeep your end of the bargain to your users. In the case of Signal, the server cannot decrypt messages when they're relayed. But this doesn't mean we can totally ignore where the server is physically located, nor how users connect to it.

As Soatok rightly wrote, the legal jurisdiction of the Signal servers is almost entirely irrelevant when the security model is premised on cryptographic keys that only the end devices have. But also:

They [attackers] can surely learn metadata (message length, if padding isn’t used; time of transmission; sender/recipients). Metadata resistance isn’t a goal of any of the mainstream private messaging solutions, and generally builds atop the Tor network. This is why a threat model is important to the previous section.

So if you're going to be self-hosting from a country where superinjunctions exist or the right against unreasonable searches is being eroded, consider that well before an agent with a wiretap warrant demands that you attach a logger for "suspicious" IP addresses.

If you do host your Signal server and it's only accessible through Tor, this is certainly an improvement. But still, you must adequately inform your users about what they're getting into, because even Tor is not fully resistant to deanonymization, and then by the very nature of using a non-standard Signal server, your users would be under immediate suspicion and subject to IRL side-channel attacks.

I don't disagree with the idea of wanting to self-host something which is presently centralized. But also recognize that the network effect with Signal is the same as with Tor: more people using it for mundane, everyday purposes provides "herd immunity" to the most vulnerable users. Best place to hide a tree is in a forest, after all.

If you do proceed, don't oversell what you cannot provide, and make sure your users are fully abreast of this arrangement and they fully consent. This is not targeted at OP, but anyone that hasn't considered the things above needs to pause before proceeding.

As the article says, the speed indicated in the photo is almost certainly from spinning the wheels off the ground, and the confiscation apparently stemmed from a traffic stop when doing 35 MPH (56 kph).

But I want to acknowledge the well-warranted snark that the reporter added:

Due to the nature of roads in the UK, e-bikes that ride on them are generally in front of or behind cars, and occasionally next to them.

I can personally vouch for the veracity of this statement in the USA too: bikes can indeed be found in front of, behind, beside, on bridges that fly over cars, on tunnels underneath cars, and sometimes inside of motor vehicles as well.

This is the correct amount of satire when the Northumbria Police makes an absurd statement about chasing an ebike "following reports it was travelling in front of a car". Of course it would! Bikes and cars operate on roads. There is no place on earth that has 100% planar separation for different road users.

But the snark also points out the police being so very car-brained: why does traffic enforcement constantly concern itself with "car welfare" while writing citations and impounding all other road users except automobiles? The UK's Highway Code is quite clear on what is and isn't permissible on the public roads, but "ebike in front of car" is not one such proviso.

I mean, at the USA average price of electricity of $0.13 per kWh, then for a halving of 70 Watts, it's about 11 cents per day, or $40 per year. But at the California average price of $0.35, then the savings is 29 cents per day, or $107 per year.

That's not small money, especially if it's free to make these gains by ripping out unneeded functionality. But the point is taken that it'll be hard to find savings from older hardware, which simply didn't prioritize energy efficiency.

Methodology:

To determine the bath, shower and bidet hotspots around the world, we calculated the percentage of hotel bookings in each country, state and city that have showers, baths or bidets.

We used Booking.com to determine the total number of accommodations (hotels, apartments, holiday rentals, etc.) in each geography and then found the number of accommodations in each geography that have either baths, showers or bidets using Booking.com filters.

I was unable to find an option for "baths, showers, or bidet" in the booking.com filters, let alone options for each of those individually. So I'm not sure about the exact data used for this infographic.

Couldn't read beyond the paywall halfway down, but the economics make sense: if an OEM manufacturer has mastered their craft for producing a commodity (ie bicycle parts), the growth opportunity is to develop a brand, since that's where the value-add is. Ideally, this goes hand-in-hand with quality assurance, parts and service availability, and dealer networks.

It's a tall order, and unlike consumer electronics which can be easily warehoused and distributed (see Amazon), bicycles of every type (beyond the bike-shaped objects sold as toys from big-box stores) need regular upkeep. And that cannot feasibly be centralized: a brand must exist in each country or region that it establishes itself in. In the present tariff-ridden environment, this is even more difficult.

That said, if a Chinese bike manufacturer can attain a similar status as Anker for electronics, then this should be a net-positive for everyday bike riders. I use Anker as an example because they neither had the ability nor inclination to go all-in on proprietary standards (see Apple). Rather, Anker's product line are high-quality versions of commodity electronics, including USB C phone and laptop chargers. But they also push the envelope with Gallium Nitride (GaN), which itself is still somewhat of a premium feature.

So I'm hoping Chinese bicycle manufacturers still keep true to established bicycle standards -- eg normal ETRTO sizing for tires, compatible chains and chainrings, etc -- since that also allows consumers to buy these components piece-meal. But if they can bring cost-effective innovations into the space, that too would be welcomed.

if you do go to an establishment that pays based on the assumption of tips

In the USA, there are only 7 US States (and Guam) which mandate that the minimum wage be paid prior to consideration of tips. All other states permit some fraction of tips to be considered as part of minimum wage, with some states limiting the employer contribution to as low as $2.13/hr.

This is indeed an absurd situation outside of those seven states, but it also means that it's nigh impossible to avoid establishments that rely on tips to supplement wages, in the other 43 states.

With this background, I can understand why the earlier commenter views tipping as exploitative, for both the consumer and the staff. The result of either choice -- boycotting places that pay less than minimum wage, or not tipping at those places -- doesn't change the fact that the staff are being underpaid, which is the root exploitative practice.

you're just joining in the exploitation

I think reasonable people can disagree on this point, on whether not tipping constitutes a secondary exploitation. Firstly, this framing places blame on individuals when the whole situation is a systemic machine of abuse. It is no different than the nebulous idea of personal responsibility for greenhouse gas emissions, when large polluters have the actual levers to make real change. Secondly -- and this is an economic policy argument which I personally don't subscribe to -- it can be argued that prolonged employment while underpaid is better than no employment at all, based on the premise that the employer would close down if a boycott was successful.

But like I said, the initial exploitation is root. Everything else is collateral. Systemic abuse is fixed by systemic overhaul.

My understanding -- IANAL -- of the central thrust of the AGPL is that if there is software that runs somewhere else and serves the result to a user, then that is considered a "distribution" of the software and thus requires the source to be made available to said users, if they want a copy. If you run an unmodified copy of that software, you satisfy your obligation simply by linking to where the unmodified source can be found.

So for your title question, I don't think the dividing line is whether your software is directly/indirectly interacting with existing AGPL software, but rather the question is whether your software affects the service provided to the user.

Starting with your first scenario, I presume that you mean a server-side NodeJS script, and that would modify the results returned to the user. Thus, I would think this is indeed a distribution and the AGPL's provisions would require your NodeJS script being made available to the user.

For your second scenario, I'm not entirely sure if you mean a server-side or client-side theme or overlay. If you modify a CSS file that is served to the user, I would think that's a distribution. But if you're writing a browser extension that overrides the default CSS file from the server, then no distribution of the server software has been made, I think. If you edit a JavaScript file that is part of the Mastodon package, I suspect that is a distribution, because that file is loaded to the user in order to use the service. But I'm not entirely certain on this.

In the third scenario, a scraper would be consuming the result returned by an unmodified AGPL software package, so there is no obligation to offer the source code for your scraper.

The fourth scenario is also a "use" of unmodified AGPL software, and so you have no obligation to offer your custom script to your users.

With no other info, I think the only advice available is that you should consult a lawyer for their advice. We neither know your legal jurisdiction, nor the timeline between "trying to get an abusive TTI investigated" and "I got a VPO against me".

The details in-between matter, but ultimately, if you're subject to any type of restraining order, that will be controlling for whatever actions it prohibits you from doing. And the only way to lift that is to seek a lawyer's help to challenge it in court.

What is a VPO? What is TTI?

OP could make up a new story based on mythology and it's not in the public domain.

I believe this is generally true. But as I read your comment, I started to think about what scenarios it wouldn't be true for. So now I've lost 20 productive minutes of my evening. But to salvage its value, I'll share what I've brainstormed.

If OP devises a universe following up from Greek mythology -- as an example -- and then affixes that story into writing, then OP's copyright will come into existence automatically.

If OP instead hires a stenographer to write down his verbal dictation, and the stenographer later formats the text alongside a copyeditor that OP also hires, then OP still has a valid copyright, over both the raw, stenographic manuscript, plus the final, completed work. The stenographer and copyeditor would not share in the copyright, because it is a work-product that they are handling, rather than a creation of their own effort. Alternatively, their hiring contract waives all claims to the story's copyright.

If OP instead writes his own manuscript using an open-source word processor like LibreOffice Writer, and then sends the PDF to FedEx Kinko's to print as a perfect-bound book suitable for light coffee-table reading, neither the printer operator at the shop nor FedEx Kinko's would share in the copyright, because although they are rendering the work into a more tangible form than an .odt or .pdf file, this is a mechanical function and not one of creativity, which is what intellectual property protects.

Finally, if OP stands at that one weird triangle in NYC and basically improvises the entire story aloud without any note cards or preparation, within full view and earshot of the public sidewalk, and it so happens that three Columbia University students -- still disappointed by their school's capitulation -- decide to hear what this strange man on the corner is spouting, and begin writing down OP's words verbatim, then it may be the case that neither the students nor OP have a valid copyright over the story or its characters.

What can happen is that although OP's story is a creative expression, it wasn't rendered by OP into a tangible or concrete form. And what the students did was the mechanical operation of taking dictation, so their scholarly efforts also don't imbue any creative effort that copyright laws could protect, apart from maybe the exact sequence of grammatical symbols and guesses on how certain character names might be spelled.

In essence, a public creative process may end up depositing the meat of the story into the public domain, save only for the actual rendition on paper which merely records it. This is no different than republications of older public domain novels, where the only valid copyright is upon the copyediting done to clean up some old words and make it palatable for a modern audience.

IANAL, but I'm beginning to see why the job of IP lawyer might pay so much.

A Nintendo Wii would also work, as exemplified by this blog running on a NetBSD Wii.

But in all seriousness, the original comment has a point: using a mobile phone as a server is possible but also wastes a lot of the included hardware, like the cellular baseband, the touchscreen, and the voice and Bluetooth capabilities. Selling the phones and using the proceeds to purchase a used NUC or an SFF PC would give you more avenues to expand, in addition to just being plain easier to set up, since it would have USB ports, to name a few luxuries.

I understand the question to be: "why does cultural folklore, passed from person-to-person through the ages, fall into the public domain, in modern conception of intellectual property?"

If that is the question, then the answer is multi-fold: firstly, since folklore predates any organized notion of private rights to certain renditions of an idea (aka intellectual property), they are grandfathered in.

But supposing that making an exception for folklore or mythology isn't palatable, the practical issue is: who would own said intellectual property for a particular myth? Property -- in the Anglo-American sense -- must have an owner. Even public property like parks and highways has an owner: the state. Without an owner, assigning intellectual property rights for myths is a pointless exercise.

And finally, remember that intellectual property does not cover ideas per-se, but their rendition in some tangible or concrete form. A book, a movie, an MP3 file, etc. If it's solely an idea without a creation to go with it -- or for patents, the plausibility of producing such a creation -- then intellectual property rights cannot attach.

CVTs on automobiles were definitely released before all the issues were fully resolved, no question there. Though I think for fixed machinery and personal mobility, CVTs have substantial benefits, if they are properly engineered for the task. The major drawbacks being efficiency and packaging.

Supposing maybe Bafang develops on this present idea and makes an integrated CVT hub motor, an ideal implementation would have the torque sensor adjusting the ratios to keep the human at a constant effort.

Would it result in the pedals having nearly zero relationship to the actual effort of moving the bike, being essentially spin class but in public? Almost certainly. CVTs automobiles aren't exactly considered fun to drive. But bikes for transportation is a key segment, and some people just want a bike for points A to B.

It even runs without any electrical power from the e-bike, since the shifting is performed inertially instead of using an input loop based on a speed sensor.

Oh man, I have some mixed feelings about this. The first few iterations of automatic transmissions for automobiles (circa 1970s I think?) also used mechanical means for shifting, somewhat similar to centrifugal governors. While they did remove the need to manually shift, my understanding is that they were also not exactly predictable. And since automatic transmissions wouldn't be very useful in performance cars, they would have found use in mid-tier cars with mid-tier performance. So a mis-shift would leave the driver poorly configured if, say, they're trying to accelerate to merge onto a highway.

For 250 W ebikes limited to 25 kph (15 MPH), this might be less of an issue, but I hope that Bafang can skip over that part of automotive history and that it Just Works(tm) for typical human pedaling cadences.

In that regard, the calculus should be simpler because the "dynamic range" of pedaling cadences is only some 50-200 RPM, or 4x between slowest and faster. Whereas for automobile engine speeds, the range can be 700-7000 RPM, or 10x between slowest and fastest. And even if Bafang sets the gear ratios consistently too high or too low, the sprocket ratios of the chain/belt can be used to tune that linearly. So bike manufacturers should have a number of parameters they can tweak, for either leisure- or commuter-oriented product lines.

I vaguely recall what was effectively a delay-line implemented using terrahertz-modulated lasers aimed at the retro reflector on the moon from Earth's surface. The data storage capacity was something in either the hundreds of GBs or low TBs. But I can't find the reference.

I wish to advocate in the name of DIY minimalism. That is to say, it's true that none of us -- Linus Torvalds is not in the room, right? -- can hope to churn out anything approaching a full-blown filesystem on the order of ext4 or NTFS if we worked our entire lives. But if those filesystems were the end-all-be-all of innovation in those spaces, the richness and intrigue of computer science would have died out long ago, relegated to only the pinnacle of engineers and no one else.

But I feel like that can't quite be the case, because all engineering is about achieving careful balances. And as fine as ext4 is, it must be said that it's anything but minimal. It's full-featured, which also implies that it might have more than what any one person requires. If OP wants to write a very compact filesystem designed for 8-bit microprocessors, I can't badger them with ext4's existence, because that's not going to be usable on an 8 bit machine.

Much like how Python includes a really tiny HTTP server, and we can all agree that it's orders of magnitude less sophisticated than nginx, such implementations can have their time in the sun. And I think a tiny, absurdly minimal, almost code-golf of a filesystem, might have a place in this world, if OP really wants to undertake that effort.

Computer science, I wish to believe, still has doors awaiting exploration.

You'll have to excuse me if I'm somewhat skeptical, as I've noticed that your account is only 7 hours old, mentions a URL that I've never heard of, and you've posted to three different communities with the same question in quick succession.

But giving the benefit of the doubt, what do you believe that a self-directed IRA (SDIRA) will achieve for you that you cannot presently do through a conventional IRA custodian? From this reference, a SDIRA must still be held through an IRA custodian and are still subject to the blanket rule against holding certain assets in an IRA, like collectibles and early equity in a start-up.

More so, where are you seeing a requirement to set up an LLC for an SDIRA? Last I recall, the I in IRA stood for "individual" and thus an IRA cannot be created for an incorporated entity. Or are these lawyers planning to incorporate an LLC which will be your dedicated IRA custodian? Because that sounds like a legal nightmare to manage, as the IRS requires custodian to meet certain ongoing obligations, even if they only hold assets for a single client. That alone will require lawyers and other staff to manage, and so I'm not sure what you're trying to do.

In engineering, we have what is called the XY Problem, where the question posed doesn't quite match up with what's actually desired. What financial objectives are you seeking to achieve here?

Suspicious Activity Reports (SARs) in the USA are made to track both potential tax evasion and money laundering. This is where the $10k cash "limit" comes from, but SARs can/should be filed for higher amount that create suspicion.

Someone depositing a check for multiple times their lifetime transactions total would absolutely create suspicion on themselves, especially if it was a personal check. But if it were a business check from "ABC Mortgage Escrow", that's probably legit but a bank clerk is well within their rights to flag it. Flagging just means the money laundering team would investigate the source, determine that it doesn't have other red flags, and quietly move on.

Lots of good answers, especially using FUSE for experimentation. One thing I'll add is that if you just didn't want to use any filesystem at all .... you don't have to!

At least in the Unix realm, a disk drive is just a bunch of contiguous blocks, and you can put whatever you want in them. Of course, Unix itself famously needs a filesystem for itself, but if you want to just store all your giant binary blobs -- cryptocurrency block chain? -- directly onto a drive without the pesky overhead or conveniences of a filesystem, that's doable.

It's not generally a useful idea to treat a disk drive as though it's a tape drive, but it does work. And going further into that analogy, you can use "tar" to collect multiple files and fit them onto the drive, since a tarball preserves file metadata and the borders between files, but not much else. This is the original use of tar -- "tape archive" -- for storing Unix files onto tape, because the thought of using tape as working storage with a filesystem was -- and still is -- a terrible idea. And that's basically the original impetus for a filesystem: it's better than linear access media.

Banks can and do get into hot water if they're found to have handled -- inadvertently or not -- funds which ends up with banned entities, like DPRK or terrorist groups, or are the product of fraud AND that they ignored reasonable suspicions.

The classic example is the so-called "703 account" of fraudster Bernie Madoff, held at JP Morgan Chase bank. Although a humble checking account, it saw huge money inflows and outflows, with one reference showing a single withdrawal of $1.3 billion. For their wilful disregard of the obvious red flags, the bank was fined $461 million of their own money, separate from the seizure of the account to pay the victims.

And perfectly normal people have had their accounts "closed due to fraud", meaning the bank got suspicious and decided to unilaterally close the account, just in case. They do give the balance back to the owners, since it's to avoid an ongoing fraud. It's still annoying though, but banks won't carry more liability than they're comfortable with, at least when the regulators still bared their teeth from time to time.