Updating a fleet of embedded devices like routers (which can come online and go offline at any time) will generally be much easier using a pull-based update model. But if you’ve got control over the build and update lifecycle, a push-based approach like ansible might be appropriate.
Maybe I am missing somehing, but I would assume that base network infrastructure like routers, firewalls and switches have a higher uptime, availability and reliability than ordinary servers.
The problem with push is that the service sitting at the center needs to figure out which devices will need to be re-pushed later on. You can end up with a lot of state that needs action just to get things back to normal.
So if you can convince devices to pull at boot time and then regularly thereafter, you know that the three states they can be in are down, good, or soon to be good. Now you only need to take action when things are down.
Never analyze distribution of software and config based on the perfect state; minimize the amount of work you need to do for the exceptions.
Unattended upgrades fail and sit there requiring manual intervention (due to lack of transactional updates and/or multiple flash slots (root partitions and bootloader configuration)).
Pull style configuration requires the device to hold credentials in order to authorize access to download the new policy set.
It's possible to add an /etc/init.d that runs sysupgrade on boot, install Python and Ansible, configure and confirm remote logging, and then run `ansible-pull`.
But then log collection; unless all of the nodes have correctly configured log forwarding at each stage of firmware upgrade, pull-style configuration management will lose logs that push-style configuration management can easily centrally log.
Pull based updates would work on OpenWRT devices if they had enough storage, transactional updates and/or multiple flash slots, and scheduled maintenance windows.
If you just want to measure user space software input lag, shouldn't it be more accurate if you print out the time when the event arrives in the kernel, and again when the mouse moves within a application window?
Depends what you want to measure. But generally, people are more sensitive to latencies in movement of the visual cursor than they are to applications responding to it.
> “The problem with sites that extract text from movies and other content is that they reduce people’s desire to pay a fair price for content, which can lead to people not seeing the official full-length movies, causing great damage to rights holders,” the anti-piracy group explains.
So a bad critique of the movie, might also reduce people's desire to pay to see the movie. So with this kind of reasoning any information you give others about a movie (or other copyrightable work) could be problematic. Pretty strange stuff...
Ye I read that. It is just that it is so absurd that I hardly believe it.
I did some searching and I got no result from news orgs I recognized. But like, it seemed correct.
Then again, if I remember correctly Nintendo tried to go after videos of people playing their games at some point. I guess it makes sense from that perspective.
So they either have to license their SDK with a GPLv3 compatible license as well, or have to change the license of the client to a non-GPL one.
In the latter case, IIUC their CLA (https://cla-assistant.io/bitwarden/clients) allows to do change the license unilaterally. (Not a legal expert, so please correct me if I am wrong.)
If so, then I feel strengthened again in my conviction that permissive licenses (as well as closed-source licenses) and CLAs are bad for both users and developers and should be avoided, if possible.
So now the question is, why didn't it get traction in over a decade?
Not excluding the possibility of an "hidden gem" here, and people in embedded tend to be conservative, but to be honest "professional" and "easy" in the same sentence looks a bit suspicious to me.
I guess that TikTok will be forced to deny connections and app stores will be forced to blacklist the app from any IP addresses from the US or they get sued.
Which the US can do. Being "in the US" means that they take in dollars from US sources. To take dollars from US sources, they will have to work with US institutions, which will all banned from working with them.
Sure, they could accept money from people in US through Bitcoin, but I don't think they business would be exactly viable if that's their payment model.
Well, it's suing its US incarnation, which should be some sort of LLC or Corporation. The US can certainly get rid of that, which will both significantly defund the Chinese company and eliminate its US presence (and vastly reduce the data collection of US sources which is in theory the motivation for this whole story).
> It's a Chinese company, why would they care about the US trying to sue them?
If they had no physical, legal, and financial presence in the US, then sure, it would be somewhat impossible to sue them.
However, TikTok is registered as a legal business entity in the US, they have employees in the US working for that business entity, they have physical properties (that they likely lease) where said employees work, and they have money going through their US accounts.
In the TikTok scenario specifically, it makes perfect sense to me why and how the US would sue them.
I would assume yes, but it will all depend on how that corporate wind-down would go down. And I have zero idea how that goes, because it isn’t like TikTok assets and corporate liabilities just go poof overnight in the US on the day of the ban. They gotta be winded down somehow, and I am afraid that level of detail is significantly above my paygrade.
Also, I am not even sure that this applies here, as I couldnt even find anything about the US government suing TikTok. All I could find was that TikTok is the one that filed with the US courts to fight the bill that is getting them banned, i.e., they are the ones actually suing the US government[0].
The use case for splice is moving data from one file descriptor to another without reading it, for example port forwarding/mirroring (or taking over sendfile, dumping a file to a socket or socket to file). It doesn't cover IPC where you have messages that are actually being sent from one process to another and presumably, you want to read and write those bytes.
That was the original implementation. I believe this has since been relaxed. I think the kernel will allocate a pipe internally in some cases. The man pages are known to be incomplete.
In fact I think sendfile is implemented with the splice machinery now.
Most hardware has no reason to require direct internet access or an account with the manufacturer to work. If some device requires internet access, then it cannot be trusted to not transmit personal data, therefore it should be possible to replace the software on that device, so that something that is trusted by the consumer can be installed.
While DJI here might create good hardware, their internet and account requirement makes it uncontrollable by the consumer, so I do understand that some consumers or, the possible more security aware US, will not trust it. But for the same reason China and other countries might not trust Apple or similar.
Trust is something that needs to be earned and which has to go both ways, if a company doesn't trust their users, and prevents people using their bought products however they like, then why should their users trust the company and let their uncontrollable software record their private lives and possible report back to them?
While I agree with you, I doubt banning Chinese tech will remedy this problem. My experience is that American brands are much, much more aggressive about making you connect to the internet, install our apps, create an account, subscribe to our newsletter etc.
Look at the difference between iRobot and Chinese robot vacuums on Amazon - the difference is night and day.
Depends on what you consider the "problem". As Congress sees it, the problem is two-fold... You have no control over your data. The company that does have control over your data is beholden to a foreign country not currently considered "a close ally".
I was just talking about my experience with DJI. Where you buy a product, can use it for a bit, and then it stops working, because you haven't connected it to the internet or created an account.
It is often the 'market leaders' that are so afraid to loose customers and their market position to implement customer hostile processes into their products.
And yet the US government isn't worried about a US company leaking photos of sensitive information to the US government.
The same cannot be said of the Chinese government who may be happy to get extensive drone footage of everyday US infrastructure which can be used in a future war.
This is always an interesting read for the rest of us neither in the US nor China.
On one hand I understand we'll need to move to more insular and protective policies and basically ban foreign technology in so many places, on the other hand I don't want a gov like Ethiopia to have the choice between having no technology or being spied to the bone by all of its tech providers. The EU would be the only place with a one in a million chance to pull it off, there sure must be another way ?
The US government is right to be worried about China. Individuals, especially but not exclusively those of us who aren't US citizens, might well have more to fear from the US.
> American brands are much, much more aggressive about making you connect to the internet, install our apps, create an account
This whataboutism ignores one very important point.
When you connect a device to an American company they might do things that we consider privacy violations, while still staying generally within the bounds of the law. We like to joke about data going to the NSA or something, but in the extremely limited cases where it does protections exist with oversight.
Contrast this to Chinese companies where by law every company is part-owned by the government itself. The Ministry of State Security literally has employees who show up to these companies every day like normal workers, but their job is to find and exploit intelligence on foreign individuals and businesses.
> They didn't build the Utah Data Center because of their extremely limited amount of data.
I love that people point to one of the smallest NSA data centers as if its going to prove some sort of point.
Regardless, this is exactly the kind of whataboutism that I am talking about. Every government collects all the data it can. The difference is that the NSA targets foreign governments and terror organizations. The Chinese government targets the same but also goes after their citizens, foreign citizens, foreign corporations, etc.
>The difference is that the NSA targets foreign governments and terror organizations. The Chinese government targets the same but also goes after their citizens, foreign citizens, foreign corporations, etc.
Thanks for the laugh, this was one of the funnier things I've read in awhile.
Sorry, but you seem a little naive. I recommend reading up on the US domestic surveillance program that the government was caught red handed engaging in.
We have almost a million people holding a TS or higher clearance, and have on average one incident a year of someone attempting to spy on a spouse or love interest, to which they get rolled up in their regular poly. So basically not a problem at all.
I never denied that the IC spies on foreign governments and terror organizations. In fact, we are really fucking good at it. You can't query or access domestic communications or those of USPER without review by the FISA courts and high level approval.
The idea of running any internet-connected software with a push-update mechanism, built and controlled by a company in a country without a strong independent rule of law, should terrify far more people than it apparently does.
This is one of those 'It's not a problem until it is a problem, and then it's a big fucking problem' scenarios.
It's pretty obvious that this is not a problem at all, the only problem right now it's fabricating a narrative where someone is bad "because" while everyone allied with us (the west) it's not "because not".
You seem to be worried that an unfair judicial system poses a threat to everyone connected to the internet, well I got some news for you: Uber received $3.5 billion from Saudi Arabia's Public Investment Fund and they are planning now to invest $40 billion on AI. Why are US companies accepting money from a bloodthirsty dictatorship then? A dictatorship where the actual dictator, Bin Salman, among other things, detained three members of the royal family (his family) for unexplained reasons, ordered the assassination of the journalist Jamal Khashoggi and that, even more worrisome, had spies in Twitter and McKinsey that helped him track down dissidents and silence critics. McKinsey and Twitter are still actively working with the Saudis and nobody has nothing to say about it... Not surprisingly the Saudi Prince Alwaleed is the second largest investor in twitter ATM through the Kingdom Holding.
Maybe we should refocus our priorities on the issues at large, not just those issues that are beneficial to the US in their war for the global supremacy.
I understand this is how modern pro-wrestling news addresses issues, but assembling a mass of emotionally-inflammatory things doesn't buttress your point.
Specific countries have greater or lesser individual rights and adherence to law.
Why doesn't it make sense to take that into account when extending trust to specific pieces of software running on your device?
I'm not sure what you are getting at, but judicial independence is one thing that the USA has (in some quantity) that China has none of. There is no such thing as judicial review in China, if the official class decides to ignore China's constitutional freedoms of speech, religion, and press, then there is no recourse for a court to come in and say, "no, that's not right." Vs. the USA, where the Supreme court comes in all the time and tells presidents and congress what they can't do.
The Chinese government has said multiple times that it believes rule of law is a western imperialistic concept, so it isn't like this is even a goal for them.
> This whataboutism ignores one very important point.
Reverse whataboutism is still whataboutism.
For example this predicate
> while still staying generally within the bounds of the law.
Completely ignores the fact that US companies have been found lying and deceiving to circumvent the barriers posed by the law.
But not only US companies, remember the diesel gate?
This other predicate
> (In China) by law every company is part-owned by the government itself
It's completely false, while this one
> The Ministry of State Security literally has employees who show up to these companies every day like normal workers
It's pure intellectual dishonesty . Every sufficiently advanced intelligence agency has spies. With the USA agencies being the largest employers for spies on the entire Planet.
> While I agree with you, I doubt banning Chinese tech will remedy this problem.
I don't mean this as a political issue, but in your comment I see one of the reasons Trump appeals to people. He promotes a mindset of "stop handwringing and just fix the damn problem."
Here we know the following:
1) DJI devices have an always-on connection
2) Chinese government is unfriendly to US and exerts strong control over Chinese companies
3) China regularly blocks US companies for whatever reason they decide.
So yeah, we can say "but banning DJI won't solve the general problem of bad companies; we shouldn't just focus on China; is a ban really fair? etc etc. Or, we can just say "screw it -- China treats US companies like shit and we're not gonna just hand over all our drone info"
I'm not sure how that would actually "fix the damn problem"? My point is that American tech companies are just as data-hungry as DJI, probably more, and Chinese tech products are more likely to let users control their devices off-line than American brands. You're right though that creating a boogeyman and attacking it while ignoring the much larger and more complicated problems is great politics (and always has been)
Here [1], CISA assesses China-made drones as a national security risk. That is a non-partisan agency. But your response is:
* American tech companies are just as data-hungry, if not more. -> irrelevant, this is about foreign cyberattacks or foreign data mining
* China produces more user-controllable devices than American brands. -> irrelevant
* Boogeyman -> Scare word
* Ignoring the much larger and complicated problem -> Deflects and says we can't do /anything/ unless we consider all angles and do /everthing/
This leads to endless handwringing, and is one of the reasons the left has support of only 50% of Americans, when it should be (in my opinion) a huge majority. Because we're endlessly caught up in the attitude of "nope, we really can't do anything in the face of obviously problematic issues." Gosh, it feels racist to ban a Chinese tech company (even though the Chinese government does actually target our cyber infrastructure). Gosh, what about the bad American companies?
> direct internet access or an account with the manufacturer to work
Unfortunately this is required by regulators in many countries. In Thailand you can't fly a drone without a license. You need to obtain the license before activating the drone and provide your information and the license number at time of activation (which is tied to drone serial number).
yes, extorting your personal data including things like high-resolution geolocation of where you are, that's a human rights violation. it strips you of your right to privacy. it's also a national security threat, and it's still a national security threat even if the company that's extorting it is domestic
dji having access to cameras also strips anyone the drone can see of their human right to privacy
I would like to see a requirement that any drone sold in (or imported to) the US (or EU) has to be flashable - without having to desolder components, or any other such nonsense. Press some buttons and load new software.
An accompanying requirement would be to document interfaces to hardware subsystems (chip spec sheets would suffice).
With drones, the potential for mischief is too great to let malware be smuggled in.
Is this a politically and technically realistic goal ? Or am I talkin' thru my hat ?
Impossible, especially for drones, because it would allow people to trivially flash firmware to drones which can bypass restrictions like no-fly zones and reporting requirements which allow the FAA or other LE to answer questions like "who was flying a drone playing chicken with a low-flying Cessna"
Back before the war it was possible to obtain hacked DJI ROMs from the Russians that disabled all of these connections and restrictions including no-fly zones.
i agree, but we shouldn't require all firmware to be open-source and user-replaceable on only chinese devices; we should require it for everything, perhaps with narrow exceptions for things like pos terminals and certain kinds of industrial equipment
AFAIK many cookie consent banners are actually against the law. IIUC denying any non-essential cookies should always be as easy as accepting all cookies. This is something many cookie banners have not managed.
So to me this seems more like the tech-companies and websites being annoying at implementing an easy solution, in order to rebel against the laws and make people angry at it for the inconvenience, then the law itself being bad.
reply