"Why would I want an Alexa app installed to potentially repurpose my phone?"
You wouldn't. However if you were ambivalent and did not care one way or the other, or unaware of the change, then of course you would not bother to opt-out. This is no doubt Amazon's strategy. And when you opt-out you are forced to install an app that may well have worse consequences than Sidewalk.
This strategy, so often used by "tech" companies, seems to take inspiration from direct mail.1 I have a well-educated friend who, many years ago, found himself working for a direct mail company early in his career. He did not stay long. The people he worked for sounded like dregs, and I think he had a crisis of conscience. Today, ethical standards seem to have fallen. Interesting how the word "hustle", as in "side hustle", has been repurposed by young people as something supposedly respectable. Usually that word implies some sort of con or other underhanded activity.2
> "side hustle", has been repurposed by young people as something supposedly respectable
I think it's more redefined as something necessary, as the number of good jobs for young people have been on a continuous downward trend for decades all over the world.
1. They have betrayed user trust in the past and continue to do so.
2. They have been sued by the FTC, paid millions in settlements, and failed to prove that they did not break the law.
3. They are currently being sued by the DOJ and many states attorney general.
4. They have made numerous settlements in private privacy-related litigation as opposed to proving they were not liable, despite having enormous cash reserves available for legal costs.
If someone were to suspect Google was "probably" breaking the law, this does not seem like an unreasonable suspicion.
Do the parents understand that spying on people is how the industry makes money? Surely, "the industry" would not spy on people without a "business" reason. There seeems to be a belief by every participant in "the industry" that they must learn things about users and they should not always have to ask permission to gather such information.
Sometimes people on HN try to analogise to something like a retail industry where a customer can be observed through their purchases. However there is a major difference. The purchase. That is the ultimate goal of the retailer attained. A purchase. The retail business is not some honeypot to gather information on people. It is trying to make sales. Users of "free" internet-connected products and services generally do not make purchases from the provider of those products/services. They are not fulfilling the goal of the business: to make money. Thus, the company must find paying customers somewhere else.
Particularly amusing is the oft-used "justification" of [we spy on you] "to make our ["free"] products and services better." Sometimes participants in "the industry" suggest they are trying to make products and services better for users. Other times it less clear exactly who the improvements are (purportedly) intended to benefit. Of course the ultimate goal, because this "industry" of spying is considered by them as a "business", is to make things better for paying customers. If they fail to collect information from users, they do not make money and the "business" fails. Even non-profits supported by deals with advertising companies feel compelled to conduct "telemetry". Not learning about users is deemed unacceptable.
Not sure. However theres various endpoints offering "dns looking glass" service that allow pipelined HTTP/1.1 queries.1
With this "DNS over HTTPS", given a page of HTML containing pointers to various domains, using a simple script one can filter out all the domainnames it contains, format them into HTTP requests, send them to the "dns-lg" endpoint over a single connection, parse the response and append the answers to /etc/hosts or a local authoritative zonefile. Then one can browse the page, including following any remote URLs without having to do any DNS lookups.
SNI-enabled browsers send the unencrypted hostname in the initial ClientHello frame. It's the first transaction in the protocol, and it's how the server decides the content of the ServerHello reply. There is no way to detect the ability to avoid SNI, or indeed any sensible and generally useful way to tell if a ServerHello varied according to the ClientHello SNI hostname without probing the server, which entails introducing roundtrips, and disclosing the hostname unencrypted at least once on the wire.
"There is no way to detect the ability to avoid SNI..."
Assuming one is using an SNI-enabled browser.
I dont use an SNI-enabled browser to make the first encrypted HTTP request.
In fact I didnt even say I was using a "browser". I said "https client".
For example, one can use an https client that has SNI disabled or which has no SNI code at all, or one can send any string as the servername in ClientHello.1 If the server responds with hostname not found, then retry using SNI and the desired hostname. IME, most TLS-enabled websites do not require SNI.
When you say "If the server responds with hostname not found", what are you talking about? Exactly which protocol are you refering to when you say "hostname not found" ?
Most web servers will just fall back to the default virtual hosts SSL certificate if no SNI header is present in the clients request... They don't reply "hostname not found", or "nope, no such host", or anything similar...
"They don't reply "hostname not found", or "nope, no such host", or anything similar..."
"hostname not found" was meant to be a general term for failure due to not sending the correct servername when it is required, not a specific protocol error. I apologise for not being more precise. What happens with the non-SNI clients I use in the rare case when absence of correct servername is fatal is that the connection fails. (Most times a correct servername, let alone any servername, is not required1 and the connection succeeds. Thats the point of the original comment: in a majority of cases, its possible to get the page content without using SNI.)
1 As in the case of example.com, for example.
However, I use a local forward proxy for TLS-enabled websites. The proxy returns HTTP 503 error when the connection fails due to SNI. Thus, I do get a consistent "server response" when this happens, albeit not from the remote server.
Since the ClientHello is sent in the clear, a MITM can simply reset the connection until the client retries with SNI. Again, there is no generally useful way to solve this
"... a MITM can simply reset the connection until the client retries with SNI."
That doesnt happen when I fetch https://example.com without sending a servername in ClientHello.
For the majority of TLS-enabled websites on the internet, that does not happen. I get the page content just fine witout sending a servername in ClientHello.
But I should send the servername in ClientHello anyway?
where Q.fs is a function in a script thats bundled with the interpreter; the chunk size for reading the file into memory is adjustable by editing the function.
Thomas Jefferson "carried a small notebook made up of ivory leaves on which to record his observations. He would write down his measurements in pencil and in the evening transfer the data to seven large notebooks, each devoted to a different subject. He would then erase the ivory plates, readying them for another day of scientific inquiry." Source: https://www.artofmanliness.com/2010/09/13/the-pocket-noteboo...
This sounds very similar to what you're looking for: https://thenoteboard.com/. Sadly it doesn't seem to be available right now, but it's a pocket whiteboard made up of 3x5 segments. It folds down rather than being a stack of cards, but it may work for what you're thinking of.
"... the skill most in demand among physicists, biologists, chemists, geologists, even anthropologists and research psychologists, is facility with programming languages and "data science" packages."
If I wanted to prove to someone this statement was true, what would be the most effective way to do that?
Is author basing this conclusion on job postings somewhere?
Has he interviewed anyone working in these fields?
Has he worked in a lab or for a company doing R&D?
How does he know?
What evidence (cf. media hype) could I cite in order to convince someone he is right?
When I look at the other articles he has written, they seem focused on popularised notions about computers, but I do not see any articles about the academic disciplines he mentions.
"patch will attempt to determine the type of the diff listing, unless over-ruled by a -c, -e, -n, or -u option.Context diffs (old-style, new- style, and unified) and normal diffs are applied directly by the patch program itself, whereas ed diffs are simply fed to the ed(1) editor via a pipe."
According to this, context diffs are not sent to ed.
Is the author suggesting that patch can be fooled to interpret a context diff as an ed diff?
Theres a file called pch.c with an excessive amount of parsing and "intuit" functions like intuit_diff_type().
patch has anthromorphised progress and error messages and tries to "guess".
However I am only a dumb end user. I should not question what I do not understand. Its all safe I'm sure.
"A strategy devised by Myhrvold the salesman was just as significant. He laid it out in a memo to Gates in 1992: "Regular upgrades are important for both revenue and loyalty...A feeling of progress and improvement is necessary to keep users loyal...and an important way to produce revenue. Upgrades are the closest thing we have to an annual fee or subscription."
You wouldn't. However if you were ambivalent and did not care one way or the other, or unaware of the change, then of course you would not bother to opt-out. This is no doubt Amazon's strategy. And when you opt-out you are forced to install an app that may well have worse consequences than Sidewalk.
This strategy, so often used by "tech" companies, seems to take inspiration from direct mail.1 I have a well-educated friend who, many years ago, found himself working for a direct mail company early in his career. He did not stay long. The people he worked for sounded like dregs, and I think he had a crisis of conscience. Today, ethical standards seem to have fallen. Interesting how the word "hustle", as in "side hustle", has been repurposed by young people as something supposedly respectable. Usually that word implies some sort of con or other underhanded activity.2
1. https://en.wikipedia.org/wiki/Direct_mail
2. echo -e 'DEFINE all hustle\nQUIT\n'|nc -vvn 199.48.130.6 2628|tr -cd '\12\40-\176'|less