Posts by Michael Wojcik 12252 publicly visible posts • joined 21 Dec 2007
You can't chop them up with a chainsaw and flush them down the toilet.
This is a really bad idea if you're on a septic system. Even with city sewer you'll just end up contributing to some fatberg. Compost - that's the ticket. (I know pigs are the classic approach, but I already have one relative who was eaten by them, and that seems like enough.)
Drags horses to water, shoves their lengthy faces into it.
You can lead a commentard to YouTube, but you can't make him upvote, apparently.
But, hey, you got me to watch that video, just out of curiosity. And then a couple others, damn it. Now I will forever know that the least-used station in London is Angel Road.
(When I were a lad, on my first visit to London, I climbed the stairs in Covent Garden. Because they were there.)
Goggle map says car 5 hrs , air 1 hr. so must be quite a bit of pissing around air wise.
Easy. TSA recommends you get to the airport 2 hours before your flight, so that's 3 for air travel right away. Figure another hour getting to and from the airport - and that's likely optimistic, once you figure in things like parking (or waiting for a shuttle, or public transportation). Now the car's only an hour behind.
Do you need a car at your destination? Great - now you're losing half an hour getting to some idiotic airport car-rental complex, picking up a car. (I'm assuming you have a rental membership and reservation, otherwise it'll probably be an hour at least until you're on the road.) And then you have to get to the hotel or whatever, and air travel's in a dead heat with driving.
Checked luggage? Oh, sure, you can cram a few things into a carry-on and fight for overhead space with the rest of the barbarians. Look at all the luggage room my car has! If I want even a tenth of that luggage capacity when I fly, I have to check a bag. And now I'm waiting at least 15 minutes to get it after the plane lands.
Air travel is also much more susceptible to weather and equipment delays.
Chicago's about a four-hour drive from where I live, and that's nearly always under the break-even point (i.e. driving is faster). I've done it both ways several times. If there's no really serious jam getting out of Chicago, the car will win.
The train takes less time that going by car, but with the walk to and from the station, it obviously take longer in total, depending on traffic jams on the way into town... But it is a lot cheaper
And you can use the time on the train productively, rather than sitting behind the steering wheel. Opportunity costs are also costs.
I get the resistance to public transportation, really I do. When I lived in the Boston area I alternated public transport and driving my car, depending on my mood and (most often) whether I got my ass to the train station or bus stop in time.[1] Even though public transport was much better in many respects, Boston traffic being what it is, there were many days when the sheer on-my-own-schedule nature of driving my car persuaded me.
I no longer commute, but I still much prefer driving my own car for long trips. It's a 23-hour drive between Stately Wojcik Manor and the Mountain Fastness, but I've done it, oh, probably a hundred times now, rather than fly and rent a car. (Public transportation options at the Fastness are limited.)[2]
But still. I got a ton of work, and entertainment (reading), and relaxation (sleeping) done on buses and trains back when I was in Boston. If I had to do that again, I think I'd actually drive a lot less than I did. Touring is one thing; I have much less patience than I once did for sitting in traffic.
[1] For my commute, I could either walk to a bus stop and take the bus into the city, or drive a few miles to the train station and take that in. Then it was either subway or, time permitting, walking about to get around in the city. In the evening I'd take a different train out in the other direction to another job (a passion project at a startup), and then catch a ride home later with a co-worker. Or I could do everything in my own car.
[2] I do the drive over two days, if anyone was wondering whether I was actually pulling a 23-hour marathon shift behind the wheel. That'd be dumb. I draw the line at 19 hours.
The hate on here for Shkreli is wildly disproportionate in my view.
What determines the appropriate proportion of hate?
Hate is an emotional response. Shkreli appears to be very successful at provoking it. Such is human nature.
What's important is whether the actual social response is proportionate. In US terms, Shkreli's sentence is not especially heavy (though it might certainly be argued that US prison sentences in general are disproportionate across industrialized democracies).
Assuming the 88% rule (average time served for Federal inmates) applies, Shkreli will end up behind bars for about 74 months. That's on par with the average drug offender.
there wasn't enough of a market for it for generic drug makers to bother producing it.
And this isn't particularly uncommon. I can't get one of my glaucoma medications at the moment because there's a "nationwide shortage", according to the pharmacy, with no projected end date.
Pharmaceutical markets are relatively inflexible. Yes, pharma companies advertise, but there's only so much you can do to recruit new customers. And the products are fairly heavily regulated, and there are other distortions (such as insurance company formularies). Personally I'm glad most of those distortions exist, but I recognize that it does mean generics manufacturers are sometimes going to predict that a particular drug is no longer likely to be profitable.
it is the remarkably simple one of "Test everything thoroughly before you go live, and don't go live until you know it works"?
"Always mount a scratch monkey" is simpler yet.
(N.B. Anyone interested in the corrected version of the scratch monkey story should refer to the first link in the Jargon File entry linked above. Or that link in the previous sentence.)
The irony being that when you get right down to it, every single symbol that you have used to convey your thoughts on emoji started life about seven to nine thousand years ago as what you call an emoji (and linguists call "pictograms").
Yes, and then we got better at written language.
And now we're getting worse again.
(One of the features of RocketChat that I do appreciate: individual users can turn off emoji rendering, and see the text equivalent instead. The text equivalent is still stupid, but an order of magnitude less annoying.)
Slack are not surprisingly getting a bit desperate and have started copying features from Teams like Threads.
Yes, Teams is the first conversation software ever to feature threading. No software ever had that capability before the brilliant innovators on the MS Teams ... team ... came up with it.
I don't like Slack and its clones (I still don't see much value in Slack, to be frank). Nor was I ever much of an IRC user. I'm more a Usenet man myself; I'd much rather see a bias toward longer-form, more substantive posts than one-sentence-and-a-link followed by twenty idiotic emoji-encoded me-toos.
But if I must use a conversation-software package, for the love of god let it not be one of Microsoft's half-assed black-box piles of crap. Currently in my neck of the woods we're using RocketChat, which I would rate as moderately terrible; but at least it's open source and thus there's some hope of getting things fixed. (Now if the RC devs would only quit fucking up the UI and actually provide some value...)
I can't imagine any farmer I know buying a tractor that they couldn't repair themselves
That's why the major manufacturers don't want to sell tractors. They lease them, with restrictions including those against unauthorized repair work.
For the US, at least, I understand there's been a fair bit of consolidation. CNH own both Case and New Holland. ARGO own McCormick and a bunch of other brands. AGCO own Challenger and Massey Ferguson. So
the fake stuff is more exciting than the real world
And more likely constructed and disseminated in a manner tuned for social-media distribution. See Halliday's Trust Me, I'm Lying for a wide-ranging but accessible discussion of how blog-and-social-media manipulation works, and how the economies of those vehicles depend on it.
I have always maintained that I can't choose what to believe, rather I am either convinced by the evidence or other persuasion, or I am not. That's not a choice.
To some extent, you're running up against the First-Person Restriction on Doxastic Explanation, which is a theory in doxastic philosophy (the philosophy of belief) which says that there's a limit on the extent to which you can logically question your own beliefs.
In simple terms, it's not logical for a sufficiently-powerful reasoner (any reflexive reasoner, really) to both believe P and believe that the belief in P has no relationship to P's truthfulness. (I'd write that out symbolically but it would be tough given the Reg's forum constraints and I doubt it'd help anyone anyway.) While you can entertain the idea that one of your beliefs is incorrect, if you truly believe that belief is completely arbitrary, you essentially hollow out the original belief. If you follow.
However: The word "choice" here is problematic for other reasons. One, of course, is that there is great disagreement on what "choice" is, as a quale (a mental experience) or as a physical event. Naive strict determinists would argue that there's ultimately no such thing as choice, and all your beliefs are predetermined.[1]
But there's no point in considering naive strict determinism[2], so let's assume it's wrong, and there is both physical choice and a quale of choice. As you posit, it would seem that your beliefs would appear to flow from some mental operation performed on various inputs, a process we gloss as persuasion. Are there aspects of choice there?
Many would argue there are. For example, there are qualia of making choices which come into play: choosing to yield to emotion or attempt to reason, for example; and how much effort to put into reasoning. Choosing to search for more information. Choosing to espouse a belief for social or political reasons, until you convince yourself of it. And so on.
Beyond that, many people would argue that there are choices happening beyond the phenomenological horizon - that you have conscious, reflexive access to only part of your thinking process, and what happens beyond there you do not know. You can call that "unconscious" or appeal to an emergent view of consciousness or whatever floats your boat, but there aren't many philosophers of mind or cognitive scientists or psychologists or whatnot who will tell you that you know everything that goes on in your noggin. So you may as well assume there are choices happening in the shadows.
Personally, while doxastic logic and philosophy of mind are fine ways to while away the idle hours, I think the more important issues are how persuasion happens in practice. And for that we should look to psychology and rhetoric. On the particular matter of social media, I'd suggest that even lay books such as Being Wrong, You are Not so Smart, and Trust Me, I'm Lying explain the results of this study quite adequately.
[1] Of course, if they're correct, then they have no choice but to argue that. And their opponents have no choice but to disagree.
[2] Even if a strictly-deterministic universe forces us to, in a strictly-deterministic universe there's no point to anything, because every outcome is predetermined.
But if encrypted data can be changed without requiring decryption first then how can any encrypted data be safe from tampering?
Integrity protection is not normally an attribute of encryption. For one thing, it's not true of any stream cipher, by definition. Nor is it true of a block cipher in ECB mode, or of many classic pen-and-paper ciphers, and so on.
There are AE combining modes of block ciphers which produce a stream cipher, an authentication verifier, and an integrity verifier - in fact those are now the preferred modes for TLS - but authentication and integrity are still notionally separate cryptographic products.
does that mean you can run a query on the DB underlying your line of business system, get the correct records back and decrypt them on site?
Encrypted databases and encrypted database search are big research areas. The Morning Paper has done a bunch of papers on them. See for example:
Why your encrypted database is not secure (which also has links to three other related papers)
SoK: Cryptographically protected database search
Note that there are encrypted DBMSes and cryptographically-protected-search DBMSes available for production use, if you can accommodate the performance hit (which is much less than that of HE), and if their security guarantees (which aren't that great, per the papers cited in those articles) are useful. They do not use homomorphic encryption.
And yes, despite it's snore inducingly dull subject (traffic) there are bad people who can find a use for this technology.
Sure. It's useful as a low-sustained-cost terror attack, for example: snarl up traffic (significantly worse than normal) for many days in a row in an urban center.
Low-sustained-cost is actually a successful terrorism strategy. The IRA used it for years to bolster their position so they could run an extortion racket, among other organized-crime goodies, and then leveraged it to claim legitimated political power. Muhammad & Malvo used it to scare the crap out of D.C. residents for three weeks, and they could have continued doing so for years (particularly if they periodically moved on to a new city) had they not gotten greedy and lazy.
There are lots of potential LSC terror projects. Arson of abandoned (and thus poorly defended) buildings is another; free-range arson was a big contributor to the gutting of Detroit.
Compared to bombings, sniping, and arson, fucking with traffic doesn't seem like much - unless you're depending on an emergency vehicle, perhaps. But that kind of widespread, low-level cost really eats away at a locality's civil society and ability to make rational group decisions (often pretty low to begin with). And note the asymmetry: it's nearly zero cost for the attacker, assuming we have a high density of vulnerable "smart" intersections in the metro core.
In fact, what this sort of thing shows is that "terror masterminds" are much rarer than the government scaremongers would have us believe. Terrorist organizations are generally far more successful with this sort of strategy than with plowing lots of resources into splashy attacks with a high probability of failure.
All data comes from somewhere and any somewhere can be hacked or replaced to provide false data
Exactly. In fact I don't see any need to "hack" the I-SIG transmitter in a car (and then go through the trouble of "parking it nearby", per the article). Just use SDR and a small embedded system, and you can hide your fake-I-SIG transmitter pretty much anywhere. Have it broadcast only at random times, and it'll be that much harder to locate.
The same would be true if the sensors were mounted on fixed infrastructure rather than on the vehicles.
If you want a stronger guarantee of the provenance of your data, you have to use mechanisms that give you such a guarantee. Moving the sensors from vehicles to infrastructure is not one of them.
This really has very little to do with connected vehicles, other than that the DoT lumped it into their CV pilot program.
Meeting governance technology
I don't know - some devices that fall under that description could be useful.
One year the Modern Language Association introduced, at their annual conference (a very large affair), electronic timers that would tell panel presenters when their time was nearly up, and then cut them off when it ended. It was a godsend.
And just imagine ED-209 tweaked to enforce Robert's Rules of Order - with a vengeance. "Please yield the floor. You have twenty seconds to comply."
Then I discovered Scott Adams is an enthusiastic Trump fan.
Adams came out as an asshat long before that - most memorably in his awkward and quickly-exposed sockpuppetting. He exhibits some of the worst attributes of his own characters.
But that's often true of artists (and everyone else, of course). For some members of the audience that will spoil their enjoyment of the work; others manage to overlook it. Either response is justifiable.
This is just a variant on that, albeit with a guiding hand to steer the button-hammering towards a specific desired result.
That's like saying an automobile is just a variant on a wheel. Arguably true, but manages to miss the point entirely.
All ML algorithms that incorporate stochastic processes are "variants" of "randomly hammer[ing] all the buttons". So what? All computable functions1 are variants of - take your pick - switching signals, integer arithmetic, lambda calculus, Turing Machines, Post Machines, compression, 2PDAs, 2-tag systems, etc (and all actual implementations of computable functions in machines are not formally more powerful than DFAs, since a time-space-restricted UTM or equivalent can be converted to a DFA simply by enumerating all its possible states).
What matters is what you do with it, and how much it compresses and optimizes its state space.
1Assuming the Church-Turing Thesis holds.
No, it is not mandatory, you can also write at least two.
Or "two or more", etc.
There's long been a "plain English" movement among US lawyers. (See also e.g. Kevin Underhill's relentless mockery of the habit of putting "(henceforth FOO)" after every proper name, and writing numbers in both numerals and words.) Alas, its proponents are swimming against the tide.
Any patent application containing the phrase "at least 2 (two)" should be immediately rejected, of course.
I don't know that I've ever seen the word "plurality" used anywhere other than in a patent.
It's used in political science, for example, to distinguish among other kinds of voting results (simple majority, etc). Also in grammar, religious studies, etc. But obviously it's a term of art and not often found in casual conversation, except in jest.1
If the Google Ngram Viewer is to be believed, its popularity held relatively steady over the late modern period, then started climbing in the mid-1980s. It's now up about 30% from its long-term average, and the first page or two of results from that period don't appear to be patent-related.
1"Why did the chicken cross the road? To join the first chicken and achieve a plurality." Thank you, you've been a great crowd.
I'm pretty sure ICQ was on the scene long before any of the messenger clients you mention
Yes, since it was released in 1996.
SMS dates from the 1980s, and it's no so wildly different from the OTT messaging applications.
There were many decentralized network-messaging applications long before BBM, of course. MIT's Zephyr (part of Project Athena), 1986, is one early example. BSD talk(1) got network capability in 1983. I don't know when VMS introduced its phone command, but that was network-capable as well. If memory serves, VM/CMS provided an instant-messaging service over IBM's HONE network (which was larger than the Internet in its heyday).
I'm sure BBM innovated in various ways, but it was by no means entirely novel.
the entire US patent system that pretty much just takes the money and rubber stamps everything
That's simply false. In recent years the approval rate has hovered around 50%. I posted the statistics in response to another article, but they're trivial to find if you know how to use a handy research tool called "the world wide web".
50% may still be too high, but it's certainly a far cry from "everything". And considering that the USPTO is a profit center for the federal government, and thus under pressure to please its customers (applicants), I think they're showing significant restraint.
Supposing "qubit density" doubles every 18 months Moore's-law-style, quantum computers will be practical in a bit over 16 years.
s/practical/possible
Google's Bristlecone isn't exactly commodity hardware.
But that said, yes, if a similar exponential growth rate in qubit density applied, we'd have at least one working physical implementation of a "practical size" QC with sufficiently low error rate within 20 years.
That was essentially Mosca's prediction back in 2015. (I don't have the citation handy but it's cited in the NIST paper someone mentioned above.)
Personally I'm pretty dubious - increasing qubit density isn't just a matter of better lithography methods and materials, as it was for conventional silicon - but who knows? I've been wrong at least once or twice before, though this may be due to errors in the universe.
Make sure every message can be decrypted into multiple results. ;)
Every message can be decrypted into multiple results. Any given message can be decrypted into any given plaintext by some algorithm - in the degenerate case, by a constant function that returns the desired result for any input.
More seriously, there's a long history of deniable encryption, where multiple plausible plaintexts are possible with close to equal probability. There was particular interest in this area around encrypting filesystems, so (for example) you could have a partition which decrypts into innocuous data with one key, and sensitive data with another.
Obviously (by the pigeonhole principle) there's some additional storage cost, even with compression.
Nobody will EVER give you such answers. Instead they'll refer you to pure maths papers or lectures, in which abstract mathematical concepts are discussed. But implementation? Means, methods? Practical info? No chance. After all, quantum computing is homeopathic IT.
Horseshit.
Even the Wikipedia articles on Grover's and Shor's are quite readable, if you have some fairly basic mathematical knowledge and the ability to focus your mind for a few minutes.
I'm not a big proponent of QC myself. We're still far, far away from practical hardware, much less hardware cheap enough to be used on more than a few specific problems. And as N posters above have pointed out, while problems known to be in BQP isn't a trivial set, it's not everything we'd like to be able to solve, either.
But the basics are not that difficult to understand, and they are founded on uncontroversial physics and mathematics, and they've been demonstrated at small scale.
Prototype spiderbots already exist that can jump several centimetres, and the real thing can jump six times longer than its own body length. Far better than the abilities of a puny human.
Than a puny human, perhaps. A magnificent specimen such as myself is easily capable of jumping several centimetres or six times longer than the body length of a spider. Why, I did it just the other day.
There's actually a sidebar discussing this.
Yes, though I was surprised it didn't suggest that the participants decided to settle for fear that a court would end up tossing the non-compete and setting precedent. I think most US corporations recognize that non-competes are largely effective only as FUD, to discourage employees from even trying to jump ship.
controlling a large portion of the world's silicon supply
Clever. Sand is our second-most-consumed natural resource, after all.
Forget chips. First you get the sand, then you get the money.
As a consumer* I would consider 50-100Mbps as acceptable - I simply won't live anywhere with a line capable of less.
And that's the problem with terms like "superfast". You want 50-100Mbps; and, sure, there are use cases for that.
I, on the other hand, was perfectly happy with the ADSL service I had for a year here at the Mountain Fastness (my alternative home, when I'm not lording it over the local populace from the big house in the Land of Trees and Lakes). We might have gotten something like 10Mbps down, and quite a bit less up. I work from home, and when my wife was here she was working from home too, and when we watched television we were streaming from NetPrimeHuWhatever. And it was all fine.
Now we have fiber to the house because the local power-and-telecom co-op rolled it out, and it's officially rate-limited to something like 40Mbps because I have no reason to pay for more. The main difference is that now we have a 4G picocell using the fiber connection for backhaul, so that's an improvement; and we no longer have to reboot the crap ADSL modem/router half a dozen times a day.
Back in the day I used to work from home over Bonded Basic Rate ISDN, and that was fine except when some idiot helpful coworker sent me an email with a megabyte of attachments. Before that I had a 56Kbps dedicated line, and before that I had a pair of Telebit Trailblazers for SLIP and UUCP. I got my work done.
So for me, this 40Mbps fiber connection is "superfast", in the sense of "significantly more than I need". I could pay a little more each month for 60Mbps, but I have no reason to do so.
I would totally like it if I could remove a lot of the Googly nonsense on the phone to free up space and make it more useful.
Some of the base packages can't be removed, even if the phone is rooted. You can remove the updates, though, which can recover quite a lot of space; and if the phone's rooted, you can disable the apps you don't want, so at least they won't start and won't clutter up the UI. (You can do that from the command line with a terminal app, or use one of the various package management apps available on FDroid.)
I had pretty well de-Googled my previous phone, but then the screen died on it, and with the new one I just haven't bothered. The short lifespan of the typical smartphone[1] has discouraged me from rooting and customizing them.
One thing to beware of is that some OEMs install customized Android kernels that lock out some package manager features. My Samsung turned out to have a protection tweak that let me disable Google packages but not re-enable them if I later decided I wanted them. This was particularly a pain with the Google calendar, because it's hard to find an app (even on FDroid) for simple calendar functions that doesn't require the Google calendar. Apparently calendar systems are beyond the typical Android developer's capabilities.
[1] My father had a Motorola unit in the mid-1990s that lasted around 10 years. My first mobile was a Motorola feature phone which was good for 5 or so. My first smartphone was a Nokia Symbian model that went 5 years, and I only replaced it because some pixels had failed on the screen and I was worried it'd suffer a more serious failure sometime when I needed it. It still works; it's my backup whenever my current phone dies. After that I had an LG that died after 18 months and a Samsung that died after 18 months. Currently I have an Asus that's still going at 8 months; we'll see how long it lasts.
It's a royal cluster because Intel knowingly chose to violate proper security structure for command execution
Spectre-class attacks affect all CPUs using speculative execution and have any observable side channels. But please do continue to broadcast your ignorance, AC.
Which CAs ask for your private keys, if I may ask?
A number of CAs provide, or used to provide, "one step" certificate generation, where they generate a key pair and a DV or personal certificate[1] and send them both to the user. It's to save people the effort of learning what a CSR is, because why go to the trouble of understanding even the basic concepts of the security mechanism you're trying to use?
DigiCert appears to require a CSR even for DV certificates, which is good.
Since 2012 it's a violation of the CABF Baseline Requirements for the CA to archive the subscriber's private key (so Trustico was in violation of the CABF BR; that's just an industry agreement, but the violation may doom their business). But CAs are still allowed to generate the key pair:
Parties other than the Subscriber SHALL NOT archive the Subscriber Private Key.If the CA or any of its designated RAs generated the Private Key on behalf of the Subscriber, then the CA SHALL encrypt the Private Key for transport to the Subscriber.
(Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates, v.1.0, 10.2.4)
[1] The EV certificate rules don't allow this, fortunately. It's one of those odd cases where the EV rules actually do something significant to improve security.
I have seen, in a book my son was lent by his school teacher, about a year ago, exactly this sort of code. Take variable from $_GET, build string by concatenation, pass to SQL. No input checking at all.
Yes. I have just such a textbook sitting on the shelf in my office at my other house. (If I had it here I'd provide the full citation.) It's a text on creating "database-driven websites with PHP".
The textbook I have does recommend enabling PHP's auto-quoting support, but that's a meagre mitigation and far inferior to using prepared statements and/or stored procedures.
For that matter, mixing the presentation logic and data access in the same inline PHP rubbish, rather than 1) having a proper data access layer, and 2) at least using slightly less awful, well-partitioned, OO PHP in place of the ad hoc interpolated procedural code would be much better than scattering calls to the MySQL provider throughout the backend code.
I was also under the mistaken impression that signatures operated across all the data it was signing.
That's not a mistaken impression (modulo the disagreement in number you have there). That's exactly what a signature does: signs the data that it signs.
The issue here is that SAML implementations did not use consistent canonicalization algorithms, so they could potentially sign and verify different things.
Many signature protocols have an initial canonicalization step before hashing and computing the signature. That permits greater flexibility in transmitting and representing the signed data. The downside is that the canonicalization has to be done consistently, by all parties, for signing and for verification.
XML is (too) complicated, which means XML Signature is (too) complicated, particularly in canonicalization. And so errors like this are easy to introduce.
In the three way circle jerk, Delta stopped stroking the NRA. In order to keep being stroked by the NRA the Georgia politician is going to stop stroking Delta.
Yeah. I'm no fan of the NRA or of the Georgia legislature. And I certainly don't see any reason why NRA membership should get you a discount on airline tickets; obviously it's just a marketing ploy. On the other hand, I also don't see why the Georgia legislature shouldn't withhold favors from Delta for any reason that makes them happy - there's no natural right for a corporation to get special tax treatment from the state.
Mostly this is Georgia biting a hand that feeds it (how appropriate), but then Delta won't be dismantling their Atlanta hub operations anytime soon. Both of the primary players here have deep vested interests in one another, and they're just using the NRA as a marketing football.
microfilm (or microfiche as we used to call it when it arrived in postcard-sized sheets instead of reels)
And let us not forget microcard - microfilm printed onto cardstock, and read with a reflective reader. The US Federal Government supplied a lot of material to archival libraries in that fashion. I read many pages of it during one of my stints in graduate school.
The stuff I was reading was ephemera, things like DoD pamphlets for civilian employees. No real records or major publications. It's possible they only used microcard for that sort of less-critical stuff.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
