Posts by Michael Wojcik 12299 publicly visible posts • joined 21 Dec 2007
Agreed. I think she figures this is a good career move even if Twitantic continues to sink, and I suspect she's right about that. CEOs are rarely held to account for the failure of their firms, this is a move further into the circles of the club, and coming in to try to rescue a disaster gives an exec some credibility (didn't just take the safe jobs) even when it fails.
Who thought that auto linking, fetching and executing in mails was a good idea?
Borenstein and Freed started us down this particular crumbling cliffside path.
Admittedly, RFC 1341 was inspired partly by the need to support character sets outside ASCII, which is a legitimate problem. And 7.4.2 manages to list a surprising number of security issues with "active" content, for 1992; unfortunately it's clear few implementers gave this much thought.
Even "displaying what was contained within it" is an unnecessary vulnerability, since many image-rendering libraries, for example, have had exploitable flaws.
MIME hugely increased the attack surface of email, and overly-ambitious MIME MUAs ushered in a world of pain.
Image display ought to be optional, with images not rendered until the user asks them to be. (Outlook has incomplete support for this; I raised an issue about Outlook's rendering of Windows metafile images, which can't be disabled, decades ago on VULN-DEV, for example.) Only local fonts should be allowed, with no font embedding. There's no reason to support audio or video at all. And so on.
With 5 of 48 orders analyzed. So it's probably more like $250M wasted,or 1/7. That sounds pretty unreasonable.
And that's just wasted in this fashion. How much waste for overpriced products? How much for systems that are not fit for purpose, or are significantly less productive than they should be?
That's up to the shareholders, and the shareholders apparently have decided not to do so.
I'd say I'm surprised that Apotheker has been appointed to a number of boards (at least two as chair) since the debacle, except really I'm not. Everyone knows that corporate boards are a club and you have to offend the other members to get kicked out. Merely being terrible at your job is regarded as a quirk.
Under what statute do you believe HP's management and board committed criminal negligence?
They were negligent, sure. They were foolish and irresponsible. They cost their shareholders dearly. However, they were doing the job they were hired to do – just very, very poorly (with a few exceptions, such as Lesjak). The remedy allowed for this is for the board to replace the senior management, and for shareholders to replace board members (not necessarily in that order).
But, hey, don't let facts get in the way of your uninformed rant.
Sorry, who would have performed due diligence? We know HP didn't; that's well documented and has been discussed ad nauseam here and elsewhere.
The record is clear that Apotheker didn't read the preliminary report, fired the consultants before they could prepare the final report, and ignored advice from his own CFO, among other things. He was wildly reckless and incompetent. None of that is in doubt.
although the US taxpayer would be happy to pay for the same thing
Well I, for one, wouldn't. We spend far, far too much on incarcerating people in this country. And while Lynch is very likely guilty and is not at the top of my list of people I'd like to see released, he's also not near the top of my list of people I think deserve to be locked up.
Why would anyone ask? When a listed company is bought, the money goes to the shareholders. I haven't bothered looking, but the scheme would have to be published. It's not like this was some kind of secret deal – it was widely discussed before, during, and afterward, not least here (interminably) in the comments pages of the Register.
And they'll be happy to pay you once you deliver a working one. COD.
As someone noted above, this is not a risk. Microsoft has just promised to buy a little (for them) electricity at a reasonable price in the future, should it be available. Unless the price of electricity drops enormously by then, they're not taking on any risk.
Trust experience, question everything else.
An impressively foolish maxim.
Personal experience is by definition anecdotal. The sample size of personal experience will be much too small to justify any generalizations for most categories of experience.
Humans are prey to a large number of well-documented perceptual and cognitive limitations and traps. Our ability to observe situations and draw rational conclusions from them is severely limited. That's why we have epistemological protocols for mitigating those limitations and not trusting personal experience.
Learning from experience is both necessary and unavoidable. But "trusting" it is the hallmark of uncritical thought.
Or the job may not be what you want to do. Or the company culture may be a poor fit, or you may not get along with your new co-workers. There might not be a good new job that doesn't require you to relocate. There are many reasons why jobs are not fungible, and those claims of "employers want a zillion more people in specialized field X" are largely meaningless.
I dare say I could find a new job quickly if I needed to, but the idea of switching, with all its attendant costs and stresses, sounds awful.
not everyone is able to carry out their work whilst lounging on a sun kissed beach sipping a Margarita
Sure. I find the sun washes out the laptop screen and makes it too hard to see what I'm doing.
(Also I don't drink alcohol, so that margarita just ends up sitting beside me.)
I've been working from home for nearly a quarter-century. I don't have any worries about which or how many hours I work; I've never found that to be a problem.
I used to enjoy periodic trips to various offices. That was gradually being reduced to cut costs before the pandemic, and of course halted entirely during it. I wouldn't mind the occasional one, though now my "local" airport is a 2 1/2 hour drive rather than a 30 minute one, so travel is more of a hassle. (There is one big office about a five-hour drive away, which would be fine for an overnight trip, and another that's about ten hours.)
If we had an office near me I wouldn't mind going in occasionally. I remain utterly unpersuaded by back-to-the-office mandates, however, which are just as much of a broad generalization as "people work just as well from home", and equally unsupported by anything I've seen. If there are methodologically-sound studies on the question they've escaped my attention.
Nor is the problem "time spent communicating". That can be just as productive as any other activity. I've known plenty of programmers who could take four hours to accomplish something that could have been done in ten minutes if they'd asked the right question of the right person.
This is a rubbish study, based on rubbish data and rubbish premises. Pure marketing fluff.
... or already deleted. I created it about 15 years ago to see whether I thought there was anything of value in Twitter. I never posted anything, but I followed a few people for a little while via RSS, until Twitter went to OAuth and broke my reader. There was no compelling reason to get things working again,1 and I haven't used my Twitter account since. Don't even recall what my handle was.
1I keep seeing people in IT security – one of my fields – insisting that Twitter is an important source of information for them, but I've yet to see anything reported elsewhere that made me think "wow, I wish I'd seen this a day earlier on Twitter". Similarly, the various reposts and summaries of Twitter conversations I read in articles always leave me with the impression that seeing them in situ would have added no value whatsoever.
Secure Boot was always vulnerable to the theft of a private key. That's true for any security feature that relies on a secret.
Not that I'm saying Secure Boot was a good idea – I believe there are legitimate concerns with it. But this isn't due to a flaw in the design of Secure Boot; it's due to a flaw in MSI's security which let the private key be discovered and exfiltrated by attackers. It's not, in fact, a Microsoft bug at all. It's just exploited by malware written to attack Windows, and Microsoft are therefore providing a patch for it. (And that patch is problematic because key revocation is a hard problem.)
Exactly what people have said about every other WordPress plugin vulnerability.
No one has to use them. But people do. This is not the fault of the WordPress developers, except that they opened the door.
There's no cheap, simple fix for this problem. "Don't use plugins" is not a fix, because the problem is other people deciding to use plugins. It's all just part of the tremendous mess the industry has made of the Web, starting with Netscape's decision to stick LiveScript into the browser, and Microsoft's to invent DHTML (compounded by Microsoft's invention of XHR, and Google's popularization of it).
Oh, yawn, it's the usual "there's nothing good on it anyway" complaints. (And, seriously, "primetime TV"? That Hasn't Been A Thing for about two decades now, thanks to first time-shifting and then streaming. Might as well complain about those horse-drawn carriages.)
I watch little television myself, but I've still managed to see a number of original, intelligent, pleasing series over the past few years. Show me you've watched – critically – everything that's been broadcast, and maybe I'd give your gross generalizations a bit of credence.
Regarding the actual question at hand: transformer LLMs trained on Internet-available content are going to converge on rather uninteresting gradients. We still need writers specifically because of human cognitive capabilities that LLMs don't demonstrate, such as original style, and those that the LLM vendors are trying to suppress, such as hallucination. Not only are we a long, long way from having an LLM Ishiguro or Morrison1, we're a long way from even, say, an LLM Lafferty or Okorafor or Roberts or ... well, take your pick from among many thousands of writers, past and present. And LLM development isn't even moving in that direction; capabilities research is focused elsewhere, and most other research is into things like explication and alignment. Fiction production needs defecting AIs, not cooperating ones.
An LLM scripting police procedurals like NCIS, sure, that's not a stretch. But even something like Justified or Vera will not be coming out of GPT-4 or the like. A much bigger LLM might do, but not one hobbled by RLHF. And considering what you'd have to train it on, IP would be an even bigger problem.
1Probably not even a Dylan, which would be the lowest bar in that set.
networks will never be exposed to the internet
And that's great right until an attacker gets inside the corporate network, pivots, and escalates.
The "egg" model of network security is dead. If there's a way to connect a "private" network to the wider corporate network, many customers will do it. And once that happens all your vulnerabilities are available as soon as someone gets into the corporate network – which likely happens at least a few times a month for a large organization, assuming good defenses are in place. (That's why we have IDS / IPS systems and incident-response teams.)
There was a study some years go – late '90s maybe? – that appeared in, I think, CACM, that projected longevity for various types of optical media. It noted that the expected lifetime of the "dye" (actually a photosensitive polymer, IIUC) in CD-R was expected to degrade faster than the metal in conventional CDs, and that CD-RW was expected to last somewhere between the CD-R lifetime and conventional CD lifetime.
While I may well be wrong on the details, the upshot is that different types of CDs might well have different MTBFs. No idea about CD-MO (magneto-optical "WORM" media), but I suspect as a rule of thumb, the less energy required for recording, the shorter I'd expect the lifetime to be.
With laws like this, all New York needs to do to prosecute is show some New York state residents were harmed. Doesn't matter to them where the offending company is located.
Now the assets of that company and the people running it may (or may not) be hard for New York to get at; but judgements against them are still Damoclean swords hanging over them, should they expose themselves to the US or its allies. It's at least some friction against cryptocurrency and DeFi operators.
Also, some of the big cryptocurrency / DeFi firms want at least the appearance of legitimacy, which means they have an investment in complying with applicable laws, or at least making a show of attempting to comply with them.
I wish the Reg would label these video pieces in the headlines, so I know not to click on them in the daily email. It's annoying to read the first couple of paragraphs of a piece and only then find out that the real content is in a form I don't care to consume. (My tolerance for synchronous media is limited.)
I know it's in the HTML page title, but I'm not in the habit of looking at that.
I tried to like Perl, really. I bought (and still have) the original O'Reilly book. I wrote a number of things in Perl, mostly CGI scripts and some utilities, such as an HTML-to-plain-text-with-Usenet-style-markup formatter. I wrote a small testing framework and tests using it. I read a lot of Perl articles in places like DDJ. I'd liked other things Wall had done, such as patch and rn. I like the languages Perl was originally meant to supersede, such as Bourne shell and awk. (I still frequently use awk for quick-and-dirty scripts to analyze things like trace output when chasing difficult bugs.)
But I just couldn't develop any affection for it. Too many ways to do the same thing, with subtle differences. Too much code that resembles line noise; too much arbitrary punctuation. Trying to maintain other people's Perl code – which I still have to do occasionally for tests and the like – showed me that many people write Perl even worse than they write C: just a lot of nasty, undocumented, unreadable crap with terrible error handling.
CPAN was handy at first but it arguably launched1 the dire era of public patch repositories and the attendant problems in bloat, software supply-chain security, and learned helplessness among developers. A good idea in 1995, but the revenge effects were terrible and are still growing worse.
It has its place, sure. But I do not love it.
1Yes, there were plenty of places to get source code and complete OSS "packages" of some sort before CPAN. I was using Archie and FTP and copying ShArs out of Usenet messages back in the day too, and downloading stuff from BBSes before that. CPAN was, to my knowledge, the first modern software package repository, though; certainly it was the first one I saw a lot of chatter about.
I've written assembly for Z80, 6502, 68000, various x86 processors going back to the 8088, VAX, TI 34020, IBM ROMP, IBM 390, and POWER, and I've had to read and debug some others, including SPARC, PA-RISC, and (god help me) Itanium. Of those, x86 is almost at the bottom of my list of preferences, right above (GHM) Itanium.
I don't know what you think qualifies it as "really quite good". I'm afraid to ask. Too few registers. Segmented addressing. Peculiar choices in opcodes like the let's-help-with-BCD ones (AAA and friends). The REP prefix is convenient but, hell, that's why we have macros; we don't need loops pushed into the instruction set. Widespread idioms like using XOR for clearing a register because it's faster than an immediate move, which just makes things more difficult for the newbie reading someone else's code.
I mean, it's not terrible, and it avoids many of the pitfalls displayed by various others (like aligned addressing for RISC architectures such as SPARC and ROMP), but "good" I'm not seeing.
You can criticise PHP all you want
No I can't. I tried, but I fell asleep before I could finish. Its sins are too many for me to feasibly enumerate.
Well, there's a SQL dialect that's peculiar to MySQL which is not entirely conforming to standard SQL, much as you have T-SQL and other dialects.
But, yeah, it's kind of a pointless distinction when discussing the popularity of programming languages. Just say "SQL" and include the standard language and all its dialects. It's not like they broke down other languages by dialect.
Depends on the domain.
A majority of OS code is still C source, despite the pockets of assembler, specialty-language holdouts like IBM's PL/M, and encroachment of C++ and newer languages.
Back-end business logic is dominated by a mix of Java and COBOL, probably in roughly equal amounts (to an OOM or so), though none of the metrics (SLOC, function points, etc) are particularly meaningful and good numbers are hard to come by. There are others, of course; those are just at the top. C# has gained ground over the years, and if you want to count SQL (and you should), that's also very significant.
Many languages are significantly represented in the end-user-application space; C++ may still be on top, but there are many contenders. Javascript holds the top position for front ends.
Scientific computing is seeing steady erosion of a traditional Fortran and C base by Python, R, Julia, etc.
What "powers the world", of course, are sources of kinetic energy, not any sort of software. This obnoxious misuse of "power" is marketing crap that sensible people should eschew. But in terms of what programming languages are important to modern industrialized economies, the answer is "a whole bunch of them", and anyone trying to make a case for a single one is spouting foolishness.
The VM more-or-less led programmers into the bug that triggered the Etherium Fork. And anyone with a background in security, validation, or integer programming would have known this.
And it's worth noting that the "smart contracts" running on the chain are even worse. Molly White routinely reports on contracts that were audited by one or more security firms but were exploited nonetheless. Back when Adrian Colyer was doing the Morning Paper blog, he summarized a couple of studies showing just how bug-ridden the things are.
If there are competent developers using good development practices in the cryptocurrency realm, they're damned hard to find.
The US states that have legalized pot have also taxed and regulated it so much that the illegal dealers that thought they'd have to get out of that business are dancing in the streets.
Oh, citation definitely needed.
I live in a cannabis-legal state, next door to another one. I moved here from a third, and I have friends in a fourth. While I have no interest in the stuff, I know plenty of people who do. I've seen absolutely no evidence that what you claim has any basis in fact, either personally or reported in any reputable publication.
“a Bitdeer mine was reportedly paid $175,000 an hour to turn off its cryptomining computers during a February 2021 winter storm that downed Texas’s power grid for days, killed 246 individuals and led to the unwelcome shut down of Samsung's semiconductor facility in the midst of a global silicon shortage.”
So I read this as miners are greedy, destroyed infrastructure, killed people and others lost their job.
That's a rather strained interpretation of the passage from the article. I don't think the text supports it.
There's still the vulnerability that if someone's connected to an open network – e.g. public unsecured wireless – an attacker could use DNS cache poisoning to redirect the client to a malicious site, which could serve malicious Javascript, for example to exercise one of the periodic Javascript engine type-confusion RCE vulnerabilities. I think it's a pretty low-probability threat: what attacker wants to hang out at a café snooping traffic and waiting for someone to use plaintext HTTP? But there are attack vectors.
That said, I'm no great fan of the HTTPS-everywhere movement. Within corporate networks, for example, the benefit is minimal. And even on the public Internet, as I said above, it's not a terribly plausible attack.
I have to say, I don't buy a lot of things for myself, relative to many other people I know; but I have purchased a number of things (books, mostly; a couple of games; some tools; the belt I'm wearing now) based on having seem them advertised and been very pleased at the result. Certainly I've discovered books which I've reread multiple times from advertisements, and there's no plausible way I would have been exposed to most of them otherwise.
I reluctantly confess that Amazon's targeted advertising on my original Kindle – one of the classic keyboard ones, which I got shortly before they were discontinued, at the "Kindle with special offers [we mean ads]" price – was by far the most effective contributor to this. I don't like Amazon, but I have probably a couple dozen delightful novels because they occasionally hit one out of the park with their recommendations. (I won't bother with specifics because tastes vary widely, which is why although I also enjoy book reviews from certain people – Jo Walton's, for example – they've been less useful at identifying things I'll likely want to read and which I haven't already.)
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
