* Posts by Richard 12

3815 posts • joined 16 Jun 2009

Citrix tells everyone not to worry too much about its latest security patches. NSA's former top hacker disagrees

Richard 12 Silver badge
Facepalm

"No untrustworthy traffic"

There's no such network.

Linux kernel coders propose inclusive terminology coding guidelines, note: 'Arguments about why people should not be offended do not scale'

Richard 12 Silver badge

Re: Something learned in pre-school

Words can put you in a cage forever.

Words can force you to go out in a field and attempt to kill others, lest you be killed.

Words caused millions of Jews, gypsies and others to be marked as "undesirable", loaded onto cattle trucks and murdered by the trainload.

Words have serious power.

Detroit cops employed facial recognition algos that only misidentifies suspects 96 per cent of the time

Richard 12 Silver badge
Holmes

Exactly

It'll decide that every black man needs stopping.

This is a well-known problem, which is why this technology absolutely must not be used for law enforcement purposes.

It's at least 20 years* away from being genuinely useful.

*Meaning it will probably never be useful.

Richard 12 Silver badge
Holmes

So for minorities it's wrong around 99.99999% of the time, give or take a 9.

Yay.

UK space firms forced to adjust their models of how the universe works as they lose out on Copernicus contracts

Richard 12 Silver badge
Facepalm

Re: "We did so for good reasons "

I've checked, several times.

You've never posted any reasons, rational or irrational, that actually pass the basic test of "existence and relevance".

Though neither did the Leave campaign, which even broke the law. I suppose illegal campaigning is just fine in your world.

Richard 12 Silver badge

Re: This project is, though

Are you really that obtuse?

Le sigh.

Richard 12 Silver badge

This project is, though

Copernicus is an EU-funded project, implemented by the ESA.

The difference didn't use to matter. It does now.

If you wanna make your own open-source chip, just Google it. Literally. Web giant says it'll fab them for free

Richard 12 Silver badge

Last time I looked into it, eyetracker interfaces were the state of the art - seriously expensive, and very slow.

They should be far cheaper now that commodity hardware can do this very well, and much faster with modern autocomplete as used by smartphone keyboards.

Terrifying condition.

Born slippy: NASA Mars rover Perseverance to persevere on Earth a little longer as launch date pushed back again

Richard 12 Silver badge
Boffin

Re: Like it or not

Good news!

It's downhill most of the way.

The first hill is a big one, mind you.

Hey, Boeing. Don't celebrate your first post-grounding 737 Max test flight too hard. You just lost another big contract

Richard 12 Silver badge

Re: First Flight Since The Grounding?

Yes, I believe so.

However those were unmodified and flown under special rules to minimise the chance of taking out other flights or people on the ground.

This is the first flight of what Boeing are praying will be certifiable.

Of course, given that airlines worldwide are almost dead, they're far too late and may not sell any, even if it does get certified.

Richard 12 Silver badge

While over here, there's no time limit

When you buy a consumer product or service above £100 using your credit card, the credit card company are jointly and severally liable for the proper delivery, fitness for purpose and reliability.

If the store won't pay out for a TV that broke down 'unreasonably" quickly, the credit card company must refund you out of their own pocket.

Even if the store and manufacturer both ceased to exist a year or two prior.

Consumer protection for right-pondians is orders of magnitude better.

Flights are no different, except that airlines that refuse to refund also cease to be airlines.

After six months of stonewalling by Apple, app dev goes public with macOS privacy protection bypass

Richard 12 Silver badge
Facepalm

Somewhere a beancounter is cheering

Now they don't have to pay out! Hurray!

Somewhere else, criminals are also cheering. Apple vulnerabilities are going to be so much cheaper on the black market now.

Reviewing and profiling your code is boring? Well, Amazon will now sell you an AI editor to do it for you

Richard 12 Silver badge

What's a 'line' though?

If I remove all the carriage-returns, does it cost under a cent?

Two out of three parachutes... is just as planned for Boeing's Starliner this time around

Richard 12 Silver badge
Mushroom

Have they demonstrated all parachutes yet?

It doesn't appear that they have ever demonstrated all three parachutes firing yet.

Two parachutes doesn't behave the same as three. Will they actually open properly if all three deploy?

I've definitely seen more than one video showing parachutes getting entangled or otherwise failing to open because of being in a cluster.

Let's roll the 3d6 dice on today's security drama: Ah, 15, that's LG allegedly hacked, source code stolen by Maze ransomware gang

Richard 12 Silver badge

Re: With any luck.....

That's why I will try very hard never to buy another 'smart' TV.

Beware the fresh Windows XP install: Failure awaits you all with nasty, big, pointy teeth

Richard 12 Silver badge
Facepalm

Re: Squirrel!

Along with half the roof, half the stock and a couple of workers.

It's National Cream Tea Day and this time we end the age-old debate once and for all: How do you eat yours?

Richard 12 Silver badge

So cream, jam, cream?

I could get behind that

Richard 12 Silver badge
Pint

Re: Too much arguing = not enough eating

Sounds like an experiment that needs repeating.

Science!

Apple to keep Intel at Arm's length: macOS shifts from x86 to homegrown common CPU arch, will run iOS apps

Richard 12 Silver badge

Re: It'll work.

It will have been ARM Linux unless they explicitly said it was x86_64.

Richard 12 Silver badge
Boffin

Re: Really?

macOS has a technical limitation that the GUI can only be manipulated and painted by a single thread.

Trying to touch the GUI from any other thread will crash immediately.

There's a lot of things that fall into that GUI bucket which you wouldn't expect (font metrics).

So you are actually forced to make a lot of things single-threaded.

PS: Don't set thread affinity. That Windows API actually makes things slower. There's another, more useful API for hinting to the scheduler about multi-socket and shared cache if you've proven it makes it faster.

Richard 12 Silver badge

Re: not sure which is worse

This commentard assumed it was a quote from a spokesweasel and therefore obviously wrong.

Richard 12 Silver badge

Re: Intel has a patent wall

AMD and Intel have a long history of legal action against each other.

When you don't know what you're talking about etc...

Richard 12 Silver badge

Re: Rosetta

Serialisation relies on exact alignment.

This will certainly expose a whole host of crashes, data corruption and security failures as the assumptions that are true for x86 and amd64 turn out to be false on Apple ARM

In many ways it's far worse than 32/64, because pointers are rarely serialised.

Email innovator Hey extends an olive branch in standoff with Apple, tweaks code to make the iGiant appier

Richard 12 Silver badge

Re: A subscription fee for email‽

Exchange ain't free, and neither is a corporate Google Mail.

There's definitely a lot of people willing to pay for stuff over-and-above the core email feature set.

In many ways Hey is an email filter service, and there are several other companies making money doing that.

What's the Arm? First Apple laptop to ditch Intel will be 13.3" MacBook Pro, proclaims reliable soothsayer

Richard 12 Silver badge
FAIL

Re: It's different this time

No, that's simply tosh.

People run Windows under bootcamp or Parallels because they need to use x86/amd64 Windows software.

They don't use it because they want Windows itself.

Everything you listed is currently available on amd64 macOS, and so irrelevant.

Richard 12 Silver badge
Facepalm

Re: It's different this time

Virtualization also goes bye bye.

VMs do not convert the underlying CPU architecture, they are still running the VM guest's code natively.

The VM hypervisor is merely enforcing barriers between to ensure the guests don't touch each other's memory, and provides virtual IO (disk/network etc)

Emulation is needed to run amd64 on ARM (or vice-versa), and emulation has comparatively abysmal performance.

Ex-director cops community service after 5,000-file deletion spree on company Dropbox

Richard 12 Silver badge

Re: Bulley got off lightly

At a guess, they thought Dropbox was the backup.

And didn't realise that syncing works both ways.

Microsoft emits a colourful Windows Terminal preview

Richard 12 Silver badge

Open Cmd Here?

Finally. Such a thing has been requested by all since the heady days of NT.

Or maybe earlier? I'm a mere whippersnapper, after all.

Health Sec Hancock says UK will use Apple-Google API for virus contact-tracing app after all (even though Apple were right rotters)

Richard 12 Silver badge

Re: The conference was interesting

Hancock was talking bollocks. Apple say they haven't even been contacted, and it turns out that NHSX haven't even done any testing of the Apple/Google system at all.

As many people have pointed out, the technique itself has quite large unavoidable errors.

Being charitable, someone probably told Hancock that the technique is quite imprecise, and he simply doesn't understand that the NHSX app is using the same technique.

Would be very hard to explain that to him though as he has no understanding of what "2m" or "social distancing" looks like anyway.

Richard 12 Silver badge

Re: Security theatre

Metal boxes are pretty good at blocking radio waves, even when car-shaped and with holes to see out of.

Aside from that, it doesn't need to be very good to be very effective, if testing is fast and provided to all contacts with appropriate delays.(something like ~5 days after possible exposure.)

Don't feel too bad though, nobody in Government has even a passing link to reality, let alone a reasonable understanding of the physical world.

Richard 12 Silver badge

Re: So does anyone have any inside knowledge on when the Google/Apple API based app will be ready?

The German one is in use.

The England one will never happen.

Scotland will probably make their own, forked from the German one.

Richard 12 Silver badge
Facepalm

The two are using the same method.

The only difference is that Apple and Google know far more about the real-world behaviour of bluetooth chipsets, because they've spent over a decade working with them and contributing to the standards.

So GA's avoidable errors are going to be far smaller.

The unavoidable errors are exactly the same.

And aside from that:

It doesn't matter

2m is not a magical bubble. It's a distance where the overall probability of transmission is estimated to have dropped below some arbitrary (unpublished) level.

Halve it, and that risk is ten times greater. Presumably doubling it reduces the risk to a tenth.

So, it doesn't matter if a small percentage of "contacts" are erroneously missed or included in a 2m sphere, as long as the majority of contacts are actually included.

What does need to be done is rapid testing. Yet Hancock won't even release data about test turnaround times.

Richard 12 Silver badge

Re: iTunes more important than pandemic?

The "by winter" announcement means it's going to be quietly dropped after Hancock has spunked another hundreds million on a Tory donor.

No surprise: Britain ditches central database model for virus contact-tracing apps in favour of Apple-Google API

Richard 12 Silver badge
Unhappy

Re: This is all complete cack

Hence the only really believable figures are "Excess Deaths".

Practically everywhere is undercounting Covid19 deaths, often with huge discrepancies.

The only exceptions seem to be Belgium and Germany, which are most likely counting some not-covid as being covid while missing some covid. So ending up with roughly the right totals, while still making errors individually.

Richard 12 Silver badge

Re: Never fear, Jimmy Wales is here

Actually, his team probably can. I suspect anyone who has ever created an iOS/Android app could do it in a couple of weeks.

The only hard bit is defining when a given instance should broadcast its contacts list, as it'd be rather open to abuse to let users hit the panic button without any confirmation of a diagnosis.

Though on the other hand, it's not actually any worse than than asking people with a positive test to fill out an online form listing their contacts. And that is the current UK methodology.

So maybe a simple Big Red Button actually is ok.

Richard 12 Silver badge

Re: Had to happen

No possible bluetooth stack could ever tell you the precise distance between phones under all common circumstances.

The stack only knows signal strength. It does not know time-of-flight.

Signal strength depends on both the distance squared and the environment.

The Apple/Google one is backed by a team with access to far better kit and with infinitely greater understanding of the physics, hardware and software in use, because they designed it.

The Google/Apple SDK is very likely several orders of magnitude more accurate and precise than the NHSX trial app, simply because of the engineering knowledge and experience that they each have.

And yes, it's not going to distinguish between "both phones in pocket at short range" and "phones in free air further apart" (if the cameras are covered), any more than you can distinguish 1G of thrust from 1G of gravity (without windows).

Physics doesn't care about your political claims, any more than biology does.

Richard 12 Silver badge
Mushroom

Re: Had to happen

Because the arrogant bastards don't want to admit they have killed people.

Somewhere in the region of 10,000 to 20,000, and rising.

Winter is coming, and with it the UK's COVID-19 contact-tracing app – though health minister says it's not a priority

Richard 12 Silver badge
Facepalm

The German one seems to work

Also it's open source.

I'll fork it and rebrand for one hundred thousand pounds.

Only true boffins will be able to grasp Blighty's new legal definitions of the humble metre and kilogram

Richard 12 Silver badge
Holmes

Re: Tine to redefine Pi(e)

It's only Shepherds Pie if it contains actual shepherds.

Richard 12 Silver badge
Boffin

They don't shatter

They just break into several incredibly sharp pieces.

Richard 12 Silver badge

Re: Me too

Why is it not km/l?

Honest question. It seems very weird.

My wild guess would be to make sure the numbers are wildly different so you can't confuse them, which also has the problem that the numbers are wildly different so you can't understand the "other one".

Unlike say metres and yards, which are similar enough that for many human-scale purposes it doesn't matter.

Richard 12 Silver badge
Pint

Re: Me too

Pints are a good measure of beer. For some reason 568ml seems to be a good amount.

Half a litre is "a bit small", while a litre is definitely a too much in one go. I wouldn't use it for anything else.

Perhaps 750ml might be a good compromise, we should do some experiments.

Richard 12 Silver badge

Re: Tine to redefine Pi(e)

Of course

Pizza is it's own food group. Don't want it confused with anything else.

Richard 12 Silver badge

Re: Tine to redefine Pi(e)

The problem is that many establishments seem to think it's still a pie if it only has a lid, and nothing else.

That's no pie.

RIP ROP, COP, JOP? Intel to bring anti-exploit tech to market in this year's Tiger Lake chip family

Richard 12 Silver badge

Re: nearly impossible to address with software-based mitigation

The difference is that the CPU knows it just returned, so can immediately check whether the jumped-to instruction is one of the "ok" targets.

An application wanting to do the same has to add code to function prologues to mark as "entered function properly" and also add "did we enter this function properly?" checks at various places.

Can probably get most of it by adding checks to the prologue and epilogue to trap if the function was entered without leaving the previous one, or left without entering it, but of course this is several times more code.

Richard 12 Silver badge

This is about preventing exploits where they smash up the stack to make it call a lot of pieces of code that are already in the process - in an evil order.

Richard 12 Silver badge

Re: nearly impossible to address with software-based mitigation

You'd need to add a lot of extra guard instructions to do it in software.

That really would be quite expensive.

Richard 12 Silver badge

Not really, the main cost is a little bit of space in an instruction cache line.

The fetch was happening anyway. Is basically "jump to X", then X performs an "am I a valid jump target?" trap. With hardware support the cost of that can be zero time (but does cost transistors!) Though on CPUs without support there's a decode & NOP.

Will add more state to context switches, as this will obviously need to be explicitly enabled by processes, but context switch is already expensive.

Speaker for yourself: Looks like 5 patents are table stakes as Google countersues Sonos

Richard 12 Silver badge

What's the date on it?

I only ask because every public space in the entire world that has a zoned PA system capable of playing muzak does that.

Which is every cruise liner and theme park, most museums, railway stations, airports...

Heck, chances are reasonably good that Sonos' own office block has one.

Disneyworld and Disneyland have been doing this using "microprocessors" since the 80s, if not earlier.

Facebook boffins bake robo-code converter to take the pain out of shifting between C++, Java, Python

Richard 12 Silver badge

Re: from Intel to ARM

Only if the set of goals does not include "actually works"

This is an interesting experiment, and I'm sure much will be learned from it that can be applied to other problems.

However, it will not be directly useful in of itself within the next 20 years, if ever.

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020