Posts by Glen Turner 666

Working in a multi-OS development, Git does it right. Otherwise there will be lots of commits which do nothing but change line endings when diffed. And CI chains which work fine, right up until a commit from a rare operating system. Githouses need to understand line endings somewhere -- either when the commit arrives, or when handling the code base, such as showing differences, annotating lines with the last change, etc. There's a lot more tooling than just editors. I'd rather than file mangling happen once at commit rather than in every item of tooling.

Re: Question to the knowledgeable

She will be allowed to take receipt of the funds. But there's a catch.

Although the criminal litigation against her has concluded, her guilty plea opens the door to civil litigation from people at Alameda who had losses. So there will be little chance she will keep income in excess of her requirements for living.

Re: ARM chips are every bit as complex

You are arguing that a problem with thermal management is more complex in Apple Silicon ARM chips of much less thermal dispersion then the Intel chips; and arguing that the clock tree of Apple Silicon ARM is as complex as Intel despite the smaller silicon area needing to be serviced for Apple Silicon. You'll excuse my doubts.

Re: Blame Microsoft, not Crowdstrike

What Crowdstrike was doing -- intercepting system calls and analysing combinations of those for malware behaviours -- was innovative. Thus there were no operating facilities, and a hack to use a device driver to gain access into the kernel of the operating system had to be used. That device driver would offer functions to loadable programs which did the sensing and analysis -- an architecture not too different to IBM mainframe "channel programs" to do I/O, and thus Crowdstrike "channel files".

But this doesn't let Microsoft off the hook. After this initial period of experimentation, and after creating its own endpoint detection software, there should have been proper operating system support for these sensors and analysis. Then the device driver -- with its excessive access, and a security issue in its own right -- could be replaced.

Offering a operating system facility would also have removed the largest problem with channel programs: the need for their runtime not to fail, the need for a perfect compiler. Operating system facilities get far more testing, and denial of service opportunities taken far more seriously, than in a third-party device driver. As it is, Microsoft and Crowdstrike have no choice now bit to build robust operating system support, because every item of malware is going to be looking at leveraging endpoint detection and response systems.

It's likely a threat to use an Investor State Dispute Settlement in a country where Brasil has a trade agreement.

US judges are also far too keen to hear extra-territorial disputes. And if Brazil lose (even by default such as not showing up) and don't pay because they don't recognise the jurisdiction of the US court, then Musk could ask the US court to cease goods belonging to Brazil which are located in the US.

The thing to remember here is that Brazil cutting off X is not a whim. X was outrageously involved in the cultivation of fake news to bolster attempts to overthrow the elected government.

So Brazil isn't backing down. Any penalty Musk might arrange for Brazil will have an immediate effect on Brazil - US relations. At a government level. But also at the level of ordinary people.

Re: What is their strategy with their new, smaller, customer base?

KVM is a VM facility in the Linux kernel -- the "kernel virtual machine". Each VM appears as a Linux process, just like running any other program. There are user space applications which then use KVM to implement virtual machines for various user bases. The most common is Qemu. That in turn has front ends, from the desktop GNOME Boxes through to industrial systems like OpenStack. These front ends funnel through a common VM management library -- libvirtd -- which greatly simplifies debugging provisioning faults.

Using a 'real' operating system kernel, rather than a 'hypervisor' kernel which only runs VMs, is seen as advantageous. Since each VM appears as a Linux process, a lot of existing Linux tooling can be used. As a result the management of KVM can seem sparse, in reality for some purposes you use the same management tools as for other processes -- such as network alarming and collecting performance data for capacity planning. Sometimes a VM-specific tool is needed. Often this tool works through libvirtd, making it possible to use one vendor's tool to control another vendor's VM. Many of the technologies for managing Linux containers to also be used to manage Linux VMs, such as Kubernetes and Terraform.

Re: "celebrated industry diplomat Linus Torvalds"

Linus has been diplomatic for much of his career. A reason Linux took off the way it did is that getting a bux fixed in a Linux system was far easier than getting a bug fixed in BSD Unix. Sure BSD eventually fixed that, but by then it had lost the opportunity to be the major '386 Unix.

There was a period where Linus was far far too blunt for the size of the community which had grown around Linux. Force multipliers like fan channels and the trade press meant that previous behaviour was now amplified into being unwelcoming. But Linus is no fool, has demonstrated personal growth throughout his career, and got on top of that issue.

In this case, Linus was diplomatic. His offer was generous, and whilst he didn't expect it to be fulfilled, it was a clever way of demonstrating the actual resources available to maintain a Itanium port (ie, expected to be zero).

Re: It Was In Debian Unstable --- *buntu LTS

The "system does appear to work" is too much. It was the merest fluke this issue was found, relying on the availability of one Microsoft employee to do their micro benchmarking of Postgres performance.

The system certainly did not work in getting the Xz maintainer the help they needed. This after the measures taken for the same issue in OpenSSL. So that part of "the system* also failed.

There is a lot of micro failures. Hand waving commit messages. Procedural code in build systems. An integrity gap between a git repo and a tarball. Binary test files.

That's without the whole issue of how to monitor the behaviour of developers. This wasn't the first subversion they had tried.

There is a lot to take away from this incident. That things can keep working as they are is not one of them.

Re: long-form writers...

Sort of. Book publishers want material in Word format, but they don't want material which uses Word features. As simple example, one wants to see bold text as ***BOLD***example***BOLD***. The killer feature of Word is change tracking, allowing a back-and-forth of chapters with the copy editors, discussing any contested changes.

In my personal experience, the issue with using LibreOffice with professional publishers isn't the integrity of the .docx formatting (because there is none), but the round-trip integrity of change tracking.

The reason for this odd use of the Word format is that the pubisher will then mark up the text, get diagrams professionally redrawn, and flow them into a desktop publishing package which works like Scribus, usually Adobe's InDesign. But the publisher wants to do that, as then they can lay out the book according to their corporate look and feel. They don't want glitches like the text in the corporate choice, but the bold text in Arial.

Obviously if you're doing your own publishing, then LibreOffice and Scribus are a fine combination. You can even re-work any diagrams in Inkscape.

The big strength of LaTeX is that it sufficiently separates the content from the format so that a corporate format can be applied and the pages generated with very little work. That's why it's still widely used in engineering academic journals.

Re: So ICANN

Although I can understand that attitude for ICANN, the regional NICs are another matter. It's difficult to think which organisation other than APNIC would be representative of the Asia-Pacific internet technical community.

Re: Off topic

300bps was not adequate. Even for grown-up text. With a start bit and a stop bit, 300bps conveniently converts to 30 characters a second. Or under half of a 80-column line. Of a 24-line display. In practical terms, that's 30 seconds to display the 1st ed UNIX manual page for the 'cat' command, a manual page of twelve lines.

Local terminals were attached to the computer using RS-232 running at 9600bps. In practice that was fast enough for a full page refresh in about a second.

Kyocera do ceramics, and things which use ceramics

Kyocera basically do what it is on the tin -- Kyoto Ceramics.

Kyocera got into laser printers via ceramic components in the high-temperature fuser unit. Kyocera got into kitchenware via knives via ceramic blades. Kyocera got into smartphones via ceramic speakers, which are now the norm across all thin devices from phones to TVs. Their newer rugged phones use the entire front glass as both a speaker and a tissue conduction actuator (which means you can use the phone without removing hearing protection, just hold the phone touching the earmuffs).

Basically the company makes components and if it sees a hole in the market it is selling components into, then it fills the gap.

With the fall in the stock price of Tesla, the cost of Musk's funding for the acquisition of Twitter has risen -- Musk will need to stake more of his Tesla shares to purchase Twitter. One way to address that situation is to require less funding in the first place. Raising doubt about Twitter's number of users and the level of misuse of the platform are both ways to do that.

Re: Linux "Desktop"

Linux has equivalent -- and better tools -- they are just different enough that they're not on the radar of people looking for a one-for-one branded replacement.

Group membership in Linux is easily enough driven from LDAP. Red Hat has a nice sssd wrapper around that set of technologies.

Group policy is more often then not used as a proxy for configuration control, and under Linux you do that configuration control directly. Ansible is the weapon of choice. This has the huge advantage of allowing the 'playbooks' to be stored in Git. Which means that there's far better administrative and audit control of changes then done with Group Policy. That's why AD is the #1 goal of hackers, because change there is organisation-wide and auditing isn't done because the mechanism is too difficult. Compare with Git pumping Git summary lines and diffs of Ansible playbooks (and thus enterprise-wide machine configuration files) into a Slack channel for continual casual review by the operational staff.

Linux tends to pull forward cutting-edge security technologies. The machine I am writing this on runs Secure Boot, to an encrypted drive based on a key in the TPM, with all system executable files and libraries under Integrity Management. It remotely logs to a server analysing activity for misuse patterns -- exactly the same software as used for our big internet-facing servers. Login requires a Yubikey to be inserted, if that's removed the screen locks. Windows is catching up, but in a typically Microsoft way -- using these desirable features to push their sales agenda, so use of a WebAuthn key requires cloud authentication rather than site-hosted AD.

Re: There is no reason not to choose Postgres

"The biggest impediment on those two vs Excel is recreating the environment"

Have a look at Juypter Notebook. It's a cloud-hosted web presentation of Python, R and other languages in a "engineering notebook" style. To recreate the environment you just log into the page again. It's excellent for a quick analysis, since if you have to return to the analysis later then the data exploration you did is presented in a narrative, making it easy to track what you were thinking at all those months ago.

Juypter has very quickly become the weapon of choice for analyzing science data.

Re: Tunnel

The rights to place or use fibre in the Channel Tunnel are exclusive.

Not removing authentication, but removing authentication which uses passwords and replacing it with something better.

This is good: passwords are no longer fit for purpose. People simply can't think of ten mathematically-random characters for every website they use.

Rather authentication uses an attribute of yourself: such as fingerprints or face. And maybe a button-press to signal that you do mean to login.

Re: Warantless

Apple have been upfront about the way they scan user's phone content, and that's not a backdoored CPU.

If you disbelieve Apple's description, then if anyone is going to find unexplained mailboxes to secret off-board processors or to find missing CPU cycles, then it's this very project.

Documentation of CPU functions doesn't help solve your concern -- Apple can simply not document the CPU functions which concern you. What you want is forward- and reverse-traceability from requirement to implementation. So you can prove that there's not a single gate in the CPU silicon which can't be traced back to a requirement. This is expensive and isn't offered outside of cryptographic processors.

The difficulty in providing a design is trustworthy is so hard that it's unlikely that any commodity CPU would meet this level of trust. It's just too easy for chip fabrication tooling to add covert CPU gates or chip initialisation code to your design. Similarly in verifying that the semiconductor fabrication mask doesn't have covertly-added etching. Bunny Huang goes through this in some detail in his effort to build a trustworthy laptop.

There's more choice for us folk who aren't a16z startups

Casado and Wang are talking about startups. A particular sort of startup -- a Andreessen Horowitz client, with a lot of venture capital cash and with lots of compute and storage at the core of what they do. In that case, the $1k/sq.ft to pay for a datacentre build can be funded from opex savings from cloud. They are simply paying a cloud vendor that much.

Quinn's counterpoint is really about venture capital too. His argument is that first-to-market is everything for these types of startups -- that promise of future monopoly profits is *why* Andreessen Horowitz is giving the startup those truckloads of cash. Everything is secondary to building market share, even if that's paying too much for compute, because stopping to re-engineer compute is worse. Quinn's other argument is also very Silicon Valley -- the shortage of "good" people, which really means engineering staff across the current Silicon Valley toolset who live on the US west coast.

This is such a peculiar environment that lessons for those of us outside of the hothouse aren't that applicable.

For a start a more typical business might be more interested in cloud applications rather than cloud compute and storage. There's certainly cost savings in cloud email and specialist applications such as accounting, HR systems, payroll, and client relations.

Secondly, us mortals have a range of choices between the extremes of DIY datacenter build and cloud. There's a lot to be said for the midpoint of hiring racks in a datacenter, and then arranging two diverse dark fibre services to that. There's also a lot of be said for taking the lessons of the cloud, such as easy to provision VMs and containers, and making that available via corporate infrastructure -- in other words, OpenStack.

Re: I Regret that I Have Only One Country to Give for My Money!

The CEO said that their finance system just came back online this week. So they're obviously happy to run the pipeline first and work out the bills later.

It was the production supervisor who used their "stop work" power to halt the pipeline, without reference up the management chain. The supervisor did this because a hack of the SCADA systems which control the pipeline could kill people across the east coast of the USA. When the pipeline was shut down it wasn't clear if the ransomware had got that far, but the production supervisor simply followed the firm's safety policy that people matter first and acted to minimise the risk to people.

As for recovery, that's a fair argument. The pipeline was restarted manually. Using the expertise of long-serving employees from the era when manual operation was the norm. Many of those employees are near retirement age. The CEO said to the Senate Committee that they'll make manual operation part of training going forward.

It took until two weeks after the incident for Mandiant, the contractors Colonial employed, to determine that the SCADA system hadn't been affected. So it's unreasonable to think that someone at Colonial could have made that decision shortly after the ransonware attack. There's a lesson there for SCADA software developers -- it shouldn't be that hard to determine the integrity of the software.

[The facts above are from the CEO's evidence to the Senate Committee, the interpretation is mine.]

Re: want to control what everyone is allowed to say or think.

> He hasn't harassed any women though to my knowledge.

Women employed by FSF gave examples of their harassment on Twitter yesterday. Some women who worked in the vicinity of Stallman's office at MIT gave examples of their harassment in the leaked CSAIL email thread of September 2019.

Across decades, many senior staff at FSF and other organisations have had in-depth discussions with Stallman about his behaviour. Again, yesterday's Twitter has examples.

Stallman's defence of Minsky's sexual assault of Giuffre at Epstein's residence was the last straw -- the catalyst -- rather than sufficient reason of itself.

That the Board of the Free Software Foundation would welcome back Stallman -- there are no words. The threat to the FSF's own staff would alone be ample reason not to do it. Which is why so many other free software organisations are cutting ties with the FSF.

Re: Of course policeman is thinking how to solve the problem

The world deals with "A said, B said" all the time.

Every day insurance companies pay out on your assertion that you owned a good which you now don't have, even despite claims of the likely thief that they didn't nick the item. You can see that for property we've built an "alternative justice system" for property theft to make this crime less traumatic for its victims. The question is why we haven't done the same for cases of sexual assault. Despite many sexual assaults being less suited to the criminal justice system than property crime.

Before we go any further, most sexual assaults aren't A-said, B-said. It's common for one of the parties to have a great deal of corroborating evidence, often across some years. Unfortunately it's rare that this is treated as evidence at the time. If a friend discusses an assault with you, then do them a huge favour and make a note of that discussion.

In the criminal court case you have have at the top of your mind the issue comes down to what sort of evidence is allowed. For example, what is the weight for arguing supporting evidence, is tendency evidence permitted, how difficult is it to join cases. There's still a great deal of double standard in dealing with evidence in sexual assault cases: take alcohol, when a victim is drunk that suggests their evidence is less reliable, but the same argument would never fly for the questioning the assailant's denial. Joint cases is even worse: two women discussing the same experience with the same assailant and then going to police to prevent further harm by this assailant is a prosecutorial disaster: the defence will argue that there was collusion to make a false accusation. An argument which would never fly if the occasion was two businessman in casual conversation discovering a fraudster in common.

The bar for a criminal finding of guilt in a sexual assault case is very high: the High Court of Australia in Pell v The Queen said that sufficient doubt was created by the mere habit of the accused Pell standing on the steps of the church after services, and thus likely not in the sacristy raping the boy. This was sufficient to defend against the boy's excellent recollection. The defence didn't have to show that Pell was on the steps on the particular day in question: testimony from witnesses who saw Pell on the steps a few times that year was sufficient.

So it's pretty plain that the full process of the criminal law is a poor fit to most people's experience of sexual assault. Some alternative path to justice -- not necessarily outside the criminal justice system -- is needed.

Proctoring software, unreliability coupled with high stakes consequences

A common configuration for "online proctoring" software is that being "flagged" by the software halts the online exam. This supposedly prevents people blatantly cheating and selling the exam answers in real time.

Even more moderate conditions still suck. If the software flags the student and then the exams invigilators check the recorded video, and then allow the exam to continue, that's a time penalty which may result in marks lower than the student's actual knowledge and skill.

If the proctoring software fails, then the student's examination is invalid. Putting that another way, better pray your operating system is no good at detecting malware-like behaviour.

Proctoring software usually objects to other people in the room. Students can't reliably take an exam from a public library, or from a share house, or from a room with popstar posters.

The software objects to the student's face leaving the camera's frame. Better not drop a pencil, be harassed by your little sister, knock the laptop lid.

The software does eye tracking, the idea being to detect use of notes. Better not sneeze.

Some proctoring software fails to detect people present when their skin colour has insufficient contrast. Got to love that the "systematic racism" here involves two meanings of "system".

For high-stakes exams the invigilators will often want the laptop's camera taken on a tour of the room. Bedrooms are sometimes too complex a space to pass this inspection. Of course students don't know this until just before the exam.

The presence of proctoring software increases the stakes of already high-stakes exams for students. Why a university would choose to do this -- rather than rapidly redesign assessments -- in the midst of the most demanding teaching year since 1939 says a lot about the relationship of the university to its students. It's also a great illustration that education isn't only what is said in the course.

Hospitals would be attractive for software licensors as they are still open and, notoriously, working at capacity. An audit of software licenses of a shuttered business is more likely to find compliance -- the server and desktops might even be turned off.

It is the software licensee who does the grunt work of collecting the data for the audit. In a hospital context, the hospital's IT staff. An audit is not letting someone in the door and saying "hope your PPE is good", as delightful as that would be. The licensee's staff are safe, working from home, and writing e-mails with references to the contract clauses about software audit obligations.

The cost of an audit to the licensor is low. Basically an e-mail, some administration, and the customer relations staff giving a not-at-all-meant apology.

Whenever I have pressed a software vendor on their audit clauses the sales team have always responded that the clauses would be used "responsibly". That's clearly not the case.

Personally, a software licensor requiring a hospital to do a compliance audit in the midst of a pandemic would, in a better world, have the government solve that issue by issuing a statutory copyright license.

Re: I don't see why Apple would stand in the way of this

Apple sells around 18m laptops a year. Support for Linux would not increase sales by even a percentage point.

The attraction for Apple in allowing Linux (that is, allowing non-secure boot) would to be to avoid entanglement in accusations of monopolistic practices by US hardware and software manufacturers, practices the EU has been traditionally keen to prosecute and China may be increasingly keen on pursuing.

Re: How many companies have to fail at server-side ARM64 ...

What has happened is the major buyers of sophisticated CPUs -- the cloud companies -- want performance per watt as well as performance per rack unit.

Compare the resulting pricing for AWS: Intel US$4.08ph, AMD $3.70ph, ARM $2.18ph. Graviton2 is about 20% slower than the equivalent Intel server, but about half the cost. Remember this is the second release of Amazon's ARM design up against the decades of tuning of Intel's design, and the difference is only 20%. Obviously that difference has further to shrink.

Other cloud providers will be facing similar pricing, but with the advantage that they use more of their compute cycles for their own services. That is, they can more readily re-target their internal services from AMD64 to ARM64 than Amazon's clients can.

I can't see that any company will take the risk of developing a server ARM chip. As you point out, plenty of startups have been burned. So the market will leave that development to the cloud providers themselves, who have abundant engineering resources to turn ARM IP into silicon.

The major difference between now and the past is Intel's years-long failure to deliver process improvements compared with its competitor TSMC. There is little reason to expect that to change. That failure alters the economics for cloud companies. In the past chips with better architecture would have their performance blitzed by Intel's process improvements. DEC's Alpha being an excellent historical example. So there was no incentive for cloud companies to explore CPU architecture. That blitzing-by-process-improvement is no longer in Intel's power to do. An architectural improvement over Intel's microarchitecture is now a long-run win. So CPU architecture is now worth cloud companies' efforts.

None of this is likely to be reflected in the "enterprise server" market. But that market is becoming increasingly odd and continually smaller. In many ways very much like the IBM mainframe business of the pre-PC 1980s. And just as likely to have a nasty surprise.

"Linux has issues with code validation" isn't correct. It is clear where every line of code comes from.

"What would happen without Linus as ringmaster". Linux *has* a succession plan, at the moment that is GK-H. The risk is greater for other OSs: can you tell me who the successor to Microsoft COSINE's Jason Zander is as the engineering leadership for Windows? That's likely to be determined by business and poltiical issues at Microsoft at the time Zander steps down from that role. The same is true for Apple's engineering leadership. I don't know why you demand a different standard for Linux's engineering leadership.

As for resolving competing priorities, the lesson of Linux is that operating systems win by addressing everyone's needs. For example, it turns out that everyone wins if the kernel is capable of realtime scheduling, even if they aren't running a realtime application. Similarly, those small realtime systems win by using filesystems with features initially designed for large enterprises in mind.

"the likelihood of it being aggressively targeted by hackers (both state funded and criminal) is a certainty". Well yes. Because it is has already happened. But you are mistaken that the problem is "all those Application stack DevOps types". The DevOps technologies -- at their heart: easy safe continuous deployment -- makes preventing and responding to security issues much faster. The stronger isolation of Docker and similar technologies is also a win in limiting the fallout from security compromises. The security track record of real world deployment of this technology -- notably in the Google and Microsoft clouds -- is impressive.

Run your own RIP

As the owner of an ancient Samsung ML-1510 laser printer: attach a RaspberyPi to it's USB port. A model with 1GB of RAM or more. Now you can configure CUPS to drive that printer directly (for Samsung, via the gdi driver). But CUPS and Avahi can also represent that printer to the outside world as a IPP Everywhere printer (ie, which is sent PDF files, which is discoverable using mDNS). Which means driverless printing and easy printer discovery from laptops, tablets and phones.

Looking at that another way, it's basically a return to the start of the PostScript era, where the RIP (raster image processor) was a computer separate to the print drum. With the RPi RIP having 1GB of RAM it can print the most complex of PostScript jobs at full printer resolution (for the ML-1510 that hardware is 600 x 600 x 1bit gray but 1GB will also cover 1200 x 1200 x 4bit-gray rasterising and using a RPi to do that was cheaper than a RAM upgrade for my household's other printer, a Samsung SL-M4020ND -- not a recommended purchase).

Re: Latest from the PM

The UK won't "become like Australia". Because we *do* have a comprehensive low-friction trade agreement with our nearest neighbour -- the Closer Economic Relations treaty with New Zealand (and our Constitution has an invitation to New Zealand to join the Commonwealth of Australia). We also have a trade agreement with our next-nearest neighbours, the ASEAN-Australia-New Zealand Free Trade Agreement. As you'd expect we also have FTAs with major trading partners like USA, China and Japan. These treaties are the result of over twenty-five years' sustained effort. Ironically an effort initiated by the UK ending Commonwealth Preference to join the EU (which caused an economic crisis in Australia).

Australia doesn't yet have a trade agreement with the EU. The issues there are around agricultural goods, and especially the ever-increasing application by the EU of 'appellation' to limit competition. So trade with the EU occurs on WTO terms. This is no great drama for Australia as the EU is on the other side of the world -- and thus not tightly integrated into production chains. Whereas for UK firms European firms are a few hundred kilometres away and production processes have become tightly interwound.

Australia's situation is in no way comparable to a UK having no trade agreement with the EU and seeking to trade with close-by nations under WTO terms.

Read patent claims from the back if your trying to understand the invention

You read patent claims backwards. The later claims are the more specific and are the relevant claims. The earlier broader claims are a legal tactic. Once in a while litigation does result in one of the earlier broader claims being accepted, which is one of the many reasons why patent law is such a mess.