* Posts by Jon 37

694 publicly visible posts • joined 28 Nov 2009

Page:

UK energy watchdog slaps down Capita's £130M smart meter splurge

Jon 37 Silver badge

Re: The real reason the UK government wants smart meters

> How does making "non-important" people cold benefit them?

It prevents the entire electricity grid from collapsing if there is insufficient generation.

Third world countries often have rolling electricity blackouts due to insufficient generation. The UK can of course do that, by turning off parts of the grid, but that would affect everyone in an area.

Smart meters allow the blackouts to be targeted to individual houses.

The UK has got rid of it's big reliable coal power plants, and the reliable nuclear fleet is aging out and retiring. Simultaneously, the government is pushing for electric cars and electric home heating (heat pumps).

This leaves the UK massively reliant on gas power stations, using half imported gas. There is a lot of wind and solar on the grid, but neither are reliable sources of power - you can't decide to turn them on during a calm wind-less evening.

BOFH: Don't threaten us with a good time – ensure it

Jon 37 Silver badge

Minor nitpick: In many countries, such as the UK, the life insurance pays out to a named beneficiary. It's nothing to do with your will. (Maybe there are countries that do it differently?)

The reason for that is that your will divides up your "estate" - everything you owned. Many countries, including the UK, tax estates. So if the life insurance money went into that pot it would be taxed. By paying it directly you avoid that tax. Also if sorting out the estate takes a long time, that doesn't delay the life insurance payment.

Sysadmin shock as Windows Server 2025 installs itself after update labeling error

Jon 37 Silver badge

Re: Wot? No testing?

Lots of small and medium sized businesses don't have the hardware and staff to test every small Microsoft security patch. And delaying the rollout is a security risk.

So rolling out security patches automatically can be the least bad option.

Intel sued over Raptor Lake voltage instability

Jon 37 Silver badge

Re: First world problems

Yes. If you are using RAID in your motherboard, what happens if the motherboard dies? If it's implemented right, you should be able to move the disks to a different motherboard of the exact same model. If it's not implemented right, you may not even be able to do that. Moving the disks to a different model of motherboard... no idea if that will work. No idea if motherboard manufacturers document their disk formats to make life easier should you need data recovery.

(If you have 4 disk RAID 5, then data is striped across 3 disks and the fourth is parity. Fine. But what order are the 3 data disks in, and which disk is parity? Sane RAID 5 implementations will write this information to one of the blocks on the disk. But there's not one standard format for that, so no guarantee of compatibility if you change controller/motherboard. And insane RAID implementations may not write that to the disks at all, just store it in the BIOS's persistent settings).

If you're using RAID at the OS block layer or filesystem layer, then those questions have well documented answers - of course you can move to a completely different motherboard.

Microsoft turning away AI training workloads – inferencing makes better money

Jon 37 Silver badge

Re: How does even an AI fantasist think this makes commercial sense?

Your suggestion of 10% profit and 20 years payback is nonsense.

If you ignore the costs of buying the PCs and building the data centers (the thing they spent $20b on), then the only real ongoing cost is power and a tiny amount of staff costs. On that accounting, almost all the revenue is "profit". Far more than 10%, more like 90%.

So 2 and a bit years to break even. Maybe 3 years at a stretch. Which is fine. The servers will probably last 5+ years, and the data center itself will last decades.

UK gov report to propose special zones for datacenters, 'AI visas'

Jon 37 Silver badge

Re: Data Centre Locations

They're leaking, they're not going to fix that leak, and it will take a decade to empty them, according to current plans. I'd rather people didn't throw more junk in them. Please.

Beijing claims it's found 'underwater lighthouses' that its foes use for espionage

Jon 37 Silver badge

USS Jimmy Carter

America has a submarine specially designed for sneaky underwater operations. So I would be surprised if they **weren't** dropping surveillance devices near "Chinese" waters.

The USS Jimmy Carter is the fourth in a series of such submarines that the US has operated over the decades, and they're now building a new one.

Note that the Chinese claim to "Chinese waters" is much larger than the rest of the world thinks they should get.So America can claim to be legally surveying what it considers international waters, while inside waters that China claim.

The reason for that discrepancy is partly because China has been building artificial islands and claiming the sea around those islands. And partly because they claim natural islands that other countries also claim - and China has been building military bases on some of them.

China has been running a major operation dredging up sand from the seabed to create and expand islands there, and building bases, for many years. They clearly aim to be so well entrenched that the rest of the world can't do anything about their claim to basically the entire South China Sea.

Wanted. Top infosec pros willing to defend Britain on shabby salaries

Jon 37 Silver badge

Re: Pay grades

I'm sure they know, but don't have the power to change it.

Huawei's farewell to Android isn't a marketing move, it's chess

Jon 37 Silver badge

Re: A dumb move ?

The best for the consumer would be an open standard for apps. Any app written to that standard could work on any phone from any manufacturer. Any phone built to that standard could run any app.

Apple is clearly not open. Only Apple can make phones that run iOS apps.

Android is part way there. There are apps and phones from multiple manufacturers. The issue of the central app store is being addressed. The big remaining issue is that Google forces their apps on Android phones, and also deliberately designs Android to not work without their apps. (E.g. location services).

Ex-Intel board members make an ill-conceived case for spinning off Foundry

Jon 37 Silver badge

Re: China

The environmental costs wouldn't be lower, just moved to be someone else's problem.

Well, the dollar cost of complying with environmental regulations may be lower at the cost of more environmental damage.

If the US thinks that level of environmental damage is ok, why does it have regulations against it in the US? If the US thinks that level of environmental damage is not okay, why does it outsource manufacturing to countries where it will happen? Oh, because everything is about what's good for the US, they don't care about the rest of the world.

Drone maker DJI sues Pentagon over ‘Chinese military company’ label

Jon 37 Silver badge

> should DJI be required to by the Chinese government, it would push such features as an OTA update

Yes. But maybe you don't understand your local law. This is normal in many countries.

For example, here is an article about the UK law that says UK companies and employees can be ordered to do that sort of thing:

https://www.theregister.com/2017/08/10/gchq_techie_deputisation_powers/

Under US law, the US government can require a US company to give it any data it has, any where in the world. A hosting provider can be required to copy customer data from a data center in Ireland and give a copy to the US government. Under a US warrant without telling the Irish authorities.

Source: https://www.theregister.com/2018/04/03/us_government_serves_microsoft_with_fresh_warrant_for_irishheld_emails/

Now, many people would say that this kind of law is unreasonable. (I would). But the UK and US governments clearly don't think it's unreasonable, because they have that kind of law.

That leads to the conclusion that the US are just blocking Chinese companies because of blatant protectionism. Or that they are totally two-faced - "it's okay for us to spy but not anyone else."

Developer pockets $2M in savings from going cloud-free

Jon 37 Silver badge

Re: Yawn

You and the other reply are missing the point about Comic Relief. It's a very bursty load.

That big burst of load for one day, if you went "on premises", requires buying a lot of servers sized for the max load, and having them sit idle the rest of the year. That is expensive.

Renting server capacity in the cloud is a much cheaper option. And using one of the cloud services such as serverless, which automatically scales up and down as needed, is an even better option because you don't need to predict your peak load as accurately.

As with everything in life, there is not one solution for everyone. Not cloud, and not on-premises. Use the best solution for the problem you're trying to solve.

Top-secret X-37B space plane ready for daring new orbital maneuver

Jon 37 Silver badge

Re: "Or theoretically even grab it, "

Decades ago, the US covertly salvaged a wrecked Russian submarine in deep water. That could have been seen as an act of war too. But it happened.

Before spy satellites were good, the US routinely sent spy planes over Russia, Cuba and other enemy countries. That could have been seen as an act of war too. But it happened.

The US is publicly discussing how to protect it's satellites against foreign satellites. And has plenty of classified satellites. The US likely has the capability to get one of it's satellites close to an enemy satellite, to inspect it. That's likely one of the things that their X-37B spaceplane can do, although I expect they have dedicated satellites for that too.

Jon 37 Silver badge

Service module destruction

Dropping the service module in a low Earth orbit, it will gradually slow down due to drag from the really thin atmosphere up there, then re-enter and burn up in the atmosphere. The international standards say it has to do that within a few years. But an adversary could inspect it during that time. Possibly even manoeuvre one of their satellites close for close up pictures. Or theoretically even grab it, perhaps have an astronaut pull out the interesting bit and return it to earth. That would be very difficult, but is not impossible, so national security people could worry about it.

For the new mission, they can drop the service module in an orbit which goes much lower. That way, the service module won't survive very long, it will rapidly burn up, likely within a day or two and possibly within an hour.

Datacenter CEO faked top-tier IT reliability cert to snag $10.7M SEC deal, DoJ claims

Jon 37 Silver badge

Or just read the name on the certificate saying who issued it, and realise it's not the one body you trust to issue certificates

Opening up the WinAmp source to all goes badly as owners delete entire repo

Jon 37 Silver badge

Re: which permits forking but prevents distribution of modified versions

That's not how the GPLv2 works. Including GPLv2 code does not automatically change the license of your own code.

Including GPLv2 code in a proprietary application, and then distributing that application, is copyright infringement. Whoever wrote that GPLv2 code can sue, and get damages and an injunction against further distribution. Just like if someone stole some proprietary source code and used it.

Now, the copyright holder could settle out of court. And might agree to do that if you GPL'd your own code and paid their legal costs. Or they might not. Up to the two parties involved to negotiate a mutually acceptable outcome.

If you want to avoid copyright infringement, then one option is to relicense your proprietary software as GPLv2 before you distribute it. But that would have to be your own choice. And once you've infringed the copyright, it's too late - you lose your rights under the GPLv2 and can never use that GPLv2 code again unless the copyright owner gives you special permission.

Jon 37 Silver badge

Re: Simplest solution

It's only "superabundant" once it's been created. The process of creating it is expensive. That is why Copyright exists: It gives authors a limited time to profit from their work, and then their work enters the public domain. This encourages people to make stuff.

You might say that modern Copyright law is ridiculously long, the term should be shorter, and I would agree with you. You might say that when a program enters public domain, the source code should be made available too, and I would agree with you.

But the idea of Copyright is not evil. It's there for a good purpose, even if it has been partly subverted by modern corporations. It could be fixed, if there was political will to do that (which will never happen).

Sysadmins rage over Apple’s ‘nightmarish’ SSL/TLS cert lifespan cuts plot

Jon 37 Silver badge

Re: ... a vote among Certification Authority Browser Forum (CA/B Forum) members

They don't need it in their bylaws, because it's the law.

Just like they don't need "don't murder people" in their bylaws.

Anti-trust laws mean that industry organisations where companies conspire to harm their customers are illegal. However, industry standards are good for consumers. So meeting solely to create a standard that is a benefit to consumers, is allowed under the law.

You want a choice of browsers and CAs.

Server operators are consumers of certificates. They want a choice of competing CAs to buy from. To be a good CA you have to be accepted by most browsers.

So it's good to have a standard for "what a CA needs to do to be accepted into a browser". And it's good that all the browsers agreed to have mostly the same standard (though there are some browser specific bits on top). This is good for competition in CAs

End-users want a choice of browsers. To be a good browser, it has to support the CAs that are used. So a standard that makes it easier for a CA to be in every browser is good for competition in browsers.

So the CAB forum is legally obliged to ensure it's standard provides a benefit to server operators and end users.

However, let's remember that the point of certificates is security. So the rules have to ensure that TLS is actually secure. This is good for both ends users and server operators. It is a clear benefit.

There will always be a tradeoff between security and other factors. And for an Internet wide standard like CAB Forum, it's really hard to come up with a solution that is perfect for everyone. There are compromises.

Is this proposal the right balance? I don't think so. But I mostly respect the people who are mostly trying their best to make the Internet secure.

Jon 37 Silver badge

If the browser your users are using rejects the SSL certificate, then your users can't get to the site to see your "use a different browser" message. They just see a browser provided error page. (Maybe the browser allows the user to click through to the site, but maybe not. And there will be scary warnings from the browser).

Also, all CAs have to follow CAB Forum rules or face expulsion from every major browser. So if CAB Forum approves this, then your CA will just stop offering long lived certificates from their existing Root Certificates.

Theoretically a CA could create a new root, not trusted by the major browsers, and just the alternative browsers could support it. That wouldn't have to follow the CAB Forum rules. But that doesn't sound like a good business plan to me.

Jon 37 Silver badge

We already use a separate temporary key for each TLS session, negotiated using DSA or ECDSA. So a stolen key doesn't break the security of past connections, only future ones.

We already have OCSP, which would allow the certificate for a stolen key to be revoked. Although it's not possible to actually use, because it is slow and unreliable, and also a privacy problem. Your browser has to ask the CA if the certificate is still valid every time you visit a site, with the response being kept for a couple of days before your browser has to check again.

We already have OCSP Stapling, which no-one uses, but would fix most of the problems with OCSP, at the cost of requiring every old HTTPS server to be updated to support it. The web server gets the OCSP response from the CA and sends it to the web browser. That fixes the privacy problem, and mostly fixes the performance and reliability problems. The response from the HTTPS server is a bit bigger, so slower. And if the OCSP server ever goes down for more than 2 days that would cause an outage.

Shorter certificate lifetimes can be sold as compatible with existing HTTPS servers. But it actually requires extra automation, so it isn't really. It also adds another reliability issue: If the CA stops issuing certificates then websites will go down. At the moment, people renew certs well before they expire, so have plenty of time to fix any issues. With the proposed changes, they would have much less time.

Also, automated systems that can renew certificates, open up the risk of attacks on those systems to get certificates for the attacker.

If we're going to break most existing HTTPS servers, then I'd rather have OCSP Stapling.

UK ponders USB-C as common charging standard

Jon 37 Silver badge

Re: What next?

> Interestingly, USB doesn’t really help, as you still need to double check wall wart and cable are correctly rated.

In theory, a USB-PD device can check that the wall wart and cable are correctly rated. And either charge slower, or just not turn on. And could indicate that to the user.

In theory. Whether anyone implements that properly in practice is a different question.

The .io domain isn't going anywhere anytime soon amid treaty

Jon 37 Silver badge

Wouldn't you make countries use the proper code, such as .gb for the UK? The migration from.uk would be... challenging.

DoE awards next-gen nuclear fuel contracts backwards

Jon 37 Silver badge

The enrichment step shouldn't be that different from the enrichment that's already happening. Just run it through the centrifuges more times.

UK's Sellafield nuke waste processing plant fined £333K for infosec blunders

Jon 37 Silver badge

Theatre

One government department fining another government department. The money will go from Sellafield to the Treasury, then come back to Sellafield next year. Nothing really happened.

Sellafield gets government money to do stuff. That stuff still has to be done, and still has to be paid for. So they need the fine money back. They will have to get more money from the Treasury to make up for it. Either by getting larger budget, or by delaying stuff so they get the same annual budget over more years.

It's theatre so they can pretend someone was punished. There's no real punishment there. No consequences.

Jon 37 Silver badge

Re: This is nothing compared to the NHS

Like the ICO would actually care?

SAP support auto-renewal gotcha: Do nothing now, pay for another year

Jon 37 Silver badge

They sell an ERP system. That's a massive database to hold all the data needed for your business processes, and applications to use it.

For example, one ERP system will give you all the systems that your finance and HR teams need, plus generic management, timesheets, purchasing, payroll, production planning, etc etc. If you can imagine "generic business" needing it, it'll be an option.

This does have some advantages compared to buying the best solution for each task. All the parts work together, there's much less duplication of data across different systems, and you can run analysis across all the systems to see how your business is doing and where you can improve.

However, each part is usually worse than a standalone system that just does that job. And it may not fit how you were working before adopting the ERP system, so you either spend millions on customisation or just change how your business works to match the software.

And changing ERP system is a huge, expensive risky project that has bought down companies. Even upgrading can be a nightmare, if you have customised the system.

UK government's bank data sharing plan slammed as 'financial snoopers' charter'

Jon 37 Silver badge

What about government errors?

How about protecting vulnerable claimants from debt caused by the government overpaying them then demanding the money back after it's spent? Despite multiple queries from the claimant, each time the government assured them that the payment was correct.

Or how about tackling errors where the DWP underpays, allowing people to claim what they should have been paid?

The current law is all overpayments have to be repaid even if it was clearly the DWP's fault. And no retroactive claims for underpayments.

AT&T intends to quit VMware, Broadcom claims in legal broadside

Jon 37 Silver badge

Re: CCP inside

Migration takes time. And they didn't need to rush, they knew they could extend their support for 2 years using the extension clause in their contract.

Jon 37 Silver badge

Of course AT&T are leaving VMware. That was obvious from the original filing. You don't sue a supplier to insist they provide support for 2 years, unless you plan on stopping using them before the end of the 2 years. That's just common sense.

But migration will take time. They can't just instantly do it, although they may want to.

So their contract has an option to extend support for 2 years. That gives them time to migrate away. They are trying to use that option.

Broadcom are saying they offered to sell them a 5 year contract for the new version and support for that new version. Well, that's going to be insanely expensive compared to the 2 years of support (for already-purchased software) that AT&T want. Of course Broadcom are happy to offer that, and of course AT&T don't want it. It's also not what (AT&T say) the contract with AT&T says they have to offer.

A huge week for satnav as both China and Europe make generational launches

Jon 37 Silver badge

Re: SpaceX?

But all of that is because they decided to stop making A5 hardware before A6 was built and tested.

If they had wanted to, then they could have kept the A5 production going.

The empire of C++ strikes back with Safe C++ blueprint

Jon 37 Silver badge

For C programmers, since all the world is C, gradually moving to Rust requires bindings to existing C code. Staying in the C world does not require those bindings.

If you live in the Rust world, then you will have a different perspective, where all the world is Rust and you use native Rust libraries, including libraries that wrap the few C APIs that you use. You don't need to write bindings.

Different perspectives, different worlds, both valid.

FCC boss starts bringing up Musk's Starlink dominance, antitrust concerns

Jon 37 Silver badge

Just a few years ago, few commercial payloads wanted to risk a "second hand" rocket. These are big expensive satellites, they didn't want to take that risk. So if you're SpaceX, and want to launch rockets until they break to prove your reliability, what do you do?

SpaceX responded with an in-house payload that was mass produced, so if a few launches failed it wouldn't be a problem. And a payload that could earn them significant money in future. That payload was Starlink.

Were the launches cheaper than a regular launch? Sure. But the alternative was a dummy payload, or such a steep discount that it would cannibalise their regular launch prices.

Starlink still helps SpaceX keep their launch tempo up. It also gives them a safe payload if they need to flight test a launcher change.

Pentagon has little to show for two decades of GPS modernization work

Jon 37 Silver badge

Re: I can see part of the problem ;)

Due to the way GPS works, it gives you your position, course, speed, and the current time. So "Positioning, Navigation and Timing" in the name of the office basically means GPS. So the whole office name translated from bureaucratese to English is "the GPS management".

As for the various "Codes", GPS satellites transmit different signals, called "Codes". Newer ones will work better. Whether that is more accurate, more resistant to jamming/spoofing, or whatever. Some Codes are encrypted so are only for use by the US military. So I guess this is a better signal for use by the US military. The satellites will still transmit the old codes too.

White House seizes 32 domains, issues criminal charges in massive election-meddling crackdown

Jon 37 Silver badge

Re: Card or cash?

Even if you did buy Trump, and even if he wanted to stay bought... I don't think he's smart enough to do what he's paid to do. He regularly talks without thinking.

(Edit: after re-reading your post, I think that's what you meant by disciplined. So I agree).

Jon 37 Silver badge

Re: Progress and Economic Growth

There's a benefit to having native US English speakers helping to produce the content. Especially for video content, you want an American with an American accent to front the video. But even for written content, a native speaker can help. I would assume that is why they were based in the US.

WHO-backed meta-study finds no evidence that cellphone radiation causes brain cancer

Jon 37 Silver badge

There's no logic to the craziest.

SpaceX set to surpass Gemini 11's altitude record with Polaris Dawn mission

Jon 37 Silver badge

Re: Bad choice of comparison

The lack of escape system is going to be a problem.

The idea that the system can be safe without one, is one of the things that killed the astronauts on Challenger.

I don't believe that a rocket can be that safe, no matter how much testing you have done

(If you want to say that Starship is for Earth orbit to Mars and then back to Earth orbit, then fine. Use a Crew Dragon for human launch from Earth, and have the astronauts switch to a Starship in orbit. Then after their mission, have them swap back to a Crew Dragon for re-entry to Earth).

Rocket Factory Augsburg engine test ends in explosion at SaxaVord spaceport

Jon 37 Silver badge

Re: Rocket Engineering is still hard

To explain, for those who haven't come across it before: The Tsiolkovsky rocket equation relates how fast your rocket goes to the wet (fuelled) mass of the rocket, the dry mass (after you've burnt the fuel), and to how good your rocket engine is ("Isp", measured in seconds).

A safer engine will be heavier, giving a higher dry mass, which either directly reduces your cargo capacity or significantly reduces the speed your rocket can get to.

A safer engine might also have a lower Isp, with the same effects.

https://en.m.wikipedia.org/wiki/Tsiolkovsky_rocket_equation

City council faces £216.5M loss over Oracle system debacle

Jon 37 Silver badge

The council are legally required to have a financial system, so they can file audited accounts. They do not have that. They are breaking the law.

They are legally required to spend the money to fix that.

Now, you could question whether they are going about fixing it the right way. (I would say not). But they do have to fix it.

NIST finalizes trio of post-quantum encryption standards

Jon 37 Silver badge

1. RSA is broken by quantum computers, no matter the bit length. The problem is that the difficulty of breaking RSA on a classical computer increases massively as you increase the bit length, but the difficulty of breaking it on a quantum computer only increases a little bit.

2. I'm not sure, but particularly paranoid people can double encrypt with one of the new algorithms AND one of the existing, proven algorithms. That way, you know that you're not making things worse, because an attacker has to break both algorithms to decrypt your data.

3. The math is specifically designed to make it hard for quantum computers to attack them, while still making it possible for existing computers to use the algorithms.

Intel: Our balance sheet is a smoking ruin, but we think our new chips work

Jon 37 Silver badge

Re: Spin

They may not have them yet.

It's perfectly normal for the first samples of chips to have bugs that need to be fixed before you can proceed further. These chips are insanely complex.

"It boots an OS" is a step before "it runs reliably", and that's needed before you can run all the benchmarks. And after that, you look at optimizing things so the chip runs as fast as possible. Only then do you have performance numbers that will match the final chip.

Nvidia's subscription software empire is taking shape

Jon 37 Silver badge

Re: shareholders

Being "fabless" is perfectly normal. Most high end CPU and GPU companies are fabless, with the notable exception of Intel.

Manufacturing chips, and designing high end chips, are very different skills. It's perfectly reasonable to specialise.

The same way that no electronics company makes it's own PCBs, that gets outsourced to a company that specializes in that process. (The electronics company likely populates the components onto the PCB, but doesn't make the actual PCB).

As far as capacity limits go, of course every manufacturer has capacity limits. You can plan and invest to avoid those issues. This is the same for in house and outsourced manufacturing.

And similarly, the natural disaster risk applies both to in house and outsourced manufacturing.

Intel to shed at least 15% of staff, will outsource more to TSMC, slash $10B in costs

Jon 37 Silver badge

Re: Intel Share Price

I disagree.

Intel foundry is dying. Intel are outsourcing more and more. TSMC taking more work from them will help kill Intel Foundry, leaving Intel dependant on TSMC for future chips.

I know that Intel has said they will bring processor manufacturing back in house in a couple of years. However, they have to say that, they can't admit that Intel Foundry is dying. And it's likely that the senior people even believe that, it's normal for every layer of management to report a slightly better story to their managers, so the top levels frequently think everything is good when it isn't.

At some point, Intel will realise that it can really save money by ditching the risky, capital intensive Foundry business, and becoming a fabless semiconductor manufacturer. What's more, that would give it a big one-time boost as it sells off it's Foundry assets.

DigiCert gives unlucky folks 24 hours to replace doomed certificates after code blunder

Jon 37 Silver badge

The thing is, the rules are the rules. Security is important, CAs cannot just make it up as they go along. If CAs were allowed to do that, then they would make choices that increase their profits but reduce security on the Internet for all of us. We know this from how CAs behaved before the CAB Forum rules existed.

If you want a longer duration, then you can ask CAB Forum to change the rules for handling future incidents. Including clear rules for when a longer duration is allowed and when it's not. Writing such rules is really hard.

However, for now, CAs must follow the rules as written. CAs that break the rules can be removed from web browsers, which is basically a death sentence - all their certificates stop working.

I'd also note that the problems caused to customers, are because they chose a CA vendor who wasn't following the rules. (Although they didn't know that). If this causes some customers to seek a refund, or switch to a different CA, then that is the market punishing the CA vendor for not following the rules.

Tesla asks customers to stop being wet blankets about chargers

Jon 37 Silver badge

Re: We've asked Tesla to comment. ®

You prevent battery thermal run away, by monitoring battery temperatures. There is also active cooling (similar to air conditioning) of the battery.

You prevent the user from burning themselves on the charger handle while unhooking it, by monitoring charger handle temperatures.

So they have BOTH sensors.

There is no active cooling of the charger handle. So sometimes, if it's hot weather and the charger handle starts off toasty warm due to the sun, the charger handle temperature is the limiting factor. You have to slow down charging to avoid having a dangerously-hot charger handle.

If it's cold weather then the charger handle temperature is low enough that it doesn't make a difference. Something else will be the limiting factor in that case.

SpaceX Falcon 9 set for comeback after upper-stage failure

Jon 37 Silver badge

Bad Car Analogy

Your car probably has a rev counter, a speedometer, and a sensor for the current gear. Any one of those sensors is mostly redundant, you could usually figure out the reading by looking at the other two sensor readings. There are times when having all three sensors is helpful. However, if a car manufacturer discovered that one of those sensors was randomly making the car explode, then they could remove that sensor and just calculate the value in software from the other two readings.

[Car speed] = [engine speed] x [gear ratio for current gear]; or [engine speed] = [Car speed] / [gear ratio for current gear]; or [gear ratio for current gear] = [Car speed] / [engine speed].

(Pre-emptive nitpick: There are laws saying that there has to be a speedometer. I'm ignoring that for this example).

Jon 37 Silver badge

Re: Sigh

> Yeah they could be inspecting all the other lines and clips after this event

They did. From https://www.spacex.com/updates/#falcon-9-returns-to-flight :

> An additional qualification review, inspection, and scrub of all sense lines and clamps on the active booster fleet led to a proactive replacement in select locations.

Boeing Starliner crew get their ISS sleepover extended

Jon 37 Silver badge

What are the astronauts doing?

So what are the astronauts doing?

Is this like an unexpected space vacation for them? Just chilling out and looking out the window at the Earth?

Or are there jobs around the ISS that they are helping out with, despite not being trained for a long stay?

Or was this contingency planned for, and they were trained before launch to perform lots of useful tasks on the ISS just in case this happened?

I can't imagine that they are that involved in debugging the capsule, I would imagine that's mostly done by ground control?

CrowdStrike blames a test software bug for that giant global mess it made

Jon 37 Silver badge

Re: According to Microsoft...

This is a driver that will be intercepting calls to the Windows kernel from any thread, so thread level protections don't save you.

The plan for recovery from a bad pointer dereference in the kernel is:

1) Hope it gets detected by accessing an invalid page.

2) Assume that something is already corrupt. Crash the computer (BSOD) to prevent things getting worse and destroying more data.

3) Reboot. Hope that fixes it for long enough for a human (or script or automatic update) to replace the faulty driver.

4. If stuck in a reboot loop, automatically disable all the non essential drivers. Hope that the system boots that way. Then a human (or script or automatic update) can replace the faulty driver.

5. If still stuck in a reboot loop, it's going to need human intervention at the console.

In this case, step 4 would have saved the day, but it failed because CrowdStrike decided their driver was "essential".

Jon 37 Silver badge

Re: Not sure what language they use

The Windows kernel is written in C. C itself doesn't have exceptions at all. Although Windows does have an exceptions mechanism that's kludged in there.

But, that's the wrong solution.

In C, you can write to a wild (invalid) pointer, and that might be caught by the OS or might just write to a random bit of RAM. In the kernel, you can corrupt any RAM that way, causing some other part of the system to go wrong (perhaps much later) in an unpredictable way.

So, you absolutely have to write your code correctly so it doesn't try to write to an invalid pointer. This is not optional. If you're doing that, then you can use the same techniques to make sure you don't read from an invalid pointer.

And once you've done that, you don't need to try to catch exceptions from using invalid pointers. And you shouldn't even try, because there is nothing sensible you can do if you catch one.

If you're a C# or Java programmer, then you might not have come across the concept of invalid pointers. One of the big improvements in those languages, is that they ensure that pointers are valid. They don't have raw pointers, instead they wrap them in object references and arrays. That makes this entire class of bugs impossible.

Rust also makes this class of bugs impossible, which is why the Linux kernel is introducing Rust for some parts. (Both Java and C# use a "garbage collector", which does not fit in an existing kernel easily. Rust doesn't, which makes it a better fit for gradually converting past of an existing kernel to a safer language).

Page: