Posts by Jon 37

The bosses assume that the existing customers will stay, just because, so the bosses prioritise "new shiny".

Re: ???

People: We don't trust banks, we want to entrust our money to rules set out in a computer program, which are impossible to bypass. Normally the rules would be impossible to change, but the computer program we're using has this amazing new feature: a software update routine! If the majority of people using this computer program agree, we can upgrade it to a new computer program with different rules!

Later: Oh no! The computer program had a bug in it's software update routine, now we can't update it! Whoever would have thought that a computer program that hadn't been reviewed or properly tested would have a bug in it?!!!

The SNI is encrypted ... with a key that the client got from DNS. So all you have to do is MITM the DNS traffic to replace that key with one you know.

Browsers do DNS-over-HTTPS to try to stop that, but they can't use ESNI for the connection to the DNS server (there's a chicken-and-egg problem), so you can intercept and forge that initial connection to the DNS server. (Assuming you have subverted a CA or have installed your own CA root certificate on all devices - but that's necessary for all TLS interception).

Re: And yet...

The difference is that wheely chair wheels have a standard connection, allowing mass production and competition between wheel-makers to drive down prices. Apple chose not to put that standard connection on their Mac Pro.

So OWC have had to produce an adaptor consisting of two CNC-cut pieces of stainless steel, each threaded, and each with a different piece of plastic attached to them. There are four of those adaptors in the kit, one for each wheel. This is being sold in relatively small quantities, so the custom adaptor will be expensive. It looks like OWC are using standard mass-produced wheels, the adaptor is the expensive part.

Re: Weird objects showing signs of being both Melty and Non-melty origin?

Stuff gets melty as it falls through the atmosphere because the outside layer gets heated up, making the outside melt.

If I understand the article correctly, they found melty on *inside* bits. So not from falling through the atmosphere.

To refurbish ocean-dunked fairings, you still need the nitrogen thrusters and parachute to arrange for the fairing to survive re-entry and hitting the sea. And you still need the ship, with a crane and a dive crew to pull the fairing out of the sea.

So catching them in a net, the only extra costs are the steering and release mechanisms on the parachute, and the cost of the net. If that reduces the cost of refurbishment even a bit, it's probably worth it. And you avoid having to send divers to attach the crane to the fairing, that removes a risky operation (diving is mildly dangerous).

Isn't the US penalty for that a full disability pension? (Due to the PTSD caused by committing murder and getting away with it).

Re: Slackbot is the worst

The options are:

* Pay for Office and Slack, don't use the bundled Teams

* Just pay for Office, use the bundled Teams.

Why pay for Slack when we have Teams already? So long as Teams is "good enough", it wins simply because Microsoft have a monopoly on business word processors, spreadsheets and presentation software (Word/Excel/Powerpoint).

If Microsoft sold Teams as a separate product, then that would be different - they could compete with Slack on their merits.

(The free Slack isn't suitable for heavy use, the history gets too short as the volume of messages increases. Which, I'm sure, is by design - Slack has to make money somehow, if everyone just used the free version they'd go bankrupt).

Re: Double Key Encryption

Most users suck at security. If the user key leaks, their data is still protected by Microsoft's security.

Also, this is probably built on top of the pre-existing way of working, which was "everything is protected by Microsoft's security". Adding another layer of encryption won't make anything worse. Changing things may make things subtly worse in ways not realised until someone hacks it in a few years. What's worse, having the underlying mechanism change depend on whether the customer is using the "customers's keys" option makes that code more complex - and hence more likely to have bugs, and much more difficult to review or to security audit.

So this way is probably more secure.

Re: ELI5 please

There are three ways to store your bitcoin:

1) In your own "wallet" where the private key only exists on a USB stick which you keep securely. (If you're sensible, two or three copies of that USB stick in safes or bank vaults in different buildings). You run the "wallet" program on your own computer. This way is a good idea for large amounts of savings, where you're not going to make withdrawals often. You can still make deposits, using just your public key which is part of the public record.

2) In your own "wallet" where the private key is stored (perhaps encrypted with a passphrase) on your personal computer. You run the "wallet" program on your own computer. This is safe unless you get a virus. This way is a good idea for your "current account" equivalent.

3) In an exchange. These are companies with a website that will run a wallet for you; they allow you to transfer funds into your wallet, make payments from your wallet, and convert bitcoin funds to or from dollars or other real-world currencies. They are effectively a bank, but without any regulations or insurance. If you want to convert bitcoin to or from dollars you'll have to set up an account with an exchange. Storing large amount of funds in an exchange for a long period of time is a really bad idea. There are plenty of stories of exchanges running off with people's money, either as a deliberate scam or because they were incompetent and their bitcoins were stolen and they went bankrupt. Your individual account can also be hacked into and your money stolen, if someone can get your username, password and any 2FA authentication that you've set up. That's what seems to have happened in this case.

Dispite the fact that option (3) is the worst and least secure option, it's also the most convenient. So most people store their Bitcoin that way.

Re: I can help.

The BIOS has a separate implementation of a scroll bar, too. (Possibly text mode).

Re: Apple is going to write off all ...

No, it sounds like Microsoft has taken an "all or nothing" approach. In future either a language will be fully supported across all the Microsoft Office apps, or the language won't be supported anywhere. These languages were supported by Outlook but not all the rest, and Microsoft decided to drop support rather than translating Word / Excel / Powerpoint / etc into those languages.

I expect that translating Word / Excel / Powerpoint / etc, and keeping those translations up to date, would cost a big chunk of time and money. Microsoft obviously believes that dropping these languages is better for the bottom line than doing those translations.

Re: I hope it's a good result

Paying sets a precedent. If that's your policy, anyone can threaten you with a patent lawsuit that they stand no chance of winning, and then offer you a settlement that's less than the cost of litigation.

Apparently the cost of litigating a patent lawsuit is in the region of $1m+, hence the trolls in this case asked for a 5-figure sum to go away.

If your policy is to pay, that will be very expensive as lots of trolls line up to take your money.

If your policy is to fight, get the patent invalidated, and get costs and damages from the troll, and if you have the resources to be able to follow through, then most trolls will run away rather than be destroyed. As happened in this case.

Re: In keeping

Too vague - could be MS, Google, Facebook, ....

Re: someone explaining

Power is sent over large distances across the cables. You just have one power wire in the cable, and the amplifiers are wired in series. So for a US-UK fibre, the landing station in the UK might generate +1000V DC, with the 0V line from the power supply connected to the ground. Then the landing station in the US generates -1000V DC, with the 0V line from the power supply connected to the ground. This gives 2000V (less the ground return losses) across the cable, which has to cover all the losses in the cable and power all the repeaters. (I forget the exact voltage I read about, but I think I got the number of digits correct).

Also, modern amplifiers don't use light->electricity->light conversion. They have fully optical amplifiers.

So they use electricity to power a laser, and that laser light goes into a magic box that works in ways I don't understand. The incoming signal goes into that magic box and the amplified (i.e. brighter) signal comes out.

Re: Probably just as well, given how much RAM it uses..

Windows 10 32-bit doesn't support more than 4GB of RAM, even with PAE.

Microsoft originally enabled PAE to support >4GB RAM on 32-bit desktop systems. (IIRC, this was back in the WinXP days). However, when people started using it, they discovered that many drivers crashed if there was >4GB RAM, because they were doing things like storing addresses in 32-bit variables etc. As a result, they issued a patch that limited all 32-bit desktop systems to ~3.5GB RAM. Although PAE might be enabled to support other features like NX, any RAM that would not fit into the normal 4GB address space would be ignored.

32-bit Windows Server systems could have >4GB RAM using PAE. Microsoft figured that the companies that make server hardware are the sort of companies that would fix their drivers to support PAE. The companies that make consumer hardware are often not that kind of company.

See:

https://docs.microsoft.com/en-us/windows/win32/memory/memory-limits-for-windows-releases

"X86 client versions of Windows don’t support physical memory above the 4GB mark"

Also see a long, technical explanation written at the time by someone who thought MS should have enabled PAE even though it caused crashes. (I respectfully disagree with his opinions - I think MS did the right thing - but I greatly respect his technical investigations and his thorough documentation of this issue):

https://www.geoffchappell.com/notes/windows/license/memory.htm

Re: Really!?

There is a finite amount of programmer effort assigned to the Terminal project. Do you want some of that effort:

A) Spent writing fancy settings-update code so that all the old settings get upgraded automatically, in a clearly labelled pre-release version where people using it have been warned there may be breakage, OR

B) Spent actually implementing new features or fixing bugs?

Most people would say B.

(And for the record, it's *not* fixable in the install script, because Windows is multi-user and networked. So you have to cope with a program being installed while user X is logged into a completely different PC, then later user X logs in and his/her user profile is copied from the fileserver to the local PC, then user X runs the new version of Terminal. So the settings upgrade code would have to be part of the Terminal application, and run as one of the first things the Terminal application does when you launch it).

Re: Just wondering......

If it gets sent back under warranty, because it broke, it's useful to know how much it's been used. Taking that information, and aggregating across many drives, can give you useful information about why drives are failing. (For example, if you discover SSDs don't normally fail before X TB written or Y years, then you should be increasing or reducing your warranty cover to those thresholds).

Similarly, that information may be exposed via SMART monitoring, which allows the owner to monitor how much their drive has been used and arrange for it to be replaced at an appropriate time.

All hard drives and SSDs have a small processor in them, and all processors have some kind of timer that can be used to increment a field once per second, so there's no extra hardware for this.

Re: These comments are enlightening

Cable labels may not have prevented the mistake, but they may have made it faster to recover once the mistake had been recognised.

Also, note that their "redundant" fibre wasn't diversely routed, since it all went through one patch panel... the redundant pairs should have been kept as far apart from each other as possible.

When building payloads, mass reduction is really important. You have to get the thing as light as possible. This means you can't over-engineer things - for example the ladder on the side of the lunar lander was only going to be used on the moon, which has less gravity than earth, so they made the ladder too weak to be used in Earth gravity, but strong enough to be used on the moon. Bearing that in mind, there are a lot of differences between the missions:

* The lunar rover had to carry a couple of astronauts in EVA suits; that's a lot of weight. I believe the current mars rovers are lighter, so they can use weaker, lighter wheels.

* The lunar rover only had to last for a week or so of use; the mars rovers have to last years of constant use.

* The lunar rover drove on the moon; the mars rovers drive on Mars which has a different rock composition.

* The lunar rover was built many years ago; more modern materials are available now, and design tools (especially computer simulation) have advanced a lot, so modern designs can have less mass.

* The mars rovers are 6-wheel, and are designed to drive even if one wheel siezes up, to allow the mission to continue even if a motor fails. The lunar rover was 4-wheel.

Re: vital?

LGBT+ people have a higher suicide rate. Getting support from people who've been there, can help. So LGBT+ support & information sites, including LGBT+ news and community sites, can save lives. It lets people know that they're not alone. That's "vital".

Re: Spam spam spam spam

> WTF is "Protect the NHS" even supposed to mean?

The big concern is if COVID-19 patients overwhelm the NHS. Then it's not just the COVID-19 patients who will die: The people with medical emergencies and chronic conditions, who would normally be saved by the NHS, will die, because the NHS won't have enough resources to cater to them.

You might have heard the phrase "flattening the curve"; that basically means "if a million people get sick with COVID-19, and it's spread out over a long enough period, we can cope, but if a million people get sick at the same time then we're utterly screwed and healthcare will collapse, so we need to slow down the rate the virus is spreading even if the same number of people get sick in total."

So by taking measures to reduce the rate that SARS-CoV-2 is spreading, you help reduce the risk that the NHS collapses.

(A note on the names: SARS-CoV-2 is the coronavirus that causes the disease COVID-19, in the same way that HIV is the virus that causes AIDS).

Re: Agile?

See:

https://www.halfarsedagilemanifesto.org/

Re: What were they thinking?

Leaving them loose means they're going to fall over and/or walk across the floor during an earthquake, with cables breaking. They might fall on a passing worker.

Bolting them in place means they're going to move with the building during an earthquake. That's probably not great for hard disks, but the rest of the parts can probably survive that. Passing workers are safe.

Fitting shock absorbers to each rack would be very expensive. It would make it easier for parts such as HDDs to survive. Passing workers are safe so long as the aisles are wide enough that they're not hit by rocking racks, although there is an amputation risk if a worker has their hand between two racks. Avoiding that risk probably requires drastically reducing the rack density, so there are large gaps between adjacent racks, then filling that gap with a flexible plastic sheet to allow hot-aisle/cold-aisle separation.

The cost of bolting down can be easily justified; the cost of shock absorbers can't.

At Google scale, losing a datacenter due to an earthquake isn't a big deal. And having to fit a lot of new HDDs in a datacenter is a risk worth taking when compared to the cost of shock-mounting the servers.

Re: MS at least try to be the good guys every now and then

> "safe surfing" works, even on unpatched windows systems

Sadly not true. Any site that serves ads may also be serving you malware that will get installed automatically unless you have a patched system. An ad blocker helps a lot, and is an essential security tool nowadays, but is not perfect.

https://en.wikipedia.org/wiki/Malvertising#History

Re: Pickpockets paradise

> Something else that was not tested in the review is a family shopping trip: What happens when a parent signs in and a child picks stuff up?

There was a picture of the instructions in the article. You can let other people in, such as your children. But you have a shared "virtual shopping cart". So if you let them in, then if they pick stuff up and it isn't put back, you will pay for those items.

Re: WTF does British Airways have a say in anything ?

It's BA's way of saying "we haven't maintained this the way we would a flight engine, so we don't think it's airworthy", and also "if you try to use it for flight anyway, and it breaks, don't sue us".

Re: Rigged definition of an employee

Nope, the law says you can be an employee for tax purposes under IR35, while being a contractor for every other purpose (holidays, benefits, etc).

Yes, many of the services are compatible, so if you can see enough GPS + Galileo satellites you can treat them as basically the same.

There are other options too:

EGNOS is free to use. It's provided by the EU, and consists of some ground stations and a geostationary satellite. The ground stations measure the error in GPS and the satellite broadcasts a radio signal containing that information. Suitable GPS+EGNOS receivers can receive the EGNOS signal and use it to correct the GPS so it is accurate to within 1.5m, as well as being immediately alerted if a GPS satellite is broadcasting a wrong signal. Aircraft can use EGNOS-enhanced GPS when landing, to precisely fly to the start of the runway.

There's also "differential GPS", where you set up a fixed GPS receiver and send the data from that to your mobile GPS receiver. So long as the two are close enough, you can get incredibly precise positions. (Centimeters). Amongst other things it's used by farmers to automatically drive their tractors, so when planting or spraying or harvesting, each piece of the field gets covered exactly once - no overlap or missed bit.

2025 is utter nonsense. This is going to require a public education campaign equivalent to the TV Digital Switch Over (DSO). For DSO, people had the ability to voluntarily switch for several years, then Digital became standard in all new TVs, then several years after that they did the switchover with a massive amount of publicity and help for the people that hadn't switched yet (primarily older people).

Bearing in mind that they're only just starting to offer a no-PSTN option, and I'm not aware of any suppliers that offer it yet, they're many years away. They need to make this the standard for almost all new installs before they try to get people to switch.

Perhaps 2030 might be achievable, with hard work.

Re: Alternatively

> the fact that you can't get an appointment with a consultant on the NHS, but can pay privately to see the same consultant within 2 weeks indicates that there is a clear bias to work privately and not for the NHS

That's not how it works.

The NHS has waiting lists. You start at the back, it's first-come first-served. There is some prioritising based on need, but even those with great need still have to wait.

The reason people pay is to avoid those waiting lists. A private consultant with a huge wait isn't going to get any new business, the customers will go to a different consultant. So private waiting lists will naturally tend to be smaller than NHS.

The way to reduce the waiting lists is to increase or reallocate the NHS budget to pay for more NHS staff.

Re: Were we not told...

I suspect the EU would also like a free trade deal, so it can continue selling to us. But only if that deal includes the UK continuing with EU standards on everything, and the UK has ruled that out.

The EU is not going to allow us tariff-free access if we're going to trash worker or environmental protection to make our products cheaper, or if we're going to provide state aid to certain companies so they can undercut the EU market prices. They (quite reasonably) want to have tariffs that at least compensate for those factors.

Re: Interesting list

None of that matters. This board is supposed to rubber-stamp the Xerox takeover of HP, get huge bonuses and then be made redundant, leaving the running of HP up to Xerox and Xerox's existing board.

So the important qualities are: willingness to vote for the Xerox deal, and experience of takeovers.

Since they're not going to be running HP for any significant time, PC experience is irrelevant.

Re: Its not over until its over...

They're not getting their $5B back. The senior people in HP who grossly overpaid for Autonomy want to claim that's someone else's fault, and they were blameless. So they're attacking Autonomy's old management every way they can, claiming that Autonomy lied about how well they were doing, and that's why HP overpaid. That includes both civil and criminal charges. They just need to get something to stick - and preferably a lot of things.

For HP this is purely a blame game. For Autonomy's old management this is a legal nightmare.

Re: I am rather surprised

The question is though, "is it a public path". It was never officially designated a public path, but people have been using it for years.

His argument is that previous owners have made a business decision to allow access to the beach over their private property, so they could make money from parking, beach shop, ice creams, etc. However it's private property and the new owner can decide to block access. The state continues to own the beach, and people can access it by sea.

The state's argument seems to be that there's always been free access there so surely that must continue.

Personally, from what I've read I think he's in the right; I believe the courts have twisted the law to try to come up with the answer that's "best for the public", and to cover for the fact that the state has screwed up. If the state wants access, it can use Eminent Domain to buy the land from him at a reasonable price. However, a "reasonable price" will be quite a lot - he's built a mansion with a mostly-private beach, having loads of people using the beach will significantly devalue the mansion, and according to the Eminent Domain rules the state has to pay compensation for that as well as the price of the land. If the state had chosen to buy the land earlier, before the mansion was built, it wouldn't have had to pay so much. That's the difference between the $380,000 that the land has been valued at (which excludes the devaluation of the mansion) and the $10m that his lawyers offered to sell for.

(And now I get to be downvoted to oblivion for having an unpopular opinion...)

Re: Book projects generally work out

A book author that wants money to live on while writing, doesn't need all that money up front. So they don't need a Kickstarter. Patreon allows authors to write ebooks, post at least a chapter each month, and their readers each pay a small amount each chapter (with a per-month cap). If they don't post they don't get paid; if quality goes down too much then people will stop subscribing.

That way, the risk to the readers is much much lower - they're paying for results, not for the promise of results.

When the book is written, the author can give a complete electronic copy to their Patreon supporters, and/or publish the ebook, and/or do print-on-demand. If they want to, that's the time the author could do a Kickstarter for a bigger print run which is cheaper per book than print-on-demand.

Re: Prior Art

That's not how copyright works.

Copyright is all about copying code (or music or ...). Copyright doesn't cover *ideas*. (Although the US courts have ruled that copyright can cover a single chord, or a big set of function prototypes).

So the fact that there are previous webservers that may have provided inspiration, or the APIs that solve the same problems as previous webservers may be similar just because they solve the same problem, is irrelevant. There's no allegation that any *code* was copied from the previous webservers.

Re: DIY Electricians

First, your appliances will work just fine if you swap Live/Neutral. However, your fuses (or circuit breakers) and switches won't be as effective, so you will be unsafe. Long explanation:

The Neutral and Earth wires are connected together somewhere. In the UK, this is often at the connection point where the wire to your house ends, just before your electricity meter. In that case the electricity supplier will have lots of places where their combined neutral/earth wire is connected to metal rods in the ground.

So, if you accidentally touch the Live wire in your home, the power will flow from the electricity supplier's Live wire, through you, through the ground, through those metal rods, and back through the electricity supplier's Neutral wire. There will be a fuse in your fusebox and/or in the plug, on the Live wire, which will blow, stopping the current, and limiting the electric shock you get (although it can still kill you).

If you have Live/Neutral reversed at the fusebox, then the fuses are effectively on the Neutral wire. So when you touch the wire that is labelled Neutral, but is actually Live, the fuses won't help you. The power will stay on and you may keep frying.

In the case of a short-circuit that's just Live-Earth, not going through a human: The fuses are designed to protect against wires melting and things catching on fire, but they won't do that if they're in the Neutral wire. This may cause your house to burn down.

Also, if you turn a light off to change the bulb, or pull a fuse to do electrical work on a circuit, then you're safe - that turns off the Live wire, and if you accidentally touch the Neutral it won't matter. If you have Live/Neutral reversed at the fusebox, then the switch is effectively on the Neutral wire and if you touch Live then it may kill you.