* Posts by Arthur 1

264 posts • joined 6 Jan 2010

Page:

Dell won't ship energy-hungry PCs to California and five other US states due to power regulations

Arthur 1

"We need to take action - smaller families, reduced travel, less meat consumed, fewer power- guzzling computers."

Just so you're clear, making your life suck in these ways not only will leave you sadder than necessary, but also make no difference in climate change. Ask any reputable climate scientist and they'll tell you the same thing: personal choices, even in aggregate, just don't do enough damage to matter. The real problem is mostly industrial/commercial but those guys have lobbyists so instead you don't get plastic straws anymore (responsible for a vanishingly small portion of the plastic in the oceans, btw, unlike illegally discarded commercial fishing gear which is responsible for about /half/).

The only thing you're doing by eating nuts and driving a Prius is flexing on your neighbours. You haven't made a difference. Sorry. If you want to make a difference lobby your local legislators to go after the actual problems.

Arthur 1

One guy...

Couple fact checks:

"I hear there's a war on pickup trucks in Canada"

You hear wrong and should discard the source that told you so. One guy wrote one article and the coal rollers are already up in arms, geez.

An article was written pointing out that pickup trucks that spend their entire lives in cities are worthless and dangerous (significantly more so than normal cars). He noted that due to the need to turn pickup trucks into small cities on wheels trucks like the F150 now have a FORWARD BLIND SPOT (that's the sort of thing you capitalize btw) big enough to fit a normal car, and also they weigh 3x as much as a normal car with the same capabilities (in a city) which obviously is a waste of fuel and pollution.

"Only a CITY DWELLER who does not live 20 miles from the nearest store (or place to dump your trash) would try to ban one of the most USEFUL utility vehicles in the world, particularly for farmers, ranchers, contractors, or anyone living in a rural area"

Which is why he was explicitly calling for pickups to be limited in urban areas where they're useless and dangerous.

"And that's just ONE example. No doubt, there are MANY. "

Since your first example wasn't true, care to provide another? Perhaps the ridiculous fascists who have banned you driving your pickup trucks indoors at the mall are a good example? After all trucks should be able to drive anywhere with no limitations cuz muh freedums.

Arthur 1

Re: 6 states is not 50

Yeah, states in theory have a lot of powers, but as marijuana legalization has once again shown us, as soon as something's legal anywhere in the US it's going to be everywhere. Unless they deal with things like land that can't be moved state laws de facto have really minimal teeth.

Arthur 1

Re: Where are LLNL, LBNL, and SLAC-NAL

As far as I can tell all major corporate entities are currently vacating California as fast as they reasonably can.

Arthur 1

That is the sort of thing that California voters vote into law without the guidance of any experts in the field, lawyers or legislators. Ballot initiatives are nice and all, but only if you educate your population first.

Given that it's California, I'd be frankly surprised if this ballot initiative isn't already circulating.

Arthur 1

Re: Responsibility

Actually idle power consumption is all of one sub-sub-sub-section in these regulations, which otherwise principally deal with annual power consumption totals and also regulate the power supply power factor, efficiency, total output and the like.

They also define an "expandability score" which determines how much power you can use. It's mostly based on things like number of USB ports and number of PCIe ports. So, basically all you need to do to get around the regulation is casually tape one of those 1->8 PCIe breakout boards miners are dumping for nothing to the side of the computer since the maximum documented score is 690 and that board alone can score over 700. You could probably coal fire your computer if you did that.

Microsoft, Google, Citizen Lab blow lid off zero-day bug-exploiting spyware sold to governments

Arthur 1

Re: As if I don't know history

Well done doubling down on the fact that you have no clue what the history is. Not just that but you also went right to red in the face ad hominem and racist dog whistles, truly an exemplar of humanity. First you call the Palestinians "indigenous people" then you claim the conflict starts after WWII.

Let's just totally ignore that the Jews who were the actual indigenous people of the area were run out of the area by an attempted genocide not that long before that. Totally irrelevant details. So to extend you analogy, you're firmly on the side of the colonialists. Seems about right.

My new favourite claim of yours is that Jewish rights are a big concern in Arabic states though. Truly the cherry lol.

So perhaps it's you who should stop confusing the ability to copy and paste an infinite length of text with knowing something.

Arthur 1

So to summarize your post: "nuh uh nuh nuh nuh uh you mad you mad" and then you ran to another country with the goalposts. Well done.

Characterizing me as in a "red rage" is both dishonest and lazy, you can do better. And trying to conflate the wholly different matter at hand with Nelson Mandela is not doing better lol.

Arthur 1

Re: I wanted to check out the details of those vulns

I don't know what a borkzilla is but the Citizen Lab report that's the first link in the article was fairly in depth and they generally do excellent work. Certainly no reason to be trashing them and making up stupid names.

Arthur 1

Re: Scott McNealy seems to have got it right....and in 1999 too!

Signal can protect you against a lot of stuff, but malware running in your own user context is not one of those things. If you can see it so can the malware. Snowden was talking about things like interception and future forensics, a rooted phone can't be secure no matter what it runs once you unlock it to use it.

Arthur 1

"One mans terrorist is another mans freedom fighter." not only is this statement incredibly stupid and obviously untrue, but it's probably the single most morally reprehensible saying in the entirety of English.

Yes, a UN peacekeeper, a pilot who fought to defend his country in the Battle of Britain and a guy who runs around in back alleys in a foreign city collecting babies to put in an oversized blender because they're the wrong colour are all morally equivalent people motivated by morally equivalent things and using morally equivalent techniques to achieve their aims. Sounds right to me.

So nice of China to put all of its network zero-day vulns in one giant database no one will think to break into

Arthur 1

Missing the Point

Anyone talking about China hoarding foreign vendor exploits is missing the point. This is about picking and choosing which bugs are publicly reported and patched by Chinese vendors, and which ones the government sits on. Even if it's not the intent, it's how it will shortly be used because it's the perfect tool for it.

A year ago China was saying it's racist paranoia to not trust them with all of our telecom infrastructure and that they would never do anything sketchy to exploit that. Today we discover that anyone who did so has China holding a veto on their network security along with the heist blueprints to exploit the hole they're vetoing a patch for. That's what you should be worried about.

National Enquirer's big Pecker tried to shaft me – but I wouldn't give him an inch, says Jeff Bezos after dick pic leak threat

Arthur 1

Of Course

Enquirer may soon enjoy a special discount of -500% on its AWS rates.

Arthur 1

Re: Something just wrong here, on a visceral level

Hi Pecker, keep being yourself.

Microsoft defends intrusive dialog in Visual Studio Code that asks if you really trust the code you've been working on

Arthur 1

Re: Put a checksum checker...

The type of trust you're talking about here is different, where you want to check that a library you're calling into isn't altered at runtime. The type of trust the article is talking about is during development where a dev has obtained code and wants to open it locally, since there are many ways for code to execute out of your IDE you want to distinguish between code you trust and code you're looking at but don't trust to execute on your dev machine.

If you're curious though, checksums aren't robust enough to be the basis of your library trust system. The usually proposed and sometimes implemented solution to the problem you're discussing is to sign code cryptographically where you use a private key and the code/executable itself to make a digest which is appended to the package, then people can verify that the code is unchanged by using your public key and their copy of the package at any time. Googlable keyword is code signing.

Arthur 1

Re: It seems like a good idea

This is 100% a good feature, I avoid opening code I'm unsure about in IDEs so being able to put code in safe mode will be really handy.

The popup could be less annoying though.

Arthur 1

Re: Running lint causes the code to be executed?

Couple things:

1) ESlint is an open source project that has nothing to do with Microsoft, people commonly call it from their node build scripts which can be kicked off from inside code, so if you want to know why a static analyzer runs code talk to them (I'll disappoint you by adding that there's probably a good reason)

2) Jupyter Notebooks also has nothing to do with MS, but with the right plugin to integrate them you can run arbitrary code from inside the notebook (by design)

3) I'm pretty certain that before you add plugins vscode can't execute any code at all, it's a text editor that becomes an IDE as you customize it

4) vscode and pretty much all of its plugins are open source so there's no issue of trust, feel free to audit it yourself

(edit love that the MS hater brigade is already out to downvote a post that consists of four easily verifiable facts lol)

UK artists seek 'luvvie levy' on new gadgets to make up for all the media that consumers access online

Arthur 1

Re: What ?

If it helps over 75% of the money collected bypasses artists and goes right to the studios/publishers and their execs, so Kanye probably didn't get anything from you.

Arthur 1

Re: What ?

Sadly these can and do get passed. Every piece of blank media (tape, optical, whatever, might even apply to flash?) in Canada has a $0.29 levy on it to support the poor artists whose material you clearly intend to steal.

GitHub restores DMCA-hit youtube-dl code repo after source patched to counter RIAA's takedown demand

Arthur 1

Re: Youtube

Copyright strikes are issued by bots using an acoustic fingerprinting algorithm similar to your music identifier app of choice. Both background noise and only getting a random tidbit of song are things it was designed to be robust to so neither really bothers the copyright strike bots either, thus your instant strike. The algorithm was published publicly in 2003 and is well known so the bar to set up a copyright troll bot is very low.

Not for children: Audacity fans drop the f-bomb after privacy agreement changes

Arthur 1

Re: Depressing

"Real world workflows can't be understood by compiling statistics" of course they can, whatever you want to theorize it's done every day and verified by user studies at many companies around the globe.

"Quantity has nothing to do with quality." and this has nothing to do with the conversation as far as I can tell. Or do you seriously think telemetry is desirable to developers because we want more quantity (or even "quality" whatever that means) on our plates?

"what makes a software special and worthwhile is often the less-used features" this depends heavily on what sort of software you're trying to write and you can't generalize about it at all. There are niche pieces of software that rely on the rarity of their features, and there are very general pieces of software that rely on doing the common stuff really well. Neither is less useful or less valid than the other, and telemetry is useful in both cases.

"As for crashes, I'm no developer but I'm pretty sure you don't manage reliability feedback the same way on a data center headless service as on a small end-user program" what do you think the difference is exactly? They're just defect tickets at the end of the day. Further, just because a web service doesn't run a Windows UI locally doesn't mean it doesn't have a UI, most do and most track what happens in that UI a hell of a lot more closely than any desktop app does. Try making a heatmap from desktop telemetry, something web apps have been doing for a decade.

"Could it be you haven't yet realized what the word "telemetry" means in 2021?..." considering my experience working with it on a daily basis I'm gonna guess I have a pretty good idea.

Arthur 1

Re: Nothing wrong with telemetry...

TIL the literally thousands of times I've relied on telemetry to resolve production issues never happened. Your simplistic theory misses a few things, including that most of the time high level intent isn't important to resolving a bug and that high level intent is often known from user study anyway. But mostly it just flies in the face of the real world where telemetry is used pretty much daily to make real improvements.

Arthur 1

Re: Depressing

Take your own advice, nobody here that's trashing telemetry has said a single word about Audacity or their actual planned changes.

The post he was replying to, like every other severely upvoted post on this article, was some variant of "telemetry evil, devs evil" with no mention of Audacity anywhere. And yes, this nonsense needs to be called out as much as any other form of FUD. It's not just big companies that can FUD, it's an equally effective tool for grassroots, and it's in heavy play here.

As to your actual point: The reality is that there are many reasons which have nothing to do with DC management or $$$ that you'd want direct telemetry at scale from your endpoints. User experience being one of the largest. UX with telemetry stomps UX without telemetry for two (primary) reasons: 1) real world workflows are understood and 2) real world crashes/problems/bad updates/performance issues are solved "telepathically" by the company before the user gets to reporting them. Both of these are positives for the end user with no inherent privacy risk.

I don't use Audacity and these guys specifically may well be scumbags, but the reactions in this forum from a supposedly technical audience are some real head scratchers.

Arthur 1

Re: Depressing

Telemetry can broadly be categorized as either product or engineering telemetry and basically breaks down like this:

1) Product telemetry informs product development and is mostly aggregate data, answers questions like "how many people click these three things in this order and should we have a simplified flow for this task?"

2) Engineering telemetry is the performance/crash stuff and answers questions like "which are the hot paths where we should do performance optimization?" or "what code is crashing in the wild in a way we didn't expect?"

In general engineering reports are consumed two ways:

1) A triage team/automation/something will give it a once over on intake and try to put the issue in the right bucket, number of reports and severity will be used to prioritize tickets by dev and a few exemplars of the crash will get pulled by the dev.

2) An issue is found by another means and the reports are checked to see if it's an in-the-wild issue and how prevalent it is, then a dev again is likely to pull a few during reproduction, and maybe again to aid in verifying a fix.

Depending on the nature of the software and the type of deployment these things may also have monitoring and alarms attached to the aggregates so that if there's, say, a spike in crash reports (ex after a bad update) a big ol' klaxon goes off in mission control and it's all hands on deck to patch it.

Arthur 1

Re: Depressing

It's really easy to see the difference in these threads between people who work with software professionally and hobbyists. If you think the only reason a bug can escape is "you didn't do proper testing and are using me as a beta tester" and the only reason to get error telemetry is "to steal muh stuffs" then you're an extremely unproductive part of this conversation to be honest.

Is what Audacity plans to do ok? No idea, didn't look into details. Is, in general, telemetry a bad thing? No. Is, in general, telemetry in any way necessarily privacy impacting? No. People's knee jerk reactions to telemetry are nuts.

Arthur 1

Re: Depressing

"How’s the fuck did we get to this point?"

Users care about free and don't care about privacy, so the one was sold to allow the other to happen by the companies serving them. No real mysteries here.

Even today with the privacy issue being mainstream I've done straw polls to see if people would pay for email or other online services and the answer is always still a hard no because it's "free from Google".

Good news: Google no longer requires publishers to use the AMP format. Bad news: What replaces it might be worse

Arthur 1

Re: Anti-trust

I recall many years ago, back before they really spent on lobbying because they were a smaller company, I'd heard Google did a study to try to figure out where to allocate suddenly accumulating money based on projected returns. Allegedly lobbying won by a landslide, where the next marginal dollar returned several hundred thousand net present dollars.

Arthur 1

Regulator

Between these projects and all the various other 'ensure the health of the internet' projects where Google seems to drive definitions of health according to their own needs, I'm starting to feel like Google is the most amazing example of regulatory capture we've ever seen.

In an unregulated industry, this company has leveraged a monopoly in one segment (search) to turn itself into a regulator for all the other segments, thus creating a regulated industry it has pre-captured.

Well done lads.

Facebook CEO puts picture of himself wearing too much sunscreen on new board

Arthur 1

Weird thing to pick on

I know it's Zuck and all and I risk wandering into pearl clutcher territory here... but should we really be making fun of people for "too much" sunscreen? There is no such thing.

It's also obviously mineral sunscreen, which is way better for you but leaves this pallor, so we probably shouldn't be trying to stigmatize it...

Linus Torvalds tells kernel list poster to 'SHUT THE HELL UP' for saying COVID-19 vaccines create 'new humanoid race'

Arthur 1

Probably just a photo of little Linus and a lifetime ban.

Deadline draws near to avoid auto-joining Amazon's mesh network Sidewalk

Arthur 1

Re: Overblown

You don't have any ISP safe harbour provisions protecting traffic that passes through your router. It's assumed to all originate with you. When the police show up asking who has been posting IED making instructions or photos of little kids from your home, good luck convincing them the Echo dun it.

Arthur 1

Two Things

1) This is a great opportunity for anyone selling 900MHz jammers. The LoRa will be the backbone of actually talking to your neighbours for most people considering that Bluetooth has trouble linking two rooms in the same house. A fairly low power simple oscillator and antenna will get the job done I suspect. Easy to do and very cheap.

2) I like the Amazon devices for their convenience, but it looks like I'm going to have to move them to a separate wifi network and lock down its internet access to just their primary back end server and nothing else. I would recommend others take a similar approach if keeping these.

Apple is happy to diss the desktop – it knows who's got the most to lose

Arthur 1

Re: That Harvard Guy's bio ....

I was just coming in to post about this, surprised nobody beat us to it. I've never seen a more arrogant pile of clear red flags of incompetence.

"Excellence. Quality. Science. These are just a few of the words that have been applied to the illustrious research career of James Mickens." with the picture of him staring off into the distance is almost enough to make me side with Apple.

Ex-Dell distributor in Lebanon ignored ban on suing US tech giant. Now four directors have been sentenced to prison in the UK

Arthur 1

This is why you're not a lawyer. Article makes it clear UK was the venue specified in the contract.

Bite me? It's 'byte', and that acronym is Binary Interface Transfer Code Handler

Arthur 1

Fun fact, the desire to maintain language purity has made Quebecois French create or repurpose words for many of these uses (courriel, aubaine, magasiner, clavarder, etc).

Wall Street analyst worries iPhone is facing '2nd recession' after 2019 annus horribilis

Arthur 1

Re: Too bl**dy expensive now to upgrade every 2yrs

This is one thing that didn't even seem to register with them. I guess they assume everyone is on plans with two year cycles and will just eat the added monthly cost of the next phone being double price. There's also very much less reason to upgrade than there used to be, several years old phones still run fine these days.

Another thing they don't seem to consider is that a lot of people might be upgrading their phones to kit that's not Apple made. The statement in the article just assumed that anyone who hasn't bought a new iPhone hasn't upgraded. Bit of a leap on their part.

Let's Encrypt? Let's revoke 3 million HTTPS certificates on Wednesday, more like: Check code loop blunder strikes

Arthur 1

Re: What's this, a bug caused by a language quirk?

Go is a niche throwback language, don't confuse it with truly modern languages. It's made by plan 9ers for plan 9ers, really only works properly on *nix since it has a ton of OS-y things baked in, and really is only useful for massive multithreading on servers. It's well known for playing fast and loose, not a safety focused language as you seem to assume.

As for what's the point of it? Overall there is no better way to write massively lightweight-threaded code in Unix-like environments.

Google promises next week's cookie-crumbling Chrome 80 will only cause 'a very modest amount of breakage'

Arthur 1

Re: the cookie changes in Chrome 80 further concentrate Google's market power

SameSite comes from IETF and is supported in all major browsers not named Safari. Google is just changing default behaviour to gradually push it to strict, which would improve overall safety on the web. While I'm not one to blindly defend the sometimes ridiculous shenanigans Google gets up to, this isn't really in that category.

To catch a thief, go to Google with a geofence warrant – and it will give you all the details

Arthur 1

Re: This seems kind of reasonable?

Definitely my take too. This should actually be held up as an example of very reasonable police practice (assuming they have an intelligent way of determining which phones they care about from the anonymized ones). The fact that Google has the data on offer... is another matter.

Microsoft's on Edge and you could be, too: Chromium-based browser exits beta – with teething problems

Arthur 1

Re: Why.....

My surface was the one place edge made sense to me, largely because of those pen and other ms integrations. I hope this new browser, when available in English, doesn't lose them or edge's market share is likely to shrink even further.

Arthur 1

Language Issues Indeed

Just tried to install it for kicks. Installer came up in Chinese and wouldn't change, installed copy was also in Chinese with no obvious way to fix the language. I don't ever use Chinese or have any regional settings related to China (nor do I speak it). Fun stuff. Pretty rough for a big release.

Apple is a filthy AWS, Azure, Google reseller, gripe punters: iPhone giant accused of hiding iCloud's real backend

Arthur 1

Re: A contract is a contract

> If Folgers sold coffee grown by Maxwell and labeled it as Folgers, I'd believe it was grown by Folgers.

This is at least a consistent position, but you should probably get suing. Neither of these companies grow any coffee and they almost certainly buy from the same farms. The level of vertical integration you're assuming from large companies simply doesn't exist, nobody provides a good or service without a ton of other hands in the pot, and that's a good thing because it allows them to each focus on their strengths. Apple isn't a cloud provider and Folgers isn't a farm, asking them to be would almost certainly harm price and quality of the product they produce.

Time to Ryzen shine, Intel: AMD has started shipping 7nm desktop CPUs like it's no big deal

Arthur 1

Re: Spectre?

Fun fact about Spectre mitigation. From some recent testing I saw: top end AMD chips take about 150~200 clocks to context switch, top end Intel chips post Spectre take 1000~1200. These exploits really pulled the rug out architecturally from Intel, AMD by luck or design pretty much skated through.

Jeff Bezos fires off a blue dart, singes Elon Musk and SpaceX

Arthur 1

Re: a fair bit of rework to reuse

"AFAIK Space-X hasn't re-used a rocket yet"

They've reused several this year, the first one back in March, one this summer (June?) and another fairly recently.

Australian Greens don't believe Silicon Valley can save the world

Arthur 1

So....

Yes to 'overthrow of capitalism', a violent coup that would require taking all worldly possessions (and likely lives) of hundreds of thousands on the low end let's not forget.

No to 'technology can solve problems', where he lists two problems, including one problem (water scarcity) that a Silicon Valley has already made history in Israel and another (agriculture) which is a favourite field of biotech and making huge progress. I guess looking at facts in cold, hard reality land would disqualify you from running a class warfare party, so no surprise he has chosen ignorance.

Riddle of cash-for-malware offer in new Raspberry Pi computers

Arthur 1

Re: Malware?

It's not an assumption on the part of the person who originally tweeted it and had access to the uncensored message. They could just visit the website and determine it very quickly.

It also doesn't have to be a mystery to us. Looking at the censored pieces, you can clearly see the top of the word 'tempo' on one of the URLs and that the company name starts with a Q and ends in a k, with about a dozen letters. This is consistent with jogotempo.com (the company behind it has the acronym QNT, not sure what it expands to). You be the judge on whether it's malware or not, I suppose.

Can DevOps and Agile save the planet? US.gov thinks so

Arthur 1

Green?

I have the sinking feeling that since they're somehow equating modern rapid dev practices with environmentalism (new = green, I guess?) we'll see a lot of nodejs and the like running these offerings. I'm wondering how the philosophy of 'who cares about compute, use stuff that's faster to dev and throw more servers at it' is green, when you're basically torpedoing your perf/watt on purpose to save on payroll?

I'm not suggesting we write everything as a custom web server in asm to make it green or anything (that would be ridiculous and hopefully isn't the outcome here either) but let's not claim that these philosophies line up with environmental goals when they don't.

On the other hand it might be a nice inciting incident to force people legislating tech to actually understand tech.

TORpedo'd dev dumps Doxbin files after police raids

Arthur 1

Because his site didn't do anything especially illegal. It was just an uncensored pastebin clone.

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2021