Posts by Stephen Booth

Horses for courses

Gosh so much hate in the comments.

Clearly some people have found MySQL/MariaDB does not work for their use-cases but its popularity also suggests its quite good for others.

My own experience is that we have been pretty happy using it for a long time now. (Our current database seems to have first started Dec 2006 but its had various version/hosting updates)

Interesting to hear that people think PostgreSQL is faster at joins. I use joins a lot for aggregation queries that are hugely faster in SQL than trying to do the equivalent operation at the application layer. I don't see us putting in the effort to migrate though.

We started before foreign keys worked properly but it was never really much of an issue because the majority of our data is fairly static once created, records that do experience lots of updates never update their reference fields after their initial creation and its very rare for us to delete records.

If I have any niggle its that table metadata operations are a bit slow. Nothing thats a problem in production but its noticeable in unit tests where each test tends to re-create all the tables it uses.

Java devs and Pythonistas?

Java is shipped as byte code that (unless obfuscated) that can already be converted back into reasonable source code with minimal effort. I expect python is similarly easy. Good job too as I'm pretty sure that the tool would only be easily applicable to other statically compiled languages not interpreted/JIT-ed languages.

Any tool that can cope with C will probably do a reasonable job on Fortran binaries etc. but more modern languages like RUST might be more of a challenge

Containers vs static linking

One could argue that this form of containerised packaging is frequently just a convoluted way of converting dynamically linked applications into statically linked ones. I'm sure there are a some more complicated use cases out there but a lot of the time the container is only there to provide the dyamic library environment the application was compiled for. In these cases staticly linked binaries would be equally portable.However its easier to build a container than rebould all dependencies for static linking and there is not good tooling at the moment for directly converting dynamic binaries to static.

Containerisation is a good route for making a cross-distro release starting from a release built for a particular distro but developers could also invest more in building static releases.

Cray network too

The Cray/HPE slingshot network also presents as ethernet to the NIC so you could view that as a distributed ethernet switch. And its largely lossless as well. I say largely lossless because if you are presenting as ethernet the network software stack will be capable of re-try and sometimes its simpler to fall back to this for edge cases.

Lots of companies have realised that having custom network solutions present as ethernet at the edge simplifies things all round

Passkey != MFA

Yes passkeys are a great idea with many advantages over traditional password implementations. However its wrong to imply that an single encrypted-at-rest credential is somehow equivalent to multi-factor-authentication. The un-encrypted key is still potentially vulnerable to phone malware or key backup "features" introduced by the phone/OS vendor. Risks that can be mitigated by using multiple credentials from different devices.

Its also worth pointing out that fingerprint biometrics are a fairly low grade security feature anyway. Anyone stealing a phone to obtain the passkeys will probably have no trouble obtaining copies of the users fingerprints. (Assuming that they can't just lift them off the phone itself)

30 year old code

I have my own 30 year old code which coincidentally is a Xscreensaver compatible X11 hack

https://github.com/spbooth/xmountains

Unfortunately it does not seem to be in the standard Xscreensaver collection but I think some linux distros still carry it.

Containers

If its BSD running on a linux kernel you should be able to run it as a container in a normal linux host.

Not sure myself why you would want to do that but I'm sure somebody will want to.

Takes me back

The CBM PET was also the first computer I ever used.

I remember the unusual approach they took to supporting different hardware configurations. The low memory version of the PET had exactly the same mother board as the high memory versions including the soldered sockets for the memory chips. However a big hole was drilled through those sockets to make them unusable

SSH NOT a problem

I'm not saying I'm in favour of the scheme but I don't see any problem in principle supporting the basic concept of encrypted home directories with ssh. Its only a convention that requires ssh authorized key-files to live in the home directory.

The encrypted directories could have some unencrypted envelope meta-data. You can put the ssh public key in that.

SSH also does not have to use public keys it can delegate to the normal PAM library. As users are going to have to put in a password to decrypt the diretory anyway you have already lost all the benefits of using public key authentication anyway might as well just prompt for a password.

Supporting encrypted directories where the key is only present when the user is logged is a good (and not new) idea. Taking a religious position that all information about the user must be encoded in one of these is just making things over complicated.

Not your normal outsourcing

Everybody is talking about this being outsourcing and they should have stuck with their in-house tech people.

My reading of this is that they are switching between two outsourcing suppliers. They lost any in-house system when TSB was spun out and were being held over a barrel by lloyds so they hired somebody to create a replacement platform and got shafted again. Probably because the bank does not have its own technical staff to evaluate the solution properly.

The lloyds in-house techies who were running things till last week are probably still at their desks business as usual.

Compare with Raptor not Merlin

The real comparison with SpaceX hardware is with the new Raptor engine not the production merlin.

Raptor uses the same fuel as BE-4 and is at a similar stage of development (Raptor first test fire was last year)

It does look like Space-X have dialed back their target thrust for the Raptor so current indications is the BE-4 is the larger engine but this is the first test-fire it is almost certainly not running at full design power yet. They probably do have to come close to their target because they don't have the flexibility that SpaceX has to redesign the rocket.

IT angle

You are missing the IT angle to this. Some of the STOR generators (our 2MW for example) are Data-center backup generators. It makes economic sense and ensures the generators go through more test cycles than they otherwise would. And if the grid is going to be unstable its much better that the power grid people switch us over to backup before the problem becomes critical.

not the right recommendation

"with four in five not requiring the use of a capital letter and a number/symbol."

The thing that is important is entropy. Requiring particular characters does not help with this much it is a stupid hang over from the days when only the first handful of chars in a unix password were significant so using the full character set was a good idea.

If you enforce special chars all you get is "password!" instead of "password" same with all the other hard to obey password rules everyone uses one of a small number of common fixes to bypass the rule.

Probably the most important rule to enforce is the minimum legal length of a password.

Quicker to re-org than build a datacenter, also network

"However, the fact that data resides in the UK may be false reassurance from a data protection perspective, since the US government argues that if it is in data centers belonging to US corporations, it still has right of access to that data."

Under the current structure the US government claims this right. If Amazon wants the option in the future to relocate and escape this problem it can probably do so quicker than it can build a data-center.

The other issue is the network. Amazon marketing will tell you that you can place your data anywhere in the world and access it over the internet. This won't work for anything latency critical and if everyone moves to amazon the owners of the trans oceanic cables will know exactly where to go to ask for more money.

Everyone knows that Amazon gets huge economies of scale with large data-centers. There must be a point of diminishing returns after they get to a certain size (amazon must have the best handle on where this point is). Once you get to that point you open additional centers at places of good network connectivity (and cheap power) the uk scores highly on the first of these less so on the second. Maybe they they have some clever idea about how to power it.

Does the market apply to all wages

Though I'm sure the market applies to low paid jobs I'm not sure it always applies at the top.

Sure there are some talented individuals who build their own companies from scratch and have a huge responsibility for the value of the company. However in many companies the size of the company is so great that a small number of unjustified large payouts at the top have no impact on the market price of the shares. On the other hand any attempt to oust the current management would impact the share price so the shareholders and the market as a whole turns a blind eye. As long as only the small number of people at the top have their hand in the till the market does not care. These people are not being paid for the value they add to the business but are taking a "commission" out of the value of business that crosses their desk.

Interesting question for a future article, are commission based rewards good for the health of a market or do they encourage volatility for its own sake? Compare and contrast a Tobin tax and a traders commission.

What version are you runnign anyway

Win7 professional does not get the update anyway. If you actually gave your users a proper

business grade OS in the first place your users would not be tempted.

Phones and tablets are not PCs

The assumption in this article is that MS has to succeed in the phone space.Yes the decline in the PC market is partly due to a certain class of PC user finding a new class of device that fits their needs better. This is a fragmentation of the sector into two markets. Just because people used to use horses for travel and the plough does not mean the future belongs to a unified tractor-car hybrid. Tractors and cars might be made by the same company and use the same basic technology but its not the same product. Apple does ok making a phone and computer the same way Honda does ok making tractors and cars but they are different products. Not every car/tractor manufacturer has to make both and nobody succeeds with a unified solution even if some of the parts are the same. In fact market fragmentation is better for business because apple can sell you a phone and a laptop if you need both.

Phone/music-player/camera combination seems to work as a combination because they are all portable devices you want to carry around and separate devices would compete with each other for pocket space.

Microsoft can't seem to do phones. Apple have never done much in the games console space they both compete in the PC space. Once upon a time Microsoft managed to expand their market by making windows a server as well as a desktop OS and this has resulted in a fetish for using windows as a solution to every problem. Its not.

Rental not Retail

Kindle unlimited is rental not retail.

You get access to any book on the "unlimited" list while you continue to pay the monthly subscription.

Stop paying you lose access.

Paying by pages read might make sense in this model.

However my personal choice is to pay for each book I choose to read. I seem to be reading a lot of the self-published books at the moment because the buy price is generally pretty low (below my why-not threshold)

On the whole I don't think I'm paying extra other than when I really get into a book and go through the 7 book series. In which case I'd rather the money went to the author.

Not the end of the world

Running ANY programming language inside the web-browser is a bad idea. The more capable the language, the worse idea it is. If you can change the web-site applets can trivially be changed into jnlp downloads solving the problem. If you need to access an applet based interface that has not been converted then just open another browser when you need to (you could even write a stand alone program specifically for running java applets from web pages). Lets face it java applets never integrated well with the surrounding web-page so losing the ability to start them seamlessly is no big loss and easily worked around.

Patch?

I think "Patch" implies that the software binary needs to be updated in the cloud providers. Thats misleading.

The bug is in the browsers. If the server is CONFIGURED to allow weak ciphers to be negotiated then a man-in-the-middle attach can be used to force a buggy browser to negotiate a weak cipher even if it is configured not to.

The server can prevent this from happening by a configuration change only. Of course removing support for weak ciphers in future releases is also a good idea. It also means that its even more unforgivable that services are sill accepting these obsolete ciphers because it just means nobody bothered to change a config file.

Apps are not the product

Office 365 is the product. The number of potential users for a cloud based office suite does not change depending on the relative popularity of android and IOS. The only difference occurs when one platform becomes so unpopular that client support for it no longer influences the choice to use office 365.

I don't think the recent reversals are anywhere close to that yet.

Support for android is not about shifting large numbers of apps but saying office 365 is device neutral.

Ah that explains it

Fast flux, must be why the virgin media DNS servers have been locking up so much over the last week,

IT angle

Our data center has an agreement with the power supplier that gives the power company remote control to switch us onto our backup generators at times of high demand. Not a huge power capacity from their point of view (couple of MW) but useful for short term spikes. From our point of view it helps ensure the system gets tested more frequently and its probably better to be switched over cleanly before the problem fully develops. Making better use of the distributed generation capacity at customer sites is now much more technologically feasible than it used to be. I't won't do anything to address the lack of bulk capacity but it will help ride through shorter events.

End of the law but not the end of the line.

Yes the exponential increase in the cost of fabs mean that Moores law is close to the end if not already ended. At some point we will be able to builder smaller transistors but there just won't be any point.

We will have to get used to a minimum cost per transistor just as we have got used to a maximum practical clock speed. However there are plenty of worthwhile ways of improving computers to explore other than just blindly throwing more transistors at the problem. None of these are going to give us decades of exponential improvement but they are worth pursuing. The good news is that once the transistor process (with its huge fab costs) stops taking centre stage then it becomes possible for smaller companies to innovate and compete.

The GPGPU market is an example of this. Floating point performance in increased over conventional multi-core by using smaller compute units and using a greater fraction of the transistors for floating point units.

Chip stacking won't reduce the cost per transistor. Each layer needs to be manufactured and you may ruin some good layers by bonding them to flawed ones. However it may reduce energy consumption and drastically improve the communications between different components.

The future is going to be interesting.

DDR3 DDR4 or something else?

The external Centaur chip opens up other possibilities as well. Such as the Hybrid Memory Cube.

At the High end like Power8 its a smart move. The basic concept has been proposed before (e.g. RAMBUS) but the additional costs of additional components has always been a problem at the low end.

With much of the mass market shifting down to low power portable devices the DIMM memory market is going to suffer so I think there is room for innovation at the top. IBM are obviously not committing to anything other than DDR3 but they have kept their options open.

DRM is key

I doubt a prior art argument will hold up.

OK phone-to-phone gifting is not new but this is phone-to-phone gifting of heavily DRM'ed content from an on-line store without letting the store lose control of the content and its difficult to prior-art (verb ?) apple in that area.

Of course that means that gifting non DRM content by NFC would not be covered as it does not involve downloading the content from a content store.

Somebody should quickly patent exchanging drop-box download links by NFC. Heck you could probably even get it to work without an immediate network connection by generating a unique transaction identifier and then have the giver upload the data when they next get network and the receiver poll until the data is available.

Intel to manufacture ARM?

Does this include the Altera processors with embedded ARM cores?