* Posts by Roo

1648 publicly visible posts • joined 21 Sep 2010

UEFI flaws allow bootkits to pwn potentially hundreds of devices using images

Roo
Windows

There is a *really* simple solution to this...

The only firmware should be to load a bunch of bytes off a USB stick and execute them.

The vendors can supply their USB stick installed in the motherboard by default with all their cruddy unnecessary, unreviewed guffware that they want. Folks who don't want the guffware can put their own stick in with whatever pre-boot crap they want (or maybe just a simple locked down bootloader) and optionally superglue the stick in place for extra security. We have USB headers on motherboards already, this is not hard or expensive folks.

USB Cart of Death: The wheeled scourge that drove Windows devs to despair

Roo
Windows

How cute.

I sincerely hope that wasn't Microsoft's primary mode of testing their USB stack. Then again, given that they made a fetish out of releasing stuff late and buggy and being macho about it, it seems plausible that their stone age cut the victim in half to see if it bleeds approach was the best they had.

Now, how about that unit testing to ensure those BSODs don't happen in the first place - and maybe we get some more helpful diagnostics instead ?

Want a well-paid job in tech? You just need to become a cloud-native god

Roo
Windows

We're cheaper because we live in a 2 bit slumlord economy.

Roo
Windows

Re: Someone Else's Computer certification

I think the biggest win w.r.t to (a big) Cloud provider is the ability to serve content globally - and provide some redundancy in the case of an entire region going down. That said there is nothing stopping you from developing your system to be capable of being run in the cloud or on your own host(s), it's not rocket science (IMO).

The UK government? On the right track with its semiconductor strategy?

Roo
Windows

Re: pile it high, sell it cheap

True, but it was the Tories that couldn't bin INMOS fast enough.

Roo
Windows

Re: pile it high, sell it cheap

"Selling it entirely is akin to selling your home because the neighbourhood has deteriorated to the point where you no longer feel safe even going out to buy groceries."

That's a pretty decent analogy, the thing is this is not a new phenomenon. Case in point Maggie Thatcher's government tried to arrange for the sale of INMOS to American investors at a knock down price before brokering a sale to Thorn EMI (yeah, the fire extinguisher folks). INMOS was the company that built the fab in Newport. Total government investmernt in INMOS was £50m (£235m in today's money going by BoE's inflation calculator) which is peanuts really when you compare it to HS2 which comes in at £247m per km.

Roo
Coat

Re: 'semi' conductor strategy.

You left you coat. :)

Downfall fallout: Intel knew AVX chips were insecure and did nothing, lawsuit claims

Roo
Windows

Being sold a leaky bag of shit instead of a high performance processor is worth a law suit IMO, doubly so given that Intel sat on the vulns (and asked the researchers to delay publication). The honorable thing to do would have been to fess up to the pwnage, fix the next release of CPU and refund folks if they install the patch that halves their performance. Intel were pushing AVX *very* hard back then - speaking from my own experience as someone who had to evaluate those chips for HPC applications. YMMV

Intel's PC chip ship is sinking with Arm-ada on the horizon

Roo
Windows

Re: "Intel's deep history of innovation failure"

There are at least two good reasons for ditching a big hairy old ISA:

1) It's far quicker, easier and cheaper to design an implementation of a clean, small and well defined IDA vs a very complex very old & crufty ISA.

2) It's far quicker, easier and cheaper to validate an implementation of a clean, small and well defined IDA vs a very complex very old & crufty ISA.

Those two reasons underpin why RISC architectures continue to survive and thrive through domination of the SoC scene - which happens to be where most of the money is. Shipping big clunky and expensive 2000+ pin packages is dandy - but it doesn't cut it when folks are trying to sell a couple of million mobile phones.

The most damning indictment of Intel's innovation failure is that it was *AMD* who developed the current dominant incarnation of x86 (AMD64 - remember that ?). Just to add a bit of salt to the wound there were senior Intel engineers posting on USENET sometime before Itanic (2001) saw the light of day that stated they reckoned a 64bit cut of x86 was what folks wanted (and was very doable). Not to mention that the whole dynamic / static optimization argument had already been decided by the Alpha EV6 (1998) vs the EV4 (1992).

Sorry Pat, but it's looking like Arm PCs are inevitable

Roo
Windows

Re: Compatibility

SoftPC emulated PCs on UNIX machines back in the mid-80s to the point where you could run FlightSimulator on it (slowly). VMs and emulation have moved on a bit since then - those problems are old hat and quite frankly most of that "optimized assembly code" doesn't actually run that well on modern hardware anyway... ie: you're not losing anything by trans-piling the code on the hoof. With respect to device drivers - they are largely a solved problem - although I'd argue you probably shouldn't be targeting running those as native code - just provide the interfaces (again VMs do this just fine).

The PowerPC, Alpha and Itanium editions of Windows faltered because they don't make the hardware any more. Joking apart modern software development is a different ballgame - stuff like unit tests and coverage vastly simplify and accelerate validation of "ports" of software to new environments. By comparison Windows development was pretty stone age even in the mid 90s. :(

Roo
Windows

Re: Anybody remember Intel StrongARM?

StrongARM was actually developed and produced by Digital Equipment Corporation. StrongARM was a big deal at the time, it was clocked a lot higher than the contemporary ARM cores and opened up a lot of new applications for ARM cores. Compaq bought out DEC, HP bought out Compaq - and at some point in that kerfuffle Intel paid whoever owned DEC at the time a huge wedge of cash to license some big chunks of DEC IP - which included StrongARM. Intel carried on producing StrongARM for a while, got bored and dumped it.

Roo
Windows

"Linux has failed to fix DLL Hell, which MS fixed by 1997"

As someone who has coded for DOS, Win 3.x, Win 95, Win NT (3.51, 4, ... and so on), no they really didn't sort it out.

These days we have Java, Spring and Node on top of that DLL hell. To compound it we "solve" the problem with VMs, Containers and Flatpack etc to work around the inherent packaging problems...

First ever 64-bit version of Windows rediscovered … and a C compiler for it too

Roo
Windows

Re: DEC vs Intel

Alpha was also somewhat hamstrung by export controls - allegedly lobbied for by Intel, meanwhile Intel's parts had no such controls imposed against them and Intel were able to successfully lobby against controls being imposed long after their products had surpassed the Alpha.

Cloud is here to stay, but customers are starting to question the cost

Roo
Windows

I can only speak for a large org with respect to hidden costs. Here's a couple of examples from the coal-face:

1) A number of business cases were made on the basis of securing "Spot Instances", which failed in practice because there wasn't sufficient liquidity to meet demand. So the applications were *forced* to use "Reserved Instances" instead - which were found to be ~3x more expensive than on-prem hosting.

2) Application teams had to acquire and/or develop system administration capabilities, duties that were previously handled by on-prem hosting teams (at lower cost).

Also with respect to "unused" capacity cloud doesn't really tackle the root cause of that - specifically the fear of "if I switch this off what else is it going to take down ?". It's not necessarily a rational fear, but it exists with cloud infrastructure just the same as it does with on-prem.

IBM Software tells workers: Get back to the office three days a week

Roo
Windows

Where are the facts & figures to support a return to the office ?

These return to the office edicts keep popping up with actual verifiable facts and figures to back them up, the arguments put forward by the executive class amount to they are lonely and they haven't worked out how to do their jobs properly yet so they need people around to make them look good. Put forward some proper reasons for it if you want to motivate people to return to the office.

Microsoft admits slim staff and broken automation contributed to Azure outage

Roo
Windows

The Cloud Vendors keep telling us that they offer a cheaper* option through economies of scale (and better utilization of hardware).

The flip side of this is that they have less redundant kit lying around to run a proper test, and if the test goes wrong (eg: cooling systems) then the scale of the outage is much bigger and the time & effort to recover can also be geometrically scaled accordingly. Also because of the resources are so readily interchangeable and by necessity interlinked failures will cascade fairly readily as well. So the downside of a test going wrong is hugely expensive for them (and their customers), and arguably it's probably cheaper and easier to assume everything will be fine instead of causing outages deliberately.

Personally I like a bit of fat in the system and the ability to tightly contain failures, but the folks paying the dosh like zero fat, moving fast, breaking things, and failing big.

The Anti Defamation League is Musk's latest excuse for Twitter's tanking ad revenue

Roo
Windows

Ad revenue tanking

I am pretty sure that shedding most of the workforce, not paying bills, Musk smack talking in public and being a 24 crt knob-end had more effect on the Ad revenue tanking. Instead of owning that Musk has decided to deflect and blame the ADL and by implication some kind of Jewish conspiracy. Put the crack pipe down Elon and eff off while you're doing it.

What DARPA wants, DARPA gets: A non-hacky way to fix bugs in legacy binaries

Roo
Windows

Re: There are a lot of problems with this

To be honest more often than not the bug has been within the developer's (my) code rather than the compiler.That said I believe developers *should* be at least able to determine that the compiler is misbehaving through proper testing of their code and using appropriate tools such as another compiler, and/or a disassembler. In my experience the vast majority of developers who insist that the tools are to blame don't meet that criteria. :(

I've only had two occasions (in 36 years of using compilers) that the code was categorically correct and the compiler was misbehaving (ie: not doing what the documentation said it should do). It took a couple of days to pin it down & fix it in both cases. There was a false positive raised by cow-orker who had been kicking furniture around the office while mooing about the compiler being busted for over 3 weeks that I debunked in 10 minutes using a disassembler - because 1) the lying dickhead refused to show his source, 2) didn't know the difference between K&R functions & ANSI Prototypes and 3) failed to actually unit-test his shit code.

School for semiconductors? Arm tries to address chip talent shortages

Roo

Re: How about

You need to pay them a competitive salary when you've trained them up too, expecting folks to accept an average wage for practicing a rare and valuable skill when they can get paid more as a common or garden sparky isn't going to fly.

Stolen Microsoft key may have opened up a lot more than US govt email inboxes

Roo
Windows

Re: Save the politicians!

None of which excuses or changes the fact that Marge was caught attacking the President of the USA through persecuting a private citizen who happens to be his son. Marge broke the law: flashing her porn collection in a congressional hearing without the permission of the subjects has no legitimate legislative purpose. Persecuting a private citizen with the goal of bringing down the President of the USA isn't deflection, it is a culmination of the GOP's shilling for Adversaries of the US and their own depravity.

There is a heavy cloud of sexual abuse, nepotism, grifting, blackmail, porn, drugs, illegally doxxing immigrant children (by aides of a guy who turned a blind eye to sexual abuse for over a decade), trafficking children and asking for pardons hanging over the Gropey Old Perverts party at the moment - they and their supporters + enablers should be cleaning house before pointing the finger. I say this in the hope that they might stop giving the Tory numskulls in Rightpondia ideas, money & speaking engagements.

Roo
Windows

Re: Save the politicians!

The CCP could just ask that unregistered Chinese agent fella to arrange for the Make America Gag Again crew to leave some dossiers in Trump's ballroom. Oh hang on, that chap is difficult to get hold of right now. Never mind, they could watch a ridiculous waste of tax payer Congress hearing and to see some dick pics and revenge porn being waved around by a Congresswoman. Or maybe they could sign up to congresswoman's mailing list to see some dick pics - hell they could even use a hijacked child's account to do it...

Memory safety is the new black, fashionable and fit for any occasion

Roo
Windows

Re: In other words...

Heaps are easy. Those are the things the that you configure in the JVM command line such that they consume the entire address space of the machine - just in case it runs out of memory printing Hello World. Of course real pros run it under a VM because it's safer that way when it takes the whole OS down with it.

Roo
Windows

Re: Impossible

Threads always have been and always will be a dumb idea because:

1) There is no well defined interface between the interacting components.

2) The hardware & compiler has to try and fake a flat memory model (no physical memory is perfectly "flat" in the time domain, never has been, never will be).

3) The programmer has to try and come up with a reliable scheme for ensuring the threads don't clobber each other.

At the end of the day anything that scales reliably ends up using a message passing/CSP model at some level - most hardware has been operating in that way at some level for *decades* to present the fiction of flat shared memory to threaded apps.

Going out on a bit of limb here, but any argument or assertion that presumes threads are either desirable or necessary is inherently invalid.

Roo

Re: Higher Level Attacks -- Way Above C...or C++.......

One of the activities I spend a lot of time on is mitigating / fixing / risk assessing vulnerabilities. The memory based vulnerabilities still pop up but the vast majority are related to poor design / implementation of Java libraries. For example Jackson needs regular updates to extend their blacklist of classes that they should not handle.. Even log4j keeps springing new ways to be owned, and then of course there is Spring... JavaScript based stuff is just plain rotten and unfixable due to the vast tree of interdependencies... Case in point I tried out an example hello world static web page... it needed 1471 npm modules (not even kidding here) to build it. Good luck validating that lot.

Florida man insists he didn't violate the law by keeping Top Secret docs

Roo
Windows

Re: What About The Current Resident?

That would be Dozey Donald who held up military aid to Ukraine. There was this impeachment thing as a result of it, but of course you knew that and lied like a true red copium addict.

Roo
Windows

Re: They Have You For A Ride

Talking of unequal application of the law, Michael Cohen got 53 days of solitary for lying to congress - if Barr applied the same punishment regime to Trump he'd have been locked up on day 1 of his reign of self-indulgence and he'd be looking forward to being buried in the same room. As for the rest of it, there is precisely zero evidence to back up your Maga talking points. That bronze badge you are toting is tarnishing fast.

Roo
Windows

Re: What About The Current Resident?

When you get down to it Trump asked for Russia's aid in doxing his rival's campaign in a stump speech, and promptly received what he asked for - from Russia. Later investigations resulted in multiple Trump campaign operators being convicted (and some later pardoned - by Trump) for seeking Russia's help. If you think Trump has it rough being given due process for mishandling nuclear secrets and seeking out Russia's help to get elected, it's pretty tame stuff compared to the treatment meted out to Michael Cohen by Bill Barr on the grounds that he lied to congress about the number of times he spoke to Russia regarding a Trump real estate deal (he said 3, real number 10).

I suggest you read the Steele Dossier if you can find it, it's pretty tame compared to the unsubstantiated stuff Fox keeps spewing about the Bidens & Clintons. The evidence doesn't lie, the folks weaponizing government are Trump and his shrill shills.

Roo
Windows

Re: What I cannot understand ...

I recommend reading the indictment document, it lays out the charges against the Mango Mussolini pretty well.

All of those charges could have been avoided if he simply handed the documents back when asked for them. Instead we have to go through this ridiculous clown show because Donald is a dickhead and his cult followers are muddle headed democracy hating copium abusers.

Intel mulls cutting ties to 16 and 32-bit support

Roo
Windows

IA64 didn't exactly set the high end alight either, and let's face it big memory was (and remains) not a huge technical deal and a niche market. AFAICT they were just trying to keep the old POWER vs PARISC fight going because they had no other market where they could compete.

Roo
Windows

IA-64 was always DoA.

This reply isn't really aimed at you Michael as I'm fairly sure you know all this already. :)

The criticism of IA-64 that stuck was the fact it promoted static optimization over dynamic (on-chip) optimization - at a point in history where silicon economics made dynamic (on-chip) optimization tricks (already pioneered on big iron in the 60s & 70s) viable. It was a very backward design that might have done well in the early 80s, but made zero sense in the late 80s with the transistor budgets skyrocketing.

Modular finds its Mojo, a Python superset with C-level speed

Roo
Windows

Re: Static typing in Python

Python's duck typing can (and usually does) save an *awful* lot of redundant noise in the source code - and that conciseness can benefit the poor old meatsacks that have to read the code. In practice I write in both C++ and Python, using C++ (and liberal sprinklings of 'auto') to tackle the (relatively) well-defined performance sensitive jobs, and Python for the stuff that tends to change frequently or needs to be maintainable by someone under the age of 50.

I genuinely enjoy coding in both, and yes I do like the type safety in C++, but I also like to write comprehensive unit tests and concise code which Python makes very easy. Meanwhile Java has come to represent the worst aspects of C++ and Python. All too often in Java & C++ land I see code broken up into lots of meaningless micro-classes and layer upon layer of "design patterns" to enable unit testing - which results in a shit-ton of unnecessary code - and programs that don't work anyway because folks haven't been able to properly test the interactions between all those micro-classes. Python's laissez-faire approach to typing and encapsulation drastically reduces the verbosity of code, and makes unit testing (and integration testing) much simpler - both wins when it comes to maintaining a large code base.

Of course folks can still write FORTRAN in any language. ;)

It's time to stop fearing CPU power management

Roo
Windows

Latency can wreck scheduling...

Large (distributed batch) workloads typically require some scheduling to ensure that you don't end up waiting for a slow task to complete at the end of the run. To get best utilization you try to schedule those long running tasks early on in the batch, and typically you work out which of those tasks are going to be long running by looking at how long they ran in the previous batch run... We have see power management throttling add 30% to a run time - and thus muller the scheduling of that batch *and* the subsequent batches. Sure you can do all kinds of clever statistical analysis - but in practice that doesn't necessarily help as much as you might hope when your wall clock run-times can be +/- 30% depending on the phase of the Moon.

I do agree with the premise though : grow the eff up and deal with variable runtimes ... It's just that Java boyos calling out to C++ libraries don't deal with it in practice - it's beyond their pay grade.

Samsung to cough up third of a billion bucks for ripping off patent

Roo
Windows

Start as you mean to go on.

Netlist stole their company name from common usage ffs.

Microsoft nopes out after Twitter starts charging $$$ for API access

Roo
Windows

Re: Let me see now...

I know it won't happen, but it would be an interesting to see how teamMusk went about proving that GPT has data derived from Twitter encoded within it. Go on Elon, sue away, show us how to prove GPT contains our data...

Ex-Twitter execs sue over $1M+ in unpaid legal expenses

Roo
Windows

Re: Have an upvote

Hmm, while Donald and his shysters have been playing rock-paper-scissors, the DAs have been playing 3D chess. Trump could not play the 5th card in the James case due to "Adverse Inference" in that civil case, so he gave evidence for 7 hours, evidence that can now be used for Bragg's criminal case. The neat thing is because the civil case is going to trial first - Don's shysters can't get a stay on it due to a pending criminal proceeding, so they'll get to visit court at least twice. Trump and his clownshoe shysters haven't been giving the DAs enough respect - and it looks like they are going to pay for it.

They now have to depend on "Gym Jordan" (CU Law - Failed) and the Supremes who answer to the highest bidders - they have essentially already lost in the court of public opinion. Trump's biography is going to read like a cheap knock off of Idi Amin's at this rate...

Plenty of time for more twists and turns - but it looks like Trump has seen the incoming torpedoes and scuttled his boat before the battle actually started.

Roo
Windows

Re: Have an upvote

At the end of the day Trump has shown that he is more than capable of defending himself in court, he has plenty of financial leverage and he's more slippery than a greased weasel. He can take care of himself and he usually does, spare your pity for the mugs who contribute to his fundraising efforts.

Roo
Windows

Re: Have an upvote

You should tale a look at the specifics of the charges being brought rather than regurgitating the defendant's spiel without question because acting like a mug tends to get you mugged. HTH.

Intel pulls plug on server system design division

Roo
Windows

Doesn't bode well for INTEL over the long term.

This is a bit of a shot in the foot from Intel. They'll save bugger all cash and in return they'll lose all that in-house expertise on how their chips are actually used, and all the feedback those guys would have had to help make their chips better and easier to utilize. They've cartwheeled down the shark's gullet in this instance.

IT boss arrested over Cash App exec Bob Lee death

Roo

Nah, Musk is just advancing his control-freak-paranoid-wold-domination-agenda via opportunistic hijacking of the lamestream media narratives to punch down on proles - business as usual.

Musk said Twitter would open source its algorithm – then fired the people who could

Roo
Windows

Re: Oh it gets better!

Let me guess: the creds written on the back of a fag packet are stored in a safe in a building they've been evicted from because they didn't pay their rent ? :)

Roo
Windows

I think Elon bought Twitter for "control" over the narrative - on the basis that it is/was the preferred platform of journos & talking heads, so now he gets to decide what they can and can't say. He hasn't exactly been subtle about his censorship, and he is banking (rightly I suspect) on the fact that it's hard for a content 'creator' to move their entire community to another platform in one go. Sure the Twitter user base will fragment and may migrate - but breaking up communities that he perceives as a threat could be a win in Elon's mind. At the end of the day the only thing he's lost is cash - which he has a lot of already - and most of it was borrowed anyway, it's not as if he has to work hard for a living.

Arm co-founder: Britain's chip strat 'couldn’t be any worse'

Roo
Windows

Re: oxbridge

She has added Chief Turnip to her qualifications.

Roo
Windows

Re: You neglected one very obvious option

Their strategy is not to have a strategy. Meanwhile the Finance industry is quietly packing it's bags and leaving now the cupboard is bare and the action is happening over in the EU, again the strategy is not to have one.

Debian dev to the rescue after proposal to remove Itanium from Linux kernel

Roo
Windows

Re: Alpha != Itanium

The Alpha didn't die because it was slow or had a weak memory model, it died because the folks who bought DEC had no interest in developing it - their main business was punting Intel processors - they bought DEC for the IP and customer base. Also with respect to the website memory barriers aren't "hard" to understand at all IMO, sprinkle them like confetti if you want - or just let the compiler sort it out for you. Literally was never ever a problem in the decade of cutting code for Alphas, and you could be fairly sure they'd run whatever you threw at them --ing quick - even the 5 year old dusty boxes at the back of the server room. Just speaking as someone who actually wrote code for ARM, Intel and Alpha and had to care about performance...

Intel wants another €3.2b from German gov for Magdeburg mega fab

Roo
Windows

Brexiteers did lie and bullshit an awful lot. The key to understanding their position is to accept the fact they are a bunch of insecure over-promoted selfish toffs that hold the plebs (ie: most of us) in contempt and will destroy everything that stands in the way of them keeping their noses in the trough.

Atos will be paid $29m over $1b UK Met Office supercomputer dispute

Roo
Windows

Re: atos

AFAICT the government's shitlist comprises of everyone who doesn't donate to the Conservative party.

Roo
Windows

Re: More questions than answers.

Getting two Xeons of the same stepping and firmware performing identically is a challenge in itself. That said I wouldn't necessarily bin a bid on the basis of using two different generations of Xeon, in practice supply can be constrained, I very much doubt any supplier can guarantee you a ready supply of replacement motherboards/CPUs with identical firmware and steppings of all the major components a couple of years down the line. In practice, in a distributed system of any non-trivial size, you will have to swallow differences in the nodes, and that will likely manifest itself before many systems of size are even fully commissioned given how long it can take to get all your code and data transferred & validated. BTW: this has been the case for at least 30 years, it's not a new thing, time for folks to grow a pair and get used to it.

Elon Musk's cost-cutting campaign at Twitter extended to not paying rent, claims landlord

Roo
Windows

Re: If you wish to be a capitalist, you have to abide to capitalism rules

Makes a lot more sense than anything Elon says.

Too big to live, too loved to die: Big Tech's billion dollar curse of the free

Roo
Gimp

Re: Centralised service, centralised problem.

The hitch is that if you own your own domain name and run your own email server you need to jump through continually changing and multiplying hoops to have email from your server delivered to the inbox of folks with Google/Yahoo/whatever accounts as they add yet more bells and whistles to block spam that accidentally on purpose also make it harder to run your own email server. Gimp mask because the big boys are making you wear one when you run your own SMTP box. :(

Britain has likely missed the boat for having a semiconductor industry

Roo
Windows

Re: 4 decades too late

I bet you could get a Raspberry Pi to tickle those ISA lines fast enough to make it go, modern microprocessors are amazing. :)