* Posts by richardcox13

578 publicly visible posts • joined 19 May 2012

Page:

Microsoft veteran ditches Team Tabs, blaming storage trauma of yesteryear

richardcox13

Re: What I don't understand

If your editor cannot do this natively there may well be an extension to do it.

richardcox13

> tab tab tab

Is indeed quicker, which is why any text editor that is worth the CPU/Memory/... to run will automatically insert the correct number of spaces (including less than four if there is already a character or more in place. And auto-indent the next line to match (use shift-tab to reduce indent). A serious editor (eg. what you should be using if paid to write code) will support an editorconfig file in the repo so the team shares settings and does not depend on everyone configuring their editors the same.

If your standard editor cannot do this, then PEBCAK.

Torvalds weighs in on 'nasty' Rust vs C for Linux debate

richardcox13
Mushroom

> This is like vi vs Emacs with 'religious overtones,’ project chief laughs

That would imply that the editor wars didn't have religious overtones.... and my memory of the late 80's Usenet editor wars was very much religeous.

I think the writer of the sub-head maybe a little young, likely "sweet summer child" applies!

Google says replacing C/C++ in firmware with Rust is easy

richardcox13

Remember "Plan on doing it twice, because you will" (typically the second time is disguised as debugging).

The benefit of working through the problem once in prototype mode is you get to work out all the edge cases and business logic before doing the real implementation. Too many times what seemed simple initially turns out to be simple in the normal case and then lots of complexity on the edges; with no real way to plan those edge cases because the spec/user-story/... didn't consider any of that.

What is this computing industry anyway? The dawning era of 32-bit micros

richardcox13

Re: 386 and 68020 had ports of Unix

Uni temporarily had a test unit. Problem it was supplied with insufficient memory to get reasonable performance even for a single user.

This would have been 1990 (just before I graduated).

SpaceX grounded after fumbling Falcon 9 landing for first time in years

richardcox13
Boffin

The best sual form is attoparsecs per micro fortnight, but in this case that's a bit small.

Sweet 16 and making mistakes: More of the computing industry's biggest fails

richardcox13

Re: Honourable mention

> I'm pretty sure Pascal lost entirely due to braces.

And its need for non-standard extensions to do anything useful.

Standard Pascal cannot do something as simple as prompting for a filename and then reading that file.

Rocket Factory Augsburg breaks down the SaxaVord blowout

richardcox13

Re: SpaceX just had a bad day

It was the twenty-third launch for that booster. One individual booster with more reuse than all other rockets combined.

As failures go it is small.

(|From the video appears a landing leg failed, which could indicate further checks for stress crack like problems while refurbishing boosters is needed.)

Choose Your Own Adventure with Microsoft 365

richardcox13

Re: Reinventing a very old wheel

Leasing goes back to James Watt.

His science and engineering is significant.

But more so the "have a free steam pump for your mine; pay my company based on the fuel saving" business. Which made him and his partners a mint.

AI models face collapse if they overdose on their own output

richardcox13

Re: Wolves.....

A more serious case of the same thing.

Automating the analysis of lung x-rays to detect some lung disease (can't recall which). Didn't work, the models fixated on the newer images with higher resolution (input positive cases) over older lower resolution images (input negative cases). So any recent x-ray was positive, whatever the state of the lungs.

The wonders of having no means to debug the model building other than extreme care with input selection when building.

CrowdStrike blames a test software bug for that giant global mess it made

richardcox13

I recall for sometime ago at my first job (so early '90s) talking to my manager about test rigs. He talked about how much effort, for a safety critical was put into testing the test rig. The test rig itself was relatively simple, but validating it covered all necessary good and bad cases for the test target was substantial.

For something you are pushing updates to at a rapid pace, needs more than just a few tick boxes.

It isn't as if CI/CD pipelines running multiple sets of tests using all sorts of software ( for example on Windows Server 2022) are hard to come about (the VM images for these are freely available.

Underlying organisational culture about "updates faster, respond fast, Fast, FAST" is likely the real problem.

CrowdStrike CEO summoned to explain epic fail to US Homeland Security committee

richardcox13

Are you aware of the politian's falacy?

EU gave CrowdStrike the keys to the Windows kernel, claims Microsoft

richardcox13

If you are outside the kernel you restart the user process (there are well established approaches to this).

Dropping back to previous definitions after n failures is also an option (works very well with good telemetry).

richardcox13

Re: WHQL

Remember WHQL validates that a driver calls APIs correctly doesn't make a mess of interrupt handling, etc.

That there was a dependency on a definition file would not be in scope, because that is not the kind of thing that drivers for hardware drives have done historically. It would be great to see WHQL being updated to broaden tests.

Even better would be MS saying new "no third party drivers in the kernel" (Windows has long supported non-kernel drivers). However that would depend on MS being willing to fight through US and European counts that it isn't an anti-competitive measure (ie. third party software writer's laziness is an insufficient reason to allow kernel access).

richardcox13

Re: Dave Plummer has a different take on this

> From what others have said crowdstrike bypassed their own rollout procedure to force the update straight onto production networks, bypassing staging.

Exactly: this isn't the failure of an individual, but an organisational operations failure where a choice to "push and be damned" led to being damned.

Deeper is the clear failure to do fuzz, and similar, testing within an integration test suite in the publication pipeline. As this would quickly lead to seeing the driver's lack of input validation with respect to the definitions.

richardcox13

Re: "CrowdStrike marked their driver as a boot driver"

Any OS, from a kernel component will have this problem.

Eg. RedHat: having a kernel panic due to CloudStrike: https://access.redhat.com/solutions/7068083

Edit: note I make no comment on whether the use of definitions + driver in kernel mode is a good idea[1] rather than the driver just being a bridge to user mode worker where everything happens[2].

[1] I don't think it is.

[2] The chance of a company like CrowdStrike getting this right (handling the worker failing...) seems low.

CrowdStrike file update bricks Windows machines around the world

richardcox13

Re: So, to the unfamiliar…

First: MS did try to stop ring-0 antimalware but was threatened with anti-trust lawsuits by the usual crowd (including, IIRC, McAfee[1]). (Can't now find the reference.)

Second: Crowdstrike did the same thing to RedHat Linux last month https://access.redhat.com/solutions/7068083 caused kernel panic

[1] CEO of CrowdStrike was McAfee CTO when McAfee was breaking systems...

richardcox13

Re: Ahhh, the Cloud, the Cloud

According to the status history, yesterday's Central US Region issue (not at all world wide) was a configuration change issue in a storage cluster. Which is nery much not good, but not a made malware update.

The status page does have an alert about VMs running CrowdStrike Falcon agent having problems.

richardcox13

Re: Related?

Now top of the front page... doing a live update page: https://www.bbc.co.uk/news/live/cnk4jdwp49et

richardcox13

Re: Too many eggs in too few baskets

History says... there will be little impact, and that will be temporary.

Financial markets are all about predicting the future, they don't care about the past.

richardcox13

Re: So, to the unfamiliar…

If you do not have CrowdStrike tools installed .... then you need to do nothing.

This is a third party issue, not Microsoft! A bad update has been deployed.

FWIW another tick for my thesis: "most security software creates more problems than it solves".

Azure VMs ruined by CrowdStrike patchpocalypse? Microsoft has recovery tips

richardcox13

Depends.

If the server rebooting has 0.1s in which to pull down the update before the bad previous update crashes, then 10ms extra latency may be significant. While n/w roundtrip may be measured in microseconds within the DC, it will be milliseconds to another DC.

richardcox13

Equally if it is a database server you then restore the most recent DB backup.... if your DB is not been backed (could be incremental and/or log) up every few minutes your business data is very vulnerable to loss.

richardcox13

> The multiple and up to 15 times just makes it even crazier.

But does make sense. The theory is that eventually the network stack gets enough time before the next BSOD to have updated to the latest files, which don't trigger the BSOD.

I can also imagine this very much depends on the machine's internet connectivity being very low latency and very high bandwidth.

The Clacktop: A Thinkpad Yoga with a mechanical keyboard

richardcox13

Re: Curiously, I watched a video yesterday

The point is you choose the key switches and key caps. There is considerable difference between the IBM classic feel and one for fastest (gamer) response.

richardcox13

Heavy Enough to Bludgeon

> heavy enough to bludgeon someone to death

This is a good starting point for a keyboard on its own. Before considering any other parts.

No more slipping as soon as a key is pressed a little harder...

CrowdStrike shares sink as global IT outage savages systems worldwide

richardcox13

Re: BSOD

In my day we had General Protection Faults... and it was a good day if you went more than a couple of hours between them...

Agile Manifesto co-author blasts failure rates report, talks up 'reimagining' project

richardcox13

Re: Agile misconceptions are rife

That would be doomed under any process.

Unless the budget was generous and had been set after a full (waterfall style) done perfectly design and estimation: which almost never happens.

Chinese space company accidentally launches rocket in test gone wrong

richardcox13

Multiple Videos and Initial Theorising from Scott Manley

https://youtu.be/u3-Kw9u37I0

The X Window System is still hanging on at 40

richardcox13
FAIL

Re: TeamViewer

Isn't that an advantage?

Fragile Agile development model is a symptom, not a source, of project failure

richardcox13

> My experience is that when allowed to figure it out for themselves, competent people will evolve a system that works quite well for their project

This is agile.

Not a set of defined processes/outcomes, but a team working to work better for the customer.

Of course that doesn't leave much room for management who want to be in control.

Study finds 268% higher failure rates for Agile software projects

richardcox13

Re: Software is hard...

> The interesting thing about this survey is that it compares Agile with projects where the requirements were fully resolved before the project started

The alternative is that the requirements are changing; but that requires an understand that "embrace change" does not mean "change is free".

richardcox13

Re: Correlation or causation?

> Maybe the sort of people who *really* get into Agile are simply the sort of people who couldn't successfully complete a project in the first place?

Or more likely (and this is my usual experience) that people who think they are doing agile, are not really doing agile. They do the easy bits (eg. avoid lots of up front documentation) but not the hard parts (eg. effective feedback process on how things are done; the prioritised feature list is actively maintained with the customer deciding when enough is done in place of a fixed budget).

Ie. almost every agile project is using the easy parts of agile to avoid the hard parts of waterfall, and thus is the worst case of both.

Screwdrivers: is there anything they can't do badly? Maybe not

richardcox13

Re: "Screw"drivers?

That's what the smaller TORX sizes are for: pilot.

Elon Musk's xAI scores $6B in its series B funding round

richardcox13

Re: One small problem....

> As I understand it, feeding LLM output to an LLM input leads to, well, enshittification.

Suspect that would really be exponential growth of enshittification.

By 2030, software developers will be using AI to cut their workload 'in half'

richardcox13

Re: Who changed the code?

> Where's the change notification?

I think you mean "pull request": nothing has suggested this has been deployed.

And, any PR without a decent summary of the changes it introduces should never be merged. Which covers this "AI" "help" with current good practice and without huge computation resources. Even if it is just a commit. there should be notes in the commit about the change, again no AI needed for review.

richardcox13
Thumb Down

This will not happen

> By 2030, software developers will be using AI to cut their workload 'in half'

As others have noted this is based on a whole pile of assumptions.

But even if those assumptions are correct, the workload will not half. There will be a combination of fewer people to do the work, and more work to do.

A thump with the pointy end of a screwdriver will fix this server! What could possibly go wrong?

richardcox13

Re: Lesson learned

There are adjustable wrenches and then there are Adjustable Wrenches.

Eg. https://youtu.be/kKFZQVVdWxU?t=856

Techie invented bits of the box he was fixing, still botched the job

richardcox13

Re: "I am not a number," ... MagicSix

> visit Portmeirion but I still have problems with large white balloons

It is well worth a visit. And is just as wonderfully out of place in Wales and it appears on the screen. To avoid Rover leave just after someone else.

BASICally still alive: Classic language celebrates 60 years with new code and old quirks

richardcox13

10 PRINT "60 years! How time flies"

20 GOTO 10

Post Office slapped down for late disclosure of documents in Horizon scandal inquiry

richardcox13

I don't know what the process would be IF the inquiry decides it is appropriate.

That is given in section 35 of the Inquires Act 2005 (as amended), subsection 7:

A person who is guilty of an offence under this section is liable on summary conviction to a fine not exceeding level three on the standard scale or to imprisonment for a term not exceeding the relevant maximum, or to both.

Plans to heat districts with datacenters may prove too hot to handle

richardcox13

Balanced: Unlikely...

> Digital trade association TechUK

A trade association represents the interests of that trade and should not be seen as anything but biased. I very much doubt those building bit barns want to do anything except maximise their return on investment. Any additional cost are something to fight.

OTOH to make something like this work takes political leadership to balance the medium term costs with long term benefit (in this case long term is over decades). And when has that ever been seen in the UK in recent decades?

OSIRIS-REx probe sucked up more asteroid crumbs than hoped

richardcox13

Re: There might be an interesting comparison...

Please don't give the inkjet markers ideas on pricing!

Drowning in code: The ever-growing problem of ever-growing codebases

richardcox13

Re: Remember 'The Last One'?

> Learning to think would be better than learning to code.

Correct. You learn to think by doing things: analysing problems, solving those problems.... which, when it comes to computers, is programming. There are other areas (physics, engineering, ...) that do this as well.

Or, for a completely different academic area: one does not study history solely to become a historian.

ESA gives gravitational wave space probe LISA the nod for a 2035 launch

richardcox13

Re: Curvature of Space-Time

> If the satellites are at the corners of an equilateral triangle, then they need to know exactly the angles in order to bounce lasers off both the other satellites at the same time.

Or make the three edges the same length: which equally defines an equilateral triangle in flat space.

The pen is mightier than the keyboard for turbocharging your noggin

richardcox13

Re: Why aren't you taking notes?

I, OTOH, find the key is to take notes. I don't need to (usually) go back to the notes, but the act of writing down at least a summary of the points really helps me absorb the information.

Equally if about to write some code I find writing some notes on what I plan to do makes keeping focus on the desired outcome (the code does what is intended) also helps. The code is likely to end up rather different to the plan, that does not matter. Having a plan makes all the difference.

But I fully understand we're all individuals[1].

[1] It is about time to watch "Life of Brian" again.

Microsoft calls time on Windows Insider MVP program

richardcox13

Re: Does it really matter..

That was more about being able to sign an NDA with MS whil4e working at Google. Shortly later a away around that was found and the MVC award continued.

> guy that answered all the .Net questions

Not all, but a lot.

Does Windows have a very weak password lurking in its crypto libraries?

richardcox13

Re: Correct me if I'm wrong ...

Yes.

Cryptographic hashes are used for more than passwords.

HTTP/2 'Rapid Reset' zero-day exploited in biggest DDoS deluge seen yet

richardcox13

Re: A cancel request?

> This sounds like a feature created by an overly eager intern.

No. Because this has a completely reasonable use case. A page is loading (eg. for images below the fold) when the user navigates to another page; at this point those resouces outstanding for the first page will not be needed.

Just opening lots of HTTP/1 sockets has its own problems, and cancellations by the client (close the socket) allowed similar DDOS attacks. The difference is the HTTP/1 attacks have had a couple of decades in which defences and mitigations have been built up.

Microsoft says VBScript will be ripped from Windows in future release

richardcox13
Coat

Re: It's an abomination, but...

What's wrong with recursion?

(My coat? It's the one with the "Structure and Interpretation of Computer Programs" in the pocket.)

Page: