Posts by Brian Miller

Re: But still only 8 GiB RAM maximum!

Gigabytes??

"You lucky, lucky bastard. Proper little jailer's Moore's law pet, aren't we? You must have slipped him a few shekels, eh? Ohh! What wouldn't I give to be spat at in the face have "only" 8Gb! I sometimes hang awake at night dreaming of being spat at in the face having gigabytes."

Professional photography was severely hit when technology allowed rank amateurs to get good enough results.

What, wet collodion plate versus roll film? Rank amateurs still produce amateur results. It's not about the equipment, it's about setting up the scene, or recognizing the great scene. It takes a person with the brains and experience to produce the results.

The technology of photography was good enough for amateurs when roll film was developed. The Eastman Kodak camera went on sale in 1888, and people sent in the whole camera back to Kodak for processing. (And the Eastman company botched or even lost a good portion of those!) So the most basic amateur photography has been around for 136 years. And we still have portrait studios, various pro photographers, and news photographers earning a living. When digital really came in, it was the people in the middle who suffered the most, the ones who processed film and made prints, or did various professional process and layout work. Then when cell phones became good enough, it was the digital SLR that suffered.

Life changes. Personally, I still like using 8x10.

Re: Can I see it?

From reading the paper, it seems that any instruction suggestion the AI makes is a red flag against the AI. Really, how many decades has the Anarchist's Cookbook been out there, along with all of the garbage TV and movie scripts with exactly the same instructions the AI is regurgitating? "To make a pipe bomb, start with a pipe..."

Since AIs hallucinate so badly, shouldn't it give instructions like, "To make a pipe bomb, ceci n'est pas une pipe. Fill the pipe with compressed rainbow unicorn farts, tamping down firmly. Place the pipe at the building's soft and supple foundations. Inhale deeply, and blow the building until it smiles grandly. Follow the red balloon."

Re: Another solution...

Yeah, you can wish for that, but somebody has to go out there and do the deed. A lot of them are very canny about covering their tracks, and as long as a local nation-state isn't after them, they're fine. Some countries don't have laws covering what they do, so the perps have to be lured to a country where they can be arrested. That tactic has been done, so the survivors are a bit wiser.

Re: strategic firewall rules on WAN-side interfaces

Yeah, the "strategic rule" is very simple: drop all. Don't turn on the external web interface, don't allow anything through that provides a port to the outside.

Seriously, when is the last time that Bob and Doug McKenzie (or Bevis and Butthead) wrote any firewall rules? Plug it in, and the lights blink. Go surf. That's it. I had a landlord who subscribed to a cable ISP, and I had to walk him through the process of plugging things in. Like not plugging the telephone into the RJ45 jack. Yeah, just because they are both square doesn't mean they do the same thing. I even had to change his browser home page so he would "be connected to the Internet." (My favorite cringe quote: "Does it have to be on to work?")

We shouldn't expect that people will update their firmware. Honestly, the vast majority don't know what "firmware" is. "Turn it off and back on" is all that we can hope for.

Re: Rockstar

The move is always to attract developers and milk them dry. I have met very few developers there with real talent. The last time I worked there, I was chewed out over code I didn't write, and then told to "fix" exception handling in 50+ files in three days or be fired. Fixed them in two because I know regular expressions, and I can type.

I don't believe that Microsoft hires based on actual talent.

Security is common sense, but both are lacking

Computer science is not the same as computing or IT. Expecting a computer science graduate to have taken cybersecurity courses is like expecting a maths graduate to have taken book-keeping courses.

Um, actually, it's more like architecture, and skipping over putting locks on the doors and windows. Really.

There are a lot of ways to ensure that a system has some reasonable bit of security. The problem comes from people in power who don't want to put any security on anything, and then have a funny look on their face when somebody pwns their network. And of course it's just not their fault for nixing all of the basics.

"I went to Blackhat and all I got was this stupid t-shirt, and your firewall, routers, switches, servers, PCs, HSMs, phones, light switches, toothbrush, and butt plug."

There's a phone API that puts plaintext passwords into the REST call parameters. There's a "secure" CPU firmware that has a copy-paste vulnerability when encryption is turned on. And on and on. "I know you worked hard on that, but security is complex, and it's behind a firewall, so it's OK."

The only thing that forces security is what happens after an "incident." Companies have to wind up paying hefty fines and face embarrassment and ridicule before they do anything sensible.

Re: They don't want excellence

Either it's fast enough to do the job or it isn't.

And it wasn't fast enough to do the job. The minimum set by the marketing team was 20 requests per second. They wanted to build a gobal world-class API for their product, which at scale would mean millions to billions of requests per second. 20, let alone 10, requests per second doesn't cut it. I was assigned to improve it, it was my job to write better code. And I did do that.

The code to "improve" was a mess. Incoming JSON was checked with regular expressions. Numbers were converted to strings, said strings were used as binary with "1" and "0", and converted back to numbers. The language library functions were avoided wherever possible. There was a functions with inscrutable names, like "compute" and "randomhexprependlastbyte" (which did do something with random hex and bytes). Code from GitHub and elsewhere was patched in almost randomly, with no attribution. Of course there weren't any comments.

There are no little magical tweaks that improve code. You have to start with a good and competent design, implement it well, and test it to ensure its functionality and performance.

I got burnt out from working with a hostile manager, an indifferent middle manager, and an incompetent coworker.

No, burnout comes from a bad environment. It comes from dealing with crap code and crap management. We live in a distopia, and there are plenty of people enforcing that. Just like you claiming "Doesn't sound like burnout to me." What you wrote seems like trite trolling to me. I have no idea what you actually produce, but it doesn't seem like you write code.

Re: Been like that a long time…..

Yeah, decades. The NCR 32032 (first 32-bit microprocessor) was exported at 12MHz, and ran stateside at 32Mhz. The CPU cards were "crippled" by dropping the clock speed with jumpers on the board.

And now China is working on its own fabs and chips. Really, what's the point of an export restriction when the targeted country can just build its own products?

Re: No AI Isn't Replacing Anyone: But Everyone Is Using It as the Excuse!

Power corrupts because there isn't a surge suppressor on it. Once power is effectively suppressed, it becomes very useful.

Re: There is no substitute for boots on the ground

The people wearing said boots still need appropriate instruments to analyze the rocks and soil.

Re: I wonder how much blame can be attributed to poor code examples

There's a big difference between a temporary key in a URI parameter and a key hard-coded in the source. Dumping strings from an object is old hat. Keys in source code is never a good idea. Keys in hardware is only a good idea if the key is stored in a manner that it can't be directly read, only used.

Security is supposed to be like an onion, not a waving wiener.

Re: Translation.

No, not quite at all.

My secondary shell is Wireshark, and I've been doing network programming since, ah, 1992 or so. There is much to be desired about what is going on upon the wires. The TCP start takes three packets before the actual data stream starts. If it's a secure connection, then more packets are exchanged. As the stream progresses, acknowledgement packets must be sent back relatively frequently, enough to be a burden on the traffic.

The RFCs have plenty of solutions that have been tried over the years. Simply using UDP can be just fine, but all of this takes programmers who really know their stuff. Bluffing doesn't cut it with network performance.

I haven't read all of John Ousterhout's paper, but there isn't anything in there about HOMA being published in an RFC. At least there's a GitHub project: https://github.com/PlatformLab/Homa

"I mean the EE wages are not much different from someone flipping burgers"

Nearly true, a local company wanted to pay only $75K for an EE with decades of experience. So of course the fellow declined to be hired for that wage. If the companies that need the talent can't be bothered to pay a decent wage, then of course people will leave EE and go with software.

Re: hmm really

To put it simply, my hearing has fallen off. 15K seems to be my upper limit now. So when I see things like, "to 40KHz", I know that #1 a young human can't hear that high, and #2 the source signal never had that information.

Top quality microphones are rolling off at 20KHz. A Neumann is not a slouch microphone. If the audio information isn't there in the recording, then it definitely shouldn't be there during the reproduction.

Re: Tall poppy syndrome

There is a big difference between "good economical idea" and "infeasible project."

Beaming power down from space would have to be economical in comparison to building effective power plants on dirt. And honestly, a power plant Earth-side is still necessary, because the RF will still need to be converted to something the electrical grid can handle.

The conversion loss is significant. First, the solar energy must be converted to electrical energy, which is then used to power the RF transmitter. Then there is the transmission loss between space and ground. Then there is the conversion loss in the power plant. And of course, that power plant in space is going to need servicing.

So which is more economical? Taxing the shit out of excessive power usage to drive people to save power, (change your light bulbs, buy machines that can't run Crysis or mine Bitcoin), or tossing up power plants in spaaaaaaaaaace?

Re: Why not go Orwellian?

"... suggest that everybody must have a camera and microphone implant installed in the eyes and ears."

Wasn't that Google Glass? And all that's needed, really, is to do away with that pesky HTTPS, and all that encryption nonsense.

The shield prevents a face- or palm-plant action, not an oopsie-slide-it-up-bump action. I'm guessing that the chair arm could come up over the edge of the console, and bump things.

On the positive side, the power plant should be shut down in a couple of years.

Re: Great news....until.

... Until the deorbit mission fails. That's when there will be real problems!

Playing with their balls, in bins

Abstract

In dynamic load balancing, we wish to distribute balls into bins in an environment where both balls and bins can be added and removed. We want to minimize the maximum load of any bin but we also want to minimize the number of balls and bins that are affected when adding or removing a ball or a bin. We want a hashing-style solution where we given the ID of a ball can find its bin efficiently.

So server A is less than 10% more burdened than server B. If B has 50, A has 50-55.

Re: What a Muppet movie this would make

And it would feature exiled zombie Napoleon, waiting on the moon to renew his conquest of the Earth!

https://xkcd.com/1510/

That would be the one you've set up by yourself, without telling anybody about it beforehand. Otherwise, I'm sure that all VPN providers log data. It's just a matter of who gets it, and when.

J27 wrote: "Containers are VMs..."

Uh, what? From Docker: "A container is a standard unit of software that packages up code and all its dependencies so the application runs quickly and reliably from one computing environment to another. A Docker container image is a lightweight, standalone, executable package of software that includes everything needed to run an application: code, runtime, system tools, system libraries and settings."

A CPU VM is a hardware virtual machine, which is supposed to be isolated from everything else by hardware. It is not a package, it is an isolated virtualization of the base hardware.

One is a package. One is hardware. The package requires a host operating system, and does not stand alone. The VM stands alone.

As for makes things easier, well, only if certain vendors decide to keep their crap up to date. I work with AWS CloudHSM. The client packages for that are woefully behind for Ubuntu, and that makes a Docker image for Ubuntu currently useless. I just finished switching our Docker images to be based on AWS Linux, as I'm hoping they will keep their own crap up to date.

Yes, I agree with others, good packaging is something that is overlooked. However, that was something that has been "taught" in the workplace, and when managers with no clue are put in charge, along with "newly-educated" "software engineers" then disaster strikes. Again and again.

Re: Ah, Threat-Detecting Boots

What you have to watch out for is that charlie-horse from the military years that just happens to grab, and yank your leg up straight at someone's crotch...

No, it isn't spiffy like the threat detection technology, but you couple that with PTSD, and you're good to go.

Re: Should we rename...

Honestly, I don't remember "bing" being an American word. There's "bingo" but not "bing". But then again, I grew up around lumber mills, not coal mines.

Re: A 'transient issue'

Maybe a squirrel got into something. Literally. Again.

Re: Sign

Actually, I bet the fan is frozen. When the BIOS displays that message, the fan should be running at full tilt. But since the fan was a cheap dodgy thing, costing less than 25p, it ran until it froze. So, like, maybe a month or so. Then the CPU overheated, rebooted the system, and there it sits.