That's a huge point. If we are heading to Mars, we don't really need 1G in the ship. We still have to deal with low-G issues, but not microgravity.
Posts by Claptrap314
2894 publicly visible posts • joined 23 Jan 2015
Page:
Scientists suggest possible solution to space-induced bone loss
Judge sides with Meta and Google, puts California child privacy law on hold
Unity talks of price cap and fees for only largest games developers
GitHub Copilot, Amazon Code Whisperer sometimes emit other people's API keys
Former CIO accuses Penn State of faking cybersecurity compliance
Australia to build six 'cyber shields' to defend its shores
Britcoin or Britcon? Bank of England grilled on Digital Pound privacy concerns
37 Signals says cloud repatriation plan has already saved it $1 million
Monday 18th September 2023 10:12 GMT 
Re: Is it comparable?
As a SWE who had to learn WAY too much about Rails internals working around various *($#& problems, let me tell you that Rails code sucked rocks in the 1.x - 2.x days. And the early 3.x code was worse. I referred to one of his innovations (which is STILL polluting the ruby ecosystem) as a "typical DHH three-quarter baked solution". It solved his problem pretty well--and made the life of a LOT of other people miserable in the process.
So when it comes to DHH claiming that he's achieving some great success, history shows that he's particularly good at ignoring the larger consequences of his decisions. I think this is a classic case where someone is dramatically dropping uptime while not even noticing.
Google throws California $93M to make location tracking lawsuit disappear
Google exec: Microsoft Teams concession 'too little, too late'
Unity closes offices, cancels town hall after threat in wake of runtime fee restructure
How to snoop on passwords with this one weird trick (involving public Wi-Fi signals)
GitHub alienates developers by force feeding them AI recommendations
Friday 15th September 2023 01:20 GMT
Wondering again...
Is this on free accounts?
As in--is the product complaining about the shape of the chute?
My company is an org paying $4/seat/month. That's not a bad deal. Yes, it is an insult to the open source devs. But of all people, these are the ones that should be capable of voting with their feet.
Yes, this is crummy behavior--did you think that they are running a charity?
Unhappiness I can understand. But free accounts have to be paid for somehow.
Activist investor to GoDaddy: Cut costs, improve sales, or sell
Scientists spot startlingly close black holes in Hyades star cluster
Friday 15th September 2023 01:13 GMT
Be prepared to keep wondering. Since the detection method relates to the statistical behavior of the masses in the cluster, one would have to go back tens of millions of years, and then observer a discontinuity in the second derivative of the prediction of the locations, then map it to the excess accumulating to one part of the cluster....
Certainly, this is a worthy idea. Unfortunately, the threshold for a hypothesis is that it be "testable", and I'm not thinking that the chance of that is great.
Microsoft and GitHub are still trying to derail Copilot code copyright legal fight
Hope for nerds! ChatGPT's still a below-average math student
Saturday 26th August 2023 01:35 GMT
Re: Just wondering
These programs don't remember what they "read". They store statistical information about the relationship of words in the totality of their inputs.
What would happen if you ask, "What is the text of Act I, Scene I of Shakespeare's Romeo and Juliet"?
Not curious enough to make my own account...
The world seems so loopy. But at least someone's written a memory-safe sudo in Rust
Tuesday 5th September 2023 17:40 GMT
Re: C++ Template Worshipping
Well, he would, wouldn't he?
Oh, wait, the first C++ interpreters consisted of C macros, didn't they? Methinks he protests too much.
C++ was an abomination from it's inception. If you want an OO language, create an OO language. If you try to wrap a procedural language, you're going to create a Shoggoth and drive people using it mad. Just don't.
Kremlin-backed Sandworm strikes Android devices with data-stealing Infamous Chisel
Tuesday 5th September 2023 20:57 GMT
Color me confused. (Or is it colour?)
There is a war on. It's an illegal war of aggression, okay. Do we refer to the soldiers of the aggressor generally as "goons"? I mean, some of them actually are trying to kill people, you know.
If it is true that this latest malware is only affecting Ukrainian military targets, then this would be a technical triumph and one of the most moral acts ever seen in war.
Yes, we don't like Putin. We don't like the generals & billionaires that are keeping him in power. But grunts, even those in offensive operations, don't deserve the same opprobrium as the folks at the top.
Right to repair advocates have a new opponent: Scientologists
Microsoft admits slim staff and broken automation contributed to Azure outage
Space junk targeted for cleanup mission was hit by different space junk, making more space junk
ICANN warns UN may sideline tech community from future internet governance
Wednesday 23rd August 2023 15:00 GMT
Re: There are layers here
I was with you until that last line. The UN represents the almost 200 governments. It pointedly does not, and has never, represented the people. If is did, El Salvador would not have the same number of votes as India.
This proposal is a power grab by the kleptocrats that the UN. It is being opposed by the existing kleptocrats.
Cisco's Duo Security suffers major authentication outage
Microsoft 365 guest accounts + Power Apps = security nightmare
Epic snub by Supreme Court in battle to escape Apple App Store payment prison
Google Chrome to shield encryption keys from promised quantum computers
There's a good chance your VPN is vulnerable to privacy-menacing TunnelCrack attack
US Cyber Command boss says China's spooky cyber skills still behind
Friday 11th August 2023 07:23 GMT 
What the actual #***?
"Remember what 2021 was like for us as a nation. ... It was the point in time – I think at least for myself and for our agency and command – cyber security [became] national security."
Well, I guess that explains the OBM leaking the ENTIRE database of security applications a few years earlier, ehh?
Let's see, by my memory, the NSA was created in 1947 with two missions. One of them involved securing our communications. And it took this joker 74 years before being jolted awake about this?
Get this amateur out of there.
Can 'Mad Libs for incident response' prevent the next MOVEit fiasco?
Thursday 10th August 2023 01:48 GMT 
Obvious, simply, and unworkable
There is an obvious and simple solution: use sftp for everything. It is unworkable. I have first-hand knowledge. We're in the heal care space. It averages more than a month to get an sftp connection set up with a new data provider.
For crying in ---------------------------------------------------------------------------->
Shifting to two-factor auth is hard to do. GitHub recommends the long game
What would sustainable security even look like?
Thursday 3rd August 2023 03:03 GMT
Re: One has to wonder
I know that we are in violent agreement here, but I'm going to prove our (mutual) point by thumping on you. Read again what I said: "proving that a given piece of code does what you want and nothing else". I did not say "code as complied", or "code as run in a particular (version) of an OS", or "on a particular machine". Just that one phrase, and you misread what I said enough to solicit a full explanation of a fact which I myself have written in these comments on multiple occasions.
I stand by what I said: a person brain-damaged in a way to be true mathematician, with proper training, is capable of demonstrating that a small-ish piece of code does exactly what it is supposed to do. If you want to handle many small-ish pieces, you need many mathematicians. And if you ask them to prove that these pieces fit together appropriately, you will receive a unanimous, if multi-valued, rude response of some kind.
Tuesday 1st August 2023 16:10 GMT
One has to wonder
if the editorial staff at El' Reg bothers to read the comments at all sometimes.
I keep pounding on this--the end consumer is getting exactly the security that they are willing to pay for. But with extremely limited ability to value and absolutely zero ability to evaluate security, how much is that?
That's a critical part of the problem, and yet this childish piece doesn't even hint at it. Here's the next, only hinted at in the comments: writing secure code is not hard. It is entirely beyond the capabilities of almost all dev organizations. Because almost no dev organizations have someone with at least a master's in mathematics from a tier-I or better institution, And proving that a given piece of code does what you want and nothing else is at least as hard as getting one of those. (And you need it for every code change.) Emergent complexity and the one-bit difference between secure and not-security make it thus.
In the meantime, the top-tier attackers a throwing around amounts of money that would get the notices of the FAANGs.
Maybe this guy is paid by the word or something.
Astronomers testing next-gen asteroid-hunting algorithm discover potentially hazardous object
Tuesday 1st August 2023 17:52 GMT
Ugly truth: for the foreseeable future, this mission does not care about a "very bad day locally". It's about "a very bad day globally". Sure, if we can spot and have time & money to deal with a smaller problem, we'll go for it. But even the loss of a hundred thousand souls just isn't big enough for this. Yet.
Crooks pwned your servers? You've got four days to tell us, SEC tells public companies
Thursday 27th July 2023 06:51 GMT
WAT?
If recent post-mortems are anything to go by, then it is not unusual for it to take more than four days to even stop an active attack. And certainly more to determine the scope of the damage. I am certainly a fan of full and early disclosure, but this feels...premature.
And yes, likely to make a stock choppy, which is really bad for average investors.
Sneaky Python package security fixes help no one – except miscreants
Thursday 27th July 2023 06:25 GMT
Wrong end of the stick (for us, the profitable one for these folks)?
It seems to me that the identified problem is that OS devs find opening a CVE to be cumbersome. The obvious fix would be to simplify opening a CVE, not attempting to generate a new solution that (surprise!) the "researchers" just happen to have ready.
But CVE or know, I'm pretty certain that there is already a way (release notes / change log) to rather unambiguously mark a patch version as a security fix. Full points if the note also says how long the problem has been around.
So this really looks like a solution chasing a problem.
AMD Zenbleed chip bug leaks secrets fast and easy
Wednesday 26th July 2023 01:37 GMT
Re: Dumb Questions
You are quite close. The missing secret is that the values in the register files are not supposed to be read before they are written. In fact, "rolling back" the instruction in this context doesn't even mean what you think. The error is in clearing the zero bit! Rolling back in a register file is a matter of repointing the register in question and marking the file entry available. By "available", I mean "something can write to it". That zero bit has nothing to do at that point.
I was never a designer (I was a validator), and the hell of it is that I can understand why each of these decisions was made in isolation. I would like to think that if I can a chance to look at the design, I would have noticed this one, but uggh...
Google's next big idea for browser security looks like another freedom grab to some
Weird radio pulses could be coming from new type of stellar object
US Air Force's Angry Kitten turns Reaper drone into fierce feline of electronic warfare
Myanmar's government in exile throws support behind launch of crypto-based bank
Monday 24th July 2023 16:55 GMT
Who
will risk using said currency under the current junta?
I'll admit that this undertaking has the potential to actually skirt some of the inherent limitations of coin. 1) it's dealing with a small economy, so the CAP theorem might not destroy it's utility. 2) It's straight-up challenging a (mostly shunned) national government, so resistance to technical attacks (especially pump-and-dump) is going to have to be built in from the start.
However, it's not at all clear that 2) above can be satisfied without CAP meaning that you need an hour or more to clear.
Moreover, possession of the code to use such coin is prima facie evidence of rebellious behavior.
Yeah, I don't see this ending well.
Biting the hand that feeds IT
