Posts by really_adf 198 publicly visible posts • joined 21 Feb 2017
If enough reliable, low-carbon generation is built before the bubble bursts, the sudden excess of capacity could meaningfully contribute to a general move to electrification. So perhaps the prize is an inhabitable planet.
But somehow it'll probably still end up that we're all fucked.
"There’s no reason (apart from pride) that Intel couldn’t license Arm cores and build chips themselves."
They did: StrongARM, acquired from DEC, and later XScale. Then they decided focusing on x86 was the way forward, with the intention being to extend its reach to mobile.
Obviously it didn't work out, which perhaps makes your point even more true.
"If I had an AI agent acting as my personal assistant I would expect the same hand holding at first and like a human personal assistant I would "fire" them if they couldn't learn the job pretty quickly."
Things may change but as it stands, the learning of your preferences that you'd get from an effective human personal assistant is something "AI" just doesn't do.
Taking the example of hotel selection, the result I imagine is at best homogenised and randomised; perhaps more likely influenced by the highest bidder.
Accidents are much more likely to happen when tools are used without care, or with insufficient knowledge/skill. Safety features can mitigate this but may inherently compromise utility and/or efficiency of the tool as a result, making a worse tool for those who do use care and have gained the knowledge/skill (eg through study, training and supervision). Like most things, there are trade-offs; there is a balance to be struck.
I think requiring --for-real-this-time or similar for any potentially destructive operation would make tools worse and only result in it being used habitually, making it ultimately self-defeating. That is not to say there aren't times it is appropriate.
My experience of the Class 80x trains is GWR and I agree the seats are not good. In keeping with (in no particular order) the terrible ride quality, being noisy inside from track/bogie, motors, engines (when running) and air conditioning (that is nonetheless insufficient on the hottest days), harsh lighting, limited and crappy bicycle storage prone to causing damage, a frequently dodgy PA system, erratic water supply in toilets, lack of hot food provision, sporting first class devoid of any sense of luxury, being woefully underpowered on diesel, and introducing me to the new excuse of "more trains than usual needing repairs at the same time" (so cancellations and/or short trains). Other than that they are great!
In fairness, at least some of the above are not applicable or lessened in other operators' variants. Positives that spring to mind are that they can accelerate quickly at low speed, maintain high acceleration when running from overhead power, and I suspect crashworthiness is much better than the HSTs/Mark 3 coaches they replaced.
There is, in general, no expectation for internal interfaces to be unchanged between Linux kernel versions. This means that binaries for out-of-tree drivers, the closest parallel to the typical Windows case, must be specific to a kernel version (DKMS exists to ease this, AIUI).
A technical advantage of this approach I can see that it becomes a easier to eliminate technical debt, keeping those interfaces simpler, and simpler generally means more reliable. Also, I'm not sure I can describe why but I think there's also something in bringing everyone together with a shared view of the whole picture. Encouraging FOSS and the advantages that come along with that might be a deliberate side-effect. Perhaps other reasons too.
I can see a couple of interpretations of what you were getting at by your "kernel could be much smaller" comment - I think this is either already achieved or is a concern for the distribution rather than end users. Most in-tree drivers can be built as modules that are dynamically loaded; this is extensively done for a general Linux distribution. A driver built as a module may be entirely absent from a system where it is not needed, part of an optional package to be installed in cases where it is - the burden here is on the distribution maintainers who build it along with the rest of the kernel.
"Why is it that the Linux distributions, with their much smaller budgets and not so good relationships with the hardware people, have a much, much lower incidence of borkage ?"
At a guess, because a greater proportion of changes are well-considered, and made by and/or go through people who care more (or at all).
But while I share your perception I am mindful that reported impact may be reduced by one or more of lower hardware diversity, lower user numbers, and higher probability of self-resolution.
"NASA (and ESA/JAXA/etc) are the only ones who understand the true utility of redundancy and who are ready to support the cost of it, because when your probe is a billion miles away, you'd better hope that you have a functional backup plan if something goes wrong."
This seems a bit unfair: redundancy is prevalent in human safety-critical areas, though arguably too often only due to lessons written in blood. The on-board systems of aircraft are an obvious, fairly topical example but even everyday things like "mirror, signal, manoeuvre" incorporate redundancy.
"Questions will doubtless be asked about why Heathrow doesn’t possess sufficient generation capacity to cover and event of this sort – like datacenters do."
I'm sure safety-critical airport functions (eg air traffic control, radar, runway lights and radio navigation aids) do have backup power so they can continue for a while. Buit all the things needed to support "customers" (which does not include perople arriving in an emergency) is probably approaching the power requirements of a small town.
I think the more interesting question is why the substation is apparently a single point of failure. I guess the answer is a combination of increaed power consumption and minimal infrastructure investment to support same, perhaps in part due to those datacentres.
I'm not aware if such refactoring is available in modern toolchains. I hope it is, because the compiler itself is handicapped to follow what is laid out in the object definition.
As has been pointed out by others, the compiler can't reorder things because it would break interoperability. But even ignoring that (ie if the compiler somehow knows it could reorder), the order that is optimal for performance will typically (on systems with caching and prefetching) depend on access patterns and would be extremely difficult, if not impossible, for the compiler to correctly predict.
I don't see the compiler as "handicapped". Rather I see it just doing what the developer told it to, simultaneously solving interoperability and keeping it simpler. There is an underlying assumption that the developer knows what they are doing, but for C++ (or C) you have bigger problems if that isn't the case.
As I remember, there was quite a lot of fuss around various speculative execution-related vulnerabilities, with numerous mitigations each usually contributions done performance detriment. There seems less concern here.
The reason for the difference in response is unclear to me. Are the vulnerabilities discussed in the article quantitatively less severe? Good PR effort from Apple? Something else, or a combination of factors?
"...communities fracture and break up until everyone is looking out only for their own interests - even to the extent that there’s no safety net for the most disadvantaged in society and only the richest can afford healthcare, security and education."
The American way, at least in the eyes of some?
"... think what we could achieve if we all pulled in the same direction, rather than squabbling amongst ourselves?"
s/could achieve if/have achieved when/
As a CPU micro architect, using a physical address in the vector unit is easier... it's cheaper in hardware implementation terms.
True for everything, not just the vector unit, no?
The hardware implementation might push for it, or say translating the first address... then running with that, but the only sensible solution is to translate every address, not in the same page boundary as previous addresses.
Would it be a reasonable compromise (between hardware complexity/performance and software constraints) to require each read/written address range to be wtihin a page, so that translating the first address of each source/destination is sufficient? Conceptually similar to requiring "load/store word" instructions to use a word-aligned address, but at a larger scale.
Such a choice would be acceptable for an embedded processor with no user access to these instructions.
No doubt there are use cases for vector instructions in privileged code, but I'd guess at least as many in user-mode code and on that basis, designing them to be available in user mode but always use physical addresses makes no sense (except as a deliberate back door).
Is there any other processor that allows physical addresses except at the very very very lowest OS level?
Clearly, an OS can't provide memory protection if any user process is able to write to arbitrary physical addresses, so the answer must be "no" or very close to that. But there doesn't have to be an OS...
That’s a really serious bug, isnt it?
In other words, how did this get missed? The only obvious answers I can think of are that it wasn't tested, was only tested with the CPU in a mode that doesn't use address translation (by which I roughly mean "without an OS") or was only tested with the translation being physical == virtual.
A related question is whether this is a "simple" bug or not. It seems odd to me that only a particular instruction is mentioned as affected.
"With tracking enabled, we get ads for big-ticket items we've already purchased, ads for things we looked up out of curiosity, ads for stuff somebody borrowed a machine to check on real quick, ... Not counting the 90% of ads which appear to be outright scams."
For me at least, "ads for big-ticket items we've already purchased" is a subset of "ads relevant to a page I recently visited when I have mentally moved on to something else." Excluding the specific case (where it is obviously useless), there may be some level of subconscious effect but it's surely much, much less than when the product/service being advertised is relevant to the page I'm currently looking at, and the sort of thing I may be thinking about.
Is the tracking enabled by third party cookies, which create all the privacy issues, as beneficial as it is purported to be? Or is it, like some ads, just another scam?
"No tracking, ever" is perfectly acceptable to me, and I'm sure many others.
I guess you mean it's unacceptable to advertisers, but their ancestors managed fine for decades if not centuries without the tracking of today's web, so the current lot can go fuck themselves as far as I'm concerned.
A useful warning but it's worth noting (as described in the Arch package issue you linked) that's because of an unrelated change between 9.7 and 9.8, so won't apply where packages have a backported fix, nor if, unlike Arch, the restart is done for you by package scripts (a choice with pros and cons).
Also, in this case I think the potential for exploit is after the long-running sshd process has exec'd itself meaning the fix is effective without restarting sshd, but the conservative assumption and general case is that a restart is necessary so this should be standard practice anyway.
How did their MSA signing key get “acquired”?
Yes, and more importantly, how will that be prevented in future? Microsoft seem to have reasonable measures in place to detect and assess the problem, as well as the processes to mitigate it, but prevention is better than cure.
How could they have such a fundamental vulnerability as allowing tokens signed by a key for a consumer service access their enterprise service (OWA)?
I think "consumer" in "consumer signing key" refers to a service that validates and uses (ie consumes) the token that was produced and then signed using that key, not "consumer" as in "consumer-grade".
Another important question is, given the key provided "access to email accounts affecting approximately 25 organizations including government agencies as well as related consumer accounts of individuals", what else could have been accessed with it? If a single compromised key allows access to email of more than one organisation, what are the chances it was limited to those?
It's of course true cats have got bigger and, especially, heavier. Part of it is crash safety, part "mod cons" all adding up. EV batteries make the problem a double whammy.
The only real solutions are fewer cars and better drivers. So we're fucked.
Of course, email is not a reliable transport, and anyone who doesn't understand that is an idiot. It was never designed as such, however.
On the contrary, It was expressly designed to be reliable. A core principle is thot when an SMTP server accepts an email, it promises to deliver it to a mailbox or pass on that responsibility to another system, and notify the envelope sender if it can't do either.
Accepting email but neither delivering it nor notifying the sender - usually because it "looks like spam" - is the violation of the above that makes it unreliable. "Backscatter" favours not accepting email that will not be delivered (or forwarded).
(I didn't downvote, for the record.)
upgraded from 'crippled slug' to 'drunken sloth'?
Pretty much my first thought. When it's so pathetically sluggish to start with there's plenty of scope for improvement.
The most amusing note to me was, "the Windows biz has apparently cut the latency involved with raising a hand by 16 percent."
(a) The UI latency of such an action being significant enough to consider measuring in the first place says there is a problem (network latency is unavoidable, but that should apply only for others to see a raised hand).
(b) IMHO the meaningful measurement is the time from beginning to act to raise your virtual hand until that action is completed. That increased manyfold when the UI was changed to move the button under "Reactions" and no technology improvement can ever recoup that.
The fact sheet gives an obligation of the expected lifetime or five years. Who decides that lifetime?
Also, it's "whichever is the shorter". It certainly seems ridiculous for a car manufacturer to have no requirement for what is in practice more than half the lifetime of a car.
While a car is probably the most extreme example, similar can probably be said for many products.
Yes and no. A site hosting its own fonts, JS libraries, etc means no need to connect to other servers, But you'll download common resources once for each site, instead of just once.
I'm not sure I understand the basis of the fine. If I host a site, visitors must reveal their IP address to those operating intermediate routers. The visitor has no control over this. That's OK, because there's no alternative? I can reference remote resources but only if hosted by a provider that assures me it won't use the IP addresses it sees, beyond what is necessary?
Is Autopilot a level 5 system? No
Does that mean it’s inherently bad? No
In and of itself, the latter may be true. However, the combination of the former, the name and human nature seems very likely to result in something for which "inherently bad" seems an appropriate description. That result is what is important, and seems to be supported by evidence.
Another question is, can anything less than a level 5 system avoid that result? If not, does it not follow that as long as the answer to your first question is "no", the answer to your second question is "yes"?
It seems typical of the GNU mindset to think "Ah! But the user may be using a machine without function keys!" It's 2020.
Personally I find function keys just a little too far away from my fingers, and I can't find them without looking (but I guess that's at least partly because I don't use them much). So perhaps "machine without function keys" is not the reason, or at least not the only reason.
The catch is that NR makes a whole slew of optional and rarely used features in LTE-A mandatory. The big one IMHO is carrier aggregation, ...
Sounds like this is something that the software update doesn't need to enable: use of the feature is controlled by the network. That is, it's a problem if not supported by phones, which won't work if the network uses it.
Call it a hunch but from Suri's previous comments I suspect the approach is technically questionable (ie will not deliver various intended benefits of 5G), and has been pursued by Nokia for non-technical reasons.
Just... don't expect to be able to tell the difference in the price. After all, combined these two things together probably only cost a couple of quid at the volume Apple makes them...
Possibly more saving from reduced packaging and transporting more boxed phones per unit volume than the cost of the electronics.
master with main across its services
Masters are the official finalized recordings from which copies are made. A Git master branch constantly updates, so it should be main or devel.
The "master" branch is analogous to a master copy in that it is (in many cases) the one from which copies are made (new branches). Of course, I can't deny the "finished" aspect breaks the analogy, but then there's no such thing as finished software :).
Also, some people seem to think that by changing the word from master to main (or blacklist to blocklist) it's a condemnation of those who previously used the terms. It's not.
Regardless of the motive for change, the problem is that there are some people who will see it as a reason to condemn those who previously used the terms.
Edit: the point of this being that you can't win.
iPlayer can ship with Public Key A
I think you're describing the same thing as I was trying to. I called it key0.
So it works as long as the first connection is within the expiry date of the initial download or pre-installation, and it's run often enough.
The same is true if you use certificates from a public CA, and embed the roots in the client with a way to update them (provided that's done in time).
It's the expiry that makes it functionally similar, even though the detail is different. The benefit you describe comes down to having control over expiry. You could equally get this with certificates by using a private CA, without the wheel reinvention: you just need to be able to specify which CA certificate you trust and have a way to update that certificate.
So is the PKI there to perform some other function, or is it just being used because the code is there already so it's easier than finding a domain-specific solution?
Just because it's easier doesn't mean it's a bad thing: as with encryption, using existing code is generally a good thing for authenticating a server.
To answer your question in the title: I think the obvious answer is that certificates are intentionally providing a time limit to the trust, because eventually, the private key matching the public key in the root certificate will be discovered.
Say you wish to avoid PKI. On the face of it, embedding (say) an RSA public key in the client and validating signatures would work fine. But there would need to be some mechanism to periodically change the key, because eventually the private key will be discovered.
I think this could work safely through a chain (key0 used to sign key1, key1 used to sign key2 etc), but only if that chain is unbroken, which can't be guaranteed unless you trust key0 forever, which is a bad idea because eventually the private key will be discovered.
I can't see a way out of this...
https://tools.ietf.org/html/rfc7671
Doesn't this either just move the problem to DNSSEC, so you get the same issue due to https://www.icann.org/resources/pages/ksk-rollover, or (more likely) avoid it only because of absolute trust of wherever you get your DNS answers from? (Genuine question.)
It's not really about marketing (well OK, maybe a little bit.) Hard disk capacity used base 10 units once the average disk size got a little too big for conveniently using base 2 units, as they are a linear/serial storage medium which means a disk platter's capacity can be any number of bytes you like.
At the read/write head, hard drives are basically serial, but (for a long time) from the outside, they are random access devices addressed by sector. The capacity is actually any number of sectors you like. Sectors have a power-of-two size, as a natural consequence of the fact they are buffered in RAM. This may explain 1MB = 1,024,000 bytes being used for a while; this is the definition applicable to a "1.44MB" floppy disk.
Binary prefixes are a natural convention for memory chip sizes: they simplify expressing exact values because the chips have both a power-of-two addresses (a number of address lines) and a power-of-two data lines. Decimal prefixes are a natural convention for line rates: they simplify expressing exact values when, as is typical, a factor in the rate is a clock frequency defined with a decimal prefix.
The rationale for a convention is less clear-cut and often varies in other cases, such as hard drive sizes. This, I assume, led to kibibyte etc to disambiguate.
I'm in the middle of Austin. We see no stars at all. Just the Moon, Venus, possibly Mars and maybe, just maybe Jupiter at times
"Possibly Jupiter and maybe, just maybe Mars at times" is more likely. Put another way, if you can ever see Mars, you will be able to see Jupiter regularly.
The maximum apparent brightness is basically the same, but Mars is more variable. I think the primary reason for this is that the orbit of Mars is more eccentric. An instructive diagram and more here.
"Ofcom attributes the resiliency shown by broadband providers to their ability to scale with demand."
I'd have thought it's more down to daytime not being the normal peak for domestic ISPs; no need to scale (much) if capacity is already (mostly) there.
I am sceptical that it has to have location permissions granted to use bluetooth.
https://developer.android.com/guide/topics/connectivity/bluetooth#Permissions
Or is this like saying if you go out for dinner tonight, it's required that you dress a certain way—but you can still choose to stay at home instead?
I think that's basically the logic. I can see some sense in the wording by reading it from Microsoft's perspective, but surely the wording should have been chosen for the users' perspective. For example, "required" is the minimum required for any useful diagnostics.
I think off/minimum/full would be the most clear (to the user) options for the implied result of the choice. Whether the actual result matches this (ie whether "off" really means "off", as you mentioned) is a different matter.
No, I don't think this virus is really as scary as people make it, the main problems are that it seems to spread easier and quicker than an influenza and that there is no vaccine.
...
Mortality seems to be comparable, so maybe we are overreacting a tad?
More infectious and no vaccine with the same mortality means more people dying, no?
The snap had been shot by my wife on her smartphone (Ugh) so it was in 3:2 format (re-ugh). I took care to re-frame it properly and change it to the proper 4:3 format for photographs, only to have the millenial shopkeeper tell me that she'd have to crop it as it was not in a standard format.
"Proper photographs" - that is, on 35mm film - are 3:2 (https://en.m.wikipedia.org/wiki/135_film). Hence 6x4 (inch) prints.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
