Posts by really_adf

Re: Redundancy has a cost

"NASA (and ESA/JAXA/etc) are the only ones who understand the true utility of redundancy and who are ready to support the cost of it, because when your probe is a billion miles away, you'd better hope that you have a functional backup plan if something goes wrong."

This seems a bit unfair: redundancy is prevalent in human safety-critical areas, though arguably too often only due to lessons written in blood. The on-board systems of aircraft are an obvious, fairly topical example but even everyday things like "mirror, signal, manoeuvre" incorporate redundancy.

Re: if hardware is twice as fast next year

I'm not aware if such refactoring is available in modern toolchains. I hope it is, because the compiler itself is handicapped to follow what is laid out in the object definition.

As has been pointed out by others, the compiler can't reorder things because it would break interoperability. But even ignoring that (ie if the compiler somehow knows it could reorder), the order that is optimal for performance will typically (on systems with caching and prefetching) depend on access patterns and would be extremely difficult, if not impossible, for the compiler to correctly predict.

I don't see the compiler as "handicapped". Rather I see it just doing what the developer told it to, simultaneously solving interoperability and keeping it simpler. There is an underlying assumption that the developer knows what they are doing, but for C++ (or C) you have bigger problems if that isn't the case.

Re: when

[When] is someone going to just tell Trump to fuck off

Anders Vistisen, in his role as a Danish MEP, did exactly that the other day.

As a CPU micro architect, using a physical address in the vector unit is easier... it's cheaper in hardware implementation terms.

True for everything, not just the vector unit, no?

The hardware implementation might push for it, or say translating the first address... then running with that, but the only sensible solution is to translate every address, not in the same page boundary as previous addresses.

Would it be a reasonable compromise (between hardware complexity/performance and software constraints) to require each read/written address range to be wtihin a page, so that translating the first address of each source/destination is sufficient? Conceptually similar to requiring "load/store word" instructions to use a word-aligned address, but at a larger scale.

Such a choice would be acceptable for an embedded processor with no user access to these instructions.

No doubt there are use cases for vector instructions in privileged code, but I'd guess at least as many in user-mode code and on that basis, designing them to be available in user mode but always use physical addresses makes no sense (except as a deliberate back door).

Re: Zero Content File

Umm, yeah, the result of a file full of zeroes going (unless I am mistaken) entirely unmentioned is puzzling. It seems almost like the sort of thing a journalist ought to dig into...

Re: The W3C is living in cloud cookoo land

"With tracking enabled, we get ads for big-ticket items we've already purchased, ads for things we looked up out of curiosity, ads for stuff somebody borrowed a machine to check on real quick, ... Not counting the 90% of ads which appear to be outright scams."

For me at least, "ads for big-ticket items we've already purchased" is a subset of "ads relevant to a page I recently visited when I have mentally moved on to something else." Excluding the specific case (where it is obviously useless), there may be some level of subconscious effect but it's surely much, much less than when the product/service being advertised is relevant to the page I'm currently looking at, and the sort of thing I may be thinking about.

Is the tracking enabled by third party cookies, which create all the privacy issues, as beneficial as it is purported to be? Or is it, like some ads, just another scam?

Re: sshd restart required after upgrade

A useful warning but it's worth noting (as described in the Arch package issue you linked) that's because of an unrelated change between 9.7 and 9.8, so won't apply where packages have a backported fix, nor if, unlike Arch, the restart is done for you by package scripts (a choice with pros and cons).

Also, in this case I think the potential for exploit is after the long-running sshd process has exec'd itself meaning the fix is effective without restarting sshd, but the conservative assumption and general case is that a restart is necessary so this should be standard practice anyway.

SAML seemed to do the job 20 years ago. Albeit with horrendous XML baggage.

Re: Aquired taste

How did their MSA signing key get “acquired”?

Yes, and more importantly, how will that be prevented in future? Microsoft seem to have reasonable measures in place to detect and assess the problem, as well as the processes to mitigate it, but prevention is better than cure.

How could they have such a fundamental vulnerability as allowing tokens signed by a key for a consumer service access their enterprise service (OWA)?

I think "consumer" in "consumer signing key" refers to a service that validates and uses (ie consumes) the token that was produced and then signed using that key, not "consumer" as in "consumer-grade".

Another important question is, given the key provided "access to email accounts affecting approximately 25 organizations including government agencies as well as related consumer accounts of individuals", what else could have been accessed with it? If a single compromised key allows access to email of more than one organisation, what are the chances it was limited to those?

Re: ummm?

I think you're thinking of Linksys, bought in 2003 by Cisco and sold in 2013 to Belkin (according to Wikipedia).

Re: American cars are too heavy - solution blame electric cars

It's of course true cats have got bigger and, especially, heavier. Part of it is crash safety, part "mod cons" all adding up. EV batteries make the problem a double whammy.

The only real solutions are fewer cars and better drivers. So we're fucked.

Re: Serves Google right

Of course, email is not a reliable transport, and anyone who doesn't understand that is an idiot. It was never designed as such, however.

On the contrary, It was expressly designed to be reliable. A core principle is thot when an SMTP server accepts an email, it promises to deliver it to a mailbox or pass on that responsibility to another system, and notify the envelope sender if it can't do either.

Accepting email but neither delivering it nor notifying the sender - usually because it "looks like spam" - is the violation of the above that makes it unreliable. "Backscatter" favours not accepting email that will not be delivered (or forwarded).

(I didn't downvote, for the record.)

Re: Well, every little bit helps

upgraded from 'crippled slug' to 'drunken sloth'?

Pretty much my first thought. When it's so pathetically sluggish to start with there's plenty of scope for improvement.

The most amusing note to me was, "the Windows biz has apparently cut the latency involved with raising a hand by 16 percent."

(a) The UI latency of such an action being significant enough to consider measuring in the first place says there is a problem (network latency is unavoidable, but that should apply only for others to see a raised hand).

(b) IMHO the meaningful measurement is the time from beginning to act to raise your virtual hand until that action is completed. That increased manyfold when the UI was changed to move the button under "Reactions" and no technology improvement can ever recoup that.

Re: Will it happen?

No sensible Prime Minister would appoint [Nadine Dorries] to a cabinet position.

I'm not sure that answers the question of whether it will happen.

Re: Faster web sites

Yes and no. A site hosting its own fonts, JS libraries, etc means no need to connect to other servers, But you'll download common resources once for each site, instead of just once.

I'm not sure I understand the basis of the fine. If I host a site, visitors must reveal their IP address to those operating intermediate routers. The visitor has no control over this. That's OK, because there's no alternative? I can reference remote resources but only if hosted by a provider that assures me it won't use the IP addresses it sees, beyond what is necessary?

Re: A solution looking for a problem

Is Autopilot a level 5 system? No

Does that mean it’s inherently bad? No

In and of itself, the latter may be true. However, the combination of the former, the name and human nature seems very likely to result in something for which "inherently bad" seems an appropriate description. That result is what is important, and seems to be supported by evidence.

Another question is, can anything less than a level 5 system avoid that result? If not, does it not follow that as long as the answer to your first question is "no", the answer to your second question is "yes"?

Nowadays, if you asked someone to name a vacuum cleaner brand they'd probably say Dyson.

If you ask people to name a hoover brand, I think more would say Dyson than Hoover.

It seems typical of the GNU mindset to think "Ah! But the user may be using a machine without function keys!" It's 2020.

Personally I find function keys just a little too far away from my fingers, and I can't find them without looking (but I guess that's at least partly because I don't use them much). So perhaps "machine without function keys" is not the reason, or at least not the only reason.

Re: Whats not to like ?

The catch is that NR makes a whole slew of optional and rarely used features in LTE-A mandatory. The big one IMHO is carrier aggregation, ...

Sounds like this is something that the software update doesn't need to enable: use of the feature is controlled by the network. That is, it's a problem if not supported by phones, which won't work if the network uses it.

Call it a hunch but from Suri's previous comments I suspect the approach is technically questionable (ie will not deliver various intended benefits of 5G), and has been pursued by Nokia for non-technical reasons.

Re: Yes please

Just... don't expect to be able to tell the difference in the price. After all, combined these two things together probably only cost a couple of quid at the volume Apple makes them...

Possibly more saving from reduced packaging and transporting more boxed phones per unit volume than the cost of the electronics.

Re: "There's no slave in git though"

Masters are the official finalized recordings from which copies are made. A Git master branch constantly updates, so it should be main or devel.

The "master" branch is analogous to a master copy in that it is (in many cases) the one from which copies are made (new branches). Of course, I can't deny the "finished" aspect breaks the analogy, but then there's no such thing as finished software :).

Also, some people seem to think that by changing the word from master to main (or blacklist to blocklist) it's a condemnation of those who previously used the terms. It's not.

Regardless of the motive for change, the problem is that there are some people who will see it as a reason to condemn those who previously used the terms.

Edit: the point of this being that you can't win.

Re: What problem are the certificates solving?

iPlayer can ship with Public Key A

I think you're describing the same thing as I was trying to. I called it key0.

So it works as long as the first connection is within the expiry date of the initial download or pre-installation, and it's run often enough.

The same is true if you use certificates from a public CA, and embed the roots in the client with a way to update them (provided that's done in time).

It's the expiry that makes it functionally similar, even though the detail is different. The benefit you describe comes down to having control over expiry. You could equally get this with certificates by using a private CA, without the wheel reinvention: you just need to be able to specify which CA certificate you trust and have a way to update that certificate.

It's not really about marketing (well OK, maybe a little bit.) Hard disk capacity used base 10 units once the average disk size got a little too big for conveniently using base 2 units, as they are a linear/serial storage medium which means a disk platter's capacity can be any number of bytes you like.

At the read/write head, hard drives are basically serial, but (for a long time) from the outside, they are random access devices addressed by sector. The capacity is actually any number of sectors you like. Sectors have a power-of-two size, as a natural consequence of the fact they are buffered in RAM. This may explain 1MB = 1,024,000 bytes being used for a while; this is the definition applicable to a "1.44MB" floppy disk.

Binary prefixes are a natural convention for memory chip sizes: they simplify expressing exact values because the chips have both a power-of-two addresses (a number of address lines) and a power-of-two data lines. Decimal prefixes are a natural convention for line rates: they simplify expressing exact values when, as is typical, a factor in the rate is a clock frequency defined with a decimal prefix.

The rationale for a convention is less clear-cut and often varies in other cases, such as hard drive sizes. This, I assume, led to kibibyte etc to disambiguate.

Re: I'd like to see it

I'm in the middle of Austin. We see no stars at all. Just the Moon, Venus, possibly Mars and maybe, just maybe Jupiter at times

"Possibly Jupiter and maybe, just maybe Mars at times" is more likely. Put another way, if you can ever see Mars, you will be able to see Jupiter regularly.

The maximum apparent brightness is basically the same, but Mars is more variable. I think the primary reason for this is that the orbit of Mars is more eccentric. An instructive diagram and more here.

I am sceptical that it has to have location permissions granted to use bluetooth.

https://developer.android.com/guide/topics/connectivity/bluetooth#Permissions

Re: How can "Diagnostic Data Off" and "Required Diagnostic Data" coexist?

Or is this like saying if you go out for dinner tonight, it's required that you dress a certain way—but you can still choose to stay at home instead?

I think that's basically the logic. I can see some sense in the wording by reading it from Microsoft's perspective, but surely the wording should have been chosen for the users' perspective. For example, "required" is the minimum required for any useful diagnostics.

I think off/minimum/full would be the most clear (to the user) options for the implied result of the choice. Whether the actual result matches this (ie whether "off" really means "off", as you mentioned) is a different matter.

Re: Doesn't check out

No, I don't think this virus is really as scary as people make it, the main problems are that it seems to spread easier and quicker than an influenza and that there is no vaccine.

Mortality seems to be comparable, so maybe we are overreacting a tad?

More infectious and no vaccine with the same mortality means more people dying, no?

Microsoft; you need to learn what legacy means before you can even think about improving Windows.

I think Microsoft know full well what legacy means, this is just the (wishful) thinking of one part of the organisation that is at odds with other parts, those being more in touch with reality.

Re: On the plus side...

The snap had been shot by my wife on her smartphone (Ugh) so it was in 3:2 format (re-ugh). I took care to re-frame it properly and change it to the proper 4:3 format for photographs, only to have the millenial shopkeeper tell me that she'd have to crop it as it was not in a standard format.

"Proper photographs" - that is, on 35mm film - are 3:2 (https://en.m.wikipedia.org/wiki/135_film). Hence 6x4 (inch) prints.

Re: Insurance

It’s very rare insurance predictions are wrong.

Natural selection: insurance companies making bad predictions die?

Re: Radar

Much more than twice the range, surely: reflection won't be perfect, and a "useful" return signal will be stronger than the minimum detectable.

Re: Selective deafness

Most people who buy a computer (laptop or desktop) for work don't care so much about looks.

I'm not sure about "most"; I think it depends on whether you want to actually do work on it or because you are a superficial twat, eg many in sales, marketing and management.

Re: Finger Printing and The DMCA

If corporations can have a law that prevents circumvention of the what they do to protect their data (DMCA), then why can't we have one to prevent circumvention of tracking and privacy tools/controls that we use to protect our data?

That's a very clear way to put it, and I can't see a reasonable argument against it. Have an upvote.

So that’s the end of cross-EU mobile roaming, then. Why would companies pay for this when they can pass the costs on to the customer?

The obvious answer is because none of them want to be the first company to start charging for EU roaming.

Re: Why obsolete?

According to the totally reliable Wikipedia it was five times more expensive to operate than on road vehicles (disputed by the Communications Workers Union who said it was only three times as expensive).

Could be viewed as: road vehicles should be three/five times as expensive as they are...

Re: As a ex sys-admin....

You should be able to assign administration accounts only the rights actually needed in a "JEA security" type model.

Err, that is literally exactly what sudo does (bugs aside). Its configuration says which users can do which things as which users. Such as "members of this (administrative) group may stop/start this service".

Why is SSH (as a protocol) singled out here?

Because it's by far the most likely way to access a machine with an application warranting the vulnerable infrastructure requirements?