Posts by vtcodger 2302 publicly visible posts • joined 13 Sep 2017
Why bother to try to read the EULA? We all know that it says "You agree to send us money and we don't promise to do anything -- at all ... ever -- in return" in about 100,000 carefully chosen, incomprehensible, words.
As far as I can see the only hope we consumers have is that a vengeful and angry deity will someday turn up and start casting nasty vendors and their legal staffs into a blazing pit. I do not anticipate that happening any time soon.
To date I've never had a RAM failure.
You've never had a RAM failure that you know about. How would you tell?
Few remember today, but early PCs had parity bits on memory. But back in the days of $100 a megabyte memory, PC makers -- with a lot of nudging from Microsoft -- quietly removed the parity bit from their personal computer designs. Fewer bits, cheaper chips, cheaper products, same profits. (and more memory hungry Windows sales for Microsoft).
Since that time, the only way to confirm a RAM failure on a consumer PC is to swap in known good memory -- preferably with identical specs so as to avoid BIOS tweaking. It's possible -- not certain -- that many weird or intermittent computer failures are caused by defective RAM rather than faulty software. Not that there isn't plenty of the latter.
In fairness, it seems to me that the problem is not Javascript per se (although in my limited experience, it seems a bit Klunky). It is partly people who insist on using JS to do things that are either easily done in HTML/CSS or simply shouldn't be done at all. And partly the fact that JS is far too capable and is thus a suitable vector for malware.
Probably what is needed is a ban on stupidity (good luck with that) and/or a safe JS subset that confines idiocy to tinkering with graphics and makes silent tinkering with file systems and such pretty much impractical. Realistically, that's likely not going to happen either unless/until things get so bad that the connected universe is pretty much unusable and profits start to suffer.
They're tracking you when you do DNS lookups. You don't mention handling that yourself.
Smug Bastard probably has the URIs of all 17 web sites that still work without Javascript pasted into his huge hosts file. If it's found in the hosts file, there's no DNS lookup , right?
Can you imagine the QA inspector not noticing that the circuit board doesn't match the scheme they're inspecting against?
I know that's a rhetorical question. And there is some validity. But the short answer is "Yes, I can imagine that." Assuming that there actually is a QA inspector visually examining the output, they are probably looking for missing or improperly aligned components, gaping cracks, solder blobs and the like, not stuff that looks proper. As long as the board passes functional tests, my guess would be that it ships. (And yes, I've worked in places with serious hardware QA).
it's like a coffee filter except for cats.
My first thought was exactly the opposite. Surely a kitten filter keeps kittens out of your computer. I think most computers must come with one. And they seem to work much better than most tech as I can't recall the last time I saw a computer infested with cats.
What popped into my mind reading the article was Franz Kafka's 1926 unfinished novel "The Castle". From the Wikipedia article on same
... Dark and at times surreal, The Castle is often understood to be about alienation, unresponsive bureaucracy, the frustration of trying to conduct business with non-transparent, seemingly arbitrary controlling systems, and the futile pursuit of an unobtainable goal.
Sound familiar?
Letter? Silicon Valley. They've moved on I believe. Converted the post offices into boutique vegetable juice bars. Somewhere in Central Asia where Mongolia fades towards Kazakhstan an itinerant musk-ox herder is looking at your envelope wondering if it is somehow usable -- perhaps edible by himself, his dog or his bovine charges. Even if he decides to show it to someone else, that won't happen any time soon.
I wouldn't hold my breath waiting for a reply.
The Google that simply dumps any plaything it gets tired of.
I don't think Google is likely to tire of dealing with security. They may eventually give up because the problem is too intractable. But security of the common computing/communications structure is pretty central to Google's business model. No security on the internet means not much cloud and eventually severely restricted digital advertising and a reduced bottom line. If there is anything Google cares about, it is its bottom line.
There were 24 of them in 2020,
That's 24 that we know of. Anyone want to be there are more out there that no one has noticed yet? After all it seems to have taken about 15 months to realize that SolarWinds had been compromised. Is there are reason to believe that SolarWinds was an outlier?
BTW -- I was doing software test and configuration control in the 1960s before most folks around here were born. It wasn't at all unusual back then for us to be testing patches to patches to patches -- sometimes because the developer didn't fully understand the user's use case and fixed the wrong thing, but more often because there were related issues that no one thought of. It comes as no surprise to me that the situation doesn't seem to have changed much. Something to ponder -- can this cloud thing work if, in the long run, we can't secure the internet?
Not that I care, but isn't on-line gambling largely illegal in the US? ISTR that there was a WTO dispute a couple of decades ago between some speck of land in the Caribbean and the US on that subject that was resolved in favor of said speck granting it a very small exception. But I don't recall the details.
The reasons were not complex.
Greed and stupidity certainly had a role. But there was also a problem with a math tool called Li's Cupola that purported to assess complex risks with great precision. Nobody actually understood the damn thing. But it said that a lot of investments were underpriced. Lots of people assumed that it worked and invested accordingly. After all all the smart kids were using it and they were minting money. Until they weren't. Turns out that the Cupola was ... ahem ... a bit flawed. Here's a link to a pretty good article. https://www.wired.com/2009/02/wp-quant/
I would expect all but possibly the ones rated as highest-risk steer well clear of short-selling,
One would hope. But recall that serious market crashes tend to affect everyone, not just the folks who have been engaging in obviously risky behavior. Example: A major acknowledged cause of the 2009 crash was that vast sums of money were "invested" in mortgage based securities whose risks were, for rather complex reasons, systematically misassessed. When too many mortgages defaulted, the perceived values of some banks and other financial operations dropped. The losses propagated to those who had invested in those investment operations which caused broader loss of value as well causing jobs to be lost which caused more mortgage defaults which ... etc, etc, etc.
"Tesla Autopilot actually has fewer (and generally less serious) accidents per million kM than human drivers."
Downvoted because it's a meaningless "statistic" (how, exactly would you measure its performance considering that there *IS* a human driver who is purportedly managing the drive?). It's very likely a complete fabrication. In point of fact, autopilot is currently just a driver assistance system similar to many others plus some (optional) additional features that mostly seem not ready for prime time. And it generally isn't rated all that well. Here's a typical review typicalhttps://www.consumerreports.org/autonomous-driving/tesla-full-self-driving-capability-review-falls-short-of-its-name/ Bottom line: Sometimes it does what it is supposed to. Sometimes it doesn't. Some of the failures are harmless. Some annoying. A few are kind of frightening.
"Why shall a failing entertainment center (MCU) cause "rearview cameras blacking out ..."
As I understand it, they use the same touchscreen control device(s). There's possibly some excuse for that for the rearview camera I think, there being only so much real estate available for display screens. As for touchscreen controls in a car ... Not all that great an idea from a safety POV I think unless the touch part is disabled when the vehicle is in motion. But what do *I* know?
"Swappable implies plug&socket; In "Old ma Bell" (the old AT&T) these were a no-no"
The average car has hundreds of plugs and sockets. Mostly cleverly arranged so that it's nearly impossible to plug a cable into the wrong socket. Yes they do fail every now and then, but not very often. What's one more?
And, BTW, are you trying to tell me that AT&T's phone network was free of RJ11 plugs and sockets or are RJ11s somehow not plugs?
These folks actually might be close to a real flying car. https://en.wikipedia.org/wiki/Terrafugia They flew a prototype a decade ago with a real human in the cockpit (Is it still a cockpit if it's a car?). It'll be expensive -- roughly $300,000. And about the same payload as a Mazda Miata -- 2 normal humans and a small suitcase. And the driver needs a pilot's license. And despite a lot of promises, they have yet to actually ship even one vehicle. But they seem to have addressed most of the problems of meeting both aircraft and ground vehicle safety standards in a single "car" capable of flight.
One wonders who will write insurance policies for these things and what insurance will cost.
China's motives in grounding the 737MAX, while appropriate, may not have been entirely altruistic. The prototypes of China's competitive offering, the Comac C919, are completing flight tests. The first deliveries may well take place in 2021. On the other hand, the C919 hasn't killed anyone ... so far.
It's not that bad an article, but it seems to have been written by a competent journalist after a quick cram course on batteries. Nothing wrong with that. But the results do seem a bit suboptimal.
Batteries are complicated. They are going to have to improve a lot in order to support the climate warrior's vision of a non-carbon based future. They need much greater energy density, and faster recharge and more full recharge cycles and better low temperature performance and limited charge leakage in when not in use. All without sacrificing efficiency and without any propensity to release their large energy storage destructively. And they need to be CHEAP.
The good news is that there appear to be literally trillions of possible battery chemistries. And dozens of construction parameters for each that can be varied to improve performance. Of course most of those possibilities will utterly impractical. But nonetheless it seems that slow improvement will likely continue for a very long time.
"Could you offer some examples of when it would be used properly these days?"
I don't know about anybody else, but I use it to maintain my website. It is simple. It moves files. It is scriptable. It needs a userID and password for access. What alternative would you propose that doesn't do pretty much the same thing -- probably in a more complicated way -- with pretty much the same vulnerabilities?
It took me many decades, but I eventually learned by trial and error that overly simplistic "solutions" don't work because they are flawed and overly complex "solutions" don't work (for me) because I am flawed. FTP seems a reasonable compromise (for me).
I'm surprised that unusual traffic was not detected to C&C servers?"
Surprised? Why? The folks behind this are clearly quite clever. Quite likely they minimized traffic to C&C servers, spread it out over time, and disguised it as well. Remember that they are attacking typical business operations where simple purchasing of supplies may involve the folks who need the supplies accessing two dozen sites scattered over the planet just to put a purchase order together. And management and Purchasing might access another, mostly different, sites while processing the PO into final form. And so it goes across maybe two dozen internal organizations -- each with different functions, processes and needs. A typical operation probably legitimately accesses thousands of web sites, email providers, etc on any given day.
And one would expect that when the bad guys find a file of interest -- Final_Plans_For_Gold_Transmutation_Machine.doc perhaps -- they bundle it into a file called something like Company_Logo.JPG and attach it to a routine looking business email sent to Butter_Wouldn't_Melt _In_My_Mouth@anyofdozensoffreeemailproviders.com
I doubt any of that would trigger alarms in even the most paranoid of operations.
Some fundamental rethinking needs to be done here.
So it would seem.
There's a little superficially clamlike animal called a linguloid brachiopod that has been around for about 540,000,000 years. Since the early Cambrian. As far as paleontologists can tell, it hasn't changed much if at all in all those years. Presumably it hasn't needed to.
Since the appearance of the first Lingula, many other critters have evolved. Most of them are long since gone.
Maybe there is something to be said for doing things well up front rather than evolving.
"do you think they would admit it, or try to cover it up?"
Do *I* think they would admit it or cover it up? Neither. I think that given the complexity of their systems, the lack of external (and probably internal) documentation, and the apparent sorry state of their QA, they probably wouldn't know about a Windows Update compromise until somebody external found out about it, published their results and the Register called Microsoft asking for comments.
"Wouldn't the use of keyed connectors and/or better testing have caught this?"
Keyed connectors -- Maybe. I was once tangentially involved in an incident investigation of a missile that crashed a few hundred meters downrange during a routine test while tumbling rapidly end over end. The cause was determined to be a manufacturing defect. As it was explained to me, there were steering vanes in the rocket exhaust that were driven by a motor. The motor had tabs to which the control wires were connected. In this case, backwards. Using tabs of incompatible sizes would (probably) prevent that. But if your Mil-Std qualified motor comes as a lot of (most?) motors do with identical connectors for both wires, you're sort of stuck with it.
Better testing? For sure. At least in that case. The test for the wired motor was that powering it moved the steering vane. Nothing about which direction. The test spec was changed forthwith.
I hope I'm misreading the article. What I think I read is that 1.7% of DNS queries are spoofed and that's a small number. So, no current concern. But why would one hijack a DNS query unless one had malign intent? Are they really saying that nearly one in 50 of my DNS queries will route me to some nasty site and I don't need to worry my pretty little head about that unless/until the situation gets worse?
My impression is that 5G is only actually needed where there are huge crowds of people trying to use phones simultaneously. Say Shinjuku-eki at rush hour or any large stadium while waiting for the event to start. But I have NOT run the numbers and perhaps I've been misled or have misled myself.
Not that I care much. I have a smart phone. It was on sale. Really cheap. Nice hardware. But the software (Android) is so annoying and the UI so awkward that I've never activated service. For my very occasional remote phone needs -- phone calls and the odd text message -- I use an ancient 2G Nokia.
There would seem to be some valid use cases for many IOT type devices. Remote viewing of security cameras, adjusting thermostats in areas that are intermittently occupied, limiting access to people who have legitimate current access needs etc, etc, etc. But in many situations, it is unlikely that there will be enough users to justify mass production. So it's likely that much of this connected trash will be designed in ways that maximize profits rather than actual user needs like security, reliabilty and such. Cheap, but annoying and maybe even dangerous. In a lot of cases, I suspect users will be better off sticking to old fashioned manual devices.
"The first Gen 6 successors to the F35 may be in the air by the 2030s"
Perhaps. I'm thinking that unmanned aircraft are getting more capable by the year. Their maneuverability should not be limited by the stresses on a human pilot. They don't need Oxygen systems. Or ejection seats. Or lots of other things that are there to accommodate the human payload. I imagine that they can be as effective as manned aircraft and considerably cheaper than manned aircraft with similar capability. Enough so that suicide tactics are cost effective. Sacrificing a $35M unmanned aircraft to take out a $70M fighter is probably a victory of sorts.
I'm guessing that the F35 may be about the last generation of manned fighter aircraft. Not that the F-35, F-22, Su-57 and J-20 won't still be around -- maintained and flown for many decades. Just that their manned "replacements" may never get beyond the prototype and single digit serial number stage.
Do I believe the Chinese might compromise a software contractor? Why yes, of course I do. The Chinese are pretty good at a lot of stuff and I don't see any reason to believe they'd somehow not be good at spying.
Do I believe that the US might find out about it? Sure, that's possible I suppose.
Do I believe that the US government in the normal course of events would admit that the software was compromised? Of course not. Admit vulnerability and error? Does any bureaucracy do that unless the problem is clear to everyone in the universe? Ever?
Do I believe that security is slack at some low level US defense contractors? No, actually I don't. I worked in the US military weapons world for three decades. That was a while ago, but I never, ever saw an operation that didn't take security pretty seriously or whose security wasn't monitored by the government. That doesn't mean that the security was perfect. That would be impossible. But that part of the story doesn't ring true.
The software sucked and needed to be rewritten? I'd say that's pretty normal for complex systems.
" Imagine all the money ... that was sunk went into the hyperloop being invested into research on how to efficiently store energy."
I think that if you look into it, you will find that vast sums are being invested in energy storage research by the US, the EU,China and others-- vastly more than on hyperloop. There's money to be made there and lots of people trying to get a cut of the pie. It's a tough problem -- or rather, a tough complex of problems. I don't think lack of funding is what is limiting the rate of progress in solving those problems.
I agree mostly. The speed advantage of hyperloop over best high speed rail would seem to matter only over really long distances -- Los Angeles to Chicago. And its doubtful there is enough long distance travel anywhere on the planet for the economics of hyperloop to work. Note that the US and Canada where high speed rail might seem reasonable have about 50 km total of not especially fast HSR. If HSR doesn't work in economically North America, how is hyperloop which surely costs more going to succeed?
The problem isn't technology (probably). It's economics.
I have a lot of doubts about how many real use cases there are that will justify the great expense of a system like this. But in current rail transit systems multiple cars follow each other at zero distance. And yes, if there is a catastrophic failure in in one car, the cars following it are prone to suffer serious damage and possibly fatalities and/or major injuries as well. Doesn't seem to bother users much.
I suppose that objectively hyperloop is no more complex than air travel. But air travel scales fairly smoothly to small and infrequent payloads. For example moving people and goods around the Arctic. Hyperloop can't do that today. And not any time soon?
"... differing RPMs ..."
Really? Evidence that I've been seriously misled about how internal combustion engines work? It's hard to see how the revolution counts could differ by more than one or at most two (due to quantization error). Either we're witnessing quantum mechanical affects at a macro scale or the engine firmware is a bit off. DevOps strikes again?
And what are they counting? It's not like piston-crankshaft synchronization are optional in an engine that is not in the terminal stages of self destruction.
Maybe they are counting ignition pulses to each cylinder? That'd be feasible I suppose and perhaps meaningful in engines that do cylinder deactivation?
Genesis -- Chapter 11
[11:1] Now the whole earth had one language and the same words.
[11:2] And as they migrated from the east, they came upon a plain in the land of Shinar and settled there.
[11:3] And they said to one another, "Come, let us make bricks, and burn them thoroughly." And they had brick for stone, and bitumen for mortar.
[11:4] Then they said, "Come, let us build ourselves a city, and a tower with its top in the heavens, and let us make a name for ourselves; otherwise we shall be scattered abroad upon the face of the whole earth."
[11:5] The LORD came down to see the city and the tower, which mortals had built.
[11:6] And the LORD said, "Look, they are one people, and they have all one language; and this is only the beginning of what they will do; nothing that they propose to do will now be impossible for them.
[11:7] Come, let us go down, and confuse their language there, so that they will not understand one another's speech."
[11:8] So the LORD scattered them abroad from there over the face of all the earth, and they left off building the city.
[11:9] Therefore it was called Babel, because there the LORD confused the language of all the earth; and from there the LORD scattered them abroad over the face of all the earth.
---------------------------------------------------------------
Is it possible that the answer to the problem of great complexity is not greater complexity?
Thank you Mr Dabbs. For years, I've been led to believe that massive misrepresentation of broadband speeds is a phenomenon unique to the US. The official statistics were described by FCC commissioner Michael Copps as "Stunningly meaningless" in 2008 and I can't see that things have changed much in the years since. Now I see that it's not just us. Maybe it's everyone. I'm not sure why that makes me feel better. But it does.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
