Posts by vtcodger 2030 publicly visible posts • joined 13 Sep 2017
Without contesting any of the points made -- they're probably all true to some extent -- how is it possible for makers of really complex equipment like a modern automobile to build products that function at all? I think perhaps there is a bit more to the story than that QA is really difficult.
"the schools teaching computing don't have enough to run the exams"
In my experience, the problem is that a significant fraction of the programming universe lives in a world of constant "progress" where computers are shiny new multicore pentiums (pentia?) connected by IPv6, using gigabit ethernet from a reliable supplier and running the latest version of their favorite programming language on the latest version of their favorite OS. (This is obviously a world with standards that are actually followed, no security issues and few or no budget constraints).
But another fraction lives in a world of hand me down computer equipment, no budget for much of anything and, 10 Mb ethernet connected, if they are lucky, to slow DSL lines. In that world, folks figure that just about any version of C or Python or Perl or HTML is good enough to learn the basics. Which is good because that's all they can realistically provide.
I can imagine that concocting a single test process that can work across that full range is very difficult. Maybe impossible.
Ah come on folks. Is anyone really shocked at this point to find out that hardware storage encryption is less than perfect? Sounds to me like just another security issue. one of many thousands uncovered this year alone. And no hardware encryption isn't useless. Like most password schemes, it should be quite effective at keeping unsophisticated "users" -- the janitor, the babysitter -- from perusing one's financial records and porn collection. Really sophisticated attackers -- national agents, etc? Different story. But if you have secrets that interest the three letter folks, are you sure you should be trusting a company notorious for spying on its users to keep your secrets secret?
"Oh and the same for cup-holder CD-ROM trays too."
After I retired, I worked part time maintaining computers for a K-8 school. One of the kids -- 6 or 7 years old -- put a chocolate chip cookie on the CDROM tray of one of the library PCs and pushed load. I thought it was kind of funny and indicated a certain amount of creativeness. The kid's teacher apparently had more than enough of childish creativity. The kid did NOT do that again.
Why would a so-called security establishment go anywhere near the internet?
You have a agent within the tightly guarded biological warfare research site in Whichwhatisstania would you communicate via:
A) A shortwave radio tranceiver that emits a traceable signal and requires an external antenna?
B) A cell phone?
C) A letter drop behind a rock in a city park?
D) A letter drop in a hollowed out pumpkin on a farm owned by another spy?
E) Late night meetings with a controller on a bridge in downtown Whichwhatisstan City?
F) The Internet?
I'm guessing, but I suspect that when this all settles out "repairing" internal combustion engine ECUs and emissions control hardware may not be allowed on grounds of emission control. Likewise modifications to safety systems on gear that faces the public. Still though, it seems mostly a good thing if our moderately corrupt lawmakers can be persuaded to let something that actually benefits the public stand.
Fortunately, IPv6 by lack of adopted use, limits the scope of this bug.
Yeah, fortunately IPv6 is only used by a few fringe organizations like Google and Microsoft.
Seriously, I personally want nothing to do with either systemd or IPv6. Both seem to me to fall into the bin labeled "If it ain't broke, let's break it" But still it's troubling that things that some folks regard as major system components continue to ship with significant security flaws. How can one trust anything connected to the Internet that is more sophisticated and complex than a TV streaming box?
Not that I completely disagree, but I would make two points:
1. Community broadband demonstrably can work. But it's not all that simple and it can also fail dismally leaving the community with a whopping bill. Not convinced? Google the sad story of Burlington (Vermont) Telecom. you could start at https://www.burlingtonfreepress.com/story/money/2014/02/27/burlington-telecom-lessons-learned/5845857/
BTW, I clearly remember climbing up to the top of a small hill in back of a rural Vermont School to check out the possibility of a digital radio link to the rest of the school system about 10km down the road. What did I see? Trees. Thousands of trees. Maybe tens of thousands of trees. No cheap way that I could see to cobble together a microwave link. We ruled out satellites because of cost and latency. We eventually ended up with, after a lot of work by the phone company, a not especially cheap T1 line(1.544 Mbps) which was I was told, deep down inside, what might have been, at the time, the world's longest functioning DSL connection
2. The satellite systems are proposed to have substantially different characteristics than existing systems. Somewhat more like putting a bunch of cell phone towers into orbit than orbiting fixed microwave links. Will they actually work at reasonable cost? Quite possibly not. OTOH, these aren't government efforts and it's quite likely that very little of your or my money is involved. I personally couldn't care less if Elon Musk and his backers lose a fortune.
It gives SpaceX five years to get the rules changed again so the ones already up there can stay longer.
I believe that the "rules" in question are Newton's laws of motion. While the FCC is certainly free to command changes in the rules, I suspect their dictates would be ignored.
BTW, using higher orbits would have many effects besides increasing lifetime. Increasing the number of potentially conflicting users by increasing per satellite coverage area, and increasing latency, would be two of particular concern
Thanks. Re composition: It crossed my mind while washing up after dinner that maybe some of the larger fragments might have made it down to the Earth's surface intact. Turns out that apparently no Geminid meteorites are known. But I did find this paper STRUCTURE AND COMPOSITION OF GEMINID METEOROIDS ...https://www.lpi.usra.edu/meetings/acm2008/pdf/8211.pdf These folks were able to get emission spectra from some of the burning meteorites. Don't know how they did that. It doesn't sound easy.
Anyway, they were able to measure relative Sodium, Iron, and Manganese content They concluded (I think) that based on Mg/Fe ratio, the Geminids look more like cometary material than asteroid material. I could probably decipher more if I knew more about meteorite composition.
This is truly interesting, but I know next to nothing about it. A couple of questions if I may.
1. It's blue. That's curious. Surely, someone has looked at it's reflectance spectra and maybe it's emission spectra as well if that's possible. What do the spectra have to say about its composition?
2. Is it true that objects are either asteroids or comets, rather than sort of falling on a continuous range between mostly frozen gases (comets) and mostly inert minerals (asteroids)?
3. The article suggests that Phaeton is in a highly elliptic orbit (it gets close to the sun) with a period of one year and pases through the Earth's atmosphere every December. Is that remotely possible? I understand how a diffuse cloud of debris can revisit the Earth at the same time every year -- at least for many, many repetitions. But a single, discrete object? If it actually passes through the Earth's atmosphere, won't its orbit decay/change on every pass?
Anybody have any insight?
"The researcher, who goes by the pseudonym SandboxEscaper, says the bug is present in the code handling advanced local procedure calls (ALPCs)..."
In case anyone else is curious:
"Advanced Local Procedure Calls (ALPCs) An advanced local procedure call (ALPC) is an interprocess communication facility for high-speed message passing. It is not directly available through the Windows API; it is an internal mechanism available only to Windows operating system components."
Apparently Windows 10's internal communications channels aren't as internal or private as they hoped. Kind of ironic isn't it?
It appears that Google grabs location data wherever it can find it. I few weeks ago, I needed to figure out a driving distance and ended up telling Google Maps that my business address was in a small town about 2000km from my home. Viola -- Google News now thinks I live there.
I don't actually care all that much. I never expected any privacy on the Web. But I do think Google's behavior is kind of rude. Sort of like hanging out on your front porch and observing the neighbors with binoculars.
"has long been a Microsoft philosophy. It served it well in the early days as it meant that it got a product to market before the competition. "
Equally important I think was that early MS OS products were quite small by modern standards. IIRC, WFWG3.11 -- which was quite usable -- shipped on four 1.44mb floppies plus another three floppies(?) for MSDOS 6.22(?). Testing that for major bugs was something that could probably be done by a small team in communication with each other and the developers in a few weeks. Not so in 2018.
Even Windows 95 -- which was buggy as a tropical swamp -- only needed 20 odd floppies. It actually ran pretty well about 25 service packs later.
"So your uninformed comment should probably stop there. While there is undoubtedly some shit in the Windows codebase it's no longer undocumented or unspecified. This is all about Microsoft's release management being hijacked by the marketing dudes."
The codebase is (usefully) documented and specified? Do you have any other fantasies you would like to share with us?
But I do agree that Microsoft's release management clearly has major problems. I'm not sure that firing the marketing folks will fix that. But, what the hell, it might be worth trying.
If you insist on all bugs being fixed, the first "bug free" release is probably going to take about three years. Later releases may be a bit faster -- two years. Maybe even eighteen months. In the long run, release time will depend on the longest chain of fix that needs a fix that needs a fix ... plus a lot of overhead. Might be doable. Might even be acceptable. But it's going to require massive changes in attitudes and approaches at every level.
Decidedly NOT agile.
"What the hell have they been up to to introduce so many random bugs in existing functionality?"
Windows is a huge, complex, system with innumerable interactions based on an immense, mostly undocumented database. Probably no actual written specifications for most of the components. I haven't (thankfully) worked with Windows for decades, but my impression back when I did was that functional partition within the os components probably wasn't very clean or clear.
My experience with large systems going back to the 1960s is that unexpected failures in areas that appear to have little or no relation to changes are going to be fairly common in a system with the apparent characteristics of Windows. I know of no way to catch them other than exhaustive system testing. I haven't followed the system testing world for several decades, but I doubt anyone has found another, cheaper, better answer while I was away.
I would observe that what Microsoft seems to be trying to do -- completely remove system configuration concerns from the domain of individual users who are mostly ill equipped to handle them -- is probably a really good idea. IF MICROSOFT CAN MAKE IT WORK. But it's also exceedingly difficult. Personally I doubt Microsoft (or anyone else) is smart enough to pull it off. Especially given their probably less than optimal starting point.
I'd also note that servers/workstations are different than desktop computers and personal computing devices. I always doubted that Windows can scale across that full range of user domains (Unix really can't either. User oriented Unixen -- Apple, Android -- aren't often used as mainframe replacements. Heavy duty Unix suitable for mainframe replacement can be coerced into personal computing, but tend to require substantial system configuration skills from the users)
"It does raise a point. How will an self drive car deal with things such as new roundabouts."
What the vehicle "sees" has to take precedence over what it "knows" (i.e. the map) Otherwise, road construction projects will be impossible, accidents involving immobile vehicles will tie up traffic for tens of miles, and self driving cars will be useless during/after floods and earthquakes. And vehicle vision and object discrimination is going to have to be very, very good.
Some good questions in this thread.
1. Where are examples of the altered boards?
2. Or at least of the purported chips
Plus
3. Is it even possible to create a spy chip? (Probably yes?)
4. How would it get power, access to memory, data buses, clock, control buses? (Dunno. Maybe doable. But probably very difficult to do)
5. How the heck would one talk to it and control it without getting root or microcode access to the machine? If you have root/microcode access, why do you need a spy chip?
6. Assuming that you can somehow insert altered boards into the manufacturing stream, how do you route them to your target customers? (I suspect that's nowhere near as easy as it sounds).
7. Assuming that you have state resource behind you and can interfere in the manufacturing/shipping process at will, wouldn't it be easier to grab a board destined for a target destination for an hour or three and alter the on board microcode?
I find that I have a deepseated suspicion of non-deterministic algorithms. Deterministic stuff works badly enough. Do you folks really want to live in a world where no one is, or possibly can be, able to figure out why computers do what they do? There may be a place for machine learning in research. Let the machine figure out an answer, and if the answer actually works, figure out why. But really, trusting computers not to do something crazed when one doesn't understand why they are doing what they are doing? Can that possibly be anything but a bad idea?
Don't overlook the role of water which is an excellent solvent. Our surface deposits of iron for example are largely (there are exceptions) iron compounds precipitated from aqueous solutions. We don't know a lot about the inside of the Earth. The Kola superdeep borehole was an ongoing series of surprises. It's hard to generalize about whether circulation in the liquid mantle and outer core redistributes dense materials upward from the core and/or light materials down toward/into the core.
"Hopefully, Apple will turn them back into what they once were ..."
I was thinking just before reading this that extrapolating current trends, the ARM based Apple will have no x86 compatibility. It will come entombed in a single synthetic diamond and will not be openable, much less repairable. It will have no ports whatsoever and will be charged by a proprietary $400 electron beam charger. There will be no keyboard at all although a magnificent, lifelike, but totally inoperative image of a keyboard can be displayed by the proper combination of finger motions or by appealing to Siri's better nature.
It'll be a huge seller and will cost significantly less than a low end Tesla Model 3.
"no QA test plan can adequately cover the stupidity of the general public"
Mostly true perhaps, but it doesn't seem to apply here. This seems to be something that happens without the help of user stupidity -- other than the questionable user judgment involved in purchasing of an Internet connected "watch". The problem looks to be the questionable manufacturer judgment of collecting user data without understanding the actual risks and rewards of doing so.
Queue up Richard Feynman's Appendix F to the Rogers Report on the Challenger disaster wherein he analyzes the huge gap between Space Shuttle reliability estimates made by NASA management and those made by working engineers.
Apparently, there were 55 F-22s stationed at Tyndall AFB. 33 were flown out to Wright-Patterson AFB near Dayton, OH. The rest apparently were not flightworthy for one reason or another. It's not surprising that some couldn't be flown. It's probably not prudent to hastily slap an engine or landing gear back into a $150,000,000 airframe that is under repair. But I'm a bit surprised at the number they couldn't fly or chose not to fly.
Amen, We've lived with underground utilities for 25 years and have some experience with outages -- Power (4 times - one unknown, 1 "backhoe", 2 due to inadequate repair of the backhoe damage), Cable TV (1 - corrosion, 1 due to snowplow plowing above ground distribution box), Telephone (2 -backhoe), Natural Gas (0 thankfully), Water (several due to breaks in the distribution piping that required shutting down water to the neighborhood). Much better than overhead wiring, but repair is MUCH more difficult.
Unlike some other companies, Waymo's approach to autonomous vehicles seems serious and responsible. I wouldn't be surprised that their customers are every bit as safe in a Waymo driven car as a car driven by the average human driver. Maybe more so. What I am concerned about is collateral damage to pedestrians, pets, objects is situations that don't quite fit the actual and simulated situations that Waymo has tested. I doubt a really comprehensive test suite is possible no matter how sincere and skilled Waymo's testers are.
"the security issue was actually within a toolkit, called branch.io, that tracks website and app users to figure out where they've come from,"
And this is needed because without it users might retain some small degree of anonymity?
Anybody besides me developing an uneasy feeling that this whole internet thing is going to end badly?
"What are the downsides to abandoning the ISS aside from a gap in the science data?"
Probably no or minimal downsides. Those with long memories may recall that Skylab in the 1970s was a manned orbiting station that was occupied for short periods to perform experiments, but was left unmanned much of the time. No particular reason -- other than the fact that a permanent crew is presumably assumed in planning -- that the ISS couldn't operate in the same mode. Temporary destaffing is probably -- like most things involving humans in space -- a political decision that may not involve a lot of logic.
"But the beltway bandits are pulling out all of the stops to kill the contract or force multiple awards."
Exactly. In everyday English, IBM's complaint is that one kid gets the whole humongous pie and they are pretty sure that kid won't be them.
The important question for taxpayers incidentally isn't who should get the pie. It is, "Is this job actually doable?" If it isn't it'll cost a fortune and stretch out for a decade or three no matter who gets the contract.
A different take:
Computer operating systems -- all of them -- are very complex and nearly impossible for most folks to administer.
What Microsoft seems to be trying to do -- automate system administration such that normal users don't have to worry about it -- is entirely reasonable and worthy of financial reward. Sadly, what they are trying to do is also extremely difficult. And they don't seem to be doing it very well at all.
Screwing up system administration is easy and in Linux, it's free. Who needs to pay Microsoft to lose their files?
Not that I'm in favor of insecure CCTV cameras, but have you folks ever spent any time actually looking at the output of a security camera? Typically it makes watching grass grow look exciting.
I submit that for the vast majority of CCTV cameras, security simply isn't a reasonable concern. No one cares and no one should care.
For too many of the fraction where securing is desirable, the toolkit for securing them is going to be utterly incomprehensible to the folks doing the installation. That seems to me at least as big a problem as shipping an insecure product.
Can't say for sure, but based on my limited experience, the last thing most high ranking officers want is more problems. They are quite a conservative lot and their jobs come with more sufficient problems. The constant (often broken) updates that IT folks think of as necessary improvements probably look to them more like aggravation than assistance.
Well, yes ... But there are DOD systems and there are DOD systems. I'm hampered by not having worked with that stuff for decades, but I doubt it's changed all that much. So, A few points:
1. Access to military systems is rather tightly constrained. Try walking onto the nearest military base without paper orders, or some other valid reason for being there.
2. Combat systems are unlikely to be connected to the Internet. That'd break rules about security. And they are, of necessity, designed to operate in an environment with limited and noisy communications.
3. Many military systems require extensive training to use them. That doesn't preclude hacking I suppose, but it makes it a lot more complicated.
4. There are, or least used to be, elaborate rules for dealing with classified data. Basically, you can freely introduce unclassified data into a classified environment, but any data generated in a classified environment has to be rigorously scrutinized before it can be released into an unclassified environment. Clearly, you can't just plug a dsl modem or whatever into a classified system.
5. There is, I'm told, a secure equivalent to the internet. I know nothing at all about it.
6. Non-combat systems -- personnel management, etc probably are connected to the internet and presumably have all the problems they would experience in a similar business environment. And maybe some additional problems.
BTW, I read the report. I don't think it's bad, deficient, or inaccurate. But I found it very difficult to relate it to what I saw in the three decades I spent working with US military software. The one thing that did resonate was a concern about security problems with the software development and maintenance environment. Likely there are real problems there.
"I understand it is indeed widely used, and so was its predecessor Windows CE."
Windows CE was a complete and utter failure in the mobile market. When last seen its mobile market share was said to be way less than 1% Why would one expect it and its progeny to do better in the embedded junk market where presumably even less is demanded of the OS?
"US Government's stance: Shoot now, ask questions later."
The intent is probably entirely reasonable. There have, for example, been documented instances of drones unintentionally preventing water tankers from dumping water on wildfires. It's a drone. Who exactly does on ask questions to? Shooting the silly thing(s) down -- likely easier said than done -- seems pretty reasonable if the drone constitutes a significant public nuisance.
Whether the regulation will be abused? Who knows?
Unless your household heating is exceptionally good and you ignore the pleas of authorities to turn the heat down at night, the middle of the night is likely to be the coldest part of the "day". Cold batteries generate less voltage than warmer ones. The warning beeps are probably based on battery voltage.
Obviously, what you need is an internet connected battery warmer in each of your smoke detectors. And apparently they need a password and regular software updates. Fortunately, the geniuses in Silicon Valley will probably solve this challenging problem Perhaps they will come up with an IOT smoke detector that can be programmed to only beep when no one is around to be bothered by it.
Internet connected toothbrush? Of course it's a bizarre idea. But apparently you actually can buy one for about $200. And if I try, I can come up with a very few somewhat legitimate use cases. Maybe a controlling mother making sure her kid brushes his/her teeth (or at least turns the gizmo on) while at summer camp.
Overall, with the exception of routers, some entertainment devices, and surveillance cameras, I think most of this junk is probably useless or worse. But apparently my (and your) opinions don't count. It's going to be made, touted, and possibly even actually purchased.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
