Posts by Crypto Monad

The BBC reports:

"He [billionaire Jared Isaacman] had paid an undisclosed sum - estimated by Time magazine to be about $200 million (£145 million) - to fellow billionaire Elon Musk for all four seats aboard the Crew Dragon."

Re: Double keying already used in some banking applications

The two entries are then compared with each other to ensure that they match. This process is used in military and BANKING APPLICATIONS

Obligatory xkcd: 970

Re: Eight years and this is the first I've heard of it??

In a computing magazine from the early 1980's I saw an advert for "The Last One" (TLO) - supposedly the last programming language which would ever need to be written, because anyone could program in plain English.

Now it's just a footnote to history in the briefest of wikipedia pages, although the example shown is very illuminating as to how rubbish it was.

https://en.wikipedia.org/wiki/The_Last_One_(software)

Re: Fifteen kilograms?!?

I think the relevant question is: how does the drag you get from deploying that sail for 10 days, compare to the impulse you could get from burning 15kg of rocket propellant?

Or it doesn't exist at all, except to con money out of investors.

If they're really about to release the FPGA emulator to customers, then at least someone will get a look at what the instruction set looks like, and how novel it really is.

Have they patented anything? Then the patents will be published.

Re: Self sustaining

They say it releases "about 70 per cent of the laser energy shot at the target"

What they don't say is what percentage of the electrical energy fed into the laser is converted into laser energy.

Re: Tip of the iceberg?

And equally - if they don't understand *why* half the valves are sticking, what chance is there that the problem won't reoccur?

Re: Ugh...

> If you look back at the history of open source you'll generally see that people understood from the word go that it would never be the sole basis for a commercial product.

Not necessarily. The BSD licence is so permissive that it allows code to end up in proprietary, commercial products. This is by design: the people who work on BSD understand this very well.

Also remember that SFTP and FTPS both exist, and are two completely different things.

(One is a subsystem of SSH. The other is the regular FTP protocol, over TLS)

Re: Mockery

By "too big to fail", do you mean "so important to society that governments will be forced to bail them out" (like banks)? Or "so cash-rich that they can always buy up any upstarts that try to displace them?"

I don't think Salesforce/Slack or even Microsoft fall into the first category. If they fail, it will be because they cease to innovate and their customers move to something which meets their needs better. The only requirement to stop this being catastrophic is to ensure that all customers have the right to export their data in full.

Twenty years ago, everyone had a Nokia phone. It could have been argued at the time that they were "too big to fail". They failed - and the world moved on.

That's because the Amazon Prime rocket only does up-down fairground rides. Getting into orbit requires way, way more energy: roughly about 100 times more.

Re: Exaggerated hype

As it happens, they got to 53 miles, not 17 miles.

However, the height is almost irrelevant. Only about 1% of the energy required to get into orbit is to get up to the right height; the other 99% is in the kinetic energy required to travel laterally.

Increasing their rocket power to get to 100 miles or 200 miles would not get them into orbit; it would just increase the time slightly before falling back to earth. That's why what SpaceX is doing is a *much* bigger deal.

Re: Whats old is new again

No, this is nothing like "the old probes that pulled server metrics such as CPU and RAM when doing weighted load balancing"

To understand what this is about, imagine a distributed object storage system. There are M servers ("bins"). Each incoming object ("ball") is written to one of those servers. You want to distribute them evenly, so that you don't run out of capacity on one server while others have free space.

When writing, it would be easy to pick the one with the most free space. That's what you're describing.

The problem is, how do you *read back* a given object? Either you have to search for it across every server, or you have to maintain a huge database of every object and its location.

To avoid the huge database, you want to locate an object from just a hash of its name. Such an algorithm will necessarily require objects to be moved when you add or remove a storage server, and you want to minimise the number of movements in that case.

This is what storage systems like Ceph and Swift do. They use variations on "consistent hashing" which is mentioned in the paper as the previous state-of-the-art. However, such algorithms give effectively 'random' distribution. If all the objects are the same size then this gives pretty good results, but if you have a handful of huge objects mixed in, you can get badly out of balance.

The paper describes a better algorithm which avoids having a central database, maintains a good balance within some constraint factor, and minimises the number of servers you have to look on to find a particular object.

This is a big deal. You should give them credit for it, rather than dismissing something you don't understand as being nonsense.

Re: 26M premises…

About 30M properties in the UK in total.

Re: The future is coming

> Ask for an advisory date for FTTP (or even how far we are down the rollout) and an answer there is none. Which complicates planning a little.

That's because switch-off of the PSTN is *not* linked to the availability of FTTP.

Come 2025, if you have no FTTP, you'll still be getting Internet via FTTC (or heaven forbid ADSL). However your voice service will be delivered over that, as VoIP, rather than analogue narrowband signals injected directly over the copper.

You can start switching to VoIP today. There are many providers of IP-based telephony services. If you have a PABX in the basement linked to an E1 trunk, now is the time to get rid of it.

In terms of alarm companies, you'll need them to provide a service which works over IP. Again, you can move to that as soon as the alarm company has a workable IP-based solution.

Re: flaw only affected those users with custom DNS setups on their personal networks.

A while ago, Unifi APs started calling home to the vendor to report stats.

Now my Unifi APs have their management address on a separate VLAN, which blocks *all* outgoing traffic. The controller sits on this VLAN too. And I only open up outbound access from the controller when fetching a new firmware version.

It's sad that we can't trust vendors not to spy on us these days.

Re: Lucky Ireland

I was going to say the same: if power is short, why not load shed the data centres? They have diesel generator backup, after all.

We have the web now: it could be made opt-in on a case-by-case basis.

"We have a request from <insert company> to perform research on <insert topic>. For full details of the study see <insert link>. Do you consent to be included?"

Re: Not new

All modern hard drives do this.

You have a queue of outstanding requests on the bus (SATA/SAS etc). The drive optimises its seek path across the platters, using its knowledge of the rotational positioning of sectors as well as elevator seeking.

The more parallel I/O you're doing - i.e. the deeper the queue - the more opportunity it has to improve the total throughput.

Re: Go for it

> Hence the Hinkley Point development where EDF is spending £23 billion to build a new reactor

The question is, will they still be around to pay to decommission it at the other end of its lifetime?

Re: OMG - El Reg: this is a tech journal

The first paragraph of the article got it wrong in almost every important detail. There is no copper stop-sell in Mildenhall. They are not "also" withdrawing analogue voice; they are *only* withdrawing analogue voice.

The stop-sell in Mildenhall is much more limited than Salisbury. Copper will remain for ADSL/FTTC connections.

However, it is certainly true that you will need a UPS to make landline phonecalls during a blackout (if you can't receive a mobile phone signal).

Vendors don't choose to provide cloud services because of licences. Ask yourself why Microsoft pushes Office 365 so heavily over the on-prem products, when they own the licences anyway.

Vendors provide cloud services:

- to get a recurring revenue stream

- to control upgrades and bugfix releases

- to simplify support processes

- because many customers don't want to manage servers any more

- ... etc

Re: It’ll be interesting to see what limitations pop up

AWS have Graviton ARM VMs you can rent, up to 64-core bare metal, at about half the cost of equivalent Intel ones.

Lots of people run Raspberry Pi as desktop and/or server. Plenty of other ARM-based boards out there too, e.g. NASes and routers.

Re: one of?

> Not one of the oldest? THE oldest.

I don't think so. The first Linux I ran was Soft Landing Systems (SLS), and according to Wikipedia at least, Slackware was a fork of that.

It certainly was buggy: I remember that the permissions on the /var/spool/mail directory were set wrongly out-of-the-box, so that you couldn't even send mail between two local users. But fixing that sort of problem was a great way to learn how Linux/Unix actually worked :-)

Re: Why is Wireguard in the kernel?

The cool kids are doing networking in userland anyway. See for example VPP/DPDK, commercialised as TNSR (coincidentally also by Netgate)

Re: More capacity needed anyway

More capacity is needed partly due to "the increased use of semiconductors in vehicles"

Can someone explain to me why a car needs anything more sophisticated than a 6502?

Re: Typical cloud/IoT issue of "if the server goes down, yer f*cked"

> So of any of these servers go down, or the companies hosting them go out of business or just plain decide to not host them any more... your NFT is gone and there's nothing you can do about it.

The NFT should just contain an SHA256 hash of the image or whatever. It doesn't need to provide a way to retrieve it. Ownership of a URI is useless, because the content at that URI can change anyway.

> And something the tweet doesn't cover: if I go to that URI, then I can simply download your NFT.

That's missing the point. You're not downloading the NFT, you're downloading the image that's linked to it. You have a copy of the image, but you don't "own" the image. The NFT asserts ownership, and allows you to transfer that ownership. It's not a copy-protection mechanism. It's more like a certificate of authenticity.

And in particular, it would be good to know what git hosting software they were using (and what version), or whether it was a plain old SSH repository.

Re: why this continuous creation of new languages

http://fortranwiki.org/fortran/show/CGI

It always struck me as incredibly wasteful to tie up a 40-gigabit Thunderbolt 3 / USB-C port just for charging the laptop (especially if you have only one or two).

A separate dedicated power port makes much more sense.

I've been sticking with my 2015 MBP, which has two TB2 ports, two USB-A ports, HDMI, SD card, Magsafe 2 charging, and 3.5mm audio: they all get used at various times.

Re: How is this possible?

Fixed by macOS security update 2021-002

$ /tmp/sudoedit -s '\' `perl -e 'print "A" x 65536'`

Re: This is Oracle.

Java SE is not free - it has a commercial licence that "permits personal use, development, testing, prototyping, demonstrating and some other uses at no cost."

This article is muddying the water.

If GraalVM requires Java SE, then it's not free. But if GraalVM is GPL and runs independently of Java SE, then saying that "might just give those users and developers an on-ramp that keeps Java SE relevant" makes no sense.

Re: A compound application - or named after one?

FWIW, JetBlue is also a major budget airline in the US.

https://en.wikipedia.org/wiki/JetBlue

This issue is not so much about caching of HTML pages themselves, but of the assets referenced within them - images, CSS stylesheets, Javascript etc.

Even when fetching over HTTPS, I doubt your browser refetches *all* the assets for a page for every page view. For many sites that would be multiple megabytes per view; you'd certainly notice it.

The problem described in the article is when two separate websites (site1 and site2) both reference an asset at the same URL, e.g. img src="https://example.com/foo.png". Colluding sites could generate an image (or stylesheet etc) dynamically, and then check its content. The solution in Firefox is to have separate caches when browsing site1 and site2.

It's little Bobby Tables.

Re: Bad optics

Not "technically": AWS genuinely has done the right thing here.

AWS runs (and sells) Elasticsearch as a service. It also contributes its improvements back upstream. Via OpenDistro it also contributed further functionality, some of which was only otherwise available as paid-for add-ons (e.g. alerting).

Elastic.co didn't want AWS's software contributions. It wanted their money.

AWS won't be held over a barrel by Elastic.co. Open source software without license fees is what allows AWS to scale up and up and up. This applies to their whole stack, from the Linux kernel upwards. At their scale, it's cheaper for them to employ their own software engineers rather than pay licences, in the same way that it's cheaper to build their own servers than buy from Dell or HP.

In itself this makes no difference to Elastic.co, since they were never going to see any money from AWS anyway. What they now risk is that all the other unpaid community developers will jump ship to the AWS fork - and that their future potential customers may pick this one too. Elastic will have to make its value proposition the support services which come from buying a commercial partner - which they could have done all along.

IMO, the open source community has *gained* a new product champion for Elasticsearch in AWS. We all know AWS's business model doesn't include selling software licences, so there's no risk that AWS will pull the same trick as Elastic.co. There is a potential risk that they will steer it in the direction of their own interests, but since their own interests include deploying Elasticsearch at massive scale with high reliability, that's likely to coincide with the community's interests too.

Aside: Elastic.co no doubt noticed that AWS sells services with built-in licence fees for Windows and SQL Server and VMware and Oracle, and hoped AWS would do the same for them. That ain't going to happen. AWS resell those particular pieces of software, not because they can't write their own database or virtualization layer (they have!!), but because a subset of customers insist on running those exact pieces of software. And crucially, those pieces of software have been closed-source and commercial from day one, so there's nothing to fork.

EDIT: it's also worth noting that in keeping Elasticsearch development fully open source, AWS is helping *its own competitors* - both the other big cloud providers, and the more specialised Elasticsearch service providers. AWS don't mind. They continue to compete on reliability, breadth, and price.

Re: It's your cash they're after

But how is this different to all the things running underneath Elasticsearch: the Linux kernel, GNU utilities, the OpenJDK JVM, and libraries?

You can build a cloud service around all of these things without open-sourcing your special sauce. What makes Elasticsearch think it deserves to be treated differently?

AWS here are the good guys. They took the Apache 2.0 distribution of Elasticsearch, enhanced it with components which normally you'd have to pay elastic.co for (e.g. alerting), and then released it back to the world under Apache 2.0. It seems to me that elastic.co cares less about people "contributing back" code, than getting their cash.

On the other side, from AWS' point of view, I can understand that it makes no sense to buy a licence at their scale. Even if they negotiated favourable terms for now, it would leave them exposed to huge price hikes in the future.

Re: Static Analysis, Strong Typing, Robust Software Engineering / Algol, Pascal, Modula, Ada, Rust

Memory safety is one class of security problems, and there are tools to deal with them. However, many security issues stem from higher layers - SQL injection and CSRF are just two examples.

Put it another way: PHP is a memory-safe environment, but I think you'd be hard pressed to claim that everything written in PHP is secure :-)

The programmer's mindset and approach are far more important. Treat software engineering as a branch of *engineering*.

Re: Hooray!

There was an official Apple Magsafe airline adapter - I know because I got one. However, the only place I came across a compatible airline power socket was in older BA 747's in Premium Economy. I did get to use it a few times: IIRC, it was able to power the laptop, but for some reason wouldn't charge it.

Re: Peak Planet

I'm glad you're happy with yours running Sailfish, but I run Android on my Gemini (for various reasons), and it hasn't had an update since 2018.

Failure to support existing users with updates is why I wouldn't touch PlanetCom again.