Posts by doublelayer

"A machine that can provide only a few cores, almost no cache, and 64 GiB of non-ECC DRAM is just an ordinary PC, at best."

No, it's not. I don't know where you think PC ends, but that's not ordinary for the range. You don't normally get 64 GB RAM in a PC, either a business-oriented or home-oriented one. Eight cores at 5.2 GHz likewise is not an ordinary spec. Compared to a server, of course, it's very different. Also compared to the top of AMD's range with their superiority in multicore chips. Still, that's well above average for a machine a single person is using.

"Yeah that's not helping any. Intel aren't making competitive products these days. If you want a quiet small form factor machine, you want something like a Raspberry Pi 4 or if you insist on x86 you're going to be looking at specialty low-power parts (see FitPC for examples)."

This is getting ridiculous. Intel's competitiveness versus AMD is less than it's been for a long time, but they have plenty of low-power chips. Especially if you're considering the Raspberry Pi 4 as a comparison. The BCM2711 isn't slow compared to those that came before, but many low-end Intel chips easily outclass it. In addition, if you're buying a low-end computer, the ones using Intel's chips are likely to have better thermal performance than a Pi, which needs assistance with cooling due to the size constraints and power of the new cores. AMD is getting some interesting chips in this range too, but this is an area where Intel has been competitive with it while the high end has gone to AMD; in the past few years, AMD has had few chips that could operate in the low power limit and still work well.

"These days my minimum threshold for "workstation" is 16 cores, 64 MiB of cache, 256 GiB of ECC DDR4, and 3x 4K60 DisplayPorts. You're not going to get that from anything in this line."

You're right that this line won't do it, but mostly I have to ask why you need that. Most of the time, "workstation" means single user. What are you doing that requires 256 GB of memory, and whatever it is, you know that few other people are doing that and many who are are using a server to help with the heavy lifting.

Re: Perhaps not

Obviously that's not a serious statement, but I don't have a humorous rejoinder so I'll just tell you that you can run Linux on it, even buying it preinstalled.

Re: A way round that?

If you can run the management software on Linux, that probably helps a lot with the old software problem. It probably doesn't as easily handle the old hardware problem. You can use a USB-to-serial connector if it works for this equipment, but you could do that on something else. You could also create your own converter which uses the GPIO to connect, but again you're taking a lot of work to graft together a connector. If possible, it's a lot easier to run the Linux-based management software on a computer with the correct port already there because then you don't have to. If it's a particularly rare port, then you might test a converter to have as a backup, but RS232 is not that rare.

It depends. There is legacy hardware and there is embedded stuff. Both still use serial a lot. Admittedly, a lot of modern equipment uses serial over USB, but not always, especially if the equipment doesn't have USB support already. I've seen serial ports for console access on a number of relatively modern things and there will be people with even more of that around. Given that, why not throw a couple on the back; they're cheap.

Re: The tiny sounds neat...

I can't guarantee it, but I would be surprised if it has trouble. Those are some very normal components on which Linux runs all the time and Lenovo already ships some of their machines with Linux and upstreams code for it. I think you'll be just fine.

Re: Put a checksum checker...

This isn't useful in this or most cases. The problem this is intended to solve is the use of untrusted libraries by a developer who doesn't audit the library for security or is dealing with a library of such complexity that it's infeasible to do so. If the dev inserts the checksum of an insecure library, your system won't catch it.

If you're really afraid that something will modify a library which your main application imports, you're going to have to do more. If all you've done is insert checksums into your main module, the person substituting libraries can just edit those checksums so they match again. You can do this better, namely by signing your code and not running code from unsigned random files.

Re: a solution looking for a problem?

You are incorrect.

"It is has achieved the holy grail of world commerce-- a bearer asset that settles instantly worldwide"

Doesn't settle instantly. Settles slower than other resources, in fact.

"with no counterparty risk."

Wrong for most transactions, as there are many possible counterparties which are used during transactions. Wrong in a legal sense, as the responsibility to involve governments is still there in legislation. Very wrong in practice, as for most transactions, one or both sides are represented by third parties which handle exchanging operations between the crypto and the currency that the person actually desires.

"Additionally, on some days 20% of transactions in the blocks consist not of bitcoin transfers but hash proofs verifying weaker private blockchains, business documents or settling programmed contracts."

That's just wrong. Bitcoin doesn't do any of that stuff. You can do it yourself and embed it in the blockchain, but A) it is not the case that 20% of transactions do so and B) this doesn't really do anything more than public key cryptography already did. It's just another way of publishing such things.

Your idealism is nice, but idealists who don't know what they're talking about get nothing done.

Re: It's the usefulness

You won't find as many blockchains as you think exist. Most companies claiming to use blockchain are not really operating a public one as you consider. Also, it's irrelevant to the point. If a bunch of countries agreed to block transactions in cryptocurrencies like China has done, they don't have to do anything to noncurrency blockchains. I don't think it's likely to obtain an agreement as has been suggested, but if that happens, your objection will not prevent it in the least.

Re: Federal Reserve's Ignorance of the Subject is Appalling

"1. Is this a real diploma? Yes. It is authenticated with the university's public key."

Right, like I said. No blockchain needed.

"2. Are the details on this diploma unchanged? Yes. The hash value hasn't changed from the one stored on the blockchain at the time of graduation."

Or because the hash signed by the public key is still valid. No blockchain needed.

"3. Is the person presenting this diploma the person who was given the original? The diploma is cryptographically linked to the graduate by the issuing university. This is accomplished by both parties signing the document with their private keys and recording the resulting hash on the blockchain. This hash value proves that the owner of the key that signed the document was awarded a diploma by the university."

Still no blockchain needed if you want to use that approach, because you have the recipient sign, then the university sign. The university's signature covers theirs, so their key can't be changed. Anyone who can present that key can be authenticated by your suggestion. Also, that's a rubbish suggestion. You're making correct key management the only method of proving educational history. Lots of people will have problems with that. Keys will be stolen a lot, keys will be generated which can be broken in twenty years, when a diploma is still useful. Above all, keys will be lost in prodigious amounts. To say nothing of the privacy risks or the ability for thieves to simply pursue their targets to get their keys. That is, if anyone actually does the cryptographic challenge to verify the student still has their key.

Re: Federal Reserve's Ignorance of the Subject is Appalling

It can be copied. I can go and make copies of everybody's NFTs. The data and the hashes. It's not useful, because the data was probably already free and the signature doesn't help me, but I could. The only thing I can't do under those circumstances is transfer that unique NFT to somebody else. However, with the diploma example, I'm not transferring my diploma to prove I own it (if that's the new plan, it's a bad plan because lots of people will lose a key or have it stolen and instantly lose their educational history, so you'll find yourself at the center of a protest armed with paper diplomas). In the normal case, the blockchain-attached diploma is only a method of demonstrating that I have it, but anyone who is not me but downloaded the blockchain has it too.

Re: Federal Reserve's Ignorance of the Subject is Appalling

You perhaps overestimate what the blockchain provides for this. For example, let's take your validating diplomas case. If you're afraid that you're going to be presented with a fraudulent diploma, you will be asking a number of questions about the document you receive:

1. Is this a real diploma?

2. Are the details on this diploma unchanged?

3. Is the person presenting this diploma the person who was given the original?

Blockchain is not very useful in answering these questions. Cryptographic signing is useful for points 1 and 2, but the signature doesn't have to be stored in something decentralized or public. The diploma is issued by a single place. It could carry a signature validating it, and the issuing institution just publishes their public key so you can verify it.

In fact, blockchain makes this worse because of point 3. In order to forge a diploma now, one has to create a paper copy. With cryptographic signing, they have to copy someone else's. If you make everybody's diplomas public, they can choose from every diploma granted to any person since they can browse them in safety. That means a diploma fraudster can choose a diploma more tailored to the job they want, to their age and appearance, to the fake identity they're trying to inhabit, etc. This is harder than making a paper copy, but with a paper copy you could determine by calling the issuer that it's a fake. With one stolen off the blockchain, there is no difference. That is unless you just list signatures on the blockchain, in which case you haven't benefited anyone but you have generated a pointless set of hashes.

Re: This is laughable!

"Does anyone here think that the government would have killed Bitcoin (and other crypto currencies) years ago if they could?"

My hand is down. I don't see why they would have cared all that much. They don't need to go to massive efforts to prevent it being used as a currency because it's really bad as a currency. Also, most democratic governments don't pretend to care about investment quality like China is pretending to, so since it's not in itself fraudulent, they don't need to ban it for that reason either. Maybe I could see a conspiracy to destroy a cryptocurrency that actually worked and proved popular among the general population, but not for Bitcoin. Even in that case, it would come late in the process.

I doubt that the governments of which you speak have been dedicating time to destroying Bitcoin. Its survival is thus unsurprising and doesn't guarantee any kind of resilliance.

Re: It's the usefulness

You are exactly correct--it is the usefulness on which its future as a currency relies, which is why it isn't used as a currency very often and won't be. Let's review what usefulness means to you and why Bitcoin isn't doing it very well.

"Make a better tax free, secure (& secure from the taxman),": Alright. I admit I have a part of me which likes the idea of a regulation-free currency which can't be tracked, even by the government. Mostly because I am honest and if I don't think too much about others not being honest, I can pretend not to notice the problems. I am willing to pay the taxes due, so everyone else will voluntarily, right? The problem is that governments and those citizens who do pay tend to take a dim view to people who evade taxes. They also take a dim view to people who avoid taxes very successfully (if you want to argue that point, the argument is in another thread already, go there). So trumpeting Bitcoin's advantage starting with "You can evade taxes easily" is not going to convince many people. Also, it doesn't work well for that purpose, but we'll get to that.

"reliable and quick way to move value around": No, it's not. We have that in lots of financial systems, but Bitcoin in particular is quite bad at that. Money does move eventually, but it takes a lot of time and transaction fees to get it there. Worse, Bitcoin's speed can't be increased without redesigning large chunks and having everybody agree on doing so. Some cryptocurrencies are better at this, but a blockchain is going to be expensive to update even for more efficient ones. We have figured out how to move big chunks of money quickly and reliably through our existing payment processing systems. They're far from perfect, but Bitcoin is not better.

If you want a currency, Bitcoin is failing at basically everything a currency should do. Other cryptocurrencies are better at some of them, but you have to realize the disadvantages and try scaling them up to a much larger number of individual users before you can claim victory.

This looks like a requirement for manufacturers, but not really a problem for a few reasons:

1. The camera is only required on laptops. Desktops need not have one. A company which wants to build a laptop without one (actually, are there such places) could sell a desktop with a battery backup which uses a novel form factor that's kind of flat with hinges.

2. Nothing prevents cameras with hardware disabling features, either to cover them or disconnect them entirely.

3. Microsoft has these requirements all the time and the manufacturers ignore them. They have a requirement of a minimum screen size, but people still make tiny Windows UMPCs with screen sizes that don't qualify. Microsoft doesn't complain about extra OEM revenue. They probably won't care here either.

4. Are there manufacturers who don't put webcams on their laptops made currently? It has been a while since I saw a laptop without one. This ship may have sailed without needing Microsoft to push it, in which case that's already your problem.

Re: Anti Competitive

That really depends what happens when you try to install it on something that doesn't qualify. Microsoft could either do what they have done before and let it try to work, or they could take the Apple approach and explicitly fail it. If you had asked me last week, I would have been certain it would be the former because that's what they've done before and it makes sense. However, I'm not so sure now because their requirements list is significantly longer and more complicated than any preceding ones. It wouldn't be very hard to have the installer check for a TPM 2.0 chip and refuse to install without one even though we all know there is no need for TPM in order for Windows to run.

If they did that, it would be possible to circumvent it through sustained effort. Just as there are people who will break Apple's device check system to run later versions of Mac OS on their old Macs, someone will find a way to pretend to have a TPM chip when you don't or to make Windows accept a Skylake chip as within the supported list. If it involves hacking with your configuration in order to circumvent a software lock which serves no purpose, I don't think that can qualify under your definition. Only if Microsoft pursues their previous strategy does your argument work, and I hope that they do.

Re: Anti Competitive

Microsoft does have a monopoly position in desktop operating systems at the moment by most definitions as Mac OS and Chrome OS have relatively small market shares. However, this doesn't necessarily mean they've done anything to abuse that position here. The best argument I can come up with is that it's planned obsolescence, but they have the defense that Windows 10 won't be killed until 2025. Establishing harm to the customers is also tricky as it often involves price changes and the prices will be of other companies' products. I'm afraid it may not break any laws after all the legal dust settles.

Re: You're nuts

"And for Windows 1 0, Borkzilla is still trying to convince people that 2GB for the 64-bit version is enough. If you want to look at the logon screen, maybe, but if you want to work, I'm pretty sure that 16GB is the bare minimum."

No, it's not. Windows 10 runs just fine in 4 GB. True, if you're planning to use a memory-hungry app, 4 GB is not going to be what you want, but for most uses, that's fine. Not that I recommend buying devices with 4 GB to run it, because new purchases can easily spring for the useful upgrade to at least 8, but if you already have something with 4 GB and you want to run Windows on it, you'll be okay for many basic tasks like browsing or office work.

An interesting note: I once had the experience of running Windows 10 with only one gigabyte of memory. It was the 32-bit version on one of those low-power Intel Atom devices. This wasn't exactly fun, but it ran better than you'd expect. Running a browser on it was not easy though if you wanted to have several open tabs, but running native programs worked rather well.

Re: " half a dozen hoops"

I think you agree more than you think. F-Droid is a solution to some of the annoying things Android tries to do when not using Google Play. Not all of them, because the Play store has extended itself through security layers and F-Droid can't (and wouldn't anyway). Sideloading apps frequently can make Android or rather the Googly bits of it annoyed. Security warning screens are required for various actions, the Play Protect system may flag them for you, and in order to use any other store, you have to sideload at least once.

That's why F-Droid is so useful, as it can get around some of that by installing the apps itself. It can't do everything, for example it has to present a confirmation screen for every app update whereas Play doesn't, but it's a lot easier for the nontechnical user than installing APKs without it.

Re: On to F-Droid

"Why not just host packages on your own sales page (or, if open-source, github) like... well, proper modern software?"

Most F-Droid applications are on Github. Their source is available from the publisher and cached by F-Droid. So they're already doing that. They use F-Droid rather than just hosting APKs because F-Droid means people can get updates in a more organized manner than trying to have an app update itself or just hoping users go install them by downloading a new APK. It also makes apps easier to find, since you can search a catalog of all the things people built with the users' interests in mind. Why not use that if it's already there?

Re: End of privacy

Yeah, we got that when we read it. A thing few will use which isn't checked by anything and can be forged. Really great answer to the nonexistent problem.

Re: Maximum weekly working hours

In my case, no. It means that I have to be able to receive calls and get to my work computer to respond to incidents. I don't have to manage hardware and I can do everything from home. It still could restrict my actions; my manager would probably forgive me not responding if my phone battery failed, but if I decided to go somewhere far away without my laptop, then they'd be a bit more grumpy. Given the sparse incidents, I'm usually comfortable taking some risks with this.

Re: Maximum weekly working hours

One problem is that counting hours can be hard. For example, I work a normal amount, but I can also be on call. I don't really want to be on call, and I'm not paid any more for it. I'm also on call at any hour of the day for a week. Theoretically, you could count that as 168 straight hours of work since at any point during that period, someone could call. I haven't quit though because that doesn't really happen. Most calls come in when I'm near enough to working hours anyway, I haven't gotten calls in the middle of the night, etc.

So does this count as no hours because people only called during working hours, two hours because I worked late on those days, or 168 hours because I had to be available to work if called and therefore couldn't do things that blocked that? How about calls which come in early in the morning, three hours before I'd ordinarily start. Does it count as one hour because that's how long it took to resolve it, three because it started my workday early, or is it included in the 168 because it probably woke me up?

Re: Tough Call

"Many of these depend on seeing how people work, not just in a project team, but in the company, with customers, with awkward people, with directors (!)....etc."

I find this a little strange. If their job is related to interacting with customers, for example, then you'll see how they do that when that interaction takes place. Similarly for any other meeting they have. The interactions which they need to do their job are ones you can use to determine this. While someone's non-work-related discussions may help to understand them better, the important stuff which indicates whether they can do what is needed should be part of their job. After all, you didn't figure out that the employee wasn't management material until they tried to do that work, right? You didn't just decide they weren't capable after watching them talk to someone else.

I'm not sure I understand all of your complaints, but those I do understand are flawed.

"Early versions of Android were ropey and updates broke lots of APIs."

So? The rest of your comment implies you don't like Apple and prefer Android, so I'm not sure why you started with this. Yes, Android has problems, just like they said. Also, this isn't really one now.

"I've never used Google Maps on my phone – there have always been better alternatives": Glad you're happy with that. The original poster seems to think Android-based Google Maps is better than the early Google-based IOS maps app or the Apple Maps one which replaced it.

"and a friend of mine regularly complains about the expensive app updates he's forced to install when Apple force feeds new APIs on users.": I don't think that's a thing. They release new APIs, but the apps either run fine or get updated. They don't tend to make you pay for new app versions for compatibility. Also, compatibility is not a major problem. I've run apps which were abandoned by their developers around the time of IOS 9, but they still run correctly on IOS 14. Of course you can't guarantee that will happen, but you can't for Android either.

"This has happened to me twice in ten years on Android.": And to me zero times on IOS or Android and I use both. But if it happens on both platforms, maybe that's just what outdated software does when you try to run it on a new platform it wasn't designed for.

"I have a file system": That's a major selling point for Android in my mind. Of course for a lot of users, that's not really a thing they think about.

"and a useful Bluetooth stack (something that Apple seems to have struggled with on MacOS and I-Phones for years).": Not sure how they've struggled, but it generally works fine here and has for a while.

"I work on a Mac and appreciate that Apple does get a lot of things right, but it's software management isn't really one of them as a look at the time it takes for them to release security updates for their CVEs,"

This is where your argument is breaking down. Apple takes a while to release a patch, then people install that patch. Android takes some time (not really that different, but let's just say it's shorter), and then the manufacturers delay that patch for at least a month. Many delay for three or six months before releasing it. Some will never get it. This is worse than Apple how, exactly?

"along with: oh, that bug has been fixed in the next version (but not yours)."

Then update the version you're running. That's what versions are for. New version gets new code, fixes included. Unless you're stuck and can't install the update, like people on IOS 12, but that means your device is already seven years old. Android does the same thing but you just never have that option.

Which would then break on the M1 again, negating the benefit which led to it being suggested in the first place.

Re: Seriously?

"It's a 1.25Kg laptop, what do you expect?"

Well, in 2015 I bought a 1.35 kg laptop which managed to include several USB ports, Thunderbolt, a dedicated charging port, SD, etc. So maybe they could do that. I should let them know about this one, as they could perhaps hire away the engineers who built it to show them how to put more than two tiny ports on a laptop. It was made by a company named Apple, so they should be able to relate on some things.

Re: Seriously?

I'm guessing that you were downvoted because your solution boils down to "you don't need a hub if you already have a hub". If you assume that all displays you might encounter have hubs built in, then you're fine, but you'll find that lots of displays don't have that. Maybe people are using older ones which were intended to be connected with a connection which doesn't do USB passthrough. Maybe the work-issued ones are cheaper and don't include it. Maybe someone wants to connect more than one USB device while charging but doesn't have an external monitor, so no option for a hub to be built into it. That's what I'm thinking, anyway. I didn't downvote you though, so I can't vouch for others agreeing.

Re: Well said

"If it wasn't Google, it would be someone else."

Supposition, but I'll get back to that. For starters, so what? Because some other company would do the same thing, this means what? It's okay because you don't think we could avoid it? We should ban all companies because any of them would do it? What exactly are we supposed to do with your gloomy assumption that anyone would do the same, and it involves treating this real situation any differently, why should your assumption prevent us objecting to and taking action against Google?

Also, I don't think everybody would do the same. Not every company works the same way. Your example is one of them. 1990s-style Microsoft would, if it had a massive monopoly on everything, have several very negative things, but it probably wouldn't be so intent on monopolizing data. 1990s Microsoft was more in the business of monopolizing money, and they might think it's just fine to let people use servers as they were designed since they were getting all the money from people buying computers and phones. Or maybe I'm wrong, but you can't prove it any more than you can prove your idea. Not every company acts the same if given a monopoly position. You can usually guarantee that they will do something bad, but the specific bad thing depends on who is running the place and what their business plan is.

They don't say 512 GB disk for installation. They say 64 GB. I don't know whether they expect to use 64 GB for the OS or if that's giving the user a good buffer for light usage, but it's a lot smaller than the number you're using.

Re: What a wonderful law

"There are things like illegal content. Free speech does not cover harassment or inciting violence"

I wholeheartedly agree, and I don't object to a law having some requirement for removal of content. India's law, on the other hand, doesn't really work on that basis. It allows relatively unlimited censorship because it allows anything to be taken down if sufficient numbers of government people say so and, given their previous actions, I don't trust that the Indian government will only use it in the case of illegal activity. Thus, I must still not support it. However, it is the forcing platforms to keep stuff up which bothers me more.