Posts by doublelayer

Re: A Pebble is Not a Raindrop

This is where I think it is good to make a distinction between a computer system and an application. By computer system, I mean not only the hardware, but the kernel, the UI(s), the tools available for developers, and all the things that, as a non-developer, you don't want to have to deal with. Computers should not be designed for a single purpose, because for everyone who has slightly different priorities to you, it won't be worthwhile. So they won't buy it. So the company making it will have to increase the price so that only those with your priorities can support their development efforts. So you won't buy another one and people like you won't either. So your version won't get updates or support. So the entire thing will be seen as a failure and dumped into the dustbin of computing history.

The computer system should be designed in such a way that as many applications are possible, and then the applications can be written to fit your requirements. What you appear to want is a really full-featured word processor. If you had that, you could stay in it for almost all your time. The problem with making something only that word processor is that there might come a time when you need to do something that it can't, and then you'll want some other application and you probably don't want to buy new hardware to get it.

That's why you need general purpose tools like a mouse. You may not need it very often in your word processor, but other applications will, and the computer will only be useful to anyone, including you, if those other use cases are possible with someone else's applications. If you don't want to use the mouse, you can always unplug it. Removing those things won't help you even if you don't use them.

That's also why ditching the filesystem doesn't work, because in order to move data around in an organized way, you have to be able to find the specific chunk of data you're looking for. The highest-profile attempt to hide that recently was Apple's IOS, and it kind of worked for a while because you can't create that many things on an iPhone and, in the early days, Dropbox was a de facto filesystem for a lot of IOS apps. Of course, it didn't work forever and there's now a partially available file system and a client on every IOS device.

Re: Any agreement should be terminated if it works out differently than my expectation.

As I'm sure you're aware, this has only been raised for review because a court rejected it, because, according to the court, the original award was given to Musk by biased parties. So it's more that I decide to give you an award to be paid for by someone else, you meet my terms, and you therefore get to take their money. They didn't get to vote on it then, so they get to now.

Re: What in the world are we teaching children in school.

The statement you're disagreeing with and the statement they made don't appear to be the same statement. They didn't say that it was irrelevant because it was old. They said it wasn't perfect, and one of the reasons was that it was old. It wasn't perfect at the time, which many contemporaneous documents will demonstrate, so we shouldn't expect it to be perfect now.

All your other examples are subject to the same critiques. None of them were perfect, and many of them are less relevant now than they were at the time, if only because the things they talked about are different, and their discussion of them only considers the past situation. That doesn't make any of them worthless. Putting a document on a pedestal will not help because you need to rigorously consider which parts are still relevant and which ones could do with an update, and neither dismissing it as obsolete nor extolling it as perfect will help do that.

Re: Arrogant?

I recently tried to access a Linux device that's quite old (about twenty years old), only for my SSH client to refuse to connect because it did not support any modern encryption algorithms. Is it arrogant and dictatorial for OpenSSH to have decided not to include encryption that can be easily broken, exposing my connection to the vulnerability that someone could break in and impersonate me with a little effort?

Unlike Windows and SMB1, that wasn't a setting. If I wanted it to connect, I was going to have to recompile OpenSSH. OpenSSH was right to remove that. Microsoft is right to disable this.

Re: "Safer" is a vehicle option?

If playing the piano badly caused people to die, I'd seriously have to consider whether it was worth it. There are many things that have been automated because they have safety implications. In some cases, the older machines are so dangerous that they are no longer considered legal to operate in the way that they once were.

This is far from saying that cars have reached that point or that the replacements are sufficient, because so far the replacements are not good enough. Comparing deaths caused by human drivers to bad pianists is a faulty comparison, and I think you already know it.

Re: Copyright infringement

It may be worth noting that, while they lend out one copy per paper book now, they haven't always done that. In 2020, when the lawsuit was filed, they had removed that limitation and were lending out unlimited copies. They had a reason they wanted to do that, but they probably should have known that this was almost certainly illegal. Unfortunately, their decision to do that has landed them with a lawsuit that might be used to deny them lending out even the limited copies. I can't know whether they would have had the same attention if they hadn't tried that, but I think it might affect their current legal situation.

Re: So it's a falsely-advertised paid version of Tor?

No, it's nothing like that. It's a paid VPN, which presumably actually functioned like a VPN, not Tor, because all the VPN endpoints were controlled by the same organization. The malware giving them access to the victim's computers has no parallel in Tor. It was what the article described it as: a botnet attached to a VPN program.

Re: Long-lived contracts

If they're in 1980s Word Perfect format, they don't contain that much that can't be handled in plain text. Nowadays, PDF is a more expected format, and that will likely be easily read years from now. As much as I dislike it as a format, it's a format that, due to our powerful computers, puts a lot of weight on backwards compatibility and one for which lots of software exists. That is if they use the typical, unencrypted subset of PDF. If they insist on putting in the weird Adobe additions that only Adobe software* understands, then it's less likely to work.

* Well, one piece of Adobe software. Everything else will break. Well, a subset of versions of one piece of Adobe software.

Re: Excuse me what?

Not as much a conflict of interest as just useless. Safety isn't a regulated thing like some governance issues. Whatever they set up, the board was always going to have final control. All this means is that they don't care enough to have someone else look at things before they ignore them, which should already have been obvious, but they think having a named group will assuage fears that they aren't going to do anything. Maybe they think that some employees are truly worried about safety issues but will be dumb enough to trust that, because a committee exists, it does something.

"Do any of their customers cite the risk of price-hikes by third parties and the cost of extrication in their annual reports? Surely they ought to."

Whether they aught to is one thing, but I can virtually guarantee that they don't for the same reason that they don't report the extrication from anything else: they don't know it until they need to. How costly would it be to, for example, get rid of VMWare products following the licensing and price changes? It's not a simple calculation because you have to know what you're switching to to know the license costs and you have to estimate the work required, but the IT department is kind of busy doing work they know they need to do.

Now do the same calculation for every other heavily-used piece of technology. What would it cost to change out Red Hat if IBM chose to do something intolerable to it? That's a long research plan for something that's speculative at best, but could be pretty cheap or extremely expensive depending on how much you rely on it and if you can change to something similar or not. In some situations, the likelihood of wanting or needing to change is high enough that you would calculate that cost in preparation, but doing it routinely is not an easy or cheap process, whether you're talking about a cloud provider or any other piece of technology.

Re: For what it's worth...

You will end up having to build a lot of things yourself, for example the way to let multiple users continue to deploy things without stepping on each other. Tools built into or around Terraform already exist to do some of this. When I've used it, I often have thought about building some of this myself, but I am a programmer and I deploy infrastructure when needed, not as my primary job. There are plenty of people who can use these things that would not be able to write the management components, either to an acceptable quality or at all, but are perfectly good at knowing what needs deploying and may know more than programmers do about managing it.

No matter how tightly they couple the devops role, most people I know tend to be better at one or the other. I am stronger on the dev side, although I flatter myself that my ops skills aren't too bad, but I know devs who are bad at admin and admins who can't write software, and prebuilt software can help with both. Terraform isn't great, but it is an established tool in that area and probably won't go away.

The article indicates that there is a misdemeanor against impersonating a candidate, so depending on how that works, he could be charged with that. I don't think he will though. My comment was less that he definitely has legal culpability but that he at least knew or should have known that there was a plan to do something like this. After all, making a fake version of a candidate say something that they definitely wouldn't suggests that someone is going to try to use it. Compared to other links in the chain, the creator of the audio had a reason to suspect that something would be tried, whereas various other service providers didn't have that and would be even harder to charge.

Re: Still useful

Probably it doesn't have that much of an effect, but that's not enough to justify doing it. The point of a zero-day is that IT having antivirus up to date won't stop it. There are other possible problems with it as well, and of course clicking the link informs the attacker at the very least that your address exists and you sometimes click links in them.

The rules are pretty simple and there is a reason for each one. Phishing email: don't reply, don't click links, don't enter information, don't open attachments, send it to the reporting mechanism provided. I think we would both agree that someone saying "How much harm did it really do when I entered my username and password on the phisher's form" is not making a convincing argument. Yours is not that convincing either. The response to you doing it was probably larger and more annoying than it needed to be, but still, don't click the links unless you have a specific reason why you need to.

Re: Hostage

I don't know why I'm arguing someone else's point for them, and one I don't necessarily agree with, but your evidence against it is not actually arguing against some of their points. For example:

"Tesla's share price will have little effect on its ability to do business as long as it doesn't have to raise finance."

Correct. However, they referred to Musk's personal loans, and they suggested that the thing that collapsed first would be X. Their theory would appear to involve banks requesting more collateral that Musk did not have, then presumably either the banks trying to take Twitter away from him or Musk trying to extract funds from it to pay the loans, either of which could have an effect on that being able to conduct business. In turn, Musk might do various things to Tesla to attempt to get more funds from them which could have a deleterious effect on that business.

Would any of this happen? I don't know. I have no way to know what the banks would do or how Musk would respond. However, if I intend to disprove it, I have to do more than say that the stock price has been lower, it didn't happen then, therefore it won't happen now.

Re: off-boarding agreement?

Usually they have a carrot involved. We will pay you [time period] worth of salary and you will agree to these terms. If you don't agree, fine, but no payment. Those terms can be quite simple or very complex and overbearing, and some of them could already be illegal, but the general concept isn't.

Re: User details

Your first argument, maybe, but that should be opt in. This one: "Also to ensure parts are going to real end-users.", why should they care and why should I care that they care? I want to buy something. They have a price for that thing. I buy that thing. Whether I've got one phone I'm putting the thing in, am providing them to others, or just love having a neat stack of spare batteries for a phone I don't have on my shelf, it's none of their business.

Ah, so the answer to how granular you can be is not at all. That changes the calculus a little. If you can't have some but not all of the features without building from source, then people will probably expect the package to have all of the features. That also means the maintainers do not have the choice of splitting it into a core package and another package and users just have to pick between the two offered versions.

Re: This :-

You can't change BSSID while things are connected without having a brief drop. However, you could write something to check when there are no WiFi devices connected, then change and bring the interfaces back up without rebooting. How useful that would be depends on the frequency of having no WiFi connections on your network.

However, BSSID randomization is more important for access points that move, because your SSID won't be changing, so if your hardware never moves, it wouldn't be hard to use those instead to establish your location. In the case of travel routers, they're probably powered down each time you move them, so randomizing on boot could be quite helpful without having to try to randomize them during operation as well. The same would apply to mobile hotspots, mobile terminals like Starlink ones, etc.

Re: 24,000 VMs

Are we talking about the same company? I don't know the company, but when I looked up the name I got this Wikipedia article. It only talks about financial market services, not rentable cloud boxes. Either we have two different companies, and the one I found seems to fit what the article says, or someone should update the services offered section of that page.

Re: Mesh networks

Not really, because that would be very easily overwhelmed. One simplex channel means that most devices set to broadcast on it will not broadcast if someone else is, so you'd never get to talk, and even if your set does, you won't be heard because your signal will interfere with everyone else's. A mesh network may have a problem with high message volumes making it difficult to actually read all of them, but at least the messages would get through.

Hostile isn't referring to bandwidth, but to the challenges that are unusual to Starlink-style services. It isn't a judgement on the service, more an observation of how TCP isn't working well enough under those challenges and could be improved.

Re: “…These are still consumer chips”

This is probably why they're talking about I/O speed, because the server from 2015 with 16 cores was less performant than a 16-core Ryzen, but it might have been able to access RAM faster. If that server was good enough from a CPU perspective, this one will be too. If, however, you needed something really RAM-intensive and you bought a server board to do it, you still have to check whether this one can do the same thing. RAM speeds have increased a lot since then, which is good, but you're still limited to two channels. Hence, as usual when picking a server, you need to consider more than CPU speed.

Re: They never learn

That's why they're paying TSMC and really anyone who's willing to set up more fabs on American soil. Mostly in the desert, which seems weird, but I'm sure they have a reason. They have recognized the risk you describe and are hoping to reduce it.

That won't fix that problem. The jury doesn't have to decide the sentence for them to know the possible sentence. The defense attorney can easily make this point and usually do anyway:

"Do you really think that [x] deserves to die for [gross understatement of the actions]?"

That puts the thought in the minds of the jurors: "if you say guilty here, the judges might decide to kill them".

So even without considering the other problems the concept has, your separation won't prevent some jurors from possibly considering an acquittal to avoid it.

I'm not sure the hype bubble is going to pop, but I think the financial one will and that will have some effect. There's only so many funders willing to put billions into an AI company for them to churn GPUs for a few months. Most of those companies are not making any money. If they keep building models that you can't sell, it won't take long before we have more collapses like Stability AI. That will probably eventually lead to lack of funding for more startups. Microsoft will probably keep hammering on it because we won't be done until they have a full thousand Copilot products that nobody uses.

This will go faster if AI companies are told they have to pay for the copyrighted content they use as training data and will stretch on for longer if they continue to get away with that. However, I doubt the news will get tired of more AI stories, and politicians and business leaders will only stop once the news has stopped covering, not just average AI stuff, but their own announcements on the topic, so they will continue even longer than that.

"If there was a conflict, like he set the task and it was trivial (e.g. Musk himself set the terms as $50Bn if the stock price rises $0.000001 while no-one else was present), then investigate that."

That's exactly what they're saying. Or rather, that's almost exactly what they're saying which is that he had some friends set the terms and the award and it was trivial. They can fight that out, but the thing you say would be an exception is the thing they said happened.

"What part about "separate accounts" did you not understand?"

The part where that's supposed to prevent Google from tracking. The devices were in the same place. They were probably on the same WiFi network. Tracking point 1: same IP address. The Android device had a game installed, probably obtained from the Play Store, point 2: probably had a Google account. There are several ways that this could make a Google search identifiable:

1. Google saw a search from the IOS device which has no Google accounts, but they came from the same IP address, so they got associated.

2. Google saw a search from the IOS device, which did have a Google account attached, but it wasn't the same one as the Android device, but the names on the accounts were the same and they were at the same IP address, so they got associated.

3. The user was listening to something on the IOS device so chose to use the Android device to search, so they were attached to the same account when they searched.

Having multiple accounts is not proof that a Google search couldn't be used to associate advertisements with the search term. That a search occurred at all is not known, but if one did happen, it wouldn't be hard for Google to use the tools we already know they have to associate that search with another device.