Posts by doublelayer

Re: Passkeys have been destroyed by Google

Several of the points raised in that blog post are good, but there are a few that I think are missing the point.

For example, one objection in the post is that Google decided not to implement restrictions on providers of passkeys. The point that Google can effectively change the standard by not bothering to implement things they don't like is certainly valid, though it's not like they actually changed the standard and anyone else could also just ignore parts they don't like. However, the specific thing they didn't implement was so bad that I'm glad, and a bit surprised, that they didn't do it. Effectively, it was a way for sites to block key generators, meaning that they could easily restrict you to using one of their choice. That is a terrible thing. For example, if one site gets you to use their key system because it's the only one they accept, it's likely to get users who use that key system to store everything else. Privacy lost in ten lines of code. The argument for why you need that is "a business where we have policy around what devices may be acceptable". To me, this sounds like every other business who thinks that everyone's computer should be locked down so that their preferences are easy to enforce. I don't like it. Businesses can implement their own filter. For instance, they could not let me install software-based key managers other than the ones they like and could block hardware-based ones so only authorized ones work if connected, or they could just tell people that other ones are not allowed and that there will be consequences if you ignore that. Google did a lot of bad things with these, notably the comments about Android's treatment of them, but blocking the Authenticator Selection bit is welcome to me.

Most of the challenges I see with passkeys are not due to deliberate messing about by tech companies. They're challenges inherent in the model. I use a hardware token to access things. I know that, in order not to be locked out, I need to have a backup something, in my case another token. I have to pull it out and enroll it any time I enroll the first one. I have to keep it safe in the meantime. If I should ever lose both of these, there will be a bunch of annoying problems to get around. If I want to access something on a different computer, there will be friction. Maybe I left mine at home. Maybe the computer I'm connecting to doesn't have USB-C ports and I don't routinely carry a USB converter. None of that is Google's fault, and none of it is simple to explain to users. Passkeys were sold as a panacea to the problems of passwords, and they can be a massive improvement, but they aren't an improvement for every user or every use case.

Re: CMS selection

I think you are right about most users not knowing or caring about this. I sort of manage a Word Press site for an organization, my main job being to have it not break. I'm not going to try to move them to something else because I would have to do all the work involved and I would get all the complaints for anything that even slightly changed. Small Word Press sites will not be affected much by this, whereas large sites have probably put a lot of time and effort into their config and can't change CMS on a whim. I expect this will have some effect on the number of new Word Press sites, but I don't know how large or long-lasting that effect will be. That's also from someone who has been following this issue at least since the first article about it was posted to The Register, where I said it was probably a boring argument over unimportant things. I was right about nothing serious in Automattic's complaint, but very wrong about this not going very out of control. There are probably a lot of people who are not watching this who won't make any decisions about either company.

I don't know why you think this part, though:

"A lot of people who do know will side with Wordpress."

Why? I assume you mean they'll side with Automattic? If so, do you think that Automattic is in the right, and if so, why? Or do you think Automattic is in the wrong but people will side with them anyway? Those who are following this and in a position to make a decision should understand how potentially destructive each side has proven themselves to be, and Automattic has done more active damage than WP Engine has. They may side with neither, but why do you think they would support Automattic?

On the other end of this, I was assisting a professor and marking assignments. The assignment involved taking a blank file (of a specific format) and performing several different operations to it before closing it. I was running the answers to see if they met all the requirements, and a few students did successfully do all the things they were supposed to, but only if there was an existing blank file. If there wasn't, their programs crashed. I marked them down for that. When one of them complained, we debated whether that was a legitimate way of completing the project as assigned. I still maintain that it wasn't, because the instructions said "open a blank file" and the function you call to create a blank file is open(), but we ended up returning the points I took away. Fortunately, I convinced the professor to modify the assignment to clarify that they should create one so the next time, students could be safely marked down if they didn't.

A lot of people think specs will include enough details that you don't have to think, but I've almost never actually seen such a spec. You either have to ask for instructions at unspecified behavior or you have to figure out what would be logical in the case. Of course, we also have your example of a spec that did clearly specify behavior but they didn't want it, which is quite common but at least they can recognize that when you point to the error.

Re: What Kind of Illogical Idiot ...

I think any person who thinks the computer would actually have the ability and willingness to come and kill you is also the kind of person who thinks an LLM is a reliable way of getting answers to your homework questions. Not in reverse, because there are people who are willing to use the LLM to cheat and get their answers faster but know that it isn't perfect. However, there are people who think these things are magic and their answers are always perfect, so if you think that, maybe they would also be able to take over things that can kill you.

Re: Asimov only wrote down some words to sell some books

Yes, science fiction often does include a lot of philosophy. Some great authors also include a lot of technological philosophy, as in understanding how a given technology might be built and used. However, they don't automatically adapt it to real technology. The stories involving the three laws show lots of interesting consequences of them using inferred definitions for "harm", "cause", or even "inaction", but I am not aware of any story where the robot programmed with the three laws ends up killing someone because the "don't harm humans" rule slipped out of the context window and the original order which had nothing to do with killing humans was badly formatted.

That story doesn't exist because it's boring. Making a story about how someone dies in a car crash because someone sabotaged their vehicle can be a fun mystery. Making a story about how someone died in a car crash because a greedy person skimped on quality during manufacture can give you a corporate intrigue story, although it usually has to go farther than that. Making a story about how someone died in a car crash because they were drunk can at least give you some emotional situations to consider. Making a story about how someone died in a car crash because of normal conditions that are unavoidable and pure bad luck is not interesting at all. Most technology failure is in that latter category, but that doesn't work as a central plot. Good stories will still use those as individual plot events around which other things occur because that adds realism, but they won't make that the topic of the story.

It's quite easy to wear out an SSD, especially for people who didn't specify enough because Apple charges a massive amount for any upgrade. If someone doesn't specify enough storage and runs close to the limit, and they also occasionally use enough of their RAM that it pages, it will wear the same free space over and over. They're not aware it is happening so they don't do the things that would extend the disk's life. Or they're just unlucky; not all SSDs last as long as specified. I've seen it happen to me and to others. Fortunately, on many computers it's a cheap fix. Apple is one of the exceptions to that.

Re: Desktops and oranges

There isn't a lot of information about the chip, but a report suggests that it is less powerful than The Register claims but has a 15 W TDP. A couple samples have been benchmarked, though only four so it is possible these numbers aren't the best. If these are correct, a comparable 15 W chip with similar figures would be the laptop-class AMD PRO A8-8600B if I try to match multi-thread and single-thread figures although the AMD is 20% higher on single-thread.

As with most processors, there are people who can work with rather little performance, including many of us, who can make this work. Others are going to find this less speedy than they're used to and can't get around it.

Re: Microsoft remains its own worst enemy

I also have to wonder a few things about that observation. The author was unaware that Adobe software had native builds, so I have to question what they actually did. I'm not sure whether they ran AutoCAD through emulation at all, let alone enough to estimate its performance. I would also note that many of the Windows on ARM machines are laptops with mid-range CPUs. The Microsoft SQ3 and Snapdragon 8cx Gen 3, for instance, benchmark about the same as the Intel Core i7-1250U or the AMD Ryzen 3 5425U. I wonder how well either of those would do against an AutoCAD system requirements page which suggests "Recommended: 3+ GHz processor (base), 4+ GHz (turbo) Basic: 2 GB GPU with 29 GB/s Bandwidth and DirectX 11 compliant

Recommended: 8 GB GPU with 106 GB/s Bandwidth and DirectX 12 compliant". Maybe this kind of software wasn't really intended for the market segment where these laptops are being sold.

Re: who's responsibility?

I think this demonstrates what I expected, but you did allege that I'm assuming something that doesn't represent you, so let's give it a try. We can limit ourselves to the talking on the phone bit, because it perfectly demonstrates what I was talking about. I see your post as assuming why people don't talk on the phone: "fear of talking on the phone rather than some form of texting (thus taking away their "shield from emotional vulnerability")". That would appear to me to be a rather clear generalization, even though there are lots of reasons why people avoid talking on the phone.

Here's one. A change in attitudes, not because of any "emotional vulnerability". One change in attitude has come along because the phone is no longer the only way of contacting someone. A while ago, if you wanted to talk with someone, the phone was the best way of doing it, but now, an email or chat message will arrive just as quickly. Some people have grown less eager to use the phone because it means they have to have a conversation when the call happens rather than an asynchronous one at a time of their choosing. And that is recipients of calls. I have certainly noticed this. There are people I want to talk to who just don't answer the phone and don't listen to or respond to voicemails. If you need their attention, you have to send them an email and schedule a call if needed. That applies to many older people as well, and there's at least some logic in it because it is less disruptive to whatever else they were doing that day. That, in turn, means I'm less likely to call people because there's at least some chance that I am wasting my time because they won't answer or respond, so although I quite like calling people to communicate with them, I still generally start with an email.

That set of people are not doing that for anything related to "emotional vulnerability". Incidentally, what is your theory for why there is more emotional vulnerability on the phone? It's pretty easy to insult someone or to be insulted over text chat. There's more direct vulnerability on a video call, but those are rather popular.

However, just because that or other non-emotional reasons exist doesn't mean everyone is as I describe. There are indeed some people who dislike talking on the phone for some different reason. However, by making a statement like you have, you've ignored many alternatives, applied your own assumption for why people do things differently to how others did them decades ago, and then used your assumptions as evidence of a different problem with a tenuous connection. Even if we were limiting this to those who feel anxiety about making a phone call, we'd still have to figure out why before we could blame it on any particular change in activity, but we didn't get that far because I saw you lumping all sorts of things in.

Re: Apple? Locking customers in?

An IOS app can request access to photos and then back up those photos. There are probably quite a few that do. However, they are not really able to back up anything else. Android is not a lot better. While there is a storage location for general files which could conceivably contain app data you care about and be easy to back up, Android has been designed to lock up most app data in unreadable directories. Of course, system apps can read those at will, so Google's backup system can fully back up your app data, but using another app to do it won't work. You used to be able to back up some of that over ADB, but that has been deprecated. So now, if you have root, you can back up all of that, and if you don't, you can only back up what your app developers have bothered to make readable to you. It's just your phone and your data, why should you have access to it?

Re: The connection is copyright

The point was not that they were compensating peer review in a deserved way or that they weren't making massive profits off others' work. The point was that, in comparison to one that doesn't do those things at all, they can still be more respected. Reputation can be an important thing to researchers and those looking for other research to build from. Although a lot of journals have a long history of allowing bad papers in and taking too long to remove them, the reputation of those who filter a lot of them out at source and do retract them when they're found faulty is higher than ones that don't filter much at all and retract only after something egregious.

Or it was literal, pasting the fifteen-step process would be kind of ridiculous because anyone who cares would click the link. And yes, it's fifteen. The six points are just what you do before switching your country, and the process on an IOS device involves nine more steps, although all of those are pretty simple steps. So yes, I'd rather not have to find fifteen steps copied and pasted in here when it's irrelevant to everything else.

Re: What does "upsell" (noun) mean?

If you know the verb upsell, then the noun is the same. To upsell something, you try to add on extra things that cost more money or to replace the cheap thing with an expensive alternative after the customer has decided what they actually want. An upsell is the thing you add on to do that or, alternatively, the act of upselling itself. In this case, it's not really an upsell because it's just put there and you don't really get a choice about it; if you want a certain type of CPU and it only comes with an NPU, then you'll have to buy an NPU to get the rest of it. To be a more traditional upsell, you would have to persuade the customer to add it on or to choose a more expensive board by marketing the included NPU.

I've heard people in the UK use both words. I don't know if it was an American term when it started, and it could easily have come from any country to begin with, but it's pretty global now.

Re: A bit more recent

It is not on the private range, and the 192.178.0.0/15 block is registered to Google. So if they really were using that, they shouldn't be.

Re: Is it decent?

That's probably true. I've seen from experience that taking breaks can help find good answers to lots of questions. However, from a company's perspective, there are three categories of time savings that, even if they understand this effect, still exist:

1. A lot of people will get some caffeine close to the start of the day. Most of them are not yet trying to find a solution to something; it's just their starting routine. Any time saved by not having them leave for somewhere else results in an earlier start to work.

2. Some people don't frequently have to find solutions like this, and their time working may correlate more closely with productivity.

3. It means you don't have to locate your office near to a good source of whatever caffeinated drinks the employees prefer, which is not generally a challenge if it's in a dense urban center but can be more challenging if there isn't a decent one in convenient walking distance.

Companies who are thinking about this can easily put in something else that allows someone to take a short break while thinking of solutions, and if I (back as an employee) want to do so, I don't have to lump it into getting coffee. I can just take a walk and, if I want one, get one on my way back with the answer.

"What are these "real benefits" which AI can bring to recruitment and hiring?"

Speed. You get way more resumes than you want to read, so you just throw them all into the AI and read the three it puts highest on the viability score list. Throwing all the resumes down a staircase, reading the first three you pick up, and recycling the rest might only be slightly worse for finding a good candidate, but doing that makes it really obvious that you're too lazy to do the job right. Having a big AI company with a complex statistical report of usefulness which they refer to but you can't read makes it feel like you're getting useful help with your task.

Re: What is the point...

Doing this again, are we? It's been explained lots and lots and lots of times, so I'll do the short version.

"When a work is used to train an AI model, is a copy created?": Yes, at least two. One in the training set, where the company can retrieve it for any future trainings or anything else they may choose to do, stored on their hard drives in the same form they got it in the first place. Another in the model, assuming the model has bothered to retain it, in a chopped up form where exact extraction is more difficult. And if it did get retained, chances are that there is a third copy, the copy that is emitted by the model, either verbatim or with inaccuracies.

"Copyright holders can't make it illegal for you to read and digest a book, or even to memorise it down to the last comma."

They can't make it illegal for me to buy a copy and read it, but it is illegal if I don't have a legal copy. If I buy it, no problem. If I get it from a library, no problem. If I download an unauthorized copy someone pirated, I am not allowed to read it. True, they're not going to stop me because they don't really care, but it isn't legal for me to have it. This might be a non-issue if the creators of the models had bought copies. Then this would just be a discussion about what you're allowed to do with works you've legally accessed, but they skipped that part and got illegal copies.

Re: Stop Worrying and Love the Bomb

I can easily imagine a post-scarcity world. I want something, so I merely step to my omnimaker and press one of the preset buttons. Minutes later, what I wanted has come into existence.

What's much harder for me to imagine is how we're going to get there. I mean I do have this omnimaker in my closet; it's been a hobby of mine for a while, but I don't think anyone else has one yet and when I set up the preset button that causes my omnimaker to make more omnimakers, time travelers came by and told me I must never push that button again. In the real world, there is a finite limit of everything. That limit has increased dramatically over recent history, but nothing is unlimited. Acting like it is tends to break things quickly.

Another thing that's hard to imagine is how we would prevent things from breaking if we got there. We already have costs from being able to consume a lot more than we once did. Because it's cheap to buy things, we have e-waste problems, regular waste problems, toxic waste problems, pollution problems, climate problems, health problems, and several more problems. A few of those can be blamed, convincingly or just because it's convenient, on some of the "egregiously wealthy and powerful" you are unhappy with. Others are much more down to us. For example, some e-waste is generated because people can't repair it, and I'm willing to accept that it was probably a wealthy person who made the decision to make it hard to repair. However, quite a bit more of the e-waste is because it wasn't hard to repair but the user couldn't be bothered or even the thing wasn't broken but the user decided to get another one anyway. That's on the user, and sometimes, that user is me. Even if we could get to a post-scarcity world (if you have an idea of how, I'm interested), we would still have lots of problems to solve.

I think pretty much everyone would like a four-day week. The problem is that the studies of four-day weeks do things which won't happen in practice if it became the norm. Nearly every article I've read, including this one, mentions that one of the main things they do when running the study is cancel some meetings. Unsurprisingly, this improves productivity. However, they could probably have increased productivity even more by canceling pointless meetings but still working five days a week, which leads us to conclude that they could have had good productivity by not starting the pointless meetings in the first place. Yet, they did, and I don't think they would stop just because the weeks are shorter. They can manage it for the study, but if they kept the four-day week going, someone would start to recreate the pointless meetings and productivity would drop again.

There are probably a lot of businesses that could achieve what they want with a four-day week, but I don't expect that many will when the idea of a fifth day, which you can either use for additional work or for not having to cancel meetings, is available and widely accepted. There are a lot of businesses who care more about having some meetings than about the clear cost they have, as most or all of us will know from experience of an hour or two spent doing nothing because someone wants you to be there. The ones who care more about performance and avoided these would probably see no or low benefits from trying a four-day week, even though the studies of less dedicated companies show improvements.

Re: AI

Which is one reason I don't believe it. If that happened, I'd be quite happy. I don't like writing that kind of stuff and everyone needs it. People who have made their living on writing that kind of stuff rather than my approach of running as far away as I could (not very far) may be less pleased if that comes to pass. However, I don't think the AI is going to successfully solve the most difficult parts of the process, such as actually understanding what the program needs to do, where the data is and exactly what form it takes, and where the final software is going to run. A lot of software like this is relatively simple to make, but companies end up buying third-party software instead because they aren't good at the maintenance it takes to keep a self-built version correct and operational. At best, AI (a fictional AI that actually works reliably) might make the process of writing the software faster, but it's not going to take vague requirements and make correct technical requirements out of them, process jumbled data into something that fits the selected format, or keep the systems running. You will need at least four different AIs for these tasks, and the LLM approach won't work for any.

Re: "DPRK soldiers should ... surrender to Ukrainian forces"

You are right if it became known. North Korea wouldn't say so, but they could easily arrest some people and not say why; they already do that every couple minutes. However, if I was a North Korean wanting to defect, I might try it now and see if I can leave scraps of my uniform near some other destruction, and if there isn't enough destruction, make some extra for scenery. My family is least likely to suffer consequences if my Russian or North Korean commanders think I was just struck down in the pursuit of my gallant duty to kill people for no reason. The Ukrainians could help arrange some of this.

Re: I’m not a fan of ‘snap’

If you don't know that the error is Snap, it seems a little premature to be blaming it for your ills. You might investigate to determine whether Snap is really the problem behind each of the problems you have. For instance, I don't use Foxit, but I don't see why Snap would make it open things in new instances, so you might want to check what the method you're using to open the file is doing and if you could change it.