Posts by doublelayer

Re: <shrug>

Most of them do, and those that don't tend to have things that are hard to find elsewhere. For example, while I don't have it, I understand that one of those is mostly a service that people outside the UK subscribe to in order to watch stuff made in the UK. They may not have anything original, but since you can't officially watch all the BBC content without a UK address, it may end up working the same way.

On the other end of this, I was assisting a professor and marking assignments. The assignment involved taking a blank file (of a specific format) and performing several different operations to it before closing it. I was running the answers to see if they met all the requirements, and a few students did successfully do all the things they were supposed to, but only if there was an existing blank file. If there wasn't, their programs crashed. I marked them down for that. When one of them complained, we debated whether that was a legitimate way of completing the project as assigned. I still maintain that it wasn't, because the instructions said "open a blank file" and the function you call to create a blank file is open(), but we ended up returning the points I took away. Fortunately, I convinced the professor to modify the assignment to clarify that they should create one so the next time, students could be safely marked down if they didn't.

A lot of people think specs will include enough details that you don't have to think, but I've almost never actually seen such a spec. You either have to ask for instructions at unspecified behavior or you have to figure out what would be logical in the case. Of course, we also have your example of a spec that did clearly specify behavior but they didn't want it, which is quite common but at least they can recognize that when you point to the error.

Re: Natural Selection in action.

Not necessarily. Fortunately, the equipment could be built such that it didn't fail when moved violently. If that wasn't feasible, it could be a correct design to require that people not move it violently and design around something else, for example building in something so the user can quickly drop it to start using the cutter instead. Sometimes, the thing a user wants to do is not the one correct usage which must be accommodated, which is good because sometimes what the user wants isn't feasible to give them.

Re: The boxes are labelled on the outside

That works equally well no matter how you note the contents. Under the theory in the comment, when they were using paper, they only cared about the outside of the box, but with scanners, they now cared about scanning each of the contents. That theory doesn't make a lot of sense. I think it is likely wrong.

Instead, I assume that the people cut open the box, put the cutter down, and wrote down what they saw inside. Then they got scanners that looked like they'd work just fine as handles and decided they could speed this up a bit. Requiring them to put the cutters down wouldn't have decreased their speed relative to the paper method, but making them more robust would have helped with speed at least somewhat. Of course, my theory is only another one and I can't prove it either.

Re: Common-Sense Failure

And there are a number of possible solutions to that. For example, you could attach the scanner to the user so that they could drop it without it landing on the floor. Or you could give them places to put it down which are convenient for picking it up. In fact, they probably used the taping method only because this scanner was shaped conveniently for use as a handle. I've seen such devices in a variety of shapes, not all of which would work very well taped to a box cutter. There were a number of good options, and although making them more robust worked in this case, there are times where it might not be a feasible option and a different workaround is preferable.

Sometimes, especially with internal software written specifically for one set of users, that is the best approach. You can get away with the opposite under either of two conditions:

1. The people specifying what they want are very knowledgeable and have already designed something perfect. You just have to make sure your code does exactly what they said. If you're working in an environment like this, I have one piece of advice for you: don't wake up.

2. You don't care whether it works. You get paid if you build what they asked for, so you build that. If it's broken, that's their problem.

If you're not in either of those, you will need to work with users to figure out what they need, and if you can, presenting them with a partial solution and getting them to fill in some blanks is more efficient than talking to everyone and trying to distill what you need from the conversations. It doesn't always work, and trying to be Agile when you can't do that is a recipe for disaster. However, sometimes the other options also don't work, and doing Agile right can be easier to force than getting perfect requirements.

If you're building something else, this may not apply as strongly. Mass-market software still needs some user testing, but a different kind than internal use. Since you'll be selling it to a larger number of users, it needs to be more generally useful rather than narrowly targeted to your testers, even if it means that their tasks aren't as simple as they could be.

Re: Count me in, please.

A non-unique user ID is not a fault of passwords. Passkeys will still do that. There are advantages to them, but don't give them credit for things they don't fix or would be fixed regardless of the authentication mechanism.

Similarly, passwords can be a pain, but passkeys can be even more of one. For work-created accounts, it is often less of a problem. IT can manage a lot of the work, they already figured out where they're stored, and if the laptop is stolen or accidentally smashed to bits by a train, IT probably has processes for revocation and regeneration, or if the keys can be proven destroyed rather than compromised, maybe even restoration from a backup. The average user does not have any of those things. By now, they've mostly figured out how to have a password and write it down. Passkeys are less convenient in every part of the process except the logging in from your computer part. This doesn't mean that we don't use passkeys. It means we have to understand why they will be unpopular so we can fix whichever of those elements we can fix and build up the experience necessary to train users in those parts that can't be improved.

Re: Count me in, please.

If they are actually unable to do their work, it might be. If they are able to do their work but they have to do something they don't feel like doing, that's theirs. Everyone's had that. Sometimes there's a good reason, like using SSH keys instead of passwords. Sometimes there's a reason that makes sense for the business even if it doesn't directly apply, like switching a software provider because they charge less money. Sometimes, the reason is bad, like switching software provider because they bribed someone to switch. However, in none of those cases would it be IT's fault that users have to learn and then do something new. If what they need to do is still possible, and equally or more feasible to do, then that's just an annoyance. They can complain about that and see if the annoyance can go away, but if they claim that they can't work even when they can, they are demonstrating their own lack of skills.

Re: I solved it

You wouldn't have to. TOTP authentication is supported by a bunch of libraries. If I'm understanding their account system, all you have to do is create a TOTP login system the normal way where it's a second factor, then remove the password field so TOTP is the only securing factor. You don't need to buy that from someone else.

Whether you should build it that way is a different question. For a lot of users, that is going to be confusing, no more secure than passwords, and more easy to lock out. Without actually collecting some contact information, the method of account recovery described will be fragile at best. If you do collect contact information, users are used to being able to reset their password without having to pay fees for it. Theoretically, it lets people who are motivated to secure their own accounts lots of room to do so by adding security to their TOTP provider, but such people can already do a lot of things even if it was just a password.

Re: I solved it

"The entire system is completely PII-less."

Except, presumably, for the payment method you use to charge them for account-related actions, which is either the PII-rich payment card or the will-drive-away-most-users cryptocurrency wallet with mandatory minimum holding so you can charge these fees.

Re: Passkeys have been destroyed by Google

Several of the points raised in that blog post are good, but there are a few that I think are missing the point.

For example, one objection in the post is that Google decided not to implement restrictions on providers of passkeys. The point that Google can effectively change the standard by not bothering to implement things they don't like is certainly valid, though it's not like they actually changed the standard and anyone else could also just ignore parts they don't like. However, the specific thing they didn't implement was so bad that I'm glad, and a bit surprised, that they didn't do it. Effectively, it was a way for sites to block key generators, meaning that they could easily restrict you to using one of their choice. That is a terrible thing. For example, if one site gets you to use their key system because it's the only one they accept, it's likely to get users who use that key system to store everything else. Privacy lost in ten lines of code. The argument for why you need that is "a business where we have policy around what devices may be acceptable". To me, this sounds like every other business who thinks that everyone's computer should be locked down so that their preferences are easy to enforce. I don't like it. Businesses can implement their own filter. For instance, they could not let me install software-based key managers other than the ones they like and could block hardware-based ones so only authorized ones work if connected, or they could just tell people that other ones are not allowed and that there will be consequences if you ignore that. Google did a lot of bad things with these, notably the comments about Android's treatment of them, but blocking the Authenticator Selection bit is welcome to me.

Most of the challenges I see with passkeys are not due to deliberate messing about by tech companies. They're challenges inherent in the model. I use a hardware token to access things. I know that, in order not to be locked out, I need to have a backup something, in my case another token. I have to pull it out and enroll it any time I enroll the first one. I have to keep it safe in the meantime. If I should ever lose both of these, there will be a bunch of annoying problems to get around. If I want to access something on a different computer, there will be friction. Maybe I left mine at home. Maybe the computer I'm connecting to doesn't have USB-C ports and I don't routinely carry a USB converter. None of that is Google's fault, and none of it is simple to explain to users. Passkeys were sold as a panacea to the problems of passwords, and they can be a massive improvement, but they aren't an improvement for every user or every use case.

Re: Did you sign a contract?

Why do you see their actions as defending the community? Defending them from what? So far, the things they've done that affect the community, as opposed to just WPE and themselves are the following:

1. Forking a WPE-developed plugin without clarifying why and whether they'll keep up with fixes and improvements.

2. Broken access to updates to any customer of WPE.

3. Cut off WPE funding to community events.

4. Demanded extra control over any community event or organization to prevent them from saying nice things about WPE.

5. Released information about current and former WPE users and sites to the public to brag, information which probably but not definitely won't cause those users problems.

What has WPE done to the community that makes them worse? I have nothing so far. Their biggest "crime" is that they haven't given Automattic, not even the Word Press Foundation, but the for-profit company, lots of money. A lot of other Word Press hosts haven't done that either, but somehow it's WPE that is solely at fault.

That's why there is negativity. If this was yet another argument about money, we might decide who seems sympathetic based on opinions about private equity. Automattic have made it easier by breaking a lot of things for a lot of people, not just the company they dislike.

In my experience, storage is both the most commonly damaged component in a desktop, only exceeded by a laptop battery which doesn't apply to this, and the most common spec where users want to increase it before there is a problem with the rest of the computer. I might agree a little more if we were talking about RAM upgrades, because a lot of people don't know when they're doing something RAM-intensive and therefore don't bother to upgrade it. Running out of storage space and not wanting to delete the files there is something that a lot of users can understand and some of them want to do something about it.

Re: inferior to Intel and AMD desktop chips released three to five years ago.

Of course it runs Linux. They've intentionally matched as much of the X64 interface as possible, including typical firmware. Compatibility is the point of Zhaoxin, which is partially why their efficiency is lower. Drivers are always a possible problem, but most of them are probably the same as the Intel and AMD-equipped X1s and I'm guessing there are Linux drivers for anything else in there because at least some of the people who are willing to buy a Zhaoxin-equipped laptop are going to run Kylin on it and those drivers would work on other distros.

If they were going to do that, it probably would be a little more hidden than that. A firmware component that connects to the internet is possible, but shouting out that it exists would break the intent. Also, if they were going to do that, they wouldn't only do it for the Zhaoxin model unless they're trying to spy on Chinese government users, who are the only people who will buy it. You are welcome to try. In fact, I'm happy to try, although I'm not going to buy one, but I would do the analysis if someone asked. But I doubt you'll find it as interesting as you expect.

Re: Microsoft remains its own worst enemy

You can buy a retail version easily. It isn't distinct from X86 versions, and the license key process is basically the same. What isn't as easy is making it actually install where you want it, and that's because ARM isn't standardized in the same way X86 is. So for example, you can buy a license key and run it in a virtual machine host on an ARM Mac, and you've been able to do that for quite a long time. If you want to install it directly on the Mac concerned, it's not going to work, but you are welcome to try without any guarantee that anything will stay the same.

Re: Value proposition

I think the main value proposition for users is better battery life, which is something people comment on quite frequently with ARM Macs. Most of the other advantages of current ARM-powered laptops are things you could get elsewhere. For instance, although they can often come with 5G support or an NPU, if you need one or both of those, you could get them on an X64 machine or add them externally. Still, some users may want an integrated unit and choose this anyway, so access to that market could be a good reason to do some level of development.

For a lot of software, it can be as simple as changing a compiler target and building two binaries. There are always exceptions and things for which ARM won't work without a lot of effort, but a lot of basic software isn't using anything complex enough that a direct cross-compile wouldn't be good enough.

They've said quite clearly that they think it doesn't exist, because they say "Adobe Photoshop can technically run on Arm through emulation" even though it can also technically run on ARM using the native binary. I think this author is behind the times.

The problem with that is it makes it hard to know whether the author understands what they're talking about. I don't have a clue whether Photoshop's native ARM build runs properly, and I neither have a Windows on ARM machine nor use Photoshop, so I'm not going to find out. With an author who isn't aware that it's an option that they should have included in their analysis, I also have to question whether their judgements on other aspects are correct either. So far, I have not considered a Windows on ARM machine because I don't know how good the emulation is. I have software which doesn't and isn't going to have an ARM build, so that could be a limitation if the emulation isn't good enough. I'm also hoping that Linux support will get more thorough; even if a user runs Windows most of the time, I appreciate having options.

Re: who's responsibility?

Some of that is true of a significant subset, and a lot of that is just the typical intergenerational stereotypes that always crop up. For example, teachers annoyed that their adolescent students aren't paying attention and don't put the dedication into their homework that they should... nobody's ever said that before. It simply didn't happen before 2010.

Another one I can explain is the office environment. Yes, people wear headphones. They wear those because there are no walls and they want to reduce noise pollution so they can work with less distraction. Some of them might be playing music which they think helps them work. That's not antisocial, it's attempting to improve productivity. People of all ages can get annoyed at interruptions. Unless they called you there, there's a chance that they were working on something and don't particularly want to talk about your thing, hence the negative reaction, and one I think you're likely overestimating because most people have learned not to show their annoyance at interruptions that they can't prevent.

Other ones are less clear. I could try to explain the changes in etiquette that has reduced the acceptance of just calling someone when you want to speak with them. However, there are some people who dislike calls even outside of that. However, I'm not sure you would care about those different subsets as you've already decided what the explanation for all these things must be.

Re: You'd think...

They generally can. Android works similarly to what you've described, while IOS uses a slightly different system where there is only one user account with one unlock pin, but you can put a different pin on features you want restricted. The child would only be given the former pin and could only use the allowed functions. Not perfect, but it can do a lot of what people are asking for. I know of no people who actually use that feature, but it is there.

No, I'm sure they are well aware that people will lie. That will eventually require them to pass another law that makes it difficult to lie, which will probably involve identity verification. I'm guessing they are doing it in two stages because they think identity verification for all users is difficult to get support for, but a measure to enforce an existing law may be easier.

Why they want it is a different issue. Maybe they only want it because they really think this is important enough and that the loss of privacy for other social media users is a cost worth paying. However, I expect that, even if this is their thought process, they will extend identity verification to many other sites. I don't use the social media sites they mention, but I oppose this because I think the effects on privacy will begin to affect myself and others on sites where there is no valid excuse for it.

I'm not sure why you chose that comparison. The complexity of a process is not the number of steps, but the sum of the complexities of those steps. A two step process of 1) deactivate the safety systems on the nuclear reactor, manually preventing anything from going wrong and 2) rearrange the parts so it works on a different type of fuel is a lot more complex than a forty-step process for cooking instructions where a single step might read "remove bag of flour from cupboard" and the next one "place it onto a work surface". We're not going to get anywhere by counting list items.

Nor are we going to get anywhere by debating about the complexity of pushing the "change country" button. The EU's complaint is not about the user interface and how hard or easy it is to find that option. It is about other problems, for example the problems of what happened to the stuff you had in your previous country, which seems to divide itself into two big categories: 1) you have to buy it again and 2) you can't even buy it again. That, of course, is merely one list item. You've repeatedly suggested that you disagree with Apple's choices, so the entire debate in this thread seems a little weird. Having discussed with you before, I know you tend to defend Apple on most things, but since you disagree with them on this one, what is the objection you are raising?

Re: Strikes me...

Because then we'd have an article asking whether the FPGA is a field-programmable gate array or a futile profit-gaining addition. An NPU can be used to efficiently compute some classes of software, and if you don't run those or you do but you can't or don't optimize to use it, it's useless. An FPGA on a general-purpose computer is quite similar, just with a different set of things it's useful for. Since most things where you would use an FPGA are also done in software with an efficiency cost, you have to ask how many things an average computer does where access to an FPGA would provide an efficiency boost to justify the cost of the silicon and how likely each is to be written in a way that can use the FPGA.

If the AI is running:

Power draw: Better than if it's on a CPU and/or GPU.

Heat: See above.

Memory usage: Basically unchanged. Large models use lots of RAM and it doesn't much matter where they're processed.

Performance: By running as much of the AI on the NPU as possible, load on the CPU is reduced.

Reliability: I don't have any reason to expect the NPU to have any reliability differences compared to the other parts of the chip. If your CPU cores don't start failing randomly, the NPU probably won't either.

If the AI is not running:

Power draw: Mostly negligible. There will be some current going to the NPU, but like most other components, it can be put into a deep sleep mode when nothing is using it.

Heat: See power.

Others: Since nothing is using the NPU, your other resources won't be affected much.

Cost: You've paid for silicon you're not using.

Re: Poorly written set of poll options

I agree. My view would go along the lines of "You probably won't miss an NPU if you don't have one, but there are some possible benefits, and if enough people have one then some software will use it and it will become standard like all the other things that every desktop has now but was an optional extra before". It's not the most concise option, but none of the provided options comes close.

Re: You forgot the evil empire...

To the extent that Apple is stealing your data, they're not using the NPU to do it. They use the NPU for a few functions that run on the device, including speech recognition and a bunch of things the camera can do, both while taking photos and sorting them. Any data stealing is done on the classic CPU. You don't need special hardware to manage it. The degree to which your data is being stolen and by whom is left as an exercise for the reader or the reader's unjustified assumption if they have one.

Re: WiFi hardware switches...

And now that's the more common thing on laptops. At some point, they all decided not to have separate volume keys, but since those were commonly used, they decided to make the default function of the function keys the additional one rather than the system one. The main difference between models is how difficult it is to get back to normal. On some machines, it's just a key command (FN+ESC or FN+Shift are common). Other times, it's a BIOS setting. Other times, there is some hidden application which sends a command to the keyboard firmware. Sometimes, there's nothing at all.

I'll grant that for the UPS bit, but "IT equipment only" is not so jargony, and even if you think it is, it makes it pretty clear that you should assume that your heater is not IT equipment unless an IT person says otherwise.

Re: 8.5 seconds...

That's how the switch is designed. It doesn't disable the WiFi interface, because disappearing interfaces could cause problems, now mostly fixed, with a variety of operating systems. Yes, that includes Linux. Notifying the software was considered unimportant because the operating system couldn't turn it on; the user had to do that by physically toggling the switch again. Windows didn't have access to anything that would indicate that it had been switched off.

For the same reason, old laptops with a physical brightness control for the screen didn't report that number to the operating system, nor could the operating system override it.