Posts by doublelayer

I'm guessing there was a difference between the version that was tested and the version that got released. That could happen in a lot of ways. Maybe two changes were merged into this file and building them together makes the bad file. Maybe it had to do with some additional content in the production build which isn't present in the debug build. There are plenty more.

I've seen the latter example from time to time. For instance, a task where two people wrote code. First, my coworker wrote one unit, then sent it to me. I wrote the second unit. In my testing, these units worked just fine together. Correct results, no crashes, positive and negative results handled as expected. Build it for production and the automated tests freak out instantly. The reason: my debug build was writing more to the log file in case anything went wrong. That slowed things down slightly, which was enough to prevent the race condition in the two processes from going wrong. Take out the logging and the processes might have a concurrency problem and fail. But it worked just fine on my machine. Probably it would have failed eventually if I ran it with the extra logging enough times, but it didn't in the maybe thirty runs I actually did.

Re: Nice to see these tech types...

This is definitely true, although some of those jobs didn't disappear but went to other people. But many definitely did disappear. However, we didn't decrease the number of jobs needed altogether; if the people who lost their jobs were not doing any job at all, there would be a shortage of labor. This means that we have not reduced the need for labor, but we have changed what labor we have a need for, and depending on what jobs are available in your area, we may have made the types of labor we want much worse.

This is why I think focusing on the futuristic theory of labor elimination is the wrong approach. Right now, we have people who have or will lose the jobs they have done for a long time. We need to figure out what is right for them right now, not what would be right for them in a theorized world of complete automation, because neither of us lives in that world. If we promise them things that would make sense in that scenario, we will give them false hope. If we require things of them that would make sense in that scenario, we may unfairly burden them for not living in an unattainable future. By considering a speculative future rather than the reality we're in now, we're making things worse for the people who have lost their jobs today.

Re: Nice to see these tech types...

The reason they're expensive is because of the resources it takes to make them. Not just the metal, motors, and chips, but the labor to manufacture them, the work to design and program them, the expense of maintaining the stocks, workers, and expertise needed to repair them. Because they often need to be customized for each task, a lot of that isn't done at scale, making it more expensive (yes, in money, but also in the sense of how many engineers you hire to do the work or how many different sets of plans you have).

Re: we have mass underemployment now

In what sense? There are lots of ways to quantify what ideal employment numbers might be, and there are lots of ways to calculate unemployment. I assume that the "flaw" you're referring to is that the denominator is often the number of people in work or actively looking for work, so it doesn't count those who are not trying to get jobs. Maybe you're instead thinking that the flaw is in data collection which can fail to identify some types of people because they don't appear in employment records. However, neither of those flaws is very relevant to the discussion of whether technology has reached a point where we could continue our current lifestyle with significantly lower amounts of labor or when and what level of technology would be needed to get us there. Even that would probably need a better definition of "significant", which I defined at random as 5% of humans of working age needing to work, but you could easily make an argument that this is too strict a threshold.

When you say "I 'invented' UBI back in the 90s", what do you mean by that? Because you definitely didn't invent the concept. People have been discussing, recommending, and in some cases implementing something like that for centuries. While I'm not sure about the specific term because it's hard to get a search engine to find the first use of it, I also have references to "basic income" and "universal income" from the 1960s, so I don't think you invented the term either.

Re: How would this affect the wider economy?

That's an optimistic picture you have painted, but you're leaving out a lot of things which will probably block you from getting there.

For example, what are the jobs that so many people want to do that they will pay nothing and people will be happy? Remember that many of the jobs that lots of people want now are jobs that pay lots of money; many people don't want to do what a CFO does but plenty of them would be willing to try for the CFO's paycheck. There are some other jobs which are popular enough that you could pay little and still fill them, but those are very limited in supply (often meaning that the people selected end up being paid well anyway).

Now let's consider the jobs that nobody wants. Like, for instance, agricultural work. There are lots of unpleasant jobs there, so the wages for that job would rise significantly. As you said yourself, that means the prices for the products would rise, which in this case is food, which is one of the things the income is supposed to cover. That means the UBI level will have to go up, not down.

The combination of this means that the staples are the most likely to increase in price, and I'm not sure whether anything would decrease, but if it did, it would probably be a luxury good or service. If you don't plan for handling this, the program might fail quickly, which would probably be more risky for future implementation than if it was never tried.

Re: Nice to see these tech types...

I don't think mass unemployment is going to happen as quickly as the predictions have made out. If we get tech developed even more, it could eventually happen, but we have many tasks that have proven difficult to automate. General-purpose robots that can serve as drop-in replacements for humans basically aren't available, and more customized ones that do one job are quite expensive, so while they're common in things like manufacturing, they're less common when tasks vary too much or are intermittent.

Theorizing about what we should do in that circumstance isn't bad, but it may be premature in the same way that theorizing about how to run a society across solar systems is. It may not happen for many generations, meaning that when our descendants need to answer the questions, our answers won't be very useful to them. Meanwhile, there are lots of intermediate stages which are going to happen during our lifetimes, and if we've spent our effort thinking about the far-out future, we may have planned insufficiently for those.

Re: Where can I get more of that scam?

Maybe the identity they used didn't look much like them, but they didn't have an unlimited supply of fake identities that all look like Koreans of the right age (I think this is mostly young males as North Korea hasn't prioritized computer skills until the last fifteen years and at least one of the technology-focused schools is male only). If they're using stolen US identity documents, they may have to take steps to appear to be the person pictured in them.

Re: Real location

There are two really easy ways to get around that.

1. The laptop was delivered to an address in the US. The person at that address has been told to get the package and send it to Hong Kong. The person in Hong Kong has been told to send it to Shenyang. Someone in Shenyang gets it and brings it to wherever they want it.

2. The laptop was sent to an address in the US. There, it was set up with a local internet connection and the IP sent to China or North Korea, where someone set up a remote connection to it.

Re: RE: examples that have done better

You mean that one mentioned in the article. It might have read something like this:

"The way that it works is that drivers can set a flag called boot-start," he said.

"So normally, if you've got a driver that's acting kind of buggy and causes a failure like this, Windows can auto resume by simply not loading the driver the next time. But if it is set as boot-start, which is supposed to be reserved for critical drivers, like one for your hard drive, Windows will not eliminate that from the startup sequence and will continue to fail over and over and over and over again, which is what we saw with the CrowdStrike failure."

So they have that by default, and it would have done exactly what you describe except that a flag was set specifically to bypass that safety feature. As it says, there's a good reason to allow something to set itself that way, in case this is required for the system to boot correctly anyway.

Several things in your comment are wrong or misleading:

"The issue here is why a vulnerability tool has to go in the kernel. Something like that should only be running in user space: no ifs or buts."

It goes in the kernel so that it has more visibility and control over what happens. There are some things that can't be done from user space at all, for perfectly good security reasons, and others which can't be done efficiently from there.

Next, the Microsoft is to blame for putting it in. They didn't. CroudStrike is not a Microsoft product or dependency. People install it. Just as if I write a kernel module, I didn't ask for or get Linus's sign-off before running it. People are able to install things at kernel level, and they make the choice whether to do so or not. It is not Microsoft's decision to permit it, and if it was, we would be rightly complaining about the level of authority they claim to have to make that choice for us. They should not and do not deny people the right to do something potentially damaging with their own computers.

This article explains, if you didn't already know, why Windows has to go down when code which is running as part of the kernel breaks this badly. Guess what would happen if a kernel module I loaded into Linux, Mac OS, or any other operating system had a memory violation. That's right, it would panic. It is required to panic. If it did not panic, that kernel has a serious reliability problem.

Until people understand that, the attempts to find a reason why Microsoft is to blame here will not work. Maybe you or someone else can actually find a thing that Microsoft should be doing differently related to this, but while people continue to post comments trying to blame it for doing something both standard and necessary, you will fail to make any case because it appears that you have a gap in important systems knowledge.

Re: You know...

I'm sometimes curious to understand the motivations of crazy people to commit murders, but let's call that what it is, curiosity. If we knew that, what would be different at all? Nothing. The victims would be no less dead. Future victims of other people would be no more safe. Maybe, if this was an organized event with other participants, some of them might have been tracked down, but that's not really what you were talking about. Whatever the logic was, we already know that it wouldn't actually make sense to anybody, and unless someone has a stereotype they want to uphold, it would not apply in the same way to anybody else.

That makes it hard to argue for the release of manifestos or the like from murderers when we have them, and it makes it really hard to justify going to the effort to try to break in in the thought that one might exist or be reconstituted from other data. Basically, calls to do so sound to me like "Let's go to significant effort and expense to guess the content of something that might not exist and wouldn't be useful even if we got it".

Re: And this, ladies & gentlemen, is how you DDoS the entire world.

And all you have to do is get it to run at kernel-level permissions. If you have the kind of access needed to install this file to break a computer, you don't need it. If you have that access, you could obtain a similar, if not more severe, action just by deleting files at random until you are no longer able to delete files. That computer is not booting without a reinstall. No booting to recovery and deleting a file will fix it. The benefit to the hacking community, any section, is zero.

Re: The fault's with Microsoft

Yes, like that. If my laptop was like a non-smart phone, as in it can run the three programs that the manufacturer came up with, with the small subset of supported protocols that they chose to put in, and if I needed anything else at all I had to buy new hardware to get it, it would be a pretty bad laptop.

That if there are repeated instances of this assumption that turn out to be wrong, then the assumption is probably bad and people are sticking with it out of habit and getting themselves into error? Isn't that what you do with assumptions which are repeatedly wrong?

"If it were an attack, it would be CrowdStrike's data that leaked, they would be the ones suffering the continued problems."

Supply chain attacks don't work like that. If it had been one, and it wasn't, then customer data would be at risk.

"Was this due to an attack on CrowdStrike or "merely" their incompetence? Who gives a damn?!"

Me. If the data I'm responsible for has been copied to an attacker's systems, I need to start dealing with it, and I need to start doing that right now. If it hasn't, then someone else needs to clean up the systems, and I would likely pitch in to help. Depending on whether it's an attack or a malfunction, my next steps are different, the situation for the users and customers is different, the likelihood of substantial damage to my employer is different, so I care. If you work in any area related to this, you should care too.

No, you would not be correct. Read again. It's not Defender. It wasn't pulled through Microsoft. The central fact, and one that's usually in the second paragraph of most stories, is that if CroudStrike was not installed, you don't have a problem.

I'm not sure if this is another attempt to find a reason why this is actually Microsoft's fault or not, but you have critical facts missing from your model.

Sure, apart from the active attacker having copies of the data and continuing to do even more damage. Not all bad incidents are the same, and this is different from a cyberattack in several ways. That doesn't make it good, but it's akin to saying that a car crash is exactly the same thing as falling down the stairs, because the injuries you received are basically the same.

Re: Did they actually look at what was being torrented?

You do realize that they can download the file, which they have reason to believe is their copyrighted content, because they own the copyright? It is not infringement to download an illegally distributed copy of something you have the right to. From a technical perspective, they don't have to seed the file, because just downloading proves both what is in it and who sent the data. They have no need and no reason to upload. They might not even have to download to figure out what is in it because, with a torrent, they have both the file names and, crucially, the hashes of the chunks of the file. If those hashes match an illegal encoding they already have, that will be clear enough to stand as evidence, at least enough that the person charged will have to show their file that just happens to have a hash collision for every 2 MB chunk if they want to disprove it.

I get it. You're looking for some reason why their legal actions should be invalid. I think you'll find one for the ones mentioned in the article where they try to have automatic rights over everyone's network connection. There's no law giving them that power. However, when it comes to torrents, your excuses for why their legal arguments won't work are getting both the technology and the law wrong. No matter how annoying I find their actions, I can't just decide that it isn't legal. Courts do not work that literally and if they did, the law is specific enough that it would still work.

Re: Whack-A-File

They wouldn't, so if you're going to send some copyrighted content, that will probably work. Not many torrents are done that way, though, because it makes it really hard for anyone else to find the stuff they want. You can easily hide what you're transmitting by doing that, but only if you've somehow told anyone else who might want the content you're hiding that it can be found there. Meanwhile, if you have a pirate site that just calls every torrent "LibreOffice_24.2.5_MacOS_x86-64.dmg.torrent", it won't have any protective effect at all because those trying to find torrents will start on that site that has the real names, and if they own the copyright to the content, they have committed no crime by downloading it to verify what is there.

Re: Did they actually look at what was being torrented?

I think what they meant to say but didn't is that you just have to find an existing torrent and, without needing to actually download any chunks, log the address of anyone who offers a chunk. You don't need to send the file, or even have the file, in order to do it.

Re: Good riddance

There are times when a shortened link is either necessary altogether or necessary given the constraints of the control over the system. For instance, when someone has decreed the use of a certain CMS on a website which generates long links and might be changed in the future, but the link has to be read out and typed in manually because someone's going to mention it in a speech, video, or advertisement. However, my solution when this has proven necessary is to build my own link shortener. At least then, the domain name is the same and the user can know which organization created the link. It also makes them easier to maintain in the future because no external organization can shut them down and, if the destination moves, the shortened link can be updated.

Because, when originally published, it started conversations here about whether Agile is a good thing. Not because the report was any good. If you review the comments when it was originally talked about here, you'll see many people making the same points about the uselessness of the report and you'll notice that few if any of the criticisms of Agile are related to the content of that report, but are instead about our experience of Agile, its theory, its execution, and its results.

In short, nobody is talking about the report except for the Agile promoters who, wanting to argue against those of us who have problems with the manifesto, have started with the obvious. They have correctly pointed out problems with a report that none of us care about, but they have not responded to any of the criticisms raised in the comments. Only one of the creators has actually joined a conversation here, and only to say that he didn't bother reading most of the discussion but was sure that whatever we were complaining about wasn't Agile anyway. Not that they need to, but if you want to complain about the people still referencing the report, those are the people you should look at.

Re: I love it !!!

In fairness to Agile (I'm not an adherent as you can see from my comment above), communication with the customer is one of the things it calls for. I think that would have been better if they made it explicit that the customer is the user, not the person paying, but still, they agree with you there. It is also one of the reasons I say that Agile only works in some cases. If you can frequently bring things to the user and get their reaction, then it works as an approach and is, I think, similar to what you're suggesting. If the users are giving you good feedback during development, you can head off usability problems and stop working on things that nobody wants.

The problem with this is that there are times where the work that is necessary is not something users can comment on throughout development and that sometimes, they won't even when they can. If this applies to a project, then something needs to be done to accommodate for that lack. You should communicate often except when you can't, but those two alternatives need to be handled quite differently.

Even simpler, the answer to any critique of Agile is "if it didn't work, it wasn't Agile". Handily unprovable and tautological. It means that no criticism is considered valid; if they don't like the thing that you don't like, then it was never a part of Agile, even if it's written right there. If they do like the thing you don't like, then clearly you weren't doing it right, so that's why you are wrong.

There are times when an Agile-like approach is the best one. Knowing when to apply that is important. It is not all the time, and it would do its adherents well to at least understand why we say that rather than try to dismiss immediately every time something is questioned.

Re: Realization

Yes, it is taking it to extremes to point out why open source and free software forbid it. There is a reason why the definitions do not allow for discrimination against fields of endeavor or permit mandatory payment no matter where the software came from. They forbid this to protect important freedoms.

If you agree that a mandatory payment from anyone full stop is not open source, then even when that payment is mandatory on a smaller set of users that doesn't include you, it is doing the same thing. It should also be clear that, if we let any author set their own terms for who has to pay, that group can grow to include you at the whim of the author. What stops me, as an author of open source software, from deciding that you should be paying as well. After all, you're not the proverbial resident of the third world earning $2 per day, so you could afford to toss some money my way and I'm going to make sure you do. The truth is that you probably could give me some money, and that's why there is a donation button, but that if I wanted to be able to require you to pay me for my work, I would have sold this software as a product. There is a fundamental disconnect between an open source project, which anyone can develop and distribute, and something that a single person or organization can own and sell. Open source software has been dealing with this problem for decades, and it has been important to clarify that it is not the same as big companies who release some source, but if you so much as look at it without permission, they'll try to charge you license payments. That difference is as important, if not more, if some authors of formerly open source change to that model.

This implies that you've had success explaining the benefits to older people. Have you really?

In my experience, explaining the benefits of open source tends to fail with people of all ages if they don't write code or do something very similar themselves. Some people grasp the idea of "you could theoretically fix it yourself", more people grasp the idea of "you don't have to pay for it", but I have had little success explaining why the freedom to modify and distribute at will is important to me. Unfortunately, given some conversations elsewhere in this thread, I think I'm failing to explain that to someone who presumably has technical knowledge already. I have not noticed this being any harder to explain to young people. I know many young programmers who understand and agree with the goals of open source and many old non-developers who think it's really cute how I'm into this open free thing I just made up, but it surely could never go anywhere because all the software running the internet is owned by big businesses, right.

Re: Realization

Would it be open source if I wrote a license that says the following:

In order to use this at all, no matter where you got it, you must pay me all the money in your bank account.

In order to distribute modifications, you must charge everyone who receives it, whether from you directly or not, and send the money to me?

Hey, the source is still there for you to read. You can still modify it. Isn't that open source by your definition?

By the definition we have used, there are important freedoms that are lost. The freedom to modify and distribute without seeking permission from the original author being an important one. The problem of companies not donating to projects they use does not change the fact that, if you fix it by removing the freedoms, you have done a lot of harm to those who benefited from those freedoms and made yourself not unlike those companies, because you have taken the contributions of others in order to make a profit from the users without giving anything to them.

If you don't want users to have those freedoms, you have the choice not to give them those freedoms. Proprietary software is not evil. However, don't take them away and try to pretend that you have not. There is a reason that open source software is often preferable to proprietary, but proprietary software masquerading as open source is not.

Re: Realization

Open source has come to mean something, and it is not that the author simply decides on a license cost and gets to impose it. That's fine as well, but it is different. All I am asking here is for open source to continue to mean what it has meant before, which does not allow for mandatory payment for everyone who uses the software. People who don't write it should not claim to do so.

Otherwise, I must make the following decision. If open source can be redefined to allow anyone to impose restrictive license terms and mandatory payment, then Windows is the most successful open source operating system in existence. By the definitions we have used for decades, this is not true. By the one that lets "open source" mandate payments from users, it is.