Posts by doublelayer

Re: How far do you take it?

The problem is that the programs can't tell you where every line came from and don't copy every line verbatim from somewhere in the training data. That's why you have to assume that, if you put licensed code in, it could come back out at some point. For example, the relatively basic line given by the last comment would probably be modified in several ways:

1. Variable names switched to deal with local conditions. "array" switched to have some semantic meaning, "n" changed to some more useful condition, and "i" changed if this is in a context where a variable called i already exists.

2. Format changed to match other formats. Single-line for statement changed to use braces, indentation changed, internal spacing changed, if the condition that replaced n is long enough, the forstatement split across lines.

3. Changing this line to do something related but not identical. For example, instead of setting every location to 0, running some other initialization procedure.

Does making some or all of these changes make the line different enough that you no longer need to attribute? It's hard to tell, because it would probably depend on which license the original line was under (the program doesn't know) and how common the line is (in this case, even quoting that line would be so generic that it couldn't be copyrighted in itself, but more important lines could). The program will not figure this out. In some ways, I don't care about these small uses of code from licensed projects. However, the licenses exist for a reason, and when they copy larger parts of the code without following the licenses, it becomes a larger issue. The solution is to exclude data before training, because otherwise it's very difficult to prove whether it was involved in creating the output.

Re: What operating system ?

Email attachment: simple. Attach a shell script or Perl, because most distributions have Perl installed at the start. You could also attach an ELF binary if you like the obfuscation it provides. Convince the user to run it. Basically the same as attaching any other kind of script, there's a bit of work involved in getting the user to get it executing, but it can install malware.

Just visiting a URL is more difficult, because you would need to identify a fault in the user's browser which is much harder as they're patching things frequently. Note, however, that the flaw you need to find is in the browser. Generally, Windows can't be infected by just visiting a URL either. Malicious URLs generally just download an infectious file and rely on the user to retrieve and execute that file. Malicious pages have various intra-browser ways of messing with users, such as convincing them to enter data on a form which is not the one the user thinks it is, injecting scripts into a page they're on from an advertisement, or providing them misleading download links pointing to that malware, but those things will work on any operating system.

Re: What operating system ?

"Why, after all these years, is Microsoft still so susceptible ?"

Let's go through the method of infection here. The way this malware becomes active is that somebody clicks on an executable which has been written to their drive, thus running it. Can you find me an operating system that won't run an executable when the user instructs it to? Before anyone suggests it, the executable bit on Unix filesystems will not protect anything, because the executable has been written by the malware which will set that bit. You can mark removable media as not executable, just as you can on Windows, but most systems don't bother doing it and are thus susceptible to people running programs they shouldn't.

Even ignoring all the unnecessary entertainment uses of a computer, there's a reason to stick with newer ones. Can you run a secure OS and modern browser on a computer from 2003? Yes, you can. Can you run one that requires little or no maintenance because the user is not familiar with technology and does not have someone who set it up on call? Not so easy. This group is providing computers to people who have little experience using them. They may not have had one before, and even for those who did, they certainly don't know how to debug a certificate error generated when a browser goes out of support and stops getting updated CA information. The group also doesn't want to give people computers that will be incapable of certain tasks that they might expect it to be capable of doing. If you used that machine from 2003 which probably has about 512 MB of memory, you'll find stuff that does not do well with that limitation. We would understand that and either know not to use it for that or how to get around that. The users getting these machines don't know either part of that.

Re: Can they do anything for my Microsoft Surface Tablet

I don't know about them all, but I've found at least a couple versions of the Surface to be pretty good at running Linux. It was easy to boot and everything had driver support the last time I did it. If software support is what interests you, you could try that. Alternatively, the hardware checks for Windows 11 can be bypassed, though no guarantees that they won't change this at some point.

Re: Last New Computer I Bought Was Bbout 11 Years Ago

My guess is that their device is one of those small desktops that was sold as a thin client but is capable of being a basic computer in its own right, and that they're RDPing into it either from a laptop, giving it portability that the original device doesn't have, or their main desktop, which is more powerful but this gives it a new environment and doesn't require moving peripherals.

Re: What about

Of course you don't have to throw them away, but it really wouldn't be suitable for their use case. You can do plenty of things with the old Macs running the latest version of Mac OS that's available for your use case or by installing some versions of Linux that still support the hardware (I'm guessing we're talking about the DDR2 limitation, meaning that 64-bit is still an option). They would be good enough to give to a child or elderly family member that you're willing to support. You may have to, because at some point those distros are going to get old and will be more difficult to upgrade, or the person will need more performance than the old machine can provide and you need to be there to tell them when they can do something and when they can't.

For users you don't have direct contact with, it's not as helpful to give them something that is likely to be insufficient or not easily updated in the near future. That's why organizations like this tend to be somewhat picky about the hardware they pass on. I've helped people use computers that are not really entirely useful anymore, but if it's the kind of machine where I would start by saying "You can still use it, but", then they don't want to be giving it to others. That's also true in my case; I will help someone use their own old computer for longer, but I won't give them a very ancient machine with the expectation that my support will prevent it from causing problems for them.

Re: This is in the past I assume?

Last time I tried it, it took a while to find the right place, but it wasn't inordinately difficult. Certainly not like my ISP which I quite like in general but canceling your service if, for example, you're moving still requires you to call and wait for an hour. I don't know how it has changed, nor geographic limitations, but maybe they're comparing the probably five screens you have to click through to cancel to the twenty different tripwires on multiple pages that can get you in.

Not in my experience. They will start bothering you as soon as your month is up, but it won't offer you a free trial anymore so all the nag screens for the trial will now be nag screens for immediately signing up. Eventually, I'm told, the trial comes back.

It depends how much stuff they want to pull. I don't know how much one API request can get you. If it's anything like their web interface, then my guess would be exactly one post because their interface seems designed to make me press about twenty buttons before I find the text I was looking for when DDG sent me there. That would be stupid, though, so let's assume it can pull an entire topic. If the company wants to pull, say, a billion topics, then the price to run the API requests would be $240k. You can write a pretty good scraper for $120k since it only has to work right now, not forever, leaving you the other half for buying resources on which to run it. It's at a level where it might be more worth it just to pay that bill (assuming that my estimates of a billion topics to retrieve and what an API request gets are accurate). However, you'd need a lot of people to request that dataset for those API requests to add up to much.

The other problem is that I used the billion figure as a somewhat rough guess for how much data there is on all of Reddit. I may be off by a bit, but probably not a lot as Wikipedia informs me they had about 3.9 billion posts in 2020. The big models have already either gathered most or all of Reddit's data or decided not to, so if they're just pulling updated information, they're probably running 5% of that. I'm sure the $12000 payment will be appreciated, but I doubt it will do much for the company. This is probably the better option for Reddit. If it turns out that my estimate on how many requests you need to get the lot is incorrect in the other direction, then the price for using the API gets much larger, whereas making a scraper will cost about the same and running it scales linearly from its already low level.

This is all true, but assuming the companies making AI models are really the targets, we're talking about companies whose primary business model is spending millions and waiting months for something to finish training. They can afford to have a bunch of servers pulling pages and scraping them if they decide the training data is useful, and the cost in time can be decreased by spending a bit more on lots of nodes doing the work. For the same reason, they can also justify buying the API credits to pull it themselves, depending on how many new posts they want to retrieve. The problem is that nobody else can, so Reddit appears to be building their entire business model on hoping that AI companies will be consistently interested in their data when most existing companies already have most of it and hoping that outweighs the unhappy users who make that content.

Re: As luck would have it....

If they chose to do so, they have a variety of marketing methods they could use:

The iPhone with sealed battery can use a flexible cell, meaning this one is technically higher capacity than that one.

The iPhone with sealed battery is waterproof, because the EU never said the other one had to be, so we didn't try to make it.

The iPhone with sealed battery can have the battery replaced for £79 at the Apple store, and the one with replaceable battery can be replaced for £99 at home.

Or the simplest option: The iPhone with sealed battery is the one we sell in your country, and if you want an iPhone, this is the one you can buy here. You can do whatever you want, but this is the iPhone you'll get unless you specifically find one we sold somewhere else.

That last tactic isn't exactly new. They've had country-specific iPhone models before, for example a model for China which has multiple SIM slots. Android manufacturers go much further. It's common for Samsung devices to have two different versions involving completely different processors, GPUs, and modems depending on the region, and it's not even the same regional split each time. The models look the same and are called the same thing. For example, you can get a Samsung Galaxy S22. If you got it in Europe (I don't know what counts as Europe for this purpose), it has a Samsung Exynos 2200 processor. If you get it outside Europe, it has a Qualcomm Snapdragon 8 gen 1 SoC. Why? I don't know, and Samsung didn't explain it. I bet it has an effect on software updates and supported features though. It indicates that phone manufacturers aren't above making regional variants and they could use this if they object enough to a regulation so they can ignore it where it doesn't apply.

Re: As luck would have it....

Most manufacturers will build just one model that meets all the requirements, but not all of them. If the EU has this regulation and nobody else does, they might get the model for those regulations and a different one will be produced for the Americas, Asia, Africa, and Oceania. The UK could easily get that one. If other large countries had this regulation, that probably wouldn't be as likely; agreement by the EU, US, China, and India would be enough to make manufacturers design in one way.

Re: No HDMI and only one USB port?

"is Wifi 6 (2x2 802.11ax) sufficient for 4k streams"

Yes, very much so if the rest of the network can handle it. In many cases, slow speeds on WiFi has more to do with congested networks behind the access point than the wireless part, though if your building is obstructing signals or your access points are ancient, this can change. However, I must disagree with this point:

"Also why include a wired USB hub, better to include a Bluetooth/WiFi enabled smart plug that a user could plug into the back of their monitor and seamlessly wireless stream to the paired device."

There will always be more room for debugging a WiFi connection than a cable. It's useful at times, but in many cases, the cable is the fast solution and works better for the user who doesn't need infinite mobility and would prefer a quick setup.

You may have your suspicions, but all the conversations are about the choice of interface, suggesting that Microsoft using an HTML-based frontend instead of the native Windows interface features they wrote is contradictory. The cloud guy appears to be the one who created an unfounded assumption, so while it is theoretically possible that Microsoft could make a cloud-based mail client, nothing suggests they have or the people talking about the interface decision would be talking about something unrelated (you can use native interfaces on cloud clients) and unimportant (who cares about interface policies if there's a privacy issue). It's important not to turn one thing into an assumption, often incorrect, about something else.

Re: Think of the users, and not just corporates

Maybe the AI will be attached to that feature they introduced about two years ago which started predicting my sentences, at least in English. It would generally recommend about three words to continue my sentence. I couldn't tell whether it was trained on other emails I sent or not, because it would accurately predict what I was going for when the sentence was pretty basic, but those sentences were also the ones I was most likely to have typed many times already. One reason I never found out is that the feature was disabled with prejudice within about five minutes, most of that spent looking for the right checkbox.

And the first guy appears to be wrong. The web app just means they used some HTML and JS frontend instead of native controls. That doesn't mean they're storing mail data or settings on their server and only providing a dumb client. Not that there can't be something invasive in that program, but from other comments, I see nothing indicating that it will require cloud accounts or even any cloud services to function.

Where that has been made illegal, it is because ISPs don't intend to use those to improve the quality of service, but to extract more money from their customers. They do this effectively by tricking them: yes, we will give you unlimited bandwidth, with speed only restricted for congestion, unless it's somebody who has paid us, in which case their competitors will run slowly. The way they explain this is "video constrained except from certain providers". That has two effects: in the short term, ISPs can try to negotiate extra payments from users to reverse the decision to break their service, and in the long term, they can try to sweat their infrastructure for a bit longer. One effect it doesn't have is improving the quality of service.

Re: 123-Reg still have customers?

"Gandi upset me because a .com domain that cost £14-something to renew last year, cost £23.99 this year. And *then* I noticed they were going to charge for email accounts (previously got 2 mail boxes for free I believe) and so it'd actually cost me ~£60 this year. So... nope... voted with my feet."

I have the same problem, and I have the downside that I've renewed for years in advance and the new mailbox prices will be charged later this year anyway. If you've found another registrar that offers a basic email hosting service, I'd be very interested to hear the recommendation. I may have to get a separate email host, but my needs are very small* for most domains, so I appreciated the included basic service.

* In many cases, it would be a domain for a project or open source product with a mailbox for users to contact. I don't want to forward that to my personal email since anyone who enters something plausible in a contact form can get it and because I might add others to the mailbox so multiple people can see incoming messages. My storage usage is very low though. For now, my utilization of the 3 GB quota on the basic mailboxes runs from 0.00 to 0.03 GB, so I don't really want to buy expensive email hosting that will be used very little unless I can find no better options.

Re: Email forwarding for Gmail users

I used to prefer native mailboxes on the domains to deal with this problem. I still do, but the registrar I used has just increased the price for their mail hosting literally by an order of magnitude. I've only got one domain where I run the mail server myself because doing so when you don't operate at scale is a pain, but it's looking like a more and more necessary part of having email under your control which isn't ridiculously hampered by the operator or expensive.

Re: It says something about Microsoft's offerings

You basically can't do the same things with Cortana as you could with Alexa. For one problem, I don't think Microsoft makes Cortana boxes which you can put somewhere you want to have voice commands recognized. You'd have to have laptops sitting around to do that because Cortana only works from devices running Windows. I'm not sure if you can hook Cortana into any of the services that can control automated hardware either, but that's at least more likely (I've never enabled Cortana, so I don't know what it is capable of doing). I don't have any voice control except the one built into my phone, but some systems are clearly more functional than others.

Re: This needs to be emphasized

Exactly, and the other issue is Amazon responding incorrectly. Let's assume that an event like this actually involved a lot of intentional abuse directed at the driver. Amazon might want to do something about that, and they have the right to, but that shouldn't include deactivating the products they sold or they're likely to face legal risks, not to mention informing their customers that the products are as likely to fail as we know they are, but the general customer does not. Not only do they need to check whether incidents actually occur, they need to figure out what they'll actually do in response to them rather than going to the easiest automated switch.

Re: Hypocritical

That's an advert now? How about the one mine shows:

"Install the latest PowerShell for new features and improvements! https://aka.ms/PSWindows"

If that's what we're responding to, I'd like to see the massive complaint you must have for Canonical, which has been printing something like this every time I log in just because I never even tried to change it:

Welcome to Ubuntu 18.04.6 LTS (GNU/Linux 4.15.0-200-generic x86_64)

* Documentation: https://help.ubuntu.com

* Management: https://landscape.canonical.com

* Support: https://ubuntu.com/advantage

[...]

Get cloud support with Ubuntu Advantage Cloud Guest:

http://www.ubuntu.com/business/services/cloud

Expanded Security Maintenance for Infrastructure is not enabled.

0 updates can be applied immediately.

24 additional security updates can be applied with ESM Infra.

Learn more about enabling ESM Infra service for Ubuntu 18.04 at

https://ubuntu.com/18-04

When does providing information about updates when you start a program start becoming advertising? Is it advertising when I'm shown a license or copyright statement, more common in stuff with an open source license? This is not a good example of advertising in Windows. The ads in the start menu part is very different than this, and I could complain that someone even tried it for days, but a line in PS about a new version of PS doesn't qualify in my mind.

Re: no backup strategy, SMH stupidity

"Huge difference between email, which you don't need every day, and the lights and climate control which does require daily access."

I disagree. If a smart light fails, then you have to use the wall switch. Most lights I'm aware of (I haven't purchased any, so my sample size may be limited), have a perfectly functional manual mode which means you'll have no automatic timers, color changes, or scripts to automatically set things when other events occur, but if you can move to the wall, you can still have light or darkness as you desire. If your smart light bulb is somehow missing this feature, then you can replace it with a simple light bulb and have that until you get your smart one working again, the same way you would deal with a normal light bulb that had burned out. Email, on the other hand, is quite important. It is a method of authenticating to a lot of services, a way to get important communications, and if you use one for business purposes, can be quite valuable. I'd much rather deal with a prolonged smart light bulb outage than a prolonged email outage, and therefore I would and do spend more effort having backups for email than for light bulbs.

"Your post implies you must even generate your own electricity or you'te wrong."

Sort of, since I'm trying to make the point that, at some point, the difficulty involved in doing everything yourself means it's not justified to do so. The post to which I replied was quite disparaging of this engineer for not having a third, local, backup system for something comparatively unimportant, but if you really need that level of backup, there are a lot of other things that would also need to be backed up. Some people actually go to that effort, often when they already have plenty of resources to make that possible (your own servers in your own buildings is much easier for people who own multiple buildings), but most of us do not. It would be hypocritical to attack the engineer for lacking a level of redundancy they didn't use themselves.

Re: Noisy installers suck.

"No message means a clean install ... you only need to throw a message in the event of an error."

That works great until your script takes a while to run. If your install script has been printing nothing for three minutes, is it still working successfully or did it get stuck in a loop somewhere? Of course, this is also the kind of script, that, should I terminate it because it appears to be doing nothing (whether or not it was actually stuck), no output means I'll have little idea on exactly what it has done and what I need to do to clean up the mess.

Yes, there are some ways to investigate what the script is doing by looking at files it accessed, attaching monitors to the process and its children, and reading its source (of course everything is open source, right). However, the average user doesn't know how to do that and the technical user doesn't want to do that unless it's necessary, which in most cases it is not. This model also requires the programmer to detect, handle, and have a message for every error condition that could occur on any system capable of trying to run it*. Of course, that's ideal and I'd like everyone to do it, but don't pretend everyone does.

* For example, install scripts that can run on any vaguely Unixy system, but weren't intended for every single one. If I run them in a tiny Unix-style shell that runs on an iPhone and has no services stack, most scripts won't be expecting that and will fail if they try to interact with one. It would be great if every install script checks that, but most do not try at all.

Re: Noisy installers suck.

The part I thought was contradictory was this:

"Once upon a time, devs were proud of the ability to debug a User's problems, now they have to see the stack trace for themselves or it is marked "can't reproduce"."

You act like seeing a stack trace is a crutch, but seeing a core dump, which provides even more information to the debugger, is not. These statements don't seem to align. My story was not exactly the same, but an indication of why we try to use core dumps or stack traces before relying on less reliable user information, which is what I thought you wanted devs to be doing instead of asking for stack traces.

You appear to think that debugging got worse, when in fact the same tactics are being used in the same ways. People still collect logs and information generated by a crash and use those to diagnose problems. If they can't get them, they attempt to reproduce from other information.

Your reply suggests you might have had a different point: "So, yes, having *at best* a stack trace is nowhere near as useful as having the full core dump." I interpreted your previous comment to be expressing dissatisfaction with developers' skills, not their tools. However, I'm not particularly concerned about the loss of dumps; they're still available for programs that make them useful, but for many complex programs, unexpected errors still have some chance of cleaning up some resources from an unexpected error condition. A dump is a rather catastrophic fail method and it provides little information to the user, not all of whom can call the programmers quickly.

Re: Noisy installers suck.

The sentence you quoted contradicts your assertion. After all, what was the core dump? It was a lot of data about the user's situation that led to the crash. It contained a lot more data than the stack trace does. Those dumps were useful to debugging programs for exactly the same reason and in exactly the same way that stack traces are, and both only happen when the programmer did not appropriately detect and handle an error condition. In the absence of the dump or stack trace, the programmer has to try to reproduce the problem from what the user describes, which we certainly will do, but it is less effective because they may have omitted an important factor because they didn't think of it, didn't know it was important, or wouldn't know about it at all.

This reminds me of a debugging exercise I did a few years back where I was asked to fix a problem my software had when opening a certain file. They gave me a copy, and I ran the software on it with complete success. I did so repeatedly and in a variety of environments. I duplicated their server and ran it on that image. Only after a few days did they explain that the thing they were doing which caused the failure was run two copies of the software on the same file simultaneously, set to write output and logs to the same places. Of course we start with anything the computer can tell us before we ask the user to spend a lot of their time providing information they might not have.

Inadequate testing and probably several problems in the design. It sounds like the success checker was using the logs to establish whether something worked or not (bad idea), and it wasn't tested on all the different levels of logging available (inadequate testing), and the logs were not analyzed when the first failure occurred for some reason (not optimal operations). There might be more parts of this problem.

I've dealt with this kind of thing on several occasions, but usually on scripts that were written for speed rather than quality, and thus more frequently for internal or open source projects than for companies who need to make a once-or-never sale and therefore have an incentive for it to all look good at the start. One easy way to get this kind of false negative behavior is to rely too much on exit codes from programs. I've debugged a few scripts which assume that the only successful exit code is 0 and programs where the programmer thought that multiple successful exit codes would make use in scripts easier. One of those was going to need to change before the scripts worked, but sometimes, the situation lined up in such a way that the testing environment actually got a 0 out of a program which, in actual usage, would return another successful code. Of course, I've also seen the programs that didn't check any indicator of success or failure and just plowed on under the assumption that nothing would break, so at least the ones that print an incorrect failure message can be tracked down to a specific part that supposedly failed with minimal effort.

Of course. The management consultant charges a massive amount and will get very angry if you say the work is garbage. GPT costs little or nothing and generates the same level of garbage, but if you say so, it will apologize as many times as you want it to and generate new garbage for you every time.