Posts by doublelayer

Re: I have consulted in many places over the years

That's true, although I find that subprocess.run looks cleaner. Still, that's just two lines to run a command and get its output. If your entire script looks like that, then you can probably use a shell script very easily. Most of mine end up calling a few programs like that, but then have several lines of output parsing or command construction which I'd much rather do in Python where string parsing isn't a write-only operation and where loops can use more complex conditions.

Re: I have consulted in many places over the years

Not when you need to build ever more complex bits of shell, calling sed or awk frequently, for something that would be structured well in any programming language. At a certain point, shell scripts become too large to edit in a productive way, and programming languages that have some more useful concepts like type management and better ways of reusing functionality become better for the task.

You could write almost all of the basic utilities as a shell script, but would anyone want to do that? The original writers didn't, which is why most of them are in C. There's also portability tradeoffs. Yes, using a Python script means you have a dependency on Python, but if you don't use a particularly ancient set or use a feature introduced last week (there aren't that many of those anyway), then it will work identically in a lot of environments. A shell script is dependent on lots of aspects of the system, from which interpreter is running the script which may be user-dependent to the subset of utilities installed, and some of those differences in functionality can be fatal. Depending on the environments in which the script is running, you can experience some portability deficiencies from shell scripts as well.

Re: “deliberate criminal act”

He's going to get all of that. You seem not to understand what that means. He gets to have a trial, with his own lawyers, and the prosecution has to prove him guilty before he can be convicted. He still has all of those protections. "Innocent unless proven guilty" means what the court has to do, not that, before conviction, nobody can denounce what he did.

This is a popular and annoying argument tactic. Whenever somebody you like is arrested for something and people start talking about his guilt, even if it's really obvious that he is guilty, someone like you will come along to spout this nonsense. By saying that it was a crime and he has little chance of acquittal if the prosecutor can prove the point, they're not convicting them; they're just describing what they think the likely situation will be and in some cases what they'd like it to be. I do not have to presume that everyone on the planet is innocent of everything until a court decides otherwise. Only the court has to do that.

We'll start with the worst assumption you've made:

"And another thing: why did an airbase in Massachusetts have printed copies of TOP-SECRET/NOFORN documents about the war in Ukraine ?"

And where do you think they should be? They were on a military base, you know the kind of place where military people review military situations. Did you think that Massachusetts is somehow a bad place to discuss European affairs? Would a base in Colorado have been better or worse? If I had to defend it, I could say that Massachusetts is one of the parts of the U.S. closest geographically to Europe, but since that doesn't matter much, it's just one of the places where they reviewed information about the war. They're going to be doing that anyway, so I'm not sure why one base is suspicious to you.

"systematically having hundreds of top-secret documents negligently lying around."

Yes, this is probably true. Nobody said the American military did everything perfectly. They have a long history of doing stupid things and not having the best security record.

Or alternatively, people who read the comments section disagree with you. You got 7 on your last post at time of writing. Which is more reasonable: seven whole people out of the thousands who read this disagreed with your post enough to push a button, or an army unit unrelated to the story or your comment decided to create fake votes that don't change anything, but they only managed to make seven of them? If someone came to me and told me to have a phantom army of voter bots, after asking a lot of why questions, I could make a lot more than seven.

Safer from what? There is safety from further fraud schemes from her directly (given her statements there's no indication of any feelings of guilt), and the potential deterrence to others thinking about fraud. It's difficult to quantify these effects, but they exist to some degree.

Similarly, there are different ways to rehabilitate someone. People who commit crimes because they didn't see other options may be easier to rehabilitate by showing or giving them opportunities to succeed, while those who committed crimes despite having an easy way to succeed without doing so may be more difficult, but I don't have any evidence to support that intuition. I don't have a good idea for how to rehabilitate a long-time scammer who demonstrates no guilt or even recognition of the harms she's caused and who had every opportunity to stop.

"But that's just knowledge I've picked up as a curious engineer, and still begs the question why experts doing their due diligence missed all this."

They didn't. Every time she tried to get an expert to invest, they refused. She shopped it around to several biology-focused investors and they all said no almost immediately after hearing the plan. The people she got did very little research, and whenever they did, it was all about the finances of the company which she faked for their consumption. They didn't ask questions about the technology, and she quickly realized that she should stop going to people who knew anything they were talking about and focus on those who liked the idea of being part of a world-changing startup and didn't understand that what she was doing was likely impossible. She targeted those people specifically, aiming to get well-known and respected people who didn't have any subject knowledge so she could use both their money and their names to draw in more.

You don't have to be stupid to miss the impossibility, just ignorant of the mechanics. It's clear that the blood sample contains what you want to measure, and they weren't collecting or diluting it so much that they were excluding the compounds they wanted to measure. Of course, I would have asked questions like "How are you able to measure it in a small quantity when your competitors can't", but I wouldn't have automatically assumed at first that they were automatically lying because people do make advancements in chemical detection and maybe they did. Of course, had someone asked that question, Theranos couldn't provide a real answer and probably used some technobabble to get around it, so I wouldn't be likely to invest in them, but I wouldn't have known from the start that they were untrustworthy.

I think you're probably right about how it started, but not for long. Holmes was a student when she came up with her first idea for a medication delivery system. It wasn't viable then, but researchers are making some progress on something a bit like it. Of course, she didn't want to do what those researchers are doing and actually try some stuff to see if it worked. She wanted her idea to be hailed as revolutionary, which is the same thing she wanted and got with her next idea for a testing machine. I'm sure she thought it was doable at the beginning, which helps to answer some of your other questions. She wasn't interested in learning the things needed to actually invent it, and that was probably comforting to her because if she did, she'd realize how difficult the task really was. I'm sure that for the first few years, she was thinking that all she had to do was continue bringing her genius-level management skills and eventually one of those techies she hired would get the box working and she could show it off.

"at what point did they go from thinking that maybe they could succeed to knowing they couldn't? And were they still chasing investment at that point?"

It's clear from the history that they were seeking investment until the very end. They also knew pretty quickly that they had entered the realm of fraud, even if they were still paying some people in the hopes that someone would miraculously build what they said had been built. While the way she sought investment was fraudulent from the beginning, she knew what was going on when it changed from saying that technology existed that was being developed to saying that technology was being sold when it didn't yet exist.

"The puzzling thing for me is that while there have been many cons that followed a similar pattern most such cons involved cutting and running, or at least planning to cut and run."

Your experience is different from mine. I've seen plenty of criminals arrested and every time I read an article, my brain automatically runs me through a "if I were a criminal" routine. This routine doesn't get very far because the first thing I consider is why the criminal kept committing crime when they would probably have been just fine if they stopped after a couple engagements. This is especially true of criminals who pull in millions in stolen funds, more money than I will ever see in my life, and somehow still decide to keep taking risks. Maybe my lack of desire to own a private jet means I'll never be a good criminal psychologist, but at least it means I'm unlikely to turn to crime. I've seen a few examples of criminals who got their windfall and ran away, but I've seen many more examples when they had enough money to buy whatever they wanted and still went back again and again until they made a fatal mistake. Holmes was one of them, and she made her mistake.

Well, at least that's the word they've decided to use. It means "whatever the esteemed leader Xi Jinping says unless someone has killed him, in case whatever that guy says". It doesn't mean that it has anything to do with anything other people have called socialism, now or in the past, but you will find a lot of people who don't understand that (and many more who do but choose to pretend as if they don't so they can use it to make political points).

There are, unfortunately, many words that have been treated in this way. I tend to just stop using them and find a different one for whatever I'm expressing. I get tired of debate loops where we're discussing what a certain term means even though we both know what the other person thinks and such semantic snarls aren't getting us any closer to explaining what we believe.

Re: Something needs to be done to protect consumers

Things like the cake example can still apply to open-source contributors if they do something that's explicitly illegal, such as making code that automatically attacks and installs malware on other computers. That's still a crime and they can go after that person. The problem comes when they have done something that causes problems unintentionally. Drawing the line between these and an analogy to food is difficult, but the best example I can come up with is giving cakes away without checking whether everyone who accepted one wasn't allergic to the ingredients. If someone eats one and has a reaction, that doesn't make the baker responsible.

If I were to draw a legal distinction, I'd say that the hygiene requirements can be known in advance and followed to the letter, which makes it more reasonable to require that they be followed. The security requirements are vague and there is no way to verify that they have been followed without a court decision.

Re: Have an upvote

You are demonstrating your ignorance on a number of things. Your last comment did you no favors at all:

if former Twitter execs are later charged with felonies*, should Twitter be expected to cover their legal expenses?

*Not being a lawyer or an expert on the Constitution, how things like conspiracy to violate the First Amendment would actually get charged..

1. Violations of a constitutional amendment are not felonies or in fact crimes at all. This is related to

2. Twitter's executives cannot violate the first amendment in the U.S., which only applies to governments passing laws, which is clearly stated in the text of that amendment and I'm sure you've seen it because everybody on the internet, regardless of where they live, has seen this argument before and the text has been quoted. All of this means that

3. If a law violates the amendment, the courts strike down that law and nobody goes to jail.

Re: Have an upvote

"It would not necessarily mean having to commit money into escrow but having their accounts frozen so that payments by then need approval of the plaintiffs."

Whenever you think of ideas like this, check whether they work if reversed. Let's say that Musk cancels his longstanding policy of making logical, well-considered decisions not at all based on who he happens to be unhappy with this morning and starts suing anyone he can think of. Let's say that he's going to sue that guy who told him he was wrong about how the Twitter app worked for breaching the NDA. By releasing some information, he has cost Twitter priceless information. If you could use an action like that to prevent the defendant from paying money, you could prevent them paying for a lawyer, force them into picking the cheapest lawyer if the court refused that last idea, or deny them simple expenses. It works the same way with a company, probably even worse because they're less sympathetic and have a lot more bills to pay than the average person. That could be a great weapon for winning court cases.

A slightly better version would be to require the approval of a judge, rather than the plaintiffs. While better, it's still bad; now you've just got to get a judge that is willing to let you use this mechanism as a weapon and you can use a suit to lock up someone else's money, probably also costing their ability to contest the case well. If it is dangerous and produces injustice when a big company uses it against a small one or an individual, it should not be allowed. Yes, when the big company is on the other side, it may feel nicer having a bigger hammer, but it won't justify the damage done in all the other cases.

Re: Sorry but no.

I suppose, but Starlink didn't invent small satellites or groups of satellites. Both concepts were in existence before that, at least as far back as the cube sat concept. The form factor idea was suggested in 1999 and the first ones sent up in 2003, so that's not something Spacex can take any credit for. They may be able to take credit for making launches cheap enough to consider as many satellites, but even if I was willing to make that leap in logic, it would be Spacex's rockets, not Starlink, that gets any credit.

Re: Risk

Risk management should be but often isn't a focus of the administrators and managers of any system, computers or otherwise. If you decide that cloud is your structure, you have to decide whether you want geographic redundancy (global outages are much less common than one-region ones), multiple cloud providers, or some cloud and some backup servers, or maybe you don't need any of those things but an outage could affect you in a worse way. Similarly, you have to consider most of the same risks if you're housing your own equipment (how much generator capacity do you need, what if the generator fails and you have a power outage, what happens if your DC is hit by a natural disaster, what happens if it's mismanaged). Some companies decide they really need two redundant datacenters in different locations with independent administration, and some don't. That can cause an outage as well and that outage can be as bad as a cloud-based one. Anything can break and anything important needs to have a book of plans for what is likely to break and what's going to happen then.

Re: It's not just about the technology

Businesses have ways to deal with large capital expenses, and they have to do it for all sorts of things. They can manage it for computers as well. It may look nice on the paperwork and they may be able to use it to make a specific financial statement look good when they switch on, but it usually doesn't bring that much to the business's financial situation.

The primary case where the difference becomes important is when a business needs to buy a lot of computers right now, and the cost of outright purchase would be higher than temporarily renting them. Or in other words, it's the spiky use cases with extreme scaling requirements that is the most obvious case where cloud is useful. In most other cases, there won't be much of a crisis to treat it as capital expenses; if it's small, the expenses aren't going to be very large, and if it's a lot of servers, then you can get the same kind of expenditure flow by buying replacement hardware on a staggered schedule.

Cloud can be useful and there are times when it can be cheaper, but how it appears on the statement isn't particularly important in most cases.

Re: Obvious???

"I think it should be obvious that if I am paying someone else to do something for me, it's likely costing them in the ballpark of what it would cost me, plus they're going to add a bit on top. [...] It really is economics 101, straight out of Adam Smith."

It's so entirely contrary to one of Smith's core points that this really needs countering. It's the concept of comparative advantage. I could generate electricity, but I don't have the skills to do it well, I don't have the scale to do it efficiently, and I don't have the business to sell it to anybody other than my own use. Hence, it would not cost me about as much to generate electricity as it does for me to buy it. Even if I don't value my time at all, I would have to spend significantly more currency per joule I generate. That's not automatically true of everything, but it is not only not obvious that the costs are the same, it's flat out wrong.

Smith made this point at length as he was arguing against the tendencies of governments to use this flawed logic, restricting their ability to use resources efficiently. To use the famous quote, it's not that he bought from the butcher and baker because he didn't want to spend the time butchering and baking, but also because they were better able to do that than he was; years of skill and having a town willing to buy helps.

This doesn't mean that you have a comparative disadvantage in running servers. You're posting here, so you're probably in the group that has an advantage. That is why your employer hires you to do it rather than deciding that "Well it will cost us about what they're going to charge and they're going to want a salary, so let's try to skip them". You're better able to administer systems than they are so they hire you to do it, and if you decided that a certain way of storing and operating the servers was most advantageous, it could be true whether you did the housing or hired someone else to.

"Hosting your own hardware will always be cheaper in the long run than hosting someone else's simply because you're not paying the "someone else" tax"

That's very flawed logic, and it doesn't work with most other things. Consider your response if I said one of these things:

"Generating your own electricity will always be cheaper in the long run than buying someone else's simply because you're not paying the "someone else" tax"

"Growing your own food will always be cheaper in the long run than eating someone else's simply because you're not paying the "someone else" tax"

"Carrying your own packages from your house to your recipient, even if they live on another continent, will always be cheaper in the long run than using someone else's delivery service simply because you're not paying the "someone else" tax"

I'm guessing that you don't own a farm, power plant, and global mail system. You might own one of these things, but usually only if you're the someone else providing your service to people who would definitely not be doing better if they were trying to do it. This doesn't automatically mean that on prem is more expensive, and for many use cases it will be cheaper, but your reasons why it is are bad. If you use the wrong reasons to defend your stance, it may harm you when those reasons are proven invalid but there are right ones that could have done the trick.

There are some companies that send researchers to find dumps without tipping the criminals off who will tell you if you have been found in them. Some of them consider this a free service if you could theoretically be a customer of their main business (primarily financial products). Some charge for the privilege. If you're interested in these, shop very carefully to make sure you understand what they will do and that you're not finding a scam either taking your information or just charging for an elusive promise they won't keep.

Alternatively, you can enter addresses into haveibeenpwned.com, which isn't as up to date and doesn't have all breach databases stored but can give you some idea. None of these approaches is foolproof, but if it says yes, it can be useful to give you information about what happened.

Re: Good luck with it, but

That sounds very similar to the tip proposal. Both of them require that somebody who uses the code decides to voluntarily pay well for it. I'm not sure how yours differs other than the fact that you're focusing on big companies whereas the tip proposal works for any size of company. Unless either is widely adopted, it's likely to produce some relatively small donations.

It's also likely to limit which projects get support; the big tech companies already donate large (for us, not for them) amounts to open source projects, but not to every project that gets used somewhere in their company, since that's less tracked. That's why the Linux kernel gets a ton of donations from big tech companies, because it's a single, large project that they understand that they rely on a lot. The tip proposal appears to be focused on automatically following dependencies to distribute the funding to all of them, which will work better for the deep tree that is Node dependency hell and not bad for a structured package repository like Python has, but not so well for a bunch of libraries pulled in from GitHub or internal clones.

Re: Seriously....

"Either Twitter didn't want to be seen to crap on disabled people or they didn't know he was disabled. I think probably the latter."

So the contract specifically saying it, agreeing on accommodations, signed by the company didn't tip you off that they might have known a thing about it? Musk probably didn't know, but the company did. This also suggests they did, in fact, do some investigation into what they were buying and they thought it wasn't going to cause problems they couldn't handle. And, since he was in a job that involved a lot of managing between teams, his mobility restrictions probably weren't that big a problem until Musk was looking for an excuse and still chose wrong.

I'm also not sure why you think that Twitter agreeing to let someone work from home when they were using a policy where everyone could work from home and for an employee in a different country who presumably didn't want to move across eight time zones counts as "woke". However, since you used the word, I can safely assume that your logic would be incomprehensible or stupid and thus I don't have to look into it too deeply.

Re: How do I upload a PDF file to ChatGPT?

Maybe they just did a select all on the text layer and pasted that text into the chat window. It wouldn't help with images and some layout would have been lost, but the words would have gotten through.

Re: So....

Just because they would have to delete the account doesn't mean they could take your money or would give you any. That's still illegal, so even if they decided to interpret this literally, it would just make the process of closing an account faster. If they actually deleted the account without finding out where you wanted its contents sent, the money they gained is still legally yours and has to be turned over to you. If they can't find you, they give it to the government to do that. Governments do that in a variety of ways, but many have offices to handle it (not very efficiently, but they do).

Re: So....

"So, if I delete my Barclays banking app account, then all my bank accounts will be closed and the money disappear?"

No, if you push the button marked "delete account" on one of your bank accounts, then that account would be closed and the money would have to be transferred somewhere else. If you happen to have a separate account just for online access and the bank doesn't do that automatically without the extra online account, then deleting that account would just take away your online access but the accounts with money in them would stay around. I doubt you'll even be able to do either of those because since when can you set up a bank account just in an app. Whenever I've done it, there have been more forms to fill out that could be doable on a website but in some cases required physical writing on paper in one of their buildings. If the app doesn't let you open an account, it's not required to close them.

Re: Process

That will be the excuse Apple provides for why phones have to have all parts locked so that you can't use them for spares. It will make some sense when they say that, which is why they won't mention how it also gets them plenty of business for unlocking those components from devices that weren't stolen. Depending on the models, the criminals might be able to use some of the parts as spares, but with a lot of pieces that will be unusable after they're removed or because of serial locking.

Re: Human error

As long as you collect a bunch of data, you can have this, so the solution tends to be not collecting data you don't need to, like video when the car is off. I'm also not convinced they even got much use from video when the car was on, and there's no way I would have opted in to that. Some misuse will happen whenever there are humans, but we can still take some relatively basic steps to limit the misuse anyone can do.

Re: The BOFH had a term for this

Rule number zero of troubleshooting (and design):

User behavior and ability to miss details are more unreliable than mechanical parts and, therefore, the first place you should look if there's a problem.

Before checking whether the switch isn't engaging right or the cable is not working, check that the switch has been set to on and the cable is connected to the right things and those things appear to be working. It's related to the first step of troubleshooting: verify that there is a problem and that you understand what the problem is, not what the report said.

Re: This is a job for .... Justin Case!

"Stupidly? If there's downtime to make the cut-over it's a very sensible time."

Probably not. To do a proper switch, you need plenty of staff there who can make the switch, quickly back out the switch if it goes wrong, and detect problems that would either be big enough to require rolling back or making emergency changes to the system. That's a lot of staff. You might also need the people who managed the switch if there's any part of this that would need approvals. Making all of those people work over a holiday wouldn't be popular when you could try using a weekend for it instead. This is all if all the people needed for a switch are in your company. If there's a chance you need to call someone else for support, a holiday is not a great time to rely on that.

There is probably a lot less downtime from the perspective of how many users are using the system than there is from the perspective of how many people are there actively working on the system. It's not guaranteed that failing the system during a holiday will be safer than failing it some other time, and if the fewer staff means that it takes longer to fix than it would at another time, it could make it worse. For operational reasons, there's a reason not to do it, and for a not having your technical staff angry that they had to work on a holiday and the management who decided this do not reason, there's another.

Exactly, or even a variation with a predictable floor. For example, if you're sharing desktops on a big server, then you could theorize variation where you get more of the power of that server if your desktop happens to be the only one or one of few operating at a certain point. This would be a nice bonus during low-utilization times, and it would mean that benchmarks taken then wouldn't be reflected when a more typical load was using the resources. However, you'd still need some agreed lowest level of performance so you know what you're paying for. Microsoft's offering doesn't appear to have that.

I'm also still not sure what the point of the desktops are when you're running them from a machine that's likely as powerful. Using cloud for more powerful servers or ones that need better connections to a lot of data makes sense. Using them for user desktops isn't efficient since you'll still be providing hardware to the users that could be doing the job. I don't think there will be much savings in downgrading the hardware to be a thin client.