Posts by doublelayer

Except that Hector was not the person who wrote the code concerned and the discussion did not answer the question of whether it would be merged or not. The code concerned may still be merged, because the person who tried to stop it doesn't have the power to do that unilaterally. All Hector's involvement did was make several people angry because he insulted people who wanted to block the Rust contributions, Linus rebuked him for that, and he is now leaving. The leaving was probably not only about this incident, given that Hector has reacted similarly, if less extremely, to previous episodes of this long-running series of "people arguing about programming languages". This episode may still end, after we've all stopped paying attention, with the original code considered fine and merged over continued grumblings from the reviewer who didn't want it. Or, for that matter, it being merged to a massive explosion of anger from the same guy, it all depends. The latter would be problematic, and it's far from the only bad way this could end.

Yes, he did, and it's the one thing he asked for that I think was reasonable. He made lots of comments there which I disagree with, including some personal attacks on people who oppose Rust which I thought were at best a bad idea. However, I think, for the reasons stated in my original comment, that continuing to have this fight every month or so when someone writes something in Rust and someone else gets annoyed because it is Rust is going to cause problems. Each time will add a little stress to some people, and if it happens often enough, those people are going to start reacting to that stress. We just lost one maintainer out of this. Maybe we think that doesn't matter; I'm not using Asahi anyway, and probably others will keep working on it, but do we want to keep rolling those dice? If you dislike Rust, this isn't good news for your side, because for all we know, an anti-Rust maintainer will be next to quit because they're annoyed that nobody is stopping the continued commits of more Rust into the kernel.

I don't know what Linus can do about this. He is unwilling to tell either side to stop at the moment, so maybe he thinks it will work out best if they eventually settle it among themselves. I have my doubts that this is going to happen that way. If anyone has an idea for how this could be mediated so we don't have long fights with personal attacks and insults regularly, I think it would be useful to try.

Re: please post a link proving your point - I'll go first

Read the sentence again. I think you already know the context, but if you somehow don't, they were stating a hypothetical where other operating systems adopted Rust or something else that eliminated memory-related CVEs*, and Linux didn't, thus that in this situation which is not where we are today, Linux would be the only one with those CVEs. You decided to take something that was clearly a what if and treat it as if it was stated as current fact. That makes it easy to disprove**, but it doesn't make other points.

* And you had plenty of points you could have made. The way we would get to a memory CVE-less world is far from clear here. You could have argued against them by pointing out how difficult that would be in practice. Linux could reduce or eliminate theirs in a few different ways. You could propose one you liked better. I'm not going to argue either of those for you, but you can if you decide to argue against what they said.

** You didn't have to go to an LLM to disprove it. If you know how these CVEs work, you can get actual information about real ones in other operating systems, for example the ones in Microsoft and Vmware that were covered in an article in this paper yesterday. A summary from a bot that could have made up the existence of things is less reliable information, even if it was correct this time.

He is leaving in a huff, and many of his statements about the Rust issue haven't been very convincing to me. However, one of his points is, in my opinion, correct.

Linux has a problem with Rust. It will go better if they either decide that Rust is in it, and anyone who is unwilling to see Rust can feel free to leave or shut up, or that Rust is forbidden, and anyone who wants it in the kernel are free to leave or shut up. Right now, though, they have the situation where Rust is technically allowed, but when someone writes something in it, some others come around and try to stop it. This is guaranteed to annoy everyone involved. The Rust people see their work, which is often carefully written and tested, trashed by people who don't have a technical objection but just dislike the language. That is frustrating. The people who don't want Rust see an extra burden on them, sometimes supported by irritating ideological arguments and they don't know whether they can opt out of that or not. That is frustrating. While this argument continues, we can pretty much guarantee that everyone will get more frustrated and some of them will burn out as a result. The rest of the Linux community, including developers who are more indifferent and users, would all benefit if this didn't happen. I don't have a way of making it stop, but it would help if the developers could figure out such a way or, if they can't, for the people managing the project to try.

Re: "Rust project ... burnout is shockingly high. "

You'd have to do a lot of work to figure out what is comparable. For example, if the burnout in the Rust community is at all related to kernel problems, then neither of the other languages you list can be compared as they are not used there. You'd probably also have to consider community size, but you can't compare size without comparing scope of what the community is building as one may manage tools the other one doesn't need, leaves to an open source developer, or just doesn't bother with. You would also need to add in how many people are paid to do it by an employer, as those people will burn out in a very different way, if at all, to their volunteering colleagues. I'm concerned that any research attempted would find these problems too annoying to solve and would have to use a simplistic definition for all the important elements to come to any conclusions.

Re: A job's a job

Because that's not what you said earlier. You've written a softer message, one that I agree with, and pretending it's what you've been saying before. You did not defend Koreans as a people because nobody was attacking Koreans as a people. I'd happily employ someone from North Korea who had escaped, because they would have to escape for it to be possible, because nothing is intrinsically good or bad about their national origin. Your defenses have been of North Korean government-organized operations by denying that they were this, or pretending that they didn't install malware, or mutating the reasons why anyone would hire them to ascribe to the employer a level of complicity that they did not have. Now, you're deflecting from this by suggesting that those who say otherwise are prejudiced against Koreans, when in fact we're prejudiced against state-run criminal groups no matter who runs them or where they were born.

I too have worked with people from lots of countries, nearly all of whom were wonderful people. Many of those were former residents of countries whose governments I do not trust at all. They were not installing malware on corporate devices. They weren't copying customer data. They were not being monitored by agents of the government of the land of their birth, at least as far as I know. The people in these articles were all of these things, and that is what we have a problem with.

Re: Asian accent!!!

I'm guessing this is why they pretend to be Polish or Serbian, assuming that people will not know what a Serbian accent sounds like and will mistake their Asian one for a Balkan one. Trying to pass it off as Chinese might be easier, but I think many small companies would not hire a Chinese remote worker at all due to more complicated Chinese labor laws and they would also probably offer a lower salary.

Re: Interesting

There are other tactics. The first interviewee, for example. The second one used GPT-style answers, but the first one knew what he was talking about or was better at cheating. Probably it was the former; some of the North Koreans they use are quite well-trained. They don't always do great work once they're hired, although sometimes they do. It would be possible to have people who know what they're doing do the interviews, then swap in others for the actual job. That is easy for an orchestrated campaign the way that North Koreans do it, but it wouldn't be hard to hire someone to fake being you for a couple interviews. Vigilance and processes that verify as much information as you can will always be necessary.

Re: A job's a job

Maybe because, on every single article where North Korean activities are brought up, martinusher can be counted on like clockwork to show up with an explanation of what is happening which ignores facts stated in the article, denies facts you can prove with a quick search, and has a benign explanation which is wrong but also wouldn't be acceptable if it was what actually happened. For example, the argument that employers were intending to hire Chinese remote workers when the article said that they were impersonating US residents or claiming that these workers are all free agents just trying to make an honest day's wage for an honest day's work.

This comment is no different. It suggests that North Korean workers are free agents again (they're not), that the stories of installing malware into companies are fiction (they're not), and follows the same inaccurate playbook. I don't know why he does this, but he does do it routinely. It goes on to blame the companies that hire these workers, so not only is it your fault if you hire a North Korean, it's your fault if someone manages to commit fraud in an interview to look better at their job than they are. In reality, those who fraudulently complete interviews using ChatGPT or someone else giving them answers are not fulfilling the needs of the market, they're lying for personal gain, or in the case of North Koreans, survival and tiny perks. People who become victims of fraudsters may be many things. They may be greedy, miserly, stupid, or they might not be any of those things (it all depends on the context), but they aren't getting what they wanted or it wouldn't be fraud.

Re: Old scams in new jackets

If the company is remote, where do you send the person? It also makes any interview very expensive when you have to fly the person from Poland or Serbia to San Francisco. Not that it wouldn't help, but there is a reason why a lot of companies, even those with offices, don't do their interviews in person. Your solution could involve sending people to the offices only for the last interview before giving them an offer, which would be slightly better.

Re: "The copying of our content was not 'fair use.'"

The guy in the Lehrer song isn't exactly the hero of it, you know. This issue is not about picking the more sympathetic corporation. This issue is about finding the right rule, either currently, where we're trying to figure out what rule the current law already says, or for the future if we decide that is wrong and we want the law changed, for every situation where this crops up. This means that the giant AI corporation copying an individual's work without permission and a scrappy individual with an AI model copying a massive enterprise's work without permission should be treated the same way. That way, they both know what is required of them before they start out. In fact, I would suggest that the sizes of corporations demonstrate why we need that clarity; the kind of thing that large AI companies do routinely would be immediately and rigorously smacked down if an individual did it, and only similarly large corporations have the legal might needed to push against it. This is unfortunate, but I support the people with copyright, even if they are large, because by defending themselves they also defend smaller creators with the precedent.

Re: "The copying of our content was not 'fair use.'"

"Am I violating Reuters's copyright by doing so with their material?"

Well, if you are told you need to pay for it, but you find a way of getting a copy without paying for it, I think you'll find that courts think you are. The same reason that, if I ever get a copy of the AI models these companies make and use them, even if I don't sell them, they're going to think that I don't have a right to do it.

Re: "The copying of our content was not 'fair use.'"

Patience might be helpful here. You're demanding a response from people mere minutes after posting something. These forums don't work that quickly. You're also getting angry at what is at most two downvotes your original post received (no, not me). For all I know, it was only one by the time you complained. Get used to it, more people will express their views through votes than through replies. You may not get many votes or replies on this topic because the copyright of legal documents is not an article a lot of people are likely to click on, but if you do, they won't come through as quickly as that.

Re: "The copying of our content was not 'fair use.'"

If I want to train some AI on publicly available court decisions, I have a brilliant idea: I should do it with the public court decisions, rather than someone else's summaries of those decisions that I don't have permission for.

Yes, I do like paying people for things if I like the price. If I don't like the price, then I don't buy them. Price discovery and an open market are almost always available. If I want a certain book, then it is not hard to find the places selling the book and how much they charge to get a copy. If they all charged £200, then I will probably read a different book. Of course, there have to be some restrictions. For example, one of the only cases where anyone tries to charge £200 for a book is for textbooks, which is why I would buy used ones. I'm sure textbook authors would try to prevent people from selling used copies if they could, and I will fight against any attempt they may make to do that, but that is much less far than you constantly argue for.

Re: what are you paying for

It's not fraud, unless they promised that they wouldn't use any AI tools. Since they evidently have their own internal tool, they probably did not make that promise. So fraud is definitely off the table. What it is, however, is incompetence. Their clients have every reason to be angry with them about that, and they may be able to sue these lawyers, but for negligence rather than fraud. I'm not sure how likely they are to win, but I suppose I can find out by giving an LLM the prompt "Show me case law demonstrating that lawyers citing nonexistent cases is considered negligence".

Of course, the events described in the article aren't at that level yet. This is a court potentially punishing the lawyers, not their clients. Courts can penalize lawyers for a variety of things with a lot of latitude for the judge. Even if this wasn't sufficient negligence for the clients to win against them, a judge can assess some penalties, either on the lawyer, for example finding them in contempt of court, or to the client, for example by rejecting their motion to exclude evidence because they failed to make their case. These things are complicated because the terms for what a judge is allowed to do are a little vague and some of this might be overturned on appeal if the evidence really should have been excluded but wasn't due to attorney incompetence.

Re: Puzzled........

That can be part of the problem, the extra time spent trying to take the information provided and figure out what truth is, but it is not the whole problem or even the largest part depending on where you're getting information from. For example, a thing that happens very often is that some incident occurs and broadcast news and websites start to post information about it. They are going for speed, which means the information may be faulty, but if you're using reputable sources, it is probably fine. The problem is that it's little pieces of disconnected information. To understand the situation, you need to either assemble the puzzle of data until you have the truth, remembering to immediately remove any pieces when they report that oops, that wasn't quite what happened. The other approach is the one I've often taken. I don't know if it's healthy, but when an event happens, I respond by ignoring any news for several hours so that, when I do read about it, they can provide me with a more cohesive report.

Re: There is no escape from the surviellence network

You: The article has written; "Free text messages", "Access will be free until July"

Which, as you well know, is true, in that you don't have to pay until July when it starts being not free at all. But do go on assuming that there is only one definition of "free" and it was created in 1983. Surely, it will eventually convince someone that they were a complete idiot when they used it to talk about prices, which only came about when some anti-FOSS people wanted to torpedo the word. It will also make the people who make the software you like annoyed with you.

"I see this being useful as a fallback connection for areas with little to no reception—once this exits beta they will probably bundle it into existing plans for just that purpose."

I doubt it. For one thing, this is probably more useful as a fallback for when it would be more expensive to build a tower than to give people worse service. There are many rural locations where it isn't cost-effective to build a tower, so this may be their excuse for labeling this area as in-network when you can only use the satellite. But that becomes a competitive advantage, and that means profitability. If they can be the only network that has anything, albeit an inferior* satellite, then you can charge more. Rural cabled internet already does this significantly, where someone might be paying twice as much for ADSL than an urban resident would be paying for symmetrical gigabit. That works for a cable which collects your address in order to tell you what services are available at your house and how much they cost, but that doesn't work for a mobile provider who charges the same amount everywhere in the country. Satellite becomes the perfect tool for charging people more where that service has no alternatives while charging people less if they could easily go to someone else's service. Therefore, I predict that this will be a charged extra until other providers in the same market are offering satellite service too.

* We'll have to see what the satellite service is like. I am predicting that it won't be very convenient to use and that there will be restrictions that make it less useful than a ground station. Maybe this will be proven wrong; I didn't think they would get LEO satellite to standard phone compatibility this fast.

Re: There is no escape from the surviellence network

You could leave the phone behind, or you could disable your network. If you were running to the woods to avoid surveillance but you took a connected phone with you, you're avoiding surveillance wrong. Plenty of forests have mobile service from terrestrial towers.

Of course it's not free, it's $15 per month for an unspecified usage cap which the article doesn't mention but I'd be surprised isn't there. But since nobody said it was free, I'm not sure how beating your favored drum is relevant.

Re: Is the needle even in the haystack?

I don't care if they do. I got rid of it. If they want it now, that's theirs as long as I have no more responsibility anymore. It is why I erase things before getting rid of them, though.

Re: The real question

I have a challenge for you. Get an old laptop hard drive. They're extremely cheap these days. Write some data to that drive. Then bury it with no protective arrangements, ideally in a place that gets rained on and next to rotting things for a year. See how recoverable that is when you dig it up. Corrosion is more powerful than you think. Of course, the options of the drive getting smashed or simply being impossible to find are there, but in the situation where you found it and the platter hadn't shattered, you would still have a device that is not in good condition to be read.

Re: There's a simple solution to all this.

Buying a landfill and excavating it, even in the cheapest, most destructive way, is going to cost more than that. Recovering data from a corroded hard drive itself is extremely expensive, because the average data recovery specialists don't see things in the condition this drive would be. Maybe he has found some people willing to make this bet, but if that's all he's raised, he will need more.

Re: Oh Dear, Oh Dear, Oh Dear

And if he ever buys it, remember to subtract any charges for doing any excavation with zero environmental damage and making him clean it all up afterward. Make sure that money is put in an account that can only be used for that purpose before he takes possession. At that point, let him give it a try; it's not our problem if he wants to waste more of his life on an impossible dream, but we're not letting him break things while doing so.

Re: The real question

No need to reconstruct the blockchain. That is already public. All he needs is the private key that gives him access to the wallet, multiple keys if there are multiple wallets. It's almost certainly an all or nothing thing. If there's only one wallet, he only needs 256 bits. Possibly 384 bits if it's base 64 encoded or 512 if it's stored in hex, but either way, a couple sectors could be it. To find those sectors though, you'd probably need the file table too.

Re: What kind of fearmongering article is this?

"It implies that some wide-scale microcode attacks are taking place, but there isn't any?"

It doesn't. The "biggest microcode attack" refers to the political point in the second half.

"If an attacker has ring 0 access, they are just going to use that access to achieve their goal and will not waste the extra time and effort required to write microcode updates that achieves that goal."

That is true if it is as difficult to write a microcode update as it traditionally has been. If everyone could do it, they would do it to hide better and, if they could find a way, maintain their attack even when other things are booted.

"If you want to fix the microcode security issue, the only solution is to make the microcode updates free software and then the users will collectively be able to verify if any update serves them or is proprietary malware."

That won't work, especially as the microcode changes every time a processor manufacturer changes their internal model. Microcode for one chip versus another could be quite different even though the ISA is the same. Microcode as free software might help some people who could audit what is in it or write their own, but it wouldn't be as transformative as you're describing for a similar reason that the underpinnings of Android are theoretically free software too but yet most devices cannot have anything but the manufacturer's image flashed. Of course, it's also not going to happen because it is one of the major ways that processor manufacturers improve the speed of their chips, so releasing it would hurt their competitive position so they won't do it.

You could edit the microcode to intercept the add call and choose to return an incorrect result. Adjusting the adder itself would probably be infeasible, but bypassing it might be much easier.

Re: TPM and Linux

I don't know what you think a TPM does, but it sounds like you've misinterpreted it. Many Linux systems use a TPM quite intentionally for the same reasons that Windows does. If you use LUKS volumes, one of the most common configurations is to use a TPM so that the volumes are linked to the computer in which they were created. This means that, if I get a copy of your drives and start brute forcing your key, I'll almost certainly fail because I don't have the part stored in the TPM. Of course, you can use LUKS without a TPM if you want, but it's really not unusual to use it. A TPM is a relatively dumb piece of hardware/software and like any other part of the computer, you could use it for malicious purposes. Since it can be used to run only a certain set of software at boot, you could use it to make sure the computer doesn't boot anything except Windows. However, if you're concerned that they'll do that, it's worth considering that there have been TPMs since 2003 and can you point to any time when they did this?

Re: MS doing their best to slow down the adoption of Windows 11

Do you have any idea how one would use a TPM to accomplish either goal 2 or 3? That's not what TPMs do.

To be boring, probably the reason they put in the requirement is that they turned on Bitlocker by default, Bitlocker requires some version of TPM to have drive encryption without requesting a password at startup, and they want to be able to cut 1.2 compatibility out of their code at some later point without having annoyed users yelling about how their update is breaking drive encryption. The requirement, along with the restrictive processor requirement, is generating a lot of ewaste that I disapprove of. Again, I think this is probably less malicious than lazy, because it enables them to compile for newer instruction sets whenever they want, but machines with Skylake CPUs are not out of date. Microsoft used to be much better about allowing the user to determine when their hardware was old enough to need refreshing; Windows 7 or 10 wouldn't run well on something ancient, but it would run. Unfortunately, Apple has done similar things with their shortening Mac OS lifetimes, and just like Windows 11, a simple tweak to the installer makes the modern OS install just fine, demonstrating how unnecessary the hardware requirements are.

Re: where this gets real sticky

Musical copyright cases are often complicated by the problems you're describing, with one creator thinking they own a simple set of chords. This is why they often lose them, though it's mostly a role of the dice to see what the jury thinks that day. However, your simplification misses several important points.

Yes, there are twelve notes in an octave. There are also many octaves (technically unlimited ones, but we can limit it to seven or so), and many instruments can and do use notes between those twelve, and there's a lot more to a sound than its frequency which is why we don't listen to all our music played on the sine wave. That makes no difference, because it's similar to saying that there are only twenty six letters in the English alphabet, so anything written is just an arrangement of those. Not every melody has been previously generated, even if they have similarities. While some people may try to claim ownership over sections that are far too short, there are people who create new works and seek to protect the whole, rather than each component. Meanwhile, people who intentionally made minor changes still had to compensate the original creator; while some people may have decided that covering someone else's song would be a quick way to fame and some of them were right, they had to pay for the right to make that cover. The same is true of sampling. It wasn't free when the people you're talking about did it.

Even if we decided that music has two few components, that doesn't extend to other forms of work. There are a lot more arrangements of words than there are of notes and more reasons to string some of them together. Depending on how into information theory you want to get, you can put visual art above or below music on the entropy scale, and even if you consider a picture to have less information content than a song, video lets you extend that quite a bit longer. Generative AI companies have been helping themselves to all of those things without permission. To me, how original these things are is not the question. If it was copyrighted (it was), and they considered it worth including (they did), then they need to obtain the rights to it. A lot of those rights will be really cheap. If it was so unoriginal that it didn't add anything, there should have been no problem excluding it from the training data. They included it for a reason, they found that their models were better with it than without it, and they can pay for that.

Re: False perceptions by 'creators

I think we all get that to some extent, but the creator of this thread appears to think that's all we should ever need to create something that's not physical. I do wonder, other than wordy defenses of piracy, what things that person creates? It would make a lot of sense if those things were physical, the one category they still think has value.

Re: Going after federal government tech spending ...

Partially, it's because we've probably all had the experience of the way this type of paperwork ends up working out. When submitting expenses, you must enter the payment code. The correct payment code for your payment is 1924[general services]/2001[travel]/2014[routine business travel]/0103[motorized travel]/2005[per distance billing fuel and vehicle maintenance]. Finding that code will take twenty minutes of searching through internal wiki articles and that file that's on someone's SharePoint/Google Drive and doesn't look authoritative, but you're going to use it because you've tried for a long time to find something better and you've failed. By the way, when you travel for a slightly different reason tomorrow, that 2014 needs to change for what looks like a similar transaction. It's not that it's not a good idea to track this information, but that most of the time spent doing it is not adding any useful information but is costing a lot more in paperwork. Not just filling out that form either, but sending someone to investigate it when someone should have selected general business travel but accidentally selected travel to customer site because they traveled to a customer site but the code is more specific than that.

In this case, the insistence on filling out the comment field demonstrates how little they understand this. Sometimes, you need the comment field to explain why something was purchased. Sometimes, you don't. If you're paying the monthly bill for a mobile phone you need for access to something, and you've already filed it as such, then there is nothing more to put in a comment box and its blankness is not a symptom of any problem.

To find fraud, you have to work a little harder than complaining about forms. To improve record keeping, you have to work harder on having procedures that can be realistically followed. But by all means complain about comment fields and payment codes; it makes it look like you know what you're talking about and doesn't require the slow and boring bits that could actually solve a problem.