Posts by doublelayer

Unless they've added it recently, it certainly will not go out and retrieve data from elsewhere. You'd think it would be pretty easy to look at the input text for web addresses and tell the user "Hey, I'm not going to pull that", but evidently not. The program can summarize* stuff if you paste it in first, which might be why the journalist thought it could be done.

* Well, it will read it first and quote chunks. That's no guarantee that the summary will be good or that it won't still make up stuff.

Hey, BARD, GPT told me that this man stole funds. Is that true?

Someone lazy enough to use a chatbot and not understand what it does is probably dumb enough to think that another chatbot can double-check things.

To be fair to them, they didn't say we should call it "lying" either. Both terms anthropomorphize the program to some extent. Probably the most accurate way to describe it is simply "produce incorrect statements", though less polite phrases are available.

I find it difficult to decide whether there should be consequences to this; people should now be aware that the AI programs are still effectively weighted random word generators. However, OpenAI has made its business out of hiding this fact, so I won't feel too bad if the consequences of people believing their hype hurt them.

Re: "SSNs are assigned at birth, and never change"

This appears to fall into the "accidental assignments of the same number to more than one person" category as quoted. They're supposed to be unique, but it's a government system and sometimes they fail. I'm not trying to pretend that they do anything well, from assignment to use, but that doesn't change the fact that reuse of the numbers is not part of the planned system, and when it appears, it's an error which must be corrected.

Re: "SSNs are assigned at birth, and never change"

Wikipedia indicates this to be incorrect:

The Social Security Administration does not reuse Social Security numbers. It has issued over 450 million since the start of the program, about 5.5 million per year. It says it has enough to last several generations without reuse and without changing the number of digits.[41] There have been accidental assignments of the same number to more than one person.[42]

In addition, it appears that numbers beginning with the digit 9 are not permitted, so that would allow for expansion if the key space is exhausted without breaking old numbers.

I'm not sure we have a great definition of what a government has to do to be Communist. They're definitely doing things differently than the Soviet Union, North Korea, or any of the other nations that claimed to be Communist did, but they all did it differently anyway, and none of them really stuck to the Communism out of the Communist Manifesto, whether that would even be possible. While I don't think China is a good representative for what Communism looks like in theory, I can't name anyone else that could be that representative.

It ends up not mattering anymore. When China says "Communism", it means whatever their rulers say it means. That, at least, is something that Communist states have been doing throughout their existence, though it's not limited to them.

Re: Only a limited ban then

Yes, as long as they are able to use their phone in that location. For secure sites, personal devices are usually not allowed to enter the facility, so you wouldn't be able to access it. For other sites, they don't care about use in the building, but use on a device with their data on it. So this really only affects people who actually bring their own mobile device for government work. I can't believe people do that very often. I don't like installing any employer-provided software on my devices. I'm willing to accept SMS messages and calls to my mobile number and to use multifactor authentication apps which are not tied to a profile. If they want more than that, they buy the device to run the code on and they can control it as tightly as they like. For the same reason, I won't use my personal laptop for work and they won't install anything on it. So far, my employers have accepted that preference.

Re: Make like trademarks, not patents or copyright?

True, they have to be selling it, but they can keep changing the terms under which they're selling it until they no longer have to actually make any other than the one prototype. Even the craziest fan eventually stops if the price goes high enough. I just included the processor so that nobody can claim that it's not really a computer. The point is that even trademarks are pretty easy to keep if you're willing to go to a little effort and don't put anything near the restrictions or requirements that people are calling for.

Re: The problem is caused

Except your analogy doesn't fit the software experience at all. If you work in industrial controls, you already know this.

Microsoft did not disable Windows XP from working. It still runs on any machine on which it was installed, and you can still activate it. They don't sue anyone who makes spares for it; if I open a company where I say I'll help you install XP on something, I'm allowed to do so. If I write antimalware software for it, I'm allowed to do that. Microsoft not only doesn't sue me for doing this, they have no right to sue on that basis. If I sold a bunch of copies of XP which I've hacked, they do have the right to sue me for that, although they probably don't care enough to bother, but that is not at all what you were implying with your car analogy.

If we stick with the car analogy, manufacturers eventually stop making spares for a certain model. That doesn't mean you're forbidden from using your old car, or that you won't be able to find spares, but at some point, they don't consider it worth it to continue making parts that few people need. Software people do the same. It's your choice whether to use the old versions, buy the updated version, or switch to an alternative product. Where that choice is limited, I oppose it, but the response to that should be freedom to choose the software you are going to buy, not a mandate for permanent support.

Re: Make like trademarks, not patents or copyright?

"the publisher still stands ready to fix any significant bug or security vulnerability that might pop up."

You don't have that now. The publisher will try to fix any bug or vulnerability that they feel is bad enough to cause them a problem, but not otherwise. This is annoying, but there has never been any requirement that manufacturers of anything, software or otherwise, fixes a problem you might have unless it leads to safety issues. You can sometimes return a product based on those, but not even that in all cases.

It's not really a parallel to trademarks either; to keep a trademark, you must continue to use it in business, not to make available the products with which you once used it. If Apple decided they were shutting down but wanted to keep the name for computer products, they could make a single Apple Computer which sells for a million dollars and contains as the only processor an RP2040 and a tiny screen, no battery, no disks, and no ports. Insert your joke about actual Apple prices and product features here. They can still keep the name, even if all the Macs are dropped.

Re: Hmmm..

"You will never fix *anything* if you put off trying because "doing that one thing won't fix it all in one fell swoop"."

You will also never fix anything by just making changes because you're aware of the problem but not how or whether your changes will address it. That approach is likely to have more counterproductive effects, because after a few "Something must be done, so how about this" attempts, people lose the desire to keep trying things at random.

"Copyright should be 20 years" is a policy that's going to cause several big changes in the area of IP. We don't know what all of those are, but even those which can be assumed are being ignored by many here who are proposing it. For example, if copyright was canceled that quickly, then you could use Windows XP for free without legal problems, which is ... basically what you already have because Microsoft hasn't sent anyone to punish those who leaked the license generator. It's not enshrined in law, but it is what happens de facto. That's not what people are asking for, though, which means that when the change to copyright means that software support and availability hasn't changed, they'll want to introduce a new change. For example, some posts here which have advocated some type of mandatory publishing of source code, which will cause a lot more changes. In the meantime, the shortened copyright term will have caused a lot of chaos in other types of intellectual property that don't become as obsolete in two decades, and someone will want to clean that up. This idea seems to have been written after about five minutes' thought, and that's a poor way to fix any problem.

Re: Coppyright length

"Where is that income stream coming from? Obviously from the pockets of music consumers (e.g. subscribers to streaming services), but less obviously, by diverting money away from current, less well-known artists, into a small pool of incredibly wealthy artists and corporations."

No, that's not the case. It comes from people who still like that music, even years on. If everybody decided that they've heard that music and they're done with it now, there would be no income stream. It exists because people who listen to music, buy it and put it into something else, or ever make a choice of a particular piece are choosing that one. The successful artists are making a lot of money, and the corporations that have those artists in contracts are making even more, but they're only making that much because the music available through those contracts continues to be popular. Under your system where that popular music becomes free, you're going to get even less money going to new artists for a simple reason. Here's an example.

The current method:

Advertiser: We want to put some music under this advert. We could buy the rights to a very popular song from the 1980s for $bunch_of_money, or this less well-known song for $bunch_of_money/4. Which one do you want?

The shortened copyright method:

Advertiser: We want to put some music under this advert. We could buy the rights to a song which is not well-known for $bunch_of_money/4, or a very popular song from the 1980s for $0, which a lot of people are listening to because anyone can have it for free. Which one do you want?

In the second scenario, the artist who wrote that famous song will be getting nothing, but the new artists will also be getting less. You would have a cheap streaming service which just has all the popular music, not including the last twenty years or whatever limit you set, and they'd be able to charge much less because they keep all the profits.

I don't understand this. I don't know what price you're getting for the NUC, but I'm guessing that if it's comparable to the Pi, it's really very old and maybe there's something wrong with it. You're surely not looking at the highest Pi price on Amazon to determine the cost of that? I know they're frequently hard to get, but you know what the prices are and, when it's come up before, people have found stocks in several countries by looking around hard enough. You will find anybody selling something for a ridiculous amount, but that doesn't make that the market price.

Re: A Bit Late Now

I think you've reached the point where you want specific peripherals for your use case and everybody has a different set they want. If you're including ethernet ports, then I'll take a few USB ports but set lower so the ethernet jacks are now the thickest part, but you didn't say whether you wanted any, so that might break things for your use case if I were to build it.

As such, you probably want to use the compute modules which give you all the benefits of the SoC and connect to whatever board has the socket for it, then design that board to have the specific set of connections you want. It's not as cheap as if the company made a board that has precisely the set of stuff you want to use, but given the number of options, they're unlikely to do so.

Re: A Bit Late Now

In your opinion, what would have been the least damaging group to upset? Is it just whichever group you personally have the least contact with? I understand that nobody's happy with the lack of supply, but a lot of complaints about the situation appear to imply that there was some easy answer that they just didn't take, and so far I have no idea what you or anyone else think that was. I have some idea of what it wasn't, but that's not the same.

Re: A Bit Late Now

There are several products that aim for that part of the market. This post compares several good options for performance and power usage, although it didn't include everything and has not been updated. In many cases, it comes down to your specific requirements. Many projects will absolutely need something that not every other project does, and so some of these boards will leave something out that makes them unsuitable, or in some cases include something that makes it worse such as adding on other peripherals which increase the size of the unit for space-constrained projects.

Re: I might as well sign-over my pension check to Amazon. NOT!!

"I did not find any which excluded 5G (OTOH, none promised 5G would work)."

Out of curiosity, why do you want that? If your device doesn't support it or the signal isn't present, it won't be used. If your device does support it and you travel somewhere that has it, you get to use it. They tend not to exclude it because they don't really care which signal you're using, so whatever they have, they'll use that to provide you the service. The rest of your considerations make sense, but I'm not sure that finding one that is specific about that will be possible or would be helpful.

Re: Every year is worse

“All too often, technologists solve problems by introducing additional layers of technology abstractions and disregarding simpler solutions, such as outreach and engagement,”

As a counter to that, sometimes we do that because not doing it is viewed as laziness, incompetence, or worse.

User: I loaded this file which starts as valid XML, then goes into complete corrupted garbage. The program crashed.

Programmer: [Idea: engage the user] Sorry about that, but this program doesn't handle corrupted files. In this case, could you repair the file and send that through?

User: You're just going to let your terrible code crash when it receives invalid input? How unprofessional can you get?

Programmer: Point taken. It's not great. I can do something to at least prevent a crash.

[One day later]

User: I put the corrupted file through today, and it doesn't crash anymore, but it doesn't work.

Programmer: What happens?

User: Nothing happens. It just ignores me.

Programmer: [Idea: user experience outreach] Can I watch how you're using it? [...] Why did you just close that message box? [...] Yes, but could we just take a look at the message to see if it's an error I have to fix? [...] See, it says the file is corrupted and needs to be repaired. So you need to repair it.

User: So you're just giving me the error message and making me deal with it?

Programmer: [Engage? Outreach? Options exhausted] Let me think about this and get back to you.

[Three days later]

Programmer: I'm thinking we should have a library which can parse truncated XML, present the user with a graphical structure document, and provide them a rich editor so they can repair data without modifying a file. Either that or an office in a different building and some code to intercept and delete emails.

Re: Looking back (nothing to look forward to)

In honesty, those things are not gone, just less common. For the same reason, I often complain about the size of smartphones today as I'm in the group that liked the small ones, but you can still find those. The problem comes when you want all four of those together, and also long software support and someone else has ported other versions of Android to it, please. There won't be a perfect option and some compromises are unavoidable, but there are still options.

Depending on how you rank those desires, headphone jacks and SD card slots are quite common, just not on the most expensive devices. Look at the medium range and you're likely to find a device with both of those in at most five tries, probably fewer. Replaceable batteries are less common outside the very lowest end. However, you can still find at least some devices with those that aren't very weak. The most famous devices that fall into that category are the Fairphone and the Samsung Galaxy Xcover line, neither of which I have. If some of those things are more important than others, you can also look at companies that aren't as famous as phone manufacturers go.

Re: You missed a question.

"I don't expect that UEFI would be able to forcibly write this file to a local filesystem."

From other posts, it appears it's not trying to. However, it certainly could if it wanted to. The firmware has hardware access to the disks and has filesystem drivers for some of them. At most, someone would need to include a new driver in it if it doesn't have the one it needs, because the firmware cannot be blocked from accessing whatever hardware it wants. There's a bit of a space limit on most firmware partitions, which limits the size of the bootstrapped attack vector, but not such a small limit that it's likely to protect you if anyone did write firmware that bad.

Re: You missed a question.

I'm not sure how that folder indicates any particular risk, given that you can run a system service from any folder. They could as easily write it to a user folder, anybody's, and run it just the same. For the same reason, they could write it into any Linux installation if they were willing to, but presumably they didn't compile it for Linux.

I wonder whether this works on encrypted OS disks, where the firmware doesn't have the keys to mount and write to them until the user enters a code. It could always insert the software after decryption occurs, right before booting that disk, but if it's running at the start, that might stop it. Either way, I can't imagine why someone at the design stage didn't explain how stupid this plan was, or more likely, what happened to those who did.

Probably not, since it's just looking at the package it comes in, but it's not designed to do every task they have. It's just intended to reduce their costs from dealing with stuff that's sent back by people who are unhappy with its quality, and they want to catch the things that are likely to lead to such complaints. That isn't going to eliminate the existence of fraud.

That said, you could always train a new one on all the products that are typically sold and give it an x-ray generator so it can investigate the contents of packages. Why does this not sound like a good idea?

Re: "Do not enable macros on documents received via email, unless the source is verified"

When that protocol was younger, it still contained all of that, but it didn't check any of it. I could open a connection to a mailserver, submit a message with any headers I liked, from any address I liked, with a long fake history if I pleased, and all that would be available afterward to try to track me down would be the IP address with which I connected to the first real server in the chain.

Nowadays, there are a lot of patches designed to prevent that from working, and most servers actually check those. However, it doesn't stop people from trying the old ways. I've run my own mailserver at times, although I don't now, and looking at what bots tried to do was instructive. Several types of attack were attempted, including many spoofed emails and some attempts to get my server to act as a relay for messages going to others. Fortunately, relay attempts were rejected and spoofed emails went to a separate mailbox for curiosity until I just sent them all to /dev/null. Still, not only can a mail client be manipulated to show an inaccurate source, headers can be spoofed if your server isn't careful.

Re: I think I get it...

Original: "Fortunately the office looked in the car and based purely on a glance was able to determine that there was no need to question any of us"

Reply: Becuse they were looking for a Mexican national in a blue Ford pickup, and you were obviously pastry white Brits in a green Chevy sedan?

If that was the logic, that's terrible logic. If they're willing to use "Not the right kind of car" as a reason not to question them, then they don't need to pull over that car, do they? If they're willing to assume that the person they're looking for could have changed cars, then that part of your argument has no importance. As for the appearance of the person, there are a variety of time-tested ways to make yourself look different which actors have been testing for decades. You can't prove that one of those people was the person in disguise along with some compatriots who had provided the replacement car. Either the situation justifies pulling over every vehicle and questioning the occupants or it requires a more specific search pattern, most likely the latter. The anecdote they supply doesn't appear to have followed either.

That's possible, but there are only so many entomologists. Most of the people walking by would not be one, so the chances that that particular nest would be found by an entomologist are rather low given how many nests there are. There's also the chance that the entomologist, having completed a long day's work studying some other ants, wouldn't look closely enough to determine that these were an undiscovered species and just walked past thinking that they already understood what was going on.

If we posit an alien species that has the travel technology to end up here, there are basically two situations:

1. There are a lot of planets with life on them, in which case why are we of particular interest to the aliens who have likely already seen plenty of them.

2. There are few, possibly only two, living civilizations in the universe, in which case how would the aliens discover our existence so quickly?

My only solution to either hypothetical is to admit that, if aliens show up, we were probably quite close to them or it happened by accident.

Re: Crazy valuation??

Frugality is still a good idea, because a person who has all the same things as the situation 1 guy but doesn't have debt is better than both. Frugality, though, can go to a level where it is harming you. To pick an obvious example, if you were so frugal that you neglected your own health, then you'll find out that repairing medical problems is a lot more expensive than preventing them.

My simplistic financial advice: avoid debt when you can because it's quite dangerous, but if things are bad enough, there are things that are even more dangerous. This leads to very different results based on your needs, income, and career potential, and some of it will be subjective. The same advice applies to companies as well; a company can refuse to spend on everything and have a nice balance statement for a while, but it's likely to cause problems as time goes on.

Re: Crazy valuation??

"Surely if they're approaching break-even it's financially healthier?"

Not surely at all. Consider two situations:

Situation 1: You have a full-time job and you earn a nice salary, but you have expensive tastes and have spent a lot of money on stuff you didn't really need. As a result, you find yourself in debt in order to afford your living expenses.

Situation 2: You have no job but you occasionally find money on the street, and you've identified some places where food is quite cheap. So far, nobody has interfered with the cardboard box in which you live, along with your meager savings.

The person from situation 2 is not only breaking even, but is turning a profit. Their situation is not better than the person in situation 1. If something bad happens, the person in the first situation is much more likely to be able to handle that, and they're also more likely to be able to fix their debt situation than the other person is to consistently maintaining those savings.

As this applies to Twitter, let's assume that somehow they are at a break-even position, which I doubt. They need not only to maintain that but to start turning a profit so they can pay for the things that allow them to keep existing. If they've reached their financial situation by cutting a lot of expenses, they run the risk that some of those expenses weren't as unnecessary as they thought, because if their systems fail, they will no longer be earning any revenue. Maybe they'll be able to run their systems on the payroll they have now and they'll continue to get advertisers to pay them, but if either of those fails, they may find that their break-even position has turned into a loss-making position when they weren't expecting it.

Re: I wouldn't call it malicous compliance, but yes, I have a story

Do you have any level where it becomes the company's responsibility? If I bang on every door with a problem, a suggested solution, and volunteering to do it singlehandedly, how many people have to say no before it stops being my responsibility and you stop blaming me for the consequences of that problem. As the original poster indicated, they didn't even create the problem. I also assume that, had they attempted to fix the problem and introduced a new problem, you'd be blaming them for doing that when management hadn't approved.

Why do you jump to assuming that this person's failure to solve a problem that nobody cared about and they didn't create caused the demise of the company? It seems more logical to me to assume that the company's inability to work on the problem was a symptom of inept management which caused the collapse, something an individual tech, even if they took the initiative to fix everything above the complaints of management, couldn't solve.