Posts by Blazde

Re: A bit late in the evening...

Yup: https://www.youtube.com/watch?v=T2OpRfLmhHU

Also from the same era, Weird Science: https://youtu.be/8SCCihCUI4U?t=211

"Unplug it!"

"... Oh shit"

Re: Of course the real truth

I confess I don't understand the MTCR, and have never looked into it. In fact the first time I remember hearing of it was an explanation of why we weren't giving longer range Storm Shadow to Ukraine. So while I agree with you, I don't know if it's a convenient excuse for not giving more advanced weapons, us being all legalistic or the actual reaon. It is the reaon I've heard the government give though, and we do tend to gold-plate international commitments.

I don't know the calculus for sure but Storm Shadow/SCALP is much more on the limit because it's export variant is designed to be both just in-range (290km, not .>=300km) and under-delivery (450km, not >=500km) of MTCR requirements and the the non-export variant is well over-range. My understanding of the actual requirements are they're a best efforts/exercise responsibility/not legally binding/box ticking exercise(*) but there is clearly a benefit to be seen to be upholding the norms so naturally the export Storm Shadows/SCALPs get donated first and then there's a genuine operational question about whether Ukraine can really benefit much from the modest range boost of the non-export, given they have home-grown capabilities for longer range. There seem to be rumours of some long range ones being donated but no official acknowledgement. Perhaps it's a very occasional case-by-case basis. Perhaps it's "do you want two short range ones or one long range one?" and Ukraine always replies like "Quantity over quality"?

(*) To some extent you can say this about any actual international law of course. Enforcement is only a matter of consequences.

Also though, that phase of the war was marked by a strong vibe of European nations coaxing the US into doing more by basically saying "we'll go this far if you will too", ensuring the US was both complicit in the escalation and encouraged to do more via effectively a donation matching scheme. Biden was pretty spooked by Putin's nuclear threats so there was a desire in Europe to lead, but gently so as not to leave the US behind completely. So we had this whole ratcheting dance of, these missiles but.. not fired into Russia, then.. only into Russia at military targets, etc. and MTCR was naturally a rung on that ladder. Since Trump this factor has gone out the window so there's a much greater emphasis on maximising direct (bilateral) benefit, and this Nightfall programme seems squarely aimed in that direction.

I think cluster munitions/mines are pretty different from a British perspective because Ukraine is a prime example of a war where there will be significant clean-up cost and/or disability/mortality from left-behind munitions, there was perhaps some potential to bring Russia and the US into the treaties because of that, and at the same time there has instead been some unravelling of the consensus as a result of Russia using clusters and mines and Ukraine saying 'to hell with that, we will too'. On the bright side: the drone infested battlefield has made front-lines so wide and sparse that chemical weapons seem out of vogue right now, and that trend doesn't favour mines either. On the other-hand: Literal hundreds of thousands of FPV drones flying around are going to leave their own unexploded ordinance legacy.

Re: Block X

At least in the UK the main distinction is that X is a user-to-user service, deepfakes generated by Grok can and are immediately shared and that's the unlawful moderation failure. If an X user posts a Gemini-generated intimate deepfake then X also has an obligation to moderate that.

Additionally, Gemini attempts to stop abuse. But we know all AI guardrails are inherently and unavoidably flimsy so I presume this story will run and run, and hopefully contribute to a more clear-eyed assessment of both AI's usefulness and restrictions that can practically be placed on it.

Re: So...

Here (UK) it's pretty common for 'nice' cars to do away with especially the front license plate entirely, on the grounds that it spoils aesthetics of the car from it's most photogenic angles.

The fixed penalty fines are merely a vanity cost I suppose. £100 first offence. Cheaper than a decent wax job.

I'm not sure how common fines are but at least in my parts the police are much focused on the street racing some of the same cars are involved in, since that's lead to some nasty deaths and - as far as I'm aware - failing to present a license plate properly to an ANPR never has.

Re: Government wishful thinking

Most Olympic gold medallists may have reached their peak, but statistically an Olympic gold medallist is massively more likely than your average migrant to win another one.

Also, never underestimate how seriously Aussies take their sport. One day their visa programme will yield an extra Bronze in the Winter Olympics and the policy will be labelled a 'beut'.

Re: Extending this idea will only lead to madness

I don't think this sounds very plausible. Just imagine how quickly shoes would wear out, and many umbrellas would be required..

Re: Again, El Reg?

I think you're straw manning since your argument could be applied to any advice on securing systems. Don't bother because it's too hard and not worth it unless you achieve 100% security?

A complex enough system can't be secured. At the very least you can't prove it's secure. If you try to apply mathematics to the problem of proving it's secure you first have to model the system and then prove the model is secure. That definitely has value but it fails to secure real world systems partly because of their complexity, but also *because* mathematicians don't tend to think like hackers. Hackers aren't respecting the model, they're finding ways to subvert it.

Crude but honest. I also quite like: "Blackmail? That's slander!!"

Optionally followed up by: "I shall see you at dawn with either an apology, or a pistol"

I feel sorry for the genuine Swiss bankers who work for MI6 and know a few celebrities. How are they supposed to date when everyone suspects a blatant scam straight away?

Butt-hole scans.

Only while they perfect the more 'internal' scanning technology though. There's an endless supply of very private biometric information available from each of us if you really get creative about it.

The Government is supposed to represent the people, so why do they need to watch us? They are ours to command, not the other way around

Indeed, but we the people keep electing governments who want to be seen to be tough on crime. The sad reality is most people are happy to accept a little bit of 'so-called' miscarriage of justice and unsafe conviction because these suspects wouldn't end up in court, or in the police facial recognition database, in the first place if they weren't guilty, would they? And even if they're not guilty, allowing society to acknowledge that would involve orders of magnitude more actual criminals circumventing justice. Better to bake the cake while breaking some innocent eggs.

It pains me to say it but sometimes the truly corrupting powerful influence is the electorate ourselves. The Justice Secretary spoke eloquently in favour of jury trial but a few years ago. The pressures of pleasing the populous and their desire for both financial efficiency, and swift revenge have changed his mind.

Re: Ah yes, unnecessary strings

But they don't get purged until a major release. That's often over 365 days of unnecessary strings!

Re: is this real

it may of been a more powerful statement had OVH said "the government is telling us to terminate your access because you won't put back doors in your software". (certainly not a bad idea to have a backup in place in the event that happened)

If it's implemented anything like the UK's attempt they won't be able to say anything. Much better to jump vocally now before any legal gagging takes effect, and in doing so potentially move the needle on the political debate against it going ahead at all.

Re: I voted for him

I thought the incompetent vs competent chancer, which is worse? Question had been comprehensively answered by the Liz Truss vs Rishi Sunak pm thing few years ago.

Rishi? He managed way more damage to the economy by appearing competent enough, to enough people for a long enough period of time.

Or Liz? Although she did very little damage directly, the trouble is she showed that if you are incredibly incompetent you should avoid splurging your incompetence up the wall all in one go. As a result, the next incredibly incompetent PM (and there are several prospects on the horizon) might be that bit more dangerous if they can learn some basic lessons from her time.

Re: Rust ?

They're a software company with over 150,000 employees, they're allowed to use more than one programming language. They were a little bit late to the Rust party but have since made up for that in enthusiasm & support for it.

Re: this administration

Remarkably the health of drinking water (wrt fluoridation) is, on the face of it, a rare point of agreement between the Biden & Trump administrations: https://subscriber.politicopro.com/article/eenews/2025/07/21/trump-admin-fights-historic-fluoride-ruling-00465318

(You rather suspect the reasons for disagreement with the ruling are very different)

Re: Do I need to panic?

Don't forget the hundreds of programs using Electron which may/may not have code paths executing potentially malicious javascript.

And wait, if it's a bug in V8 it presumably affects everything Node.js too? Or not? This is a remarkably poorly described bug.

Re: Slightly misleading headline

I think the billionaire CEO is the principle shareholder, and the actual donation is unspecified so it's more a case of throwing a few pennies onto the sword in the wishing well, and writing it up in accounts as marketing spend. If we're being cynical. Still, it's great when a company's incentives align with the greater good and the leadership can recognise that.

Re: Perhaps striking doctors could check through any leaked info.

Paper is not cheaper. It costs about £30k/year for a switch that will move paper around with extremely high latency and low bandwidth plus an extra £1.70 (and rising) each time a sheet of paper needs to be sent to another network, and that switch requires biscuits and sick pay and maternity leave and can also strike.

I remember my local surgery in the 80s. 50% of the floorspace was filled with those old patient note carousels and there were more people working in reception than there were doctors. It was all worthless when I moved to another surgery and the 'transferring of records' which took 8 weeks amounted to a blank sheet of paper with about 4 words written at the top of it summarising 25 years of medical history.

New code, new bugs. This is why innovation is seldom good.

In this case the old code has new bugs too..

sudo-rs has 5 low severity CVEs in it's entire 2.5 year history: https://www.cve.org/CVERecord/SearchResults?query=sudo-rs

During that time alone 3 high severity CVEs have been announced in the original sudo, including a memory safety issue: https://www.sudo.ws/security/advisories/

The goal of sudo-rs is not just to have a memory safe version of sudo but to reduce complexity especially in security sensitive areas so that logic errors are less likely and less severe. Time will tell just how successful that's been but so far it's looking like a worthy case of rewriting something from scratch however ill-advised that may be in general.

Re: And in addition to that...

many of the shots you see of that online are of stationary tanks with no crew. i.e. they were already out of combat, but to stop them being reoccupied (or towed off and repaired) local units would send a drone to finish them off.

There's drone survivorship and clickbait bias here. The most 'interesting' footage we see is indeed 'hand-grenade dropped into open hatch' type you mention. But the threat to active tanks with hatches closed, and even moving, are FPV drones carrying RPGs with shaped charges. We rarely see the result of those besides a black screen indicating the drone itself was destroyed. The reason drones are a threat is the greater precision for hitting vulnerable points, even compared to advanced anti-tank missiles.

However we're usually talking older Russian tanks which have more catastrophic weak points. The practice of hardening a tank against a precision missile should help with drones also. Indeed, we see reports of modern Western tanks taking numerous 'attempted precision' FPV drone hits, and also crews surviving even when ammunition does cook off. Hard to know how statistically significant those are of course.

Either way your main point is absolutely valid. Not every asset on the battlefield can protect itself from every threat, nor does it get consigned to the history books if it doesn't. I think we can see a trajectory favouring dedicated anti-drone weapons because the drone density seen in Ukraine necessitates minimising cost per drone-counter. Expensive single-use interceptor pods on armour should be a last line of defence.

Meanwhile air-burst rounds even from the very capable Ajax auto-cannon - which apparently has a maximum elevation of 85 degrees specifically to counter air threats - may well be too ineffective to be worth the displacement of other ammunition. Those things are downright scary on the battlefield. If I were a soldier on the other side nothing would make me happier than to see it pointing at shadows in the sky while I ran away from it.

Re: Implausible to say the least.

Yea, there were a lot of good solutions for interrupted downloads however they all relied on the remote sever being capable of starting in the middle of a file. Many weren't and email was probably especially bad. We should also mention it's already not great to do bulk downloads by email because of the then-unavoidable 7-bit encoding.

Re: Specialisation of a generic attack?

A standardisation of mitigations would be great, but I don't think there're any wins that don't come with significant trade-offs to bandwidth or latency, while also not fully solving the risk until you crank those downsides up to unfeasible limits. Even Tor doesn't attempt to defeat timing attacks in general, it just relies on obfuscating and elongating the route to reduce the chances of the whole route being analysable.

Oh except AWS's mitigation: Trust us, and do absolutely all your work on our networks without touching the wider internet. To be fair it's a valid approach for some use-cases but it's a bit of a grim one.

Re: From 8 to 17 billion

https://huggingface.co/fdtn-ai says the 8b model and it's underlying Llama 3.1 model were already trained at BF16. I doubt they've gone lower for the new model.

I'd guess the new one is a Llama 4 variant which is also BF16 but has a mixture-of-experts architecture. If Cisco only used one expert, which is perhaps/probably sensible for a specialised task(?), it'd be 17b paramaters. Or just possibly it has multiple experts and they're underselling it a bit.

Re: Not quite ...

Hammering it in the last bit is important because it makes it easier to get out again by making a complete hash of the otherwise perfectly tight thread you've created in the wood.

Then, once you've made whatever silly mistake inevitably leads to needing to take the screw out again (8 times out of 10 it's failure to measure twice) the trick is to squeeze a bit of wood glue into the gaping mess of a hole you've created and quickly turn the screw back in, jostle it around until it's kinda flush with the face of the wood, and then try not to disturb it while the glue dries. If the hammering created any nasty splits in the wood this is also the time to try to make those good enough with generous squirts of glue. Don't be afraid to go mad with glue - the orbital sander is your friend. If the screw still isn't working out, don't sweat it. Dremel off the head to sufficient depth, filler in the hole, and repeat the whole process again nearby while patting yourself on the back for adding character to the piece.

Re: That's a bummer

Okay, more info: People seem to report defeating efficiency mode is now a moving target and a mystery. All I can advise is that I managed to stop it triggering last year, and that needing the solution was unexpected but it wasn't complicated to figure out and it still worked as of around 9 months ago, but I can't remember for sure whether it involved anything other than setting 'Best Performance'. I haven't confirmed whether it still works. In ~3 weeks I'll be returning to lengthy CPU-intensive workloads so I'll report back with any new findings/solutions. We may need some kind of support group... :|

The solution then was robust over various workloads and I was even able to run CPU-intensive code which set itself IDLE_PRIORITY_CLASS and achieved the expected functionality of properly using all spare CPU (on all cores) while having minimal impact on any higher priority programs, although that wasn't (at least originally) necessary for stopping Windows triggering efficiency mode - it was defeated for Normal priority processes just fine too. Note that PROCESS_MODE_BACKGROUND_BEGIN & THREAD_MODE_BACKGROUND_BEGIN are the real killers because they throttle I/O and memory resources (rather than just affecting scheduling priority), and efficiency mode appears to do the something similarly nasty. So Low (aka Idle) process priority itself is probably not the true issue in your case, but rather a tell-tale symptom. (However no two workloads are the same so you shouldn't take my word for that, it could be confirmed by manually setting the program Low manually before efficiency mode kicks in, then checking that CPU is still high and only drops later once efficiency mode is triggered).

Re: It's time for some rewording

The 'advanced' designation is clearly based on a whole lot more than them burning ~4 Cisco zero-days.

You have to chuckle at the 'ArcaneDoor' branding Cisco came up with though. I'd like to petition to change it to 'MundaneDoors'.

American isn't it. Since it's Paris 'haut d'échelle' would be more appropriate.

As in "don't drop The Crown Jewels from the haut d'échelle"