Re: How to wean Grandma off of Windows?
Microsoft is playing on your side there, what with shoving all the stuff Grandma uses all the time off to new, obscure places in favor of stuff Grandma doesn't want.
32 publicly visible posts • joined 24 Jun 2019
These guys are kind of jerks most of the time, and Musk in particular is an obnoxious lunatic, but it is idiotic to try to count everything emitted by somebody's "investments" against that person's personal carbon footprint. Does that mean that nothing gets counted against the customer who buys the product or service that emits *directly*?
Those negotiators exist because a lot of people who take hostages are irrational. Taking hostages isn't typically a profit-motivated activity undertaken out of self interest, let alone one where there's any kind of vaguely sane cost-benefit analysis.
Ransomware IS a profit-motivated activity undertaken out of self interest with an at least mostly sane cost-benefit analysis.
If it is known that the company will NOT pay, because doing so is illegal, the law is enforced, and paying will probably mean life-changing personal consequences for all the decision makers, then NOBODY WILL MAKE THE DEMAND TO BEGIN WITH. There's no point in doing a lot of work attacking somebody if you're not going to get paid.
This is trivially simple game theory.
Anyway, there are a fair number of billion dollar companies that would improve the world by going bust.
It would be "good" for giving Sam Altman billions of dollars basically just for existing. With the investment round they want to do at the same time, it'd be "good", for giving Microsoft direct control. It'd also be good for appealing to the naive market-based religion of a lot of the people who work there.
Difficulty: If Altman's hand-picked board does this, it'll be in blatant, criminal breach of its fiduciary duties under the charter of the existing non-profit.
Difficulty with the difficulty: It's not obvious that anybody can or will do anything about that.
Giant monolithic kernels with completely unconfined drivers are a poor system design. We've known how to do better for a very long time.
Layer after layer of that kind of bad design is the reason you end up feeling you *need* "malware defense" as a separate category of software.
*Fix* it? By itself? Obviously not.
It might have *prevented* it if people years ago had had any capacity to think beyond next week or beyond "works for me", or any concern for the public interest. It would at least have cut down on the pressure that created the situation.
It might yet *help* to fix it... if more people develop such capacities and concerns. It's probably a technical prerequisite, and it would at least clear away some barriers to improevment. But it would still take a huge amount of work to even slowly roll back the giant entrenched power structures that we have now. There's a very good chance that the real potential of the Internet has been permanently destroyed.
> It works.
No, in fact it doesn't. It broke the Internet.
By preventing just any host from talking to just any other host, it caused massive centralization and concentrated a dangerous amount of power in a few companies, which routinely abuse it.
It also twisted and complicated the design of dozens of protocols, as people tried to work around the reachability problems it caused. The amount of development and configuration effort involved in keeping that garbage running dwarfs anything that IPv6 could possibly demand.
> Probably easier than deploying IPv6
No, in fact it is not. Code would have to change in the depths of the IP stack of every machine.
If governments had had the guts to just forbid IPv4 on the public Internet 20 years ago, we wouldn't have this problem. But idiots just keep digging things deeper.
NSLs can't do that.
What can do that is putting the morons in charge of the "licensing system" because nobody else wants to work on it. And in fact nobody else wants to think about it or look at it. The suits tell your project to stick this crap in on pain of death, and you do it. Meanwhile said crap escapes all the normal processes because it's not really a product, but is really a priority for the MBAs.
... and note that the crap itself actually serves no essential function and should not exist.
> Society-affirmed sense of impunity is not mental illness.
Doing illegal things, without taking any meaningful precautions to hide your identity or avoid creating the means of proof, when you *know* that such actions *do* at least sometimes get punished, and there's nothing about your own case that would lead a person to believe that didn't apply to you... sure points to mental illness and waggles its eyebrows.
The idea that this guy, or anybody else, has a "society-affirmed sense of impunity", is something you've built up in your own head, and probably says more about you than it does about him, society, or anything else.
> Ref the untrained puppy discussion in Starship Troopers (the book).
Heinlein had a lot of dumb ideas, and sure as hell wasn't an authority on anything remotely related to psychology or politics.
They're not "their" phones. They sold those phones. Stop encouraging the idea that people never own anything.
They could legitimately turn off the App Store and all their other cloud services, though. Which would of course greatly reduce the utility of the phones. Which is why only a total moron would ever buy an Apple phone.
... when the Snapdragon X Elite only gives me 135 GB/s of memory bandwidth to feed it?
If I'm quantizing my model to 8 bits, that means I have to find on the average 330 operations to do on any given weight every time I fetch it.
I'm not an expert, but I don't think ML works like that. I think it's mostly big dot products that only do a handful of operations per weight on each pass over the entire giant definitely-will-not-remotely-fit-in-cache model.
There's almost zero chance that any fab will survive any shooting war in working order, even if no national participant intentionally targets them. Wars are chaotic, with random damage and confused people running around with bombs. And disruption of supply and service networks. Furthermore, if there's an existential threat to Taiwan, both the local government and many well-placed individuals could have all kinds of reasons for sabotage. Including simple revenge and regardless of what "the West" wants.
There might be some question about how many months or years it would take to fix the fabs with everybody cooperating in peacetime, but they're not going to be working after any kind of war. They're shockingly delicate.
Contempt of Congress can be punished with imprisonment. They have the power to summon *anyone* and force them to answer *any* question, under oath. In public, if they want to. It's a constitutional power, too, not something that an easily be changed.
I suspect it's not a uniquely American thing, either. I think the *UK's* particular style would be more to make you explain yourself to the Minister of This or That in private, but even there I suspect that refusing to talk to the Minister would be a bad move. Other countries do various other things.
Oh, and on edit: In this particular case, I doubt he was very reluctant to begin with. Lets him get his story out there.
You can argue it all you want, but it still won't be true. It's perfectly legal to pay them unless the particular group you're paying happens to be on a sanctions list.
It *should* be a criminal offense. Not because guys like that should go to jail, but because they shouldn't have to make the decision... and the decision not to pay only really works if there's nearly universal solidarity behind it anyway. By outlawing paying, you can really affect the attacker's calculations ahead of time.
I used to think that, but it turns out that it has bad problems, too. It causes site operators to enshittify their content and spread their focus by adding garbage material that might seem, to a computer, to be relevant to high-value ads, but is actually worthless to any user. In fact it seems to be causing search engines to use the presence of such filler as a metric of "quality", and promote sites with high volumes of ad-relevant garbage over sites that deliver clear, concise, focused information the user actually wants. This is part of the reason that your Google search results suck nowadays.
I'm about ready to say just give up and ban all advertising outright.
I've already owned somebody's machine to the point where I can drop arbitrary files anywhere I want *and* run random programs. And a copy of node.exe is the problem????
If somebody has gotten that far into your machine, you are fully owned, period. It's not reasonable to expect an application to guard against that.
Well, yeah, because that's a bad idea and doesn't work. You need to be sure that the system that actually USES the XML is parsing it correctly, including doing complete validation on the syntax AND the structure AND the values parsed out of it. Oh, and Postel was wrong. The right aphorism would be "Be conservative in what you generate, and absolutely inflexible in what you accept". Any deviation from the expected protocol should automatically be a fatal error.
If you try to assure correctness with some kind of outboard filtering hack, you open yourself up to differences between the way the filter parses it and the way the actual application parses it (cf Sassaman, Patterson, Bratus, and Shubina: "The Halting Problems of Network Stack Insecurity"). AND you add attack surface; most of those "application firewalls" are full of dangerous security bugs themselves. AND you create an interdependency that makes upgrades dangerous or impossible. AND you complicate your network so you're more likely to make a fatal mistake.
A filter like that might work as a band-aid on a known bug while the application is being fixed, but in practice they're always expected to deal with ALL bugs, known and unknown. They're invariably used as an excuse never to fix the application, and in fact never to demand that the application be correct in the first place... as well as deterring routine updates of the application or its components, leading to ever-growing technical debt. Essentially no organization has the discipline to avoid this, and it predictably leads to failure.
If you let such a device into your network, you may avoid some immediate problems, but you're setting yourself up to lose really big at some unpredictable future time... in a way you won't be able to recover from because you've made everything overcomplicated, created too many dependencies, and let too many things deteriorate.
If you can't create an application that won't choke on bad XML, then you shouldn't use XML.
It may very well *be* a bug. But if it is, it's only a bug because Google's sites are *intentionally* getting some *other* special handling.
Google needs to be forced to divest Chrome and anything related to it, and Google's pressure on browsers like Firefox needs some government monitoring, too.
I shouldn't have to read the "upgrade notes", because nothing should ever change just because it's "refreshing". Incremental UX changes that actually make it easier to get things done are good. Sweeping changes that move some things around, completely lose others, add very little, and force people to waste time learning a new-but-not-better way, are not good.
I think it's time to give up on Mozilla and get support behind a new foundation with a better sense of priorities.
They started out as the browser that cared about you as a user and had your back. They've devolved into a browser that's more concerned with making pointless confusing UX changes to bring the program into line with some internal designer's personal taste (and these changes are NOTHING but matters of personal taste). They've bitten the bullet and made necessary internal architecture and engineering changes, but every time they've rolled out a major change they've concentrated on pointless fluff instead of making sure that imporant functionality kept working on the new base (looking at you, WebExtensions...).
The user's control over the browser has been nerfed a little more at every desktop release. Mobile never even caught up with desktop, and now it's taken a giant step backward.
Of course, it doesn't help that Google (their main funding source) is out there sabotaging anything actually user focused and pressuring Mozilla to help evolve the "Web platform" into something that Google (and other large companies) can better use to monetize your eyeballs. But Mozilla has not done a good job of resisting, often doesn't even seem to have figured out it's being manipulated, and has been outmaneuvered at every turn. Mozilla slurps up every stupid, layering-violating, misarchitected, unsecurable misfeature that Google (or even Apple) throws in the trough, and then suggests some more.