Posts by Michael Wojcik

This is one of the better learned-helplessness anecdotes I've read in a while.

Re: The one feature

The last few times I flew, I could do that with the, um, plane itself. There was a screen in the back of the seat in front of me. The "entertainment" options on flights may not be great, or even good, but they're far more varied and convenient than what we had when I was younger — and we mostly managed to survive those. Why, sometimes fewer than 5% of the passengers perished from boredom, even on a long flight!

Even if I didn't VR utterly unappealing, I don't think I'd want to use it while in motion. That seems like it might be unsettling.

(I prefer to read on flights, myself.)

Believe it or not, it can be useful to just glance at your wrist to find out the current time

I believe this. My $20 Timex has this feature too. As do a couple of watches I bought for almost nothing at garage sales and the like.

and maybe how much time is left before sunset.

I can do that without a watch, to sufficient precision for any purpose I've ever cared about. It's called "experience".

There was a time when one could be a "functioning ... member of society" without being "contactable" every second of the day.

Oh, hey, that time is now.

Perhaps not so useless.

Part of the Logjam/WeakDH findings, for example, was that the widespread use of a handful of "weak" finite-field DH groups for TLS key exchange meant a large corpus of captured encrypted data was becoming accessible for targeted decryption. So there are real-world cases where improvements in attacks make some of that stored data available.

Similarly, the current plausible risk to encryption from QC is not real-time decryption of data in transit — that looks far too expensive even into the foreseeable future, even assuming we see major advancement in QEC and scaling. What does start to become feasible with such advancement is targeted decryption (of session keys encrypted with RSA, finite-field DH, and ECC DH) for specific previously-recorded messages deemed to be of particular interest. So the DHS decides it's interested in messages exchanged between parties X and Y around timestamp Z, the NSA pulls just those from the corpus, breaks the asymmetric keys (with this hypothetical big-enough-to-be-useful QC), gets the session key, and decrypts just those messages.

Or consider ROBOT/MARVIN: If you've sniffed a bunch of traffic that used a particular RSA pair for Kx, and then you find updated Bleichenbacher attacks work against the server and it's still using that same key pair, then you can derive the private key and go back and decrypt (the session keys for, and then the data of) those stored messages. And similarly for other improved attacks.

While bulk decryption of those vast corpora of data sniffed by various state agencies may well never be possible, targeted decryption just might be. There are still significant obstacles: QC isn't there yet (at least according to published research, and no, I don't believe the NSA or other agencies are that far ahead of the private sector), and while "attacks get better" is a general truism, it's not something you can count on in any specific case. But data hording has been useful to the spooks in the past, and will almost certainly be useful in the future.

Which is not to say I approve of it. I'm just noting the economics of the practice are not, from the governments' points of view, as irrational as you suggest.

Since when does registration/licensing improve a moving target like ethics?

While not perfect, it's been useful in medicine and law.

Re: Question is...

in the real world a lot of people are advert antagonistic and will actively avoid products that are forcefully advertised

In the real world, do you have any actual evidence for that claim?

I don't watch a lot of television, but when I do, most of the advertisements I see are for companies that seem to be doing just fine, thanks, such as McDonald's.

Re: Insanity ..... Doing the same thing over and over and expecting different results.

Are auditors like KPMG not complicit

Autonomy's auditors were tried and convicted.

In the acquisition, HPE executives refused to read KPMG's preliminary report, and Apotheker fired them before they could complete their final report. I don't see how they can be blamed for that.

It does seem like an opcode that would be invented, and used, specifically to "unpatchably obsoleteify" older hardware.

Population count is a fairly widely used primitive. Its history goes back decades.

I was wondering who these supposed Windows 11 enthusiasts were, and what sort of chemicals were in their drinking water.

I do have a Thinkpad that's more than a decade old. Don't remember what CPU it has, though, and it's at the other house so it's not convenient to check. It has Win7 on it, as I haven't gotten around to transferring everything off it onto my newer Thinkpad before wiping it and putting Linux on.

Newer Thinkpad has Win10 because I needed it for TurboTax, and while I don't mind running Windows under a VM, the Windows came preinstalled so I don't have installation media, etc; switching it to Linux and putting WIndows under a VM would take some time and care, and I just have better things to do. So Linux (SUSE or Kali, depending on what I'm doing) runs in a VirtualBox VM on it.

Re: Linux's moment

Well, "no one has used SSEx in any software ever" is clearly bullshit, for example. (I neither up- nor down-voted the post, or any of the replies.)

Re: Linux's moment

And GCC on x86 will generate SSE instructions for all sorts of things by default. You have to use --march=pentium4 if you don't want it to.

Re: Linux's moment

I don't recall hearing anyone say they had "a hard time with the ribbon". I recall plenty of people, including myself, saying they hated it: a significant UI change that broke a lot of keyboard accelerators, wasted screen real estate, and offered no real advantage in return.

Personally, I never use toolbars — using the mouse means taking my fingers off the home row, unless I have a proper (pointing-stick) device, and my work machines haven't had those in a long time (because IT insist on purchasing rubbish). The ribbon was just a way to make menus worse.

Re: "JetBrains' own developers are, well, developers"

Sure. Sometimes things need breaking changes to improve.

When Model T owners bought a new car with a control system more like the one that's essentially standard today, many of them were probably a bit put out. Here's a complex, dangerous system that requires a lot of operator attention and intervention, sometimes very quick intervention; changing how the controls work is obviously costly in various ways. But in the end most users apparently agreed it was for the best (or we wouldn't have a de facto standard arrangement today).

In many areas of IT we can identify cases where breaking changes are easy to justify, such as when dangerously insecure features that can't be fixed in their current form are radically altered or removed.

What's important is that the people deciding to make those changes have a legitimate, explicit justification for the change, and do a thorough and fair calculation of the cost and benefit to the users. That includes remembering, as Platt puts it in Why Software Sucks, that your users are not you.

Re: "JetBrains' own developers are, well, developers"

Aren't (at least a high proportion of) developers, particularly web devs, guilty of this themselves?

Yes, but — importantly — that's generally in software that they don't have to use themselves. Who cares what you do to your users? In JetBrains' case, it's developer tools we're talking about. They're shitting where they eat.

Re: It’s simple really

Are you currently at work? No

Physically? I work from home, so yes.

Oh, is "at work" a mental state? I think about problems at all hours, when they bubble up into my consciousness. I've dreamt the solutions to tricky problems (an experience I expect a number of Reg readers have had). And resolving those problems is essentially my job description. So, yes.

Are you currently being paid? No

Er, yes. I'm salaried. I'm being paid all the time.

Have you agreed to be contacted out of hours? No

I realize this is a difficult concept, but it's possible to make email non-interrupt-driven. Then it's only "contact[] out of hours" if you choose to poll it.

Hmm. Perhaps it's not simple. Really.

Re: That seems a little extreme

Good luck to any employee attempting to prove #3.

Re: That seems a little extreme

And this is precisely the fatal flaw of these laws. Either they prohibit contact outside of some parameters, which is detrimental to people who want flexibility; or they don't, and they're toothless.

Re: Oh no

For years I had my private number in my email signature (for internal email only). I think I might have received three or four work-related phone calls, total, over the several years it was there.

I answer a lot of technical questions in other media — email, newsgroups, chat, and even at-work voice and video calls. But on my personal phone? Almost never. Just not part of the corporate culture here, I guess.

Mileage varies, obviously.

Re: Flexi time

And here in the US (at least in all the states I've lived in), a driver's license has a picture of the holder, and you have to show up in person to have that taken. They're not going to let you upload a photo and take your word that it's you.

Similarly, doctors are often strangely stubborn about seeing people in person for things like routine examinations and treating injuries. Those pesky dentists won't let you just upload your teeth. The unenlightened courts have yet to let jurors Zoom in. GP's contention is prima facie stupid.

Re: Flexi time

Your taking time off during the day and willingly making it up outside of your 9-5 isn't the same thing at all, as presumably you can work without your boss's minute-by-minute supervision.

No, it's not at all the same thing. But how is the law going to draw that distinction? The "right to disconnect" laws I've seen so far all fail utterly to do so.

Personally, I think these are bad laws. They certainly would be for me. I work when I want to work, and I'm evaluated on the results, not on what hours I clock. Yes, that does mean that I have to be available for meetings and the like, so I can't work entirely arbitrary hours; but to a large extent I can do what I like.

I put in several hours last weekend, because I wanted to; there was a problem I was chasing, I'd done the work on the house that I wanted to get done, I'd spent some time reading for pleasure, and a bit of development seemed like a nice change of pace. The last thing I want is some idiot law restricting when I can work, or for that matter when my coworkers and managers can work.

Some people apparently have trouble understanding the concept of polling versus interrupts. That seems to include many politicians.

I point blank refuse to set up work email on my phone.

I do as well, but it has nothing to do with "disconnecting", because I read email if and when I want to. I won't allow any work documents or other privileged information on my personal devices, period, except for a TOTP application I'm required to use for 2FA. That's an exposure I don't need, and there's no way in hell I'm going to let corporate IT install Intune or some other "device management software" on a piece of equipment I own.

There's the company's stuff, and there's my stuff.

Re: What's next

Could those chips be used for something else than AI?

Forget "AI". It's a meaningless term.

The question is what operations those specialized processors are optimized for. There are useful things you can do with TensorFlow for computing close-to-optimal approximations of complex problems, for example. And tasks like automatic document classification and summarization have many applications.

Doing big matrix operations on low-precision matrices probably has other uses.

Zvi mentioned recently a study that showed LLMs are better than individual human lawyers at contract review. That's a good application. Contract review is tedious and largely repetitious, and having an LLM do at least the first pass frees up junior partners to do more useful things.

There will be uses for LLMs in the entertainment sector. Whether those are good uses is debatable,¹ but they're inevitable; it's just too easy and most of the audience doesn't care about quality and there's money to be made.

How much of a chip glut from the "AI" bubble could be absorbed ... now that's a more difficult question.

¹No. There, debated.

Re: I support him

Penrose says otherwise.

I'm not persuaded, but he has a physics Nobel, and I don't (the committee is so stingy with those things), so I have to update a bit in his favor.

(And he's not the only one.)

That said, everyone ought to believe they have free will. Either you do, in which case it's a correct belief; or you don't, in which case you have no choice about whether to believe in it or not, and all arguments are vacated.

Re: I support him

Yes. And also, Roko's Basilisk can apply to a great many systems that may not meet arbitrary definitions of "thinking". It's simply the application of a type of decision theory to a set of circumstances; the decision theory is formalized, and the circumstances can be.

Ducking behind dualist metaphysics is the refuge of people who don't have any actual theory of cognition and don't want to admit it.

CoPilot works like any LLM: token prediction. It has a high-dimensional parameter space containing a manifold shaped by the model weights, which were created by digesting a large training corpus. The session input thus far, or as much as will fit in the context window, effectively supplies a point in that space. (The tokenizer and transformer architecture act as a function that transforms that input vector in various important ways which I'm ignoring here.) From there it follows the gradient, with some pseudorandom jitter (the temperature parameter) to anneal it out of local basins.

So, yes, it's just fancy autocomplete. Fine-tuning attempts to make it "prefer" (be more likely to produce) "good" code, for some values of "prefer" and "good". Code-generating LLMs do have the advantage that you can tune them with reinforcement learning using mechanical judges — successful compilation, compiler diagnostics, static analysis, and so on.

But what CoPilot really does is provide coders with an excuse to not think. That's the value it's adding.

Yes. That reminds me — since updating to the latest MSVC runtime a few weeks ago, all of our projects get a compiler warning from one particular bit of braindamage in one of the MSVC standard C++ headers. How can Microsoft have missed that? Every damn build shows that warning. Apparently that team can't even manage to release a C++ library implementation that compiles cleanly.

that would suggest coding is analogous to "short algorithmic coding challenges"

And that a savings on coding results in an identical savings in programming, and that in an identical savings in software development. Which is patently untrue, since each successive category is significantly larger than the previous one.

(Anyone who can't figure out how "coding" is a considerably smaller subset of "programming", or "programming" versus "software development", needs to get the hell out of the industry.)

Very often it suggests exactly what you want to type in, which saves time.

If typing dominates your software development time, You're Doing It Wrong.

Moreover, there are a number of benefits to actually writing code, rather than waving your "AI" magic wand and letting it do the work:

* Better cognitive focus and attention to the code you're producing.

* Better retention of what the code does and is meant to do.

* The friction of actually writing code is an inducement to refactor and do things properly rather than just inserting boilerplate everywhere.

* Less or no risk (depending on whether you're consulting some other sort of source) of reading what's being handed to you, seeing what you expect instead of what's there, and sticking it in without catching the error.

Re: Did Copilot write the report

And this is the crux.

Writing more lines of code is not a good measure of productivity. Completing coding tasks faster is not a good measure of productivity. Those miss at least two critical metrics: the quality of the software in practice over the long term (including ease of maintenance), and the development of both programming and domain knowledge among developers.

Results on the former, when using LLM assistants, are mixed at best. I haven't seen any methodologically-sound studies on the latter, but my estimate is still strongly that using LLM assistants badly impairs it.

From the article: One study from Microsoft, which now owns GitHub, found coding with an AI assistant improved productivity by more than 55 percent. But what's that study's definition of productivity? Recruited software developers were asked to implement an HTTP server in JavaScript as quickly as possible. That's a rubbish task. Any version of HTTP after HTTP/1.0 is complex and difficult to implement correctly, since a correct implementation has to conform to the standards. Implementing it quickly is not grounds for praise.

Producing lines of code quickly is not good coding. Coding is not the whole of programming. Programming is not the whole of software development.

Chasing "AI" assistants like this is a race to the bottom, a process of creating fungible, know-nothing "coders" who don't understand what they're doing.