* Posts by Michael Wojcik

12132 publicly visible posts • joined 21 Dec 2007

Magic Leap's CFO and creative director quit, and it's not a harbinger of doom or anything

Michael Wojcik Silver badge

Re: "moved from being an IF company to a WHEN company "

Yes, even for a C-suite soundbite this one was particularly infelicitous.

I see ML moving from an IF company to a WHEN company to a WAS company. In the not-too-distant future.

Michael Wojcik Silver badge

Re: Sing after me ....... "Money makes <etc>

I have a money furnace under development. $10M or so would see me to a working product. Let's talk.

Second time lucky: Sweden drops Julian Assange rape investigation

Michael Wojcik Silver badge

Threshold for prosecution, not for conviction. Try reading for comprehension next time.

Boffins harnessed the brain power of mice to build AI models that can't be fooled

Michael Wojcik Silver badge

What's the errno value? EDAM?

(If the mouse escapes errno is set to EEEK.)

Physicists are rather giddy after creating a rare type of laser using laughing gas

Michael Wojcik Silver badge

Focused energy is the first step to anything besides undifferentiated heat.

In your face! US Senate mulls bipartisan federal law on police facial recognition use

Michael Wojcik Silver badge

Re: Clarity

It might take SCOTUS to clarify the exception, but lower courts can, and likely will, throw out evidence gathered in what the presiding judge considers a violation of the intent of the exception; and proceeds from that evidence, under the "fruit of the poison tree" doctrine.

Historically, the US (as part of its UK-derived common-law model) has let the courts refine the scope of exceptions such as "extenuating circumstances". It's very difficult to define these things in a productive way in legislation.

And, of course, there already exists substantial precedent regarding extenuating circumstances for other police activities that normally require warrants. It's not like this is a procedural vacuum.

Weird flex but OK... Motorola's comeback is a $1,500 Razr flip-phone with folding 6.2" screen

Michael Wojcik Silver badge

There is nowhere in the world where stimulation is spelled with a Z

I'm willing to bet I could find a US WWII-era comic book that would contradict that assertion. "Vhen ze machine ztimulates ze gem, all in range vill be destroyed! Ze Allies vill never know vhat hit zem!"

Michael Wojcik Silver badge

as a piece of design it was hard to beet

Indeed. I wonder when its like will turnip again. I suspect such design is not enough of a carrot to win the market; it's not easy to salsify consumers. It seems like Motorola is still approaching phone design rather gingerly. (I'm trying to stop, but they keep cumin.)

Michael Wojcik Silver badge

Re: Koenigsegg

It's the "banana" of auto marques.

Michael Wojcik Silver badge

Re: Want one

Not for my pockets, all of which are certainly broad and tall enough to accommodate any phone I've ever had. What's the advantage in having the phone project further from the body when it's pocketed?

Michael Wojcik Silver badge

Re: Want one

Coming in 2021: Motorola's Perfectly Spherical Phone.

That, at least, has the advantage of being more amenable to thought experiments.

Michael Wojcik Silver badge

Re: Want one

Indeed. Mine fits in my pocket just fine. I'm not seeing the advantage here.

Back in the day when decent ones were available on the gray market, I did prefer slider phones - but that was because they offered full mechanical keyboards.

A folding touchscreen is about as appealing to me as, say, edible furniture: it's not that I can't imagine use cases, it's just that they're extremely implausible, of very small incremental value, and likely to have bad failure modes.

I don't see this doing well. As a novelty, it's far too expensive, even if it proves reliable. Yes, there are some people willing to spend stupid amounts of money on a phone, but that market is limited. Making it a Verizon exclusive in the US won't help with that. On the other hand, it's not exclusive enough to be a Veblen good. It's conceivable some tastemaker will get it to go mainstream but I wouldn't bet on it.

NASA boffins tackle Nazi alien in space – with the help of Native American tribal elders

Michael Wojcik Silver badge

Re: The NAZIs used

Talk about overreacting...

Nothing has been banned. NASA didn't ask the IAU to approve the nickname they were using; they decided to go with another name.

My word, but some of you are sensitive.

Michael Wojcik Silver badge

The ADL are not "officials". The Swedish government is not the government of the USA.

Michael Wojcik Silver badge

Has anyone told Volvo?

Michael Wojcik Silver badge

I can't see why we should not use a name dating back to ancient Greek writers [continue usual whinge]

No one said "we" couldn't use the name. NASA decided in this case not to ask the IAU to approve the name "Ultima Thule" for this particular bit of rock. So fucking what?

Personally, I suspect they did it just to get a rise out of all the political-correctness-bugbear scaremongers on the Internet.

Just Docker room talk: Container upstart's enterprise wing sold to Mirantis, CEO out, Swarm support faces ax

Michael Wojcik Silver badge

Re: Good article here

The number of forks isn't particularly meaningful.

It is for the philosophers at the table.

Michael Wojcik Silver badge

Re: I see a fork in 3...2...1...

And then they'll change root.

Michael Wojcik Silver badge

Re: Argh! What now?

I think that containers will evolve to end up looking a lot like virtual machines. In a few years time, the extra hardware resources required for that won't really be a problem.

Some research suggests that for many workloads, VMs are just as resource-efficient as containers.

Back In The Day, IBM's VM was happily running dozens of virtual OS instances on S/370 systems with fewer resources than a smartphone. VMs can be very lightweight. Mostly the problem is bloated OS instances, and there are techniques such as the "library OS" model which fix that.

Michael Wojcik Silver badge

Re: No data goes through Google's systems when you use them?

What are you on about? Docker and Kubernetes can be used anywhere. They're not tied to Google-owned hardware.

Judge shoots down Trump admin's efforts to allow folks to post shoddy 3D printer gun blueprints online

Michael Wojcik Silver badge

Re: Why a 3D printed gun?

The thing about a 3d printed gun, or indeed any sort of gun, is that it's useless without ammunition.

Nonsense. You can wave it around threateningly, or throw it like they do in the movies, or plant it on someone to get them in trouble, trade it for a sandwich, use it to tenderize meat... The possibilities are endless.

Really, it's loading a gun that reduces the things it can safely be used for. I don't recommend it.

Michael Wojcik Silver badge

Re: Why a 3D printed gun?

people were shooting into houses in daylight

Happens all the time here in the US. We even have a term for those people: "police".

Michael Wojcik Silver badge

Re: Why a 3D printed gun?

I don't own a gun (but have in the past) and for the foreseeable future, won't own one either. But I understand some folks feel the need for self protection.

I don't currently own any guns myself, but my wife and I have been discussing getting a shotgun. At the Mountain Fastness, rabid skunks, feral dogs, and some other undesirable animals are all occasionally found in the area, and not long ago someone in the neighborhood had a bear rooting though their garbage.

Calling Animal Control is an option, of course; but they could take several hours to respond. A bear rooting through your trashcans may just mean a mess to clean up and some new trashcans. But if the bear decides there's food in your car - well, that doesn't turn out well for you. And sometimes bears break into houses. Happened a couple of years ago to a woman who lived in a cabin on the other side of the mountain. She happened to have a rifle to hand, and shot it dead in her front room. I doubt I'd be so successful, but in an emergency I might be able to discourage a bear with a couple of loads of shot.

Don't trust the Trusted Platform Module – it may leak your VPN server's private key (depending on your configuration)

Michael Wojcik Silver badge

Was that a hardware TPM, a firmware TPM bundled with the CPU and chipset, or a software emulated TPM? Windows, for example, may claim a "TPM" is present when it's just a software emulation.

In short, it may not be Dell that's doing this, and when they say a model doesn't include a TPM, they may mean it doesn't include a true hardware TPM. That's the only sort of TPM I'd bother using for my own purposes (and, yes, they're useful), so the distinction is relevant.

Michael Wojcik Silver badge

Re: Boffins

Hey - the folks from Whoopie Tech get to work in beautiful Worcester, Massachusetts. (Municipal motto: "Somewhat nicer than Lowell!")

In all seriousness, I agree that it's always good to see people doing the work. (This sort of thing is pretty fun work, in my book, but that doesn't make it less important.) But I don't know that salaries at Worcester Polytechnicl are "tiny", exactly; online sources differ, but it looks like professors average around $110K, which suggests full professors in particular earn a comfortable salary. Cost of housing around Worcester isn't great but isn't as bad as Boston.

Of course graduate students are basically on subsistence pay, even with assistantships and fellowships, but that's true for all US universities.

Michael Wojcik Silver badge

Re: Or right if you work for some intelligence agency

You're multiplying entities needlessly. It's difficult to do constant-time big-number arithmetic correctly, and the dangers of timing side attacks for ECC were not well-documented until relatively recently. Thus it's probable that most or all of these attacks are accidental.

While well-resourced actors are likely capable of subverting the TPM development process at various OEMs, and certainly wouldn't have any qualms about doing so, these are odd backdoors to choose. They'd be better off backdooring the CPRNG, which is undetectable if done correctly. (Or putting in backdoored ECC curves, except there are users who know to insist on using standard ones.)

And as long as those actors know existing implementations are flawed, there's no reason for them to intervene and risk discovery.

Don't miss this patch: Bad Intel drivers give hackers a backdoor to the Windows kernel

Michael Wojcik Silver badge

Re: One way

True, but that doesn't mean they're not also riddled with bugs that could be avoided or detected by better development practices, such as better coding standards, code reviews, and static code analysis.

Much of the driver source I've seen has ranged from poor to execrable.

Microsoft embraces California data privacy law – don't expect Google to follow suit

Michael Wojcik Silver badge

Re: Different Strategies

What we do expect is updates to be as reliable

And under the control of the system administrator, not the whims of Microsoft.

Uber CEO compares pedestrian death to murder of Saudi journalist, saying all should be forgiven

Michael Wojcik Silver badge

Re: But how many of us are still holding out against all of their apps?

I was never tempted to use any of their services even without reading the T&Cs. I am not a fan, or supporter, of the gig economy.

Hyphens of mass destruction: When a clumsy finger meant the end for hundreds of jobs

Michael Wojcik Silver badge

Re: SCO Unix

I don't know about that, jake. My wife and daughter are die-hard Mac fans, as were many of the academics I knew back in the day. I'm pretty sure I've heard each of them cussing out the machine once in a while.

Fact is, pretty much any non-trivial tool used often enough will eventually get on the user's nerves, deservedly or not. And fond though I am of UNIX,1 it certainly has its infelicities.

1Though not of MacOS. Whenever someone asks me to help them with something on a Mac, the first thing I do is open Terminal so I can use the OS the way God intended.

Michael Wojcik Silver badge

Re: One way to prevent accidents

[home][delete][enter]

Bah. Esc-0-x-Enter.

This religious war was brought to you by the letters V and I.

Is this paragraph from Trump or an AI bot? You decide, plus buy your own AI for $399

Michael Wojcik Silver badge

Re: Trump vs RoboTrump

Yes, the real problem is the abysmal signal-to-noise ratio for both sources.

Michael Wojcik Silver badge

Re: I thought that Donald 'I cheat at Golf' Trump

Actually - and while I am in no way a fan of our Village Idiot in Chief - Trump has appointed quite a few women to significant positions in his administration. He's fired a bunch of them too, of course; but then he's not been reluctant to do that to men either.

In any case, "a poor record on appointing women" is one criticism of the Orange Megalomaniac that probably isn't fair. Appointing competent, reasonable women ... well, again, it's not noticeably worse than his record with men.

If it sounds too good to be true, it most likely is: Nobody can decrypt the Dharma ransomware

Michael Wojcik Silver badge

Re: Really?

Physical implementations of General Quantum Computing machines have so far been a bit underwhelming. They may remain so for quite a while yet, though it's always possible we'll see significant improvements.

To the best of my knowledge, 21 is the largest integer yet factored1 using an implementation of Shor's algorithm on a true GQC machine with a program to factor arbitrary integers.

There have been larger numbers factored using Shor's and GQC, at least as great as 4088459, but those are integers of special form, where the factors differ by only a few bits.

There have been larger numbers factored using adiabatic quantum computing (AQC), as implemented by e.g. the D-Wave machine; but AQC has limited application and it's not clear that it offers any real advantage over classical computing, at least for most applications. I mean, if you want to predict how your spin glass will anneal, it could be pretty handy, but you're not using it to break someone's ECCDH key.

In any case, none of these demonstrations is about doing a better job of factoring a number than your six-year-old does. It's about showing that these very preliminary GQC and AQC machines can in fact be used to implement certain algorithms, even if only for trivial inputs.

1"factorized"? Ugh.

Michael Wojcik Silver badge

Yes, and perhaps they've captured a Magic Decryption Fairy.

Many people have looked at Dharma. Even people who can write competent English prose, which apparently is a skill not available at Fast Data Recovery. (What are they doing with the profits from their many successful recovery cases?)

It is much, much more likely that this is simply another iteration of the ransomware middleman scam.

Michael Wojcik Silver badge

Re: "Negotiating with the ransomware author"

They may be, or be affiliated with, the ransomware author; or they may be an independent third party. Both are viable business models. The former offers greater profit, but requires more work and entails greater risk. The latter has a much lower cost of entry.

What's that, Skippy? A sad-faced Microsoft engineer has arrived with an axe? Skippy?

Michael Wojcik Silver badge

Re: Edge on LINUX? *EW*

Oh, I'm entirely in favor of porting Edge to Linux. It means at least some MS developers on the Windows side of the house aren't engaged in actively making Windows even more annoying, which seems to be that division's current mission statement.

Michael Wojcik Silver badge

Re: Visual Studio != Visual Studio Code

I'm not looking at it because I hate IDEs. I've been using IDEs on everything from PCs to mainframes since the 1980s, and I've yet to see one that comes close to the power of a good set of dedicated tools running under a competent shell.

JFTR, I did take a look at VS Code. It's better than Original Formula Visual Studio, but that's a mighty low bar. I didn't care for it.

Congress to FCC: Where’s the damn report on mobile companies selling location data?

Michael Wojcik Silver badge

Re: He's being enabled

a very "independent" mindset where you only had yourself to rely on

American self-reliance is almost entirely a fantasy. The vast majority of that voting bloc exists only because of Homesteading and Reclamation (or Reclamation's rival vandals, the Army Corps of Engineers), and only enjoys modern conveniences because of other huge Federal projects such as rural electrification, communications subsidies, and Federal highway money. Then there are all the ranchers grazing cattle on Federal lands, the lumber industry using the vast network of roads built by the Forestry Service, and so on.

In some parts of agriculture it's a bit of a wash, since so many Federal subsidies go to big agribusiness rather than the smaller farmers who are often the staunchest Republican supporters. But that doesn't stop those small farmers from taking their subsidy checks, of course.

Michael Wojcik Silver badge

Re: "rural types come from a very "independent" mindset"

Regardless, most of the proudest "self-reliant" types are in fact very reliant on government assistance. Some of it's direct; most of it is indirect. But in either case it's bullshit.

Robotics mastermind admits: I pushed over my 1-year-old daughter to understand balance

Michael Wojcik Silver badge

It's valid research

There's a section in his Baby Meets World where Nicholas Day talks to some people who study toddler kinematics, mostly at a lab they've created for that purpose. They set up obstacle courses for toddlers over foam pits and observe the techniques the kids use to get through them. From Day's description it sounds like good fun for all, and it's apparently produced substantial research into how children learn to walk and balance.

Microsoft's phrase of the week was 'tech intensity' and, no, we're not sure what it means either

Michael Wojcik Silver badge

Re: Tech Intensity is nearly always 1

yet they still get a positive result!?

Not if you have zero adoption.

For that matter, if you regard them as having negative capability and have the right sort of negative trust, then intensity is purely imaginary.

It's also conceivable that "^" is the bitwise exclusive-OR operator, as in C. In that case, the only sensible interpretation of Nadella's equation is that it's an exercise in trivial obfuscation.

Sure, we made your Wi-Fi routers phone home with telemetry, says Ubiquiti. What of it?

Michael Wojcik Silver badge

Re: A lot of pissed-off people

Apparently FlashRouters will sell you a router with DD-WRT already installed. I've never used them myself, and have no idea what the quality of the hardware is.

I've been meaning to get a couple new routers with decent hardware (as far as I can determine from reviews) and put DD-WRT on them. That seems like a reasonable approach for tech folks who can afford the time. But the fact that I haven't gotten to it yet suggests I can't...

What do you get when you allegedly mix Wireshark, a gumshoe child molester, and a court PC? A judge facing hacking charges

Michael Wojcik Silver badge

Re: Jeez

The problem is that the person she hired subcontracted to a felon who had just allegedly violated the terms of his release. That's what got the police involved in the first place, and that's why the Judicial Qualifications Commission suspended her.

Of course, picking a fight with a DA - even if you're a judge - is problematic. Prosecutors in the US generally have way too much power and too little oversight. Though the same can generally be said of judges (many of whom don't even have legal training).

Michael Wojcik Silver badge

Re: "Her computer"?

Without help from (someone in) the IT department???

Certainly conceivable. It's not difficult. Parents put spyware on their kids' machines all the time. Abusers do it to spouses and other victims. It's trivial for someone to purchase spyware and get instructions on how to install it. There are plenty of vectors for non-privileged attackers to do so, such as social engineering and hardware keystroke loggers.

Or, if Schrader's suspicions are correct, Porter could have co-opted someone in the IT department. Or someone with the requisite skills to gain unauthorized access in the Gwinnett County Superior Court network, which I bet is not tremendously secure.

But conversely there's plenty of reason to be suspicious of the IT department in this situation, even if you have some reason to believe that they'd be at all useful in finding spyware in the first place.

Michael Wojcik Silver badge

Re: Nuance

I agree; but in a fight between a judge and a DA, you have to expect that legal weapons, however inappropriate, will be deployed.

It may be worth noting that according to various sources Schrader was suspended specifically for (indirectly) giving a felon access to the court IT system - not for letting someone run Wireshark. As I wrote in another post, I believe her real mistake was in employing Ward, who clearly wasn't sufficiently careful in choosing his subcontractors.

Michael Wojcik Silver badge

Or if one or more IT staff members were colluding with Porter. Some of the commentators here seem to have a peculiar belief in the trustworthiness, not to mention competence, of the IT staff at the Gwinnett County Superior Court.

Personally, I suspect asking the Gwinnett County IT to look for spyware on a machine is likely an exercise in futility. Just a guess based on my experience with IT departments of other public institutions.

Schrader's real error, in my opinion, was in hiring Ward, who apparently wasn't diligent or wise enough to avoid hiring Kramer. Kramer is the real source of the defendants' troubles here.

Michael Wojcik Silver badge

Re: Nuance

Even if the network is hub-based and the NICs were in promiscuous mode, I'd consider this a case of overhearing rather than spying. If the court's IT department can't secure their network properly, that's their fault, not the judge's or the investigators'.

Circa 2002, I moved house and got cable Internet service. I was investigating a problem with my work VPN and had done some tcpdump tracing on a machine connected directly to the cable modem. I was talking with a network engineer about some of the traffic I was seeing, and he got all bent out of shape: "You can't look at packets on my network!".

Well, as it happens, I can. If you don't want me to, don't send them to my device, buddy.

Fortunately that cable company went bankrupt and was bought by one that employed adults.

We're almost into the third decade of the 21st century and we're still grading security bugs out of 10 like kids. Why?

Michael Wojcik Silver badge

Re: The task sounds enormous

It is obvious the CVSS is not very valuable

Rubbish. CVSSv3 serves a number of important purposes:

- It encourages various judges (original researchers, PSRT members, secondary researchers investigating CVEs and patches) to examine vulnerabilities from a variety of angles and consider a number of important aspects.

- It provides a measure of consistency in describing and evaluating a number of critical attributes of vulnerabilities, and a shared and well-defined vocabulary for discussing those attributes.

- It provides a multidimensional rating mechanism that, while necessarily simplified, assists in triage and discussion with non-experts.

- It also constitutes an industry-standard representation of those things, so we can avoid duplication and miscommunication among different organizations.

- It gives us a machine-readable representation, amenable to various sorts of automatic processing.

Frankly, I'm rather dubious about the IT-security credentials of anyone who dismisses CVSS. Standardization is critical for industrial scaling and efficiency.

Michael Wojcik Silver badge

For any non-trivial task, if you rely exclusively on one tool you're almost certainly "doing it wrong". This is a facile observation and not a meaningful objection to CVSS.