Posts by Michael Wojcik

Re: Billion dollar unicorn?

Or to put it another way: If readily-available machines are doing all the work, where's the moat?

Currently the answer seems to be "prompt engineering", but the size of that moat is directly proportional to the amount of work you put into it. There's no evidence yet to believe with any decent probability that there are "genius" or "extraordinarily creative" prompt writers. So if Hypothetical Single-Person Unicorn Inc is making a large profit, then Hypothetical Small-Team Unicorn Inc can just put a handful of people on prompt creation until they achieve a similar product, as you suggest. You'd need a prompt writer (or other form of AI wrangler) who's several orders of magnitude better than the average to have any sort of decent defense against near-instantaneous competition.

In industrial capitalism, there are four main forms of defense against competition: having more capital (and high capital costs as a barrier to entry); intellectual property; marketing and brand lock-in (so the market gravitates toward your product not out of intrinsic value over competition but for external reasons); and "market distortions" such as regulations and tariffs. AI's supposed promise is to destroy the first and largely destroy the second. The fourth is very difficult to apply against similar AI-based competition, because it's hard for the law to distinguish between you and your competitors and because the law moves slowly. That leaves only marketing and lock-in, and a deluge of cheaply-produced content will swamp marketing in noise.

Oh, many people have answers. Whether they're good answers is another question, but you can find plenty of links to pieces speculating about how a post-AI, post-AGI, or post-ASI economy would look like in, say, the LessWrong archives. Believe me, these topics are fiercely and extensively debated in some quarters.

There are plenty of people who claim that a post-AI economy will have so much surplus value that it'll be relatively trivial to distribute it among people who lose their jobs, in an extremely vague macroeconomic "rising tide" way with little in the way of specifics. That's generally the line that corporate AI boosters from Microsoft et alia take. Then there are the e/acc types who think we'll rapidly end up in a post-AGI and post-scarcity economy where there will be more surplus value than we know what to do with, and everyone will live in luxury courtesy of our AI overlords.

Post-ASI the economy is all paperclips, so no need to worry about it; no one will live to experience it anyway.

Some others, of course, are dubious about how much value will be produced, and/or about how it will be distributed, and/or about how well things will work out in general. Many of these are the same Debbie Downers who didn't think cryptocurrency was a great idea, or aren't sold on the obvious enormous benefits of the Internet of Things, or don't believe in the wonders of self-driving cars.

Re: NDAs

the complainant has to balance an NDA based payout and justice for themselves against a different payout, smaller or bigger, or nothing at all while holding to a principle of justice for all

And the psychological cost of enduring a trial, which for most people is considerable, while for most corporations is negligible.

Someone I know well took a settlement for precisely this reason. The case was nearly certain to go the plaintiff's way, but it just didn't seem worth the stress when the settlement being offered was decent.

Re: I have done the air-con shuffle in the past!

Celsius is for children. Adults use Kelvin. (The mad use Rankine.)

Usually there's a pop-up banner that notes the post is flagged for moderation, but it disappears pretty quickly. So, yes, if you were expecting to see your post and don't, it's a good idea to have a quick look at "My Posts". (That is, click the "My Posts" link. It's always a good idea to read my posts, of course, but carefully and with a quiet sense of awe, rather than quickly.)

Re: You know there's another key

Exactly. Hotel rooms are secure against casual attempts to gain entrance, at best. That's all they're designed for.

That doesn't mean we should ignore exploits like these — at the very least, they tell us something useful about the vendors (i.e. their secure-development practices suck). And publicizing this sort of thing will somewhat increase the pool of potential attackers; not everyone wants to social-engineer access to a room, or lift a keycard from a staff member, or what have you. But the actual delta in security for a typical hotel guest is fairly small.

Re: Know your customer

Honestly, I've heard more than one person say it's because they can drink more of it, since it contains relatively little alcohol.

(I don't drink beer myself, so I have no personal experience in the area. If I did, though, I doubt I'd drink Bud Light, because water is cheaper.)

Re: Grot

Sure. You just need to check the output using your Linear A dictionary and grammar.

I'd lend you mine, but they're on loan to a friend in an alternate universe.

Re: A 404 is better than...

Yes. 404 exists for a reason. Don't show me some crap instead.

Personally, I've always found the "comical" 404 pages a bit annoying, too. I don't need anything more than a text/plain "not found". If you have something useful to add, such as an email address for the site admin, then I'll allow HTML (only). But to each his own.

Re: Train 404

I'm pretty sure someone at Microsoft thought that was an architectural specification when they were building Sharepoint.

Slightly related: I recently discovered a book of essays by Jerome K. Jerome in Project Gutenberg, and it's a good read as well. He also wrote a sequel to Three Men in a Boat called Three Men on the Bummel about a bike ride through Germany which is even more Top Gear-ish, and ends with a fascinating pre-war chapter on the German character; I wonder if JKJ reflected on it when he was an ambulance driver in France during WWI.

Re: It's in octal

Look them up? You don't have local copies? RFC 9110 and 9112, for HTTP/1.1. (HTTP/2 and later can go die, as far as Poul Henning-Kamp and I are concerned.)

The concept of the first digit of an ASCII 3-digit result code indicating the result category is older than HTTP, of course. FTP did that, and it may well not have been first. It's a Good Idea.

So there are only four errors that "come before" 404; there are no HTTP response codes < 100, the 100 series is for pre-responses (notably 100 Continue), the 200 series is for success, the 300 series is for redirection. It's sensible that 400 (Bad Request) and 401 (Unauthorized) come first, even if 401 should be called Unauthenticated (because authz and authn are different things, damn it). 402 (Payment Required) is an aberration and should never have existed, but you'll have to take that up with TBL. 403 (Forbidden) is the one that actually typically means "unauthorized", and again it makes sense to have it come before 404.

There's also the "even more 404" result code, 410 (Gone). You don't see that one very often. And the tragic case of 418 of blessed memory. And 419 and 420, and 423-425, which are just ... not found.

Re: Outlook/Exchange ?

Yes, I'm the one that mentions CAD because our office runs CAD software, (3) 3D printers and (1) 3D milling machine. All but one run on Windows, exclusively. I'm the photographer / graphic designer of the outfit, so I use the Adobe suite - again, Win/macOS only.

Here's a tip: Your situation is not universal.

Re: Outlook/Exchange ?

My, this story has brought out the hard-of-thinking.

GP's post said explicitly to use a VM-hosted Windows for required applications that are only available on Windows. Linux would still be used on end-user machines for all other applications, including the ones most users use for the vast majority of their work: browser, email, "office" suite, virtual meetings, etc.

Re: Outlook/Exchange ?

The Outlook PWA (Outlook Web Access or whatever they're calling it now) is fucking horrible. Absolutely abysmal usability. I've had to use it on several occasions due to hardware failures on my primary machine, and it's just dreadful. It makes desktop Outlook seem ... well, not as bad.

It also lacks the Journal feature of desktop Outlook. While Microsoft have largely abandoned that, it's still present, and it's useful for time- and activity-tracking.

And it orphans the quite large historical archives of email in PST files that some users have.

Re: Ancient Joke

Damn it, now I have the image of an anime character yelling "Supply Chain Attack!"¹ before unleashing his formidable Solar Wind² power stuck in my head.

¹サパーライー・チェーイン・アタックー!!

²ソーラー・イーンドー!

Actually I think Ivanti has only been a "security software" firm since 2013, when LANDESK acquired Shavlik. Though I guess a decade counts as "long-time" in this industry. And LANDESK has been around in one form or another since the mid-1980s, so the corporate culture really ought to have had time to optimize a bit toward safer software.

(Yeah, glass houses. I know. I am reminded daily.)

Re: They still have customers?

A good point. Most of the VPN appliance products seem to regularly rack up CVEs. Remember that fun Fortinet ssh backdoor back in 2016?

VPNs are part of defense in depth, but you want a lot of depth.

Re: They still have customers?

Might be a more attractive target than Ivanti Secure Access, though.

Re: Bollocks

My immediate and second managers actually perform quite a few useful functions for me, such as cross-team coordination, mediating disputes, putting pressure on unresponsive corporate functions (hello, IT!), and perhaps most importantly running interference on time-wasting distractions.

YMMV, of course. And I don't work for IBM — haven't since 1991. I suspect that Krishna could be replaced with an LLM without much impact. Or even with a state machine that loops through Lay off workers -> Big up new technology -> Buy back stock until there's nothing left.

Re: Good luck

It's entirely possible that demand will rise if they start charging. Years ago when I was on the board of a non-profit, someone claimed that charging a small amount for a service that we could provide for free gave it credibility in potential users' eyes, and they'd be more likely to use it. That seemed to be subsequently borne out by experience.

In essence, charging money for something can be a form of value signaling to the market. It's sort of the small-scale version of a Veblen good.

Re: AI - No thanks!

Exactly. "Premium" is just another word for "opt in". And "haha fuck no" is another phrase for "no thanks".

Still so very, very dull.

Re: geniuses everywhere you look

Exactly. And don't forget the real Woods ended up in a psychiatric facility, and the court decided he was actually Keirans. At that point, as far as creditors are concerned, the trail's gone cold. Fake-Woods has effectively been declared a victim of identity theft by the court, so going after him is a non-starter. Real-Woods has been declared unfit for trial, and is incarcerated, institutionalized, and then homeless; you're not getting $130K from him either. There might be another Fake-Woods out there, but you have no leads.

And, of course, that debt has probably all been sold off to collectors at pennies on the dollar. Collectors write off debt as soon as it looks like it'll be any trouble to collect it. They only need a small percentage of total purchased debts to be collectable to make a profit.

Re: Why did he do it ?

It's possible. I'm inclined to think he just fell into a psychological trap. He stole Woods' identity and used it a few times, and that worked well for him. Then it became easier to remain "Woods" than return to his real identity or steal another, and with every day it was harder and harder to contemplate what would be necessary to unwind the deception.

I might speculate that if something had gone badly for him — if his wife hadn't agreed to marry him, if he'd lost his sysadmin job — that he might well have pulled up stakes, abandoned the Woods identity, and started over again somewhere else. But he fell into a rut. And then when the real Woods tried to get the situation corrected, Keirans had to double down, and probably couldn't face the idea of ever getting out.

That's why he folded when the detective presented him with DNA evidence. It was an excuse to just give it all up. Keirans likely expects to spend the rest of his life in jail; the idea of starting over might be unbearable for him at this point. In using Woods' identity for so long he effectively destroyed his own.

If he hadn't been so thoroughly horrible and done so much damage I could almost feel just a little bit sorry for him.

Re: Why did he do it ?

Axe is still not sharp.

It might still be interesting to know what various authorities have proclaimed about this sort of case over the years, if only as a matter of cultural history.

According to one source, the Roman Catholic Church may annul a marriage even if there are children and even if the respondent doesn't agree to it. Of course a church annulment deals only with the Church's view of the marriage — it has no civil force. But potentially in a case like this one, the Church tribunal could agree to annul the marriage, which means that as far as the Church is concerned, there was never a sacrament of marriage, whatever civil arrangement may exist or have existed.

For the Roman Catholic Church, divorce is a purely civil matter they take no stand on. The Church says that if you get married in whatever fashion, you're married unless and until your spouse dies or the marriage is annulled. Whether you get divorced is irrelevant to them.

So going back to the OP's question: At least one fairly prominent religious authority doesn't give a rat's whether you get divorced. What they're interested in is annulment, and in a case like this it seems likely the tribunal would at least consider the offended spouse's petition.

Also note this would not change the legitimacy of any children of the marriage, in the Church's view, contra at least one post upthread. (Nor would it have any civil effect on legitimacy, unless the controlling civil authority for some reason 1) had a legal concept of legitimate birth, and 2) tied it to the sacrament of marriage for some reason.)

Be kind of hard to get her to marry you if you say "oh, the name I told you when we met, I was lying".

Probably true. It's still wildly fucked up, of course; but it's often the case that someone who maintains a lie for a prolonged period eventually comes to feel there's no way out of it. The mind has to cope with the stress of maintaining that deception, and convincing yourself that you have no choice is one way to do so. Kierans damaged many people, probably including himself, in this decades-long charade.

The whole thing is really quite awful, for Woods and for Kierans' family. (I note the article doesn't say whether he was still married when he was found out, but it'd be pretty terrible for his (former or current) spouse and child in either case.)

Re: "Fresh blood shouldn't be expected to 'enter the workforce' at senior research levels"

for anyone other than a newbie to attain those levels, they must already be in a lesser existing post

Also not true, at the universities I've been associated with. Senior hires are not uncommon.

Re: Retiremant Age

I don't know about Cambridge, but at every university I attended or worked at, the situation was far more complicated than that. Departments certainly could get additional lines, if they could justify them.

Re: Ten years ago...

Sigh.

The changes wrought by Trustworthy Computing were considerable. Microsoft developed an in-house team of software security experts — people such as Howard and LeBlanc — and gave them the authority to establish and enforce security policies and practices. Most feature development was largely paused for a time while developers were educated, tooling was developed or acquired, development procedures were updated, bugs were fixed, and security features were implemented. The result was a huge improvement in security, despite internal (developers, product managers, sales and marketing) and external (whinging users) resistance.

Of course, they were starting from terribly far back, with an enormous code base (much of it ancient and awful) and a huge attack surface, not to mention the legacy of terrible design failures. And attackers got better, quickly.

And now, of course, after a couple of decades, we see that (thanks in no small part to the leadership of SatNad) they've regressed badly. This time it's not the CEO writing the memo, it's an outside agency, because the exec team are no longer interested in actually critiquing their own firm. It's sad to reflect that in some ways Bill Gates was by far the best leader Microsoft ever had.

But pretending that nothing ever changed at Microsoft is historically naive, and, worse, implicitly endorses the idea that nothing can ever change. It's cynical passivity, and it's one of the great failings of the software industry, an excuse not to try to make anything better.

Re: Deliberate or not

I doubt any of them will "get off scot-free". We'll have to see, of course, but that seems like a very hard deal for a judge to swallow.

Re: denied deliberately committing crimes

Or even simply to remember that something which sounds too good to be true probably is.

Occasionally someone stumbles on a new financial wheeze which is legal, unexploited by others, and highly profitable. The Economist had a nice retrospective on several such some years (probably decades) back. But they're rare, because there are always many relatively bright and informed players looking for them. And while the Efficient Market Hypothesis has about as much predictive power as Groundhog Day, financial markets rarely miss a big opportunity to actually make money. When they misprice investments, it's usually slightly too low or very much too high.

So when you come across an investment which is claiming huge probable returns, assume either the probable return is grossly overestimated, or some cost has not been factored in. Such as the cost of going to prison for a long time.

Re: AI bubble or bump in the road?

we've seen what has emerged, some very useful tech

Oh yes? I'm struggling to think of an example of genuinely useful technology that emerged from the dot-com bubble.

We had online shopping, information, and mass communication before the bubble. What emerged during the bubble (roughly 1996-2000)? Javascript slightly predates the bubble, but suppose we agree to blame the bubble for its ascent — well, there's a tech plague we could all do without. AJAX / SPAs / RIAs (started in 1999¹): Again, I wouldn't call that "useful"; terrible idea which continues to haunt us seems more appropriate.

A handful of bubble sites outlived the bubble and continue to prosper, and some people find some value in them: eBay is one, and Priceline (which bought Booking.com some time after the bubble) is another. I'm not sure those really constitute "tech", but I suppose you could argue they're economic technologies, or at least the realization of economic technologies on a large scale. So, yeah, the bubble gave us those. Woo.

The bubble did push SSL/TLS to evolve (TLSv1.0 came out in 1999), which is overall good, even if TLS was a dreadful mess until 1.3 (TLSv1.3 is only a disturbing mess, having been downgraded from "dreadful"). PKIX remained ghastly until CT (2013) and gradual improvements in the CA/BF Basic Requirements improved it to merely awful. JSON was 2006, as was OAuth (and OAuth/OIDC is also pretty terrible).

¹That's when Garrett coined the term "AJAX". It's worth noting, though, that the idea didn't catch on, despite Microsoft's efforts with Active Desktop, until after Google launched Gmail in 2004, well after the bubble.