* Posts by Michael Wojcik

12132 publicly visible posts • joined 21 Dec 2007

EV battery can reach full charge in 'less than 10 minutes'

Michael Wojcik Silver badge

Re: 1000 Charges

Yes, on a long trip, that's exactly what I want to do – cut my range by 20%. The future is looking bright indeed.

Now, if someone would sell a sensible hybrid with just an electric powertrain and onboard ICE generation rather than a ton of batteries, and it didn't have a fucking touchscreen and it didn't phone back to the manufacturer, I might be interested.

Michael Wojcik Silver badge

No doubt we can rely on all charging-station operators to keep their equipment well-maintained, and for that equipment to be tamper-proof.

It's not like there have ever been cases of, say, gasoline-hose connections coming apart. Oh, wait.

Michael Wojcik Silver badge

Re: Full charge in 10 minutes?

Bah. Piezoelectric tires are where it's at.

Michael Wojcik Silver badge

Re: Full charge in 10 minutes?

The EV is different because my ICE vehicle can do more than 400 miles on a single refueling, and the refueling infrastructure is already mature and widely deployed. And refueling the ICE takes only a few minutes.

Until EVs catch up to that, ICE will have that advantage for long trips on rural routes. Your continual protestations that such a use case is irrelevant are as empty as your other unsupported arguments.

Michael Wojcik Silver badge

Re: Full charge in 10 minutes?

A limited-distance spare battery wouldn't help me much, either. When I'm doing local errands, a regular EV would probably work fine (though you need decent ground clearance for our private road and many others in the area, and in the winter AWD is often helpful, if not usually strictly necessary, so those limit my choices).

But I routinely make a trip that's 640 miles / 1025 km each way, much of it through essentially uninhabited areas. It will be a long time before charging stations are available on that route, and I'm not keen to add 90 minutes or more to my travel time, so charging (or battery swap) would have to be fast.

Also, my vehicles aren't garaged, so those packs would have to withstand large daily temperature swings, with highs well above 100° F / 40° C (in the battery compartment, sitting inside the vehicle that's sitting in the sun) and lows below 0° F / -20° C (not on the same day, of course, but those are the seasonal extremes).

I'm glad to see continuing improvement in battery technologies, and some day I expect we'll be using photovoltaic plus one of these home battery packs for a bunch of our domestic use. But EVs don't look like they'll be practical for me for a long time yet.

And in any case I don't ever want another new car. New cars are horrible these days, with their ghastly touchscreens and built-in spyware and the rest. It's used from here on out.

Travis CI exposes free-tier users' secrets – new claim

Michael Wojcik Silver badge

Re: The Cloud...

Could you people find a new axe to grind?

This is not about "the cloud". It's about crap software with crap security, which remains crap regardless of where it's running.

Indian government signals changes to infosec rules after industry consultation

Michael Wojcik Silver badge

Re: "the six-hour reporting requirement that India insists is a global standard"

This is starting to feel like those US idiots who tried to legislate that PI was 3.14.

Except that never happened, whereas India's daft reporting rules at the moment have the force of law.

You're misrepresenting a misrepresentation, though admittedly of what was a pretty stupid bill attempting to endorse an invalid "solution" to squaring the circle. Later analyses of the bill (House Bill #246) revealed it endorsed between three and six values for π, depending on how you interpret the mess.

Fortunately the bill was eventually tabled by the Committee on Temperance (why them? who knows?) after the first reading when Purdue's Professor Waldo happened by and scoffed at it.

(Not sure why you're writing π as "PI" in block capitals either; it's not an acronym.)

Michael Wojcik Silver badge

Re: y tho

Because this is all about surveillance and control, and not about IT security. And because the new rules were created by people with minimal domain expertise.

Woman accused of killing boyfriend after tracking him down with Apple AirTag

Michael Wojcik Silver badge

But Apple's Find My network increases the stalking capabilities of the AirTag. There's plenty of discussion and research in this area by security researchers.

Meta slammed with eight lawsuits claiming social media hurts kids

Michael Wojcik Silver badge

Re: True AI - nobody sees it for what it is

That's why I use merchant-locked, charge-restricted virtual credit cards, except for the rare site where they're disallowed by the provider (privacy.com) or not accepted by the merchant (in which case I'll usually forego the purchase, because why bother with incompetence?).

And, no, I don't let the browser remember them. For one thing, there's a different "card" for every merchant.

Before that, I always entered my details manually. This Nate service sounds like the ultimate Lazy Rich People's product (aside from disabled users, for whom I'd think browser auto-fill would probably be nearly as good). Honestly, online shopping is already a tiny fraction of the work that real-world shopping is.

AWS says it will cloudify your mainframe workloads

Michael Wojcik Silver badge

Re: One wonders if these geniuses ...

Many applications don't need the full capabilities of the mainframe. Many are bound to user workflows with external dependencies and transaction rates are orders of magnitude below what contemporary Windows, Linux, and UNIX systems can comfortably support. Others are report jobs that similarly run comfortably on non-mainframe systems. That's why thousands have been migrated already.

I have no idea how AWS Mainframe Migration will fare; the doors have just opened for business. But on-premises Enterprise Server has been used in production for more than 20 years.

The proof of the pudding is in the eating, and we have plenty of customers happily eating it, year after year.

Michael Wojcik Silver badge

"Micro Focus". Two words. Your opinion might be more persuasive if you could get the basic details right.

We've had plenty of success at migrations, thanks. Published figures and success stories are available on the website. The first successful production migration was over two decades ago and they continue to stack up.

Dell unveils new XPS 13 devices with Alder Lake CPUs

Michael Wojcik Silver badge

Not a fan

I can't think of a single Apple design idea in their laptop range which I appreciate seeing in non-Apple laptops. Shiny, slippery case surfaces instead of matte, grippy ones: stupid. Horrible chiclet keyboards instead of decent ones: awful. Getting rid of useful devices and ports in favor of some idiotic quest for thinness: just mind-bogglingly stupid and awful.

I've always been impressed at Dell's ability to make abysmal design decisions on their own, for every single Dell machine I've used. Kind of sad to see them just following the abysmal-design leader.

Michael Wojcik Silver badge

I suppose what's actually meant is "previous size divided by 1.8", but it's an impressively terrible use of the English language.

Symantec: More malware operators moving in to exploit Follina

Michael Wojcik Silver badge

Re: "a specially crafted Word document"

Proofpoint recently reported that in organizations they monitor, a majority of phishing messages that make it to end users were coming from compromised vendors and partners. So in many cases it will be people opening attachments from emails which came from the accounts of people they do know.

You could argue the real problem is MIME (I have never liked MIME), but realistically if we didn't have MIME we'd probably be doing something else equally dangerous.

The real real problem, of course, is MS Office.

IETF publishes HTTP/3 RFC to take the web from TCP to UDP

Michael Wojcik Silver badge

It's a poor user experience under these assumptions:

1. Your stuff is horrible RIAs / SPAs that continually chat with the server.

2. Your stuff is crammed full of pointless crap.

3. Your stuff is more important than anyone else's stuff.

So from Google's point of view, yeah, it's all about the user experience.

Essentially, when Microsoft invented XHR, and then Google adopted it and convinced everyone to use it (with the help of web designers), that pretty much killed any hope of reasonable use of HTTP. Thus we lost a fairly decent protocol for document download with a modicum of interactivity (HTTP/1.1) in favor of ever-more-complicated and arcane solutions to the problems created by tech giants.

Michael Wojcik Silver badge

Re: TCP needs a few back-and-forths

Eventually, all distributed-application developers reinvent TCP over UDP.

And all well-funded organizations with network-sensitive revenue streams push mechanisms for breaking network fairness through standards bodies.

Michael Wojcik Silver badge

Re: TCP needs a few back-and-forths

HTTP persistence is unrelated to TCP keepalive.

HTTP persistence (which was non-standard for HTTP/1.0, and enabled by default for HTTP/1.1) lets the TCP conversation remain open after the server completes the response, avoiding the need to establish a new conversation. It also permits pipelining (sending multiple requests without waiting for the responses) and expectations (preliminary responses), though clients generally avoided pipelining since servers might not support it, and expectations probably caused as much trouble as they relieved.

TCP keepalive periodically tests a connection. Per the Host Requirements RFCs, the defaults for keepalive are so large that it's irrelevant for the vast majority of HTTP use anyway. And TCP itself deals with dropped connections just fine; keepalive was really for dealing with FPL (distributed systems *must* eventually time out non-responsive nodes) and keeping transient IP transport links such as SLIP up.

No, OpenAI's image-making DALL·E 2 doesn't understand some secret language

Michael Wojcik Silver badge

It might be more precise to say we know why in general, but not specifically.

Deep-learning architectures are a stack of neural nets, and typically most of the discrimination is done by convolutional layers. Convolutions are good for detecting signals probabilistically: they try to maximize the area of the intersection between the incoming signal and a reference signal.

If you stack a lot of convolutions and you don't provide the equivalent of a null hypothesis in your training – a bucket that the model can dump low-probability inputs into – then even a weak signal will be "recognized" as something from the training.

Basically, the input runs through the stack and has to end up in some category. DALL-E I think (can't be bothered to look it up) is a transformer architecture, so it's all based on attention, which gives it a certain amount of "memory" or context. So the context in which the nonsense words appear will affect what categories get chosen.

In short, what's happening here isn't surprising, and in fact is precisely what you'd expect from a large transformer DL model. And it is a fine example of an inexplicable model, as you suggested. This is a big problem for the deployment of DL architectures, as many researchers have discussed at length.

Note that there are other approaches to ML and "AI" (insofar as "AI" means anything) that are explicable or at least more transparent. Deep-stack ANN architectures like DL are particularly resistant to explication and other types of analysis.

Michael Wojcik Silver badge

Re: AI libel

Also, this is the US, where the bar for libel is considerably higher than in many other countries. And not just because of the First Amendment.

(Personally, I think this is a Good Thing, but this probably isn't the place to debate that.)

Michael Wojcik Silver badge

Re: A dog

If you let it bite someone, you are responsible.

As a question of morality, or of law?

Not sure why there is even a debate about this

Perhaps because pat slogans don't generally resolve complex questions to everyone's satisfaction.

To cut off all nearby phones with these Chinese chips, this is the bug to exploit

Michael Wojcik Silver badge

Re: Google will roll out this fix in its upcoming Android Security bulletin

I have a Moto G8 Power, which was released a bit more than 2 years ago. (It has a Qualcomm chipset, so isn't vulnerable to this particular attack -- not that it would rank very high in my threat model anyway.) Its last software update was February. This is a phone I bought outright on the grey market; I use an MVNO carrier.

Again, two years isn't very old. Just noting that it's hard to predict which devices will and won't receive updates.

Police lab wants your happy childhood pictures to train AI to detect child abuse

Michael Wojcik Silver badge

Ah, another inexplicable deep convolutional stack

We already have plenty of problems with the "deep learning" approach of building tall stacks of mostly-convolutional network layers, as Reg readers and scribes are well aware. In addition to the ones mentioned in the article there are issues such as overfitting and selecting proxy attributes that turn out to be falsely correlated with the desired attributes. Crowdsourcing a dataset is very problematic, particularly if you don't have the resources to curate it and improve its quality. For something like this I don't know that any possible attackers would bother, but it's technically possible to submit enough altered images to introduce a backdoor bias in the model.

Besides the technical issues, the general problem of inexplicable models becomes much worse in practice when we're trying to create a discriminator for an attribute where reasonable human judges can disagree. Delegating a choice to a black-box algorithm when the metrics aren't even clear to human experts is a huge moral hazard, because we substitute an oracle of unknown value for a hard problem. The temptation to simply trust the oracle is huge and we see it already in action in many domains, such as the sentencing of convicts.

I have to disagree with those who think it's "worth trying". The risks are significant and likely unavoidable if the system is ever used, and the benefit is likely to be minuscule due to the extremely low positive predictive value, very high N, and cost of confirmation. This is precisely the sort of thing which isn't worth trying because it's almost certain to do more harm than good, if it accomplishes anything at all.

Michael Wojcik Silver badge

What sort of situation, now?

an exploitative, unsafe situation

Such as having childhood pictures added to a ML training set, for example.

Michael Wojcik Silver badge

Re: Efficiency?

What if the child is playing with a gun in the bath?

Michael Wojcik Silver badge

Re: Might be worth a shot ...

Likely a combination of genetics and perfectly reasonable differences in environment and development. Child brains are very neuroplastic; anthropologists who study child development have documented an enormous range of which competencies are developed to what extent and in what order by a given age. So some children will develop emotional filtering and negative (dampening) feedback strategies much earlier than others, who will develop other skills first and for a while be more emotionally volatile.

Completely normal, and as the prefrontal cortex continues to develop they'll generally even out. Not everyone does, of course; it's a complex system and no one's perfect, and some people are neurologically predisposed to mood swings even if they don't have actual bipolar syndrome. And, of course, many are legitimately bipolar or stimulation-seeking or depressive or what not.

Michael Wojcik Silver badge

Upvoted on general principle, however: while I know nothing about Human Subjects Research in Australia, in the US, no accredited university's IRB would let a project this proceed without consent from every subject whose photos are used. (Using an existing dataset that's already been cleared is a different story.)

The next time your program is 'not responding,' (do not) try these steps

Michael Wojcik Silver badge

Re: Cynical

How to completely and permanently solve issue XYZ

1. Uninstall software.

2. Do not reinstall software. Find something better to do with your time.

BSA kicks multiple holes in India's infosec reporting rules

Michael Wojcik Silver badge

The B stands for...

The Software Alliance is the renamed Business Software Association, and its formal brand is now "BSA | The Software Alliance". Like, the B doesn't stand for anything at all.

I suggest we reconn it to stand for "Beta", which nicely describes both the Association and the Software for which it stands.

I also suggest we write it as βSA, just to annoy their marketing people. (I know, that's a lowercase beta, but the uppercase one only works as a joke if you check the encoding. Dratted homoglyphs.)

Michael Wojcik Silver badge

Re: The BSA

Indeed. I've yet to see a single reputable security researcher endorse these reporting requirements.

I suspect CERT-In are acting under orders, and that the government sees this as purely a surveillance opportunity. But in any case it's completely unproductive as an IT-security measure.

Michael Wojcik Silver badge

Re: The BSA

Someone who goes by "VoiceOfTruth" is not likely to exhibit much capacity for critical reflection. Unless the account is meant as some sort of ironic Orwellian-sockpuppet act, in which case Poe's Law applies.

Amazon accused of obstructing probe into deadly warehouse collapse

Michael Wojcik Silver badge

Re: Oh no, not the comfy chair!

Bezos no longer runs Amazon. He got out while the getting was good.

Michael Wojcik Silver badge

Re: Speaking of...

Rubbish. I've never had a Prime membership, despite the incessant offers of both the regular Prime and student Prime (even though I haven't been an enrolled student since I finished my most recent degree seven or eight years ago).

These days, I avoid Amazon as much as I can.

FBI, CISA: Don't get caught in Karakurt's extortion web

Michael Wojcik Silver badge

Re: Another bunch of Russian miscreants

Yes, because companies never do anything illegal. They never engage in any off-book financial activity, or operate through proxies.

Remember when we made bribery illegal and completely eliminated it forever? That was great.

Paying ransoms often is illegal already, because of KYC and other financial-transaction requirements, sanctions, laws against funding various sorts of criminal and terrorist enterprises, etc. In the US, for example, we've had a stream of guidance from various federal agencies pointing out that it's often a violation to pay ransom or exfiltration-extortion demands.

So: solution tried, proven ineffective. Sometimes complex problems don't have simple solutions. Who would have thought it?

Metaverse privacy maturity lags enthusiasm for new virtual worlds

Michael Wojcik Silver badge

Re: "not think of it in a bad way"

Call me back when the Metaverse can handle that.

Why even bother then?

Never once in my life have I thought, "You know what would make this better? VR!". Hell, I only rarely think that about video. Privacy, on the other hand, I'm quite fond of.

Amazon not happy with antitrust law targeting Amazon

Michael Wojcik Silver badge

Re: Duh, you'd think

I'd go a step further and ask to filter out anybody who has been reported for sending fake things that don't match the photo...

That would make it trivial for sellers to block competitors. Pretty soon with such a filter you'd see nothing but Amazon results.

Reg hack attends holographic WebEx meeting, blows away Zoom fatigue

Michael Wojcik Silver badge

Don't see the appeal

Clearly 3D VR, and VR in general, appeals to some folks. Perhaps to most, for all I know. Sounds dreadful to me, though.

I didn't like VR when I first tried it in the 1980s (at SIGGRAPH), and I don't like it now.

Michael Wojcik Silver badge

Re: Holographic porn.

The WebEx Alien game lets you play as a xenomorph.

We've never even built datacenters using robots here on Earth

Michael Wojcik Silver badge

Re: Florida swamp ended up being highly desirable and valuable real estate.

The US populace over the past century has mysteriously gravitated toward retiring to places which are too hot and either too wet (Florida) or not nearly wet enough (Arizona).

Living in those places is desirable by consensus: lots of other people have decided it is, so who are you to disagree?

Fortunately for me, my wife decided to retire to the mountains. Water here is still a highly constrained resource, but not nearly the impending catastrophe it is in many other parts of the Southwest; and temperatures are seasonal but moderated by altitude and low humidity (we don't have or need air conditioning, and don't spend much on heating). I won't say it's perfect but it's greatly preferable over Miami or Phoenix, IMO. (And with all due respect to jake and others, I've never been terribly fond of California.)

Zero-day vuln in Microsoft Office: 'Follina' will work even when macros are disabled

Michael Wojcik Silver badge

MS were notified but closed the report as not a security issue. That's mentioned in the article.

They have since recanted.

Michael Wojcik Silver badge

Re: Clay Tablets

vi: modeline vulnerabilities. See for example this summary of modeline vulnerabilities in vim. I recall discussions of modeline vulnerabilities in classic vi from comp.unix.security circa 1990.

LaTeX: I don't offhand recall any published vulnerabilites for LaTeX2e itself, but TeX has always been vulnerable to various filesystem-access attacks, and assorted TeX implementations and backends such as MikTeX and pdfTeX have had them. Web-based LaTeX processors have had scads. (And, of course, if you're targeting PDF for output ... well, PDF, y'know? There are probably vulnerabilities in dvi implementations too.)

Mind you, I'd much rather use vim and LaTeX, or LyX, to write documents than Word, which is horrible. But the LaTeX toolchains are very complicated and expecting them to be free of vulnerabilities is naive. Better than MS Office, sure, but nothing's perfect.

IBM ends funding for employee retirement clubs

Michael Wojcik Silver badge

with engagements like these, who needs divorce?

developing new contemporary approaches to employee engagement

"Only some of these will involve drums, shackles, and whips."

Michael Wojcik Silver badge

"Look, my anecdotal experience relieves me of any responsibility to feel even a modicum of sympathy for anyone not exactly like me, OK?"

Michael Wojcik Silver badge

Re: Fowler Play

Apparently it's preferable to be popularly wrong.

This has probably been true for as long as human beings have existed.

Michael Wojcik Silver badge

"And even if you're not, we don't like you very much."

Glad I left IBM when I did (1991).

DuckDuckGo tries to explain why its browsers won't block some Microsoft web trackers

Michael Wojcik Silver badge

Re: You can’t trust DuckDuckGo

Or that gets dismissed without being seen because the user was typing something when the idiotic modal dialog was mapped and stole the keyboard focus.

The WIMP UIM is an unfixable mess, with dire failure modes. Some day perhaps designers will admit that. Not holding my breath, though.

Foxconn factory fiasco could leave Wisconsinites on the hook for $300m

Michael Wojcik Silver badge

Foxconn EPCOT. Temple to the spirit of Buckminster Fuller. Sunsphere Mount Pleasant.

Version 251 of systemd coming soon to a Linux distro near you

Michael Wojcik Silver badge

Re: Horses for courses...

The idea of an active/passive pair of OS images has been around for decades. OS/400 had it in the '80s, and it wasn't considered novel then. Implementations have probably been around for half a century or so.

And of course you could roll your own with any number of boot managers. IIRC, even with BSD 4.3 Tahoe (1988) the bootloader could be told what label to use when locating the root partition.

Sure, it's "a benefit". It was a benefit 35+ years ago. Everything old is new again, generally without the implementors taking any note of the lessons learned in the previous incarnations.

Landmark case recognizes Bored Ape NFT as an asset

Michael Wojcik Silver badge

Re: BAYC

You are Walter Benjamin, and I claim my £5.

In all (well, some) seriousness, Benjamin's "The Work of Art in the Age of Mechanical Reproduction" does a good job of analyzing the psychological attachment to "original" works and how reproduction interacts with it, even if he indulges in his penchant for somewhat obscurantist language.

If you read his use of "aura" as referring to some real, measurable property of the object, it seems like rubbish; but understand it as an attitude people tend to have toward what they believe is an original, and it seems quite apt – more so now, even, than when it was written. It's also important to read the whole piece because there's a critical tone shift near the end that reveals his actual political thrust, in something of a twist ending. (I've heard plenty of people cite the essay in support of claims not justified by the text.)

Matt Scala's "What color are your bits?" blog post is another great rumination on how these sorts of parasitic attributes can be attached to digital artifacts by (what people believe to be) their provenance, regardless of their actual content. You might have to grub about in the Internet Archive to find that one, though.

Michael Wojcik Silver badge

Re: Crazy times!

A classic example of where I understand what these words mean individually (although "Metaverse" is a bit sketchy) but now that they've been assembled into a sentence I'm just left scratching my head

I understand the phrase just fine, which I think is sadder. I may have no interest in participating in this madness, but I still seem to have dedicated far too many brain cells to understanding it.