How did anyone ever survive without such features? Clearly this "experience" is desirable regardless of the cost.
Posts by Michael Wojcik
12268 publicly visible posts • joined 21 Dec 2007
Page:
- ← Prev
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
- 162
- 163
- 164
- 165
- 166
- 167
- 168
- 169
- 170
- 171
- 172
- 173
- 174
- 175
- 176
- 177
- 178
- 179
- 180
- 181
- 182
- 183
- 184
- 185
- 186
- 187
- 188
- 189
- 190
- 191
- 192
- 193
- 194
- 195
- 196
- 197
- 198
- 199
- 200
- 201
- 202
- 203
- 204
- 205
- 206
- 207
- 208
- 209
- 210
- 211
- 212
- 213
- 214
- 215
- 216
- 217
- 218
- 219
- 220
- 221
- 222
- 223
- 224
- 225
- 226
- 227
- 228
- 229
- 230
- 231
- 232
- 233
- 234
- 235
- 236
- 237
- 238
- 239
- 240
- 241
- 242
- 243
- 244
- 245
- 246
- Next →
Computer, deactivate self-destruct system requirement, says Sonos... were it on a starship in space, and not a smart-speaker slinger
After 16 years of hype, graphene finally delivers on its promise – with a cosmetic face mask
Re: Graphene
Nuclear fusion is only about 8 minutes away.
Carbon fiber is widely used, and has penetrated various markets at rates that seem plausible to me, given basic economics. I don't see how that example supports your premise, particularly in areas such as home construction, which tend to be very conservative and largely driven by regulation. We've had concrete homes, rammed-earth homes, Earthships, steel-framed conventional homes, manufactured-and-assembled-on-site homes, etc for decades, but on-site stick framing is still dominant here in the US. Why? Economies of scale, for materials and for expertise; and familiarity.
Android users, if you could pause your COVID-19 panic buying for one minute to install these critical security fixes, that would be great
Yes, the Android ecosystem patch mechanism is well and truly broken, and this is at least as much Google's fault as anyone else's. AOSP aside, Google is forcing various conditions on Android device vendors to include Google crap; they could certainly force them to do a better job of distributing updates.
Though having said that, getting patches isn't all roses either. I finally have a phone that receives regular updates, and each one either breaks existing functionality (fortunately, generally something I don't care about, though a recent one removed the global disable-sync option) or adds some new horrible annoyance.
After I installed the one before this latest, the phone started pestering me periodically to enable VoLTE, despite the fact that 1) I don't fucking want it, and 2) it can't be enabled anyway, because I'm in a microcell that doesn't support it. A bit of online research turned up hundreds of complaints about this behavior over the past few years. This sort of thing makes me want to find the person who made the decision to add this irritant and commit a few acts of violence.
This sort of thing is one reason I refuse to buy new phones; the manufacturers haven't earned that kind of money from me.
Sadly, the web has brought a whole new meaning to the phrase 'nothing is true; everything is permitted'
Re: "...could I borrow $60 (US) via PayPal..."
Heh. I was thinking of this just a couple of days ago as I was planning the site for Shed 2 at the Mountain Fastness. The Stately Manor already has two sheds.1
I've heard that the Arthur "Two Sheds" Jackson sketch was inspired by an interview with Roald Dahl where he was asked about his "writing hut". A quick search didn't turn up anything to confirm that, though.
1Neither home has a garage, which is unusual for the US. Which is just as well, because cleaning snow off your cars Builds Character. Also, I hate the idea of leaving the house only to walk into an attached garage and get into a car, never having actually been outside.
Re: "...could I borrow $60 (US) via PayPal..."
explain how you are using Skype at a hotel. They don't provide laptops now, do they ?
Better hotels used to routinely provide "business services" rooms with desktop computers, printers, and the like. They're still fairly common in my experience. Even lower-tier hotels often have some elderly Dell desktop machine available for guests.
I dare say a dedicated attacker could have created a convincing fraud, if your friends are like most people in the wealthy world.
What mostly spares us from that sort of thing is that the effort involved means the return isn't as good as for simpler scams, which continue to be profitable for the scammers. So usually even off-the-cuff specific social-engineering attacks like this famous example from DEFCON are reserved for special cases, where some target has aroused the attacker's interest or ire.
Of course there are the regular "grandchild emergency" telephone scams, but those generally involve very little preparation, at least in the cases I've read about. Sometimes the attackers don't even know the child's name; as with other low-level scams, they rely on volume and very low costs to find enough victims to make the schemes worth their while.
Is technology undermining democracy? It's complicated, says heavyweight thinktank
Fella accused of ripping off Cisco, Amazon, iRobot, others to the tune of $2m by fraudulently demanding replacements for tech gear
Alleged Vault 7 leaker trial finale: Want to know the CIA's password for its top-secret hacking tools? 123ABCdef
Re: "intensely embarrassed by the loss of some of its most valuable weapons"
There are any number of explanations, ranging from "Corso just made the whole thing up to sell his book" to "it actually was stolen foreign technology, but Corso wasn't told the real origin because he didn't Need to Know".
I mean, if I were running a spy program that stole interesting technological developments and other research from foreign powers, I'd want a way to quietly funnel it into my own nation's R&D stream, and leaking it to university and commercial researchers to reverse-engineer and claim as their own seems like a reasonable way to do it. And I'd want some dupe in the middle who didn't know where it came from so I'd have some deniability in case the program came to light.
Re: "intensely embarrassed by the loss of some of its most valuable weapons"
I can't think of any technology from the second half of the twentieth century which can't be fully traced along its research and development path from bright idea to mature technology
Duh, they used the Roswell time-travel tech to go back and retcon it.
Re: Guilty? Possibly. Beyond a doubt? No Way!
Yes, based on what's in the article - it might be different if I'd actually heard all the evidence firsthand - if I were on the jury I'd have to vote to acquit.
But to be honest, even if I felt he were guilty beyond a reasonable doubt, I'd really have to consider nullification in this case.
As Australia is gripped by bog roll shortage, tabloid says: Here, fill your dunny with us
At the Stately Manor, we regularly get a couple of phone directories every year: one for the (small) city in which the Manor is actually situated, and one for the metro area surrounding the nearest somewhat-larger city.
I even consult them occasionally, though mostly out of nostalgia.
Come to that, it was only last week that I finally canceled the Manor's "land-line" service. It has proven useful over the years, particularly during extended power outages when the cell-tower batteries run down. Then we're the only people in the neighborhood who can call around to see who has dry ice in stock. But now we know the secret reliable dry-ice supplier, and the cost of wired phone service from AT&T is outrageous - around $85 a month - so I turned it off.
I'm keeping the wall-mount phone, though, as a sort of trophy display. "Oh yes, as recently as 2020 this thing actually worked! You could use it to leave messages in someone's voicemail, which they'd delete without listening to."
UK.gov lays out COVID-19 guidance as the tech supply chain considers its own
Re: Government Guidance
Bah. Points for etymology, but minus several million for unjustified prescriptivism.
There are an infinite number of ways to form a plural of "virus" in English. Here's one: slaijhviels. Unlikely to catch on, I know; but that doesn't mean it's not "a way to make the noun 'virus' plural". Nothing in the conventions of English as a spoken or written language forbids it, and there is no authority for the language generally recognized by a majority of Anglophones.
And that, of course, is the usual problem with prescriptivists. They can formulate a learned argument, but then they try to build it on a foundation of appeal to some imaginary authority, because they can't bear to simply be descriptive and argue a preference.
Re: Government Guidance
Pandemics are difficult to predict. Sometimes they are severe. The fact that they are often not severe - and citing instances when they are not - is a poor argument against preparing for a possibly severe one in this instance.
Certainly some people are overreacting, but mocking them doesn't help either.
You. Drop and give me 20... per cent IPv6 by 2023, 80% by 2025, Uncle Sam tells its IT admins after years of slacking
Re: Crap
What really annoys me about IPv6 addressing (at the moment) is zone IDs for link-local and site-local addresses. "A printable representation of an IPv6 address will be at most INET6_ADDRSTRLEN characters, plus some arbitrary number for a percent sign followed by something that might be a decimal number or might be some arbitrary string."
Well fuck whoever came up with that, eh?
The whole idea of "each of these addresses will be unique, except for all the ones that aren't" is obviously the result of some mind-bogglingly braindead compromise. I expect IPv7 will introduce an "eat your cake and have it too" scheme.
Coronavirus conference cancellations continue: Google and Microsoft axe WSL and Cloud Next
Re: In the future...
I haven't gone to a conference or convention for a few years now, but for me at least the virtual events are never particularly productive, and certainly much, much less productive than in-person attendance. I do several videoconferences and group phone meetings every week, so it's not like I'm not used to that format; but I have a terrible time staying focused on online presentations and the like when it's not with people I already know. And I don't see how virtual conferences can offer the same (interpersonal) networking opportunities that F2F ones do.
Is that a typo? Oh, it's not a typo. Ampere really is touting an 80-core 64-bit 7nm Arm server processor dubbed Altra
Honeywell, I blew up the qubits: Thermostat maker to offer cloud access to 'world's most powerful quantum computer' within months
Re: "This is not a science project"
And I forgot to note that NP is very likely not in BQP (assuming P != NP), so no one's going to be using a general QC of whatever size to solve the TSP. You could do an exhaustive search using Grover's algorithm but that quickly becomes infeasible for any NP-Complete problem, even with heuristic pruning. Meanwhile, we have techniques such as graph sparsification which often let us find close-to-optimal solutions for many problems in NP using conventional computing.
64-bit quantum volume
A US National Academies of Sciences, Engineering, and Medicine report on quantum computing from December 2018 said it is "highly unexpected" a quantum computer will be able to crack RSA 2048-bit encryption within the next decade, for instance.
Sure, but this new Honeywell machine has doomed our RSA-64 keys. (Mine was {4294967279, 4294967291}. There's no point in keeping it secret now.)
On a slightly more serious note, 64 effective qubits might seem like enough to, say, break DES - not that we can't brute-force 56-bit DES keys trivially. But applying Grover's algorithm to breaking symmetric keys for Feistel ciphers turns out to require more effective qubits than are needed for basic Grover's alone. For example, breaking AES-128 appears to require at least 984 qubits.
Re: "This is not a science project"
There are a number of good applications for general QC. There are practical problems in BQP (and probably not in P), such as some applications of Grover's algorithm - satisfiability and other Boolean evaluation problems in particular. Intelligence agencies wouldn't mind using a fast implementation of Grover's to find the relatively short keys1 used to symmetrically-encrypt some of the vast corpora of data they've stolen. And there's quantum simulation, which many physicists would certainly like to have.
For that matter, Merkle trees ("blockchain" by its proper name) have practical applications, such as in filesystems. BTRFS and ZFS use Merkle trees, for example. So does git.
1The speedup of Grover's algorithm over conventional brute-force search is \sqrt{N}, so for this application it effectively cuts the key size in half. That makes it potentially useful for breaking, say, AES-128, but much less useful for breaking AES-192.
Electro-smog, govt snooping be damned. Two thirds of folks polled worldwide would trade in their mobes for 5G kit
Re: Really?
I think the only times when I ever even care about 4G is if I'm out somewhere and having trouble finding my destination. Then online navigation is handy. But I lived for many years without it, and I could certainly do so again; I could use offline maps, or paper maps, or call the place I'm trying to find to ask for directions. I really only use online navigation because it's there, and that rarely.
Let's Encrypt? Let's revoke 3 million HTTPS certificates on Wednesday, more like: Check code loop blunder strikes
Re: Whatever happened to code review?
Yes. In software as in all things you really want defense in depth. Code review, static analysis, dynamic analysis, fuzz testing, as much unit/functional/system testing as you can manage (ideally with automated and human test generation), ...
But code review, done properly, improves the incentives for writing readable code. That's very important not just for security but for maintainability, and thus for reducing total cost of development. Having looked at that Let's Encrypt bug report, I'm not surprised the error was missed; the code follows the "every letter is expensive!" style popularized by generations of mediocre C developers. (The formatting is also awful, but I assume that was due to pasting it into a blog post that doesn't support proper whitespace-preserving formatting. Like some other sites I could mention...)
This makes you wonder how other PKI providers automate requests and how they are audited.
Well, no, it doesn't, because there's a ton of material readily available regarding the state and history of PKIX and the public X.509 CAs. So anyone who's interested in this question can easily find an answer.
Ivan Ristić's Bulletproof SSL and TLS has some good historical material, for example; and you can stay up to date with Hanno Böck's Bulletproof TLS email newsletter. For background there are the PKIX and HTTP-over-SSL RFCs (5280 and 2818 in particular). The CA/BF makes all sorts of stuff available on their website. And so on.
Anyone who's paying attention knows PKIX and other aspects of the public X.509 PKI such as code signing are a mess. Arguably they're less of a mess than they were, say, a decade ago; Certificate Transparency and the increasing willingness of browser manufacturers to shut out bad CAs have helped. But it's still a sausage factory.
Re: TDD still a thing?
Yes, it could be caught by a very simple unit test. The problem, as always, is combinatorial explosion: There are a huge number of potential problems that could be caught by a similarly huge number of trivial unit tests. Someone or something1 has to create those unit tests.
Per a comment above, there was a unit test which exercised the code path in question, but its verification logic didn't check all aspects of the output, and so missed this error.
1There's a fair bit of interesting research into automating test creation.
Re: What's this, a bug caused by a language quirk?
One word: Deserialization.
Re: What's this, a bug caused by a language quirk?
The cause of Heartbleed was a missing length check. It was a trivial error, even if it had non-trivial consequences. Variants of it could have happened even in languages with array boundary checking, for example if the heartbeat code reused sufficiently-large buffers.
Goto-fail wasn't in OpenSSL at all, but in Apple's TLS stack. And it happened because of poor code style and a failure to use an adequate static-code analyzer. (Some C compilers, run with appropriate options, are sufficiently good linters to catch the goto-fail bug, because it leaves dead code; any decent standalone linter or general static-code analyzer should catch it.)
Both are in C, so say nothing about C++.
In any case, there are much more prominent dangers in C, particularly unsafe functions in the standard library (which should be avoided or wrapped in safer abstractions, not used directly in application logic); the use of in-band signaling in strings, stdio formatting, etc; relatively weak typing; and a cumbersome error-handling model.
I agree with your general point - all programming languages have pitfalls, and some are more difficult to use properly than others. But your supporting argument leaves much to be desired.
Re: What's this, a bug caused by a language quirk?
Rust is significantly innovative, thanks to borrow checking.
I'm not particularly impressed with Go.
(And I'd do my scientific programming in Julia, probably. Python may have the libraries and community these days, but I find Julia much more to my taste.)
I'm not particularly fond of Let's Encrypt or the HTTPS Everywhere movement, because of increased threats such as typosquatting and IDN homographs, and because they're an excuse to avoid fixing the real problems. But even as conspiracy theories go this is impressively feeble.
Let's Encrypt is primarily a free service achieved by maximizing automation to reduce costs, and funded by premium packages and donations. There are plenty of commercial CAs already, and anyone who's interested can learn as much about the CA business as they like - including what sort of power CAs wield.
Your hypothetical "potential investors" either already understand the CA business, or won't notice this glitch.
If Alphabet (or Apple, or Amazon) wanted to buy up the major CAs, they would have. They haven't because the CA business sucks, frankly. Margins are lousy and no one likes CAs - they're a hassle when they work and a danger when they fail. The CA/BF slaps one band-aid after another onto a fundamentally broken PKI so it can just manage to make the work factor too high for non-targeted attacks. The whole thing is dreary.
If it's Goodenough for me, it's Goodenough for you: Canuck utility biz goes all in on solid-state glass battery boffinry
We regret to inform you there are severe delays on the token ring due to IT nerds blasting each other to bloody chunks
Microsoft's Cortana turns its back on consumers as skills are stripped from Windows 10
If you're writing code in Python, JavaScript, Java and PHP, relax. The hot trendy languages are still miles behind, this survey says
Re: COBOL
I don't think 370/390/z assembly is particularly difficult. It's not quite as luxurious as, say, VAX assembly, or the TI 64030; but it's a damned sight easier than some of the early RISC instruction sets (simply because they were deliberately constrained and thus made you do a bunch of "extra" work) or Itanium (because writing VLIW instructions by hand is pretty awful, and Itanium has pitfalls for the unwary like trap representations for registers).
Page:
- ← Prev
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
- 162
- 163
- 164
- 165
- 166
- 167
- 168
- 169
- 170
- 171
- 172
- 173
- 174
- 175
- 176
- 177
- 178
- 179
- 180
- 181
- 182
- 183
- 184
- 185
- 186
- 187
- 188
- 189
- 190
- 191
- 192
- 193
- 194
- 195
- 196
- 197
- 198
- 199
- 200
- 201
- 202
- 203
- 204
- 205
- 206
- 207
- 208
- 209
- 210
- 211
- 212
- 213
- 214
- 215
- 216
- 217
- 218
- 219
- 220
- 221
- 222
- 223
- 224
- 225
- 226
- 227
- 228
- 229
- 230
- 231
- 232
- 233
- 234
- 235
- 236
- 237
- 238
- 239
- 240
- 241
- 242
- 243
- 244
- 245
- 246
- Next →