Sunday, August 08
Alive And Brilliant Edition
- Scenes from the Sydney lockdown.
My American friends might ask why we're not marching in the streets over this. Well, we are, in our own way.
The little dog is emblematic of how Australian voters deal with government overreach.
(I'm not convinced this is a recent photo. Not sure it's not, either. It's winter here, and it's chilly today, but we just had a couple of warm days so.... Maybe.)
- Another tame Apple press outlet weighs in and it's not good for Apple. (Tidbits)
The writers go out of their way to afford Apple every courtesy, and still find themselves in line with the company's harshest critics:
Appleâ€™s head of privacy, Erik Neuenschwander, told the New York Times, "If youâ€™re storing a collection of C.S.A.M. material, yes, this is bad for you. But for the rest of you, this is no different."Some readers are still drinking the Flavor Aid and one of the writers pushes back firmly in the comments:
Given that only a very small number of people engage in downloading or sending CSAM (and only the really stupid ones would use a cloud-based service; most use peer-to-peer networks), this is a specious remark, akin to saying, "If youâ€™re not guilty of possessing stolen goods, you should welcome an Apple camera in your home that lets us prove you own everything."
Correct. We donâ€™t know anything except theyâ€™re building a system that they entirely control, offer no transparency into, and will not allow outside audits of.A system that is designed specifically to spy on children.
The best way for totalitarian governments to implement surveillance is on the back of systems that people all agree are necessary.The tame Apple press can bark after all.
The most dangerous phrase in the world is "trust me."
- Let me explain. No, there is too much. Let me sum up.
Um. I swear there was a tweet here.
- Still pissed off about my dead HP Spectres. New laptop should arrive tomorrow though - the Dell Inspiron 14 7000.
And I'll likely be getting an Inspiron 16 Plus as well. They're pretty much Dell's equivalent of the MacBook Pro 13" and 16" models - exactly the same screen resolutions and close to the same weights, though the 14" Dell is actually a few ounces lighter than the 13" Mac. Probably has worse battery life, but that's not the deciding factor for me.
The Inspiron 16 is faster than my current desktop and will be my desktop system - plugged into a couple of 27" monitors - until graphics cards become affordable or there's a game more demanding than Minecraft that I want to play.
- Stop putting numeric keypads on gaming laptops, dammit. Or at least offer some with a sane keyboard layout, like HP.
Gigabyte has some models that are priced similarly to the Inspiron 16 but with better specs - RTX 3070 and 4K OLED screen. But the Dell is 40% off and much easier to get sign-off on for a company purchase.
If the Gigabyte had a sensible keyboard layout though, I might buy it with my own cash.
- You can now expand the storage on the PlayStation 5 you don't have because it's not available anywhere. (Tom's Hardware)
You need a high-end PCIe 4.0 M.2 NVMe SSD, with a minimum read speed of 5.5GB per second. And a heatsink, since the expansion slot isn't cooled by the PS5's fan. But the Samsung 980 Pro was tested and works fine, loading as fast as the integrated storage, and writing much faster.
Write speeds were probably not a priority when Sony designed the PS5 - even if you have gigabit internet and are downloading at full speed, the cheapest SATA SSDs from 2015 would cope just fine.
- EVGA is pushing a firmware patch for its GeForce RTX 3090 FTW3 graphics cards. (WCCFTech)
These are the ones most often cited as being killed by Amazon's game New World. Problems extend to other Nvidia cards and even some AMD ones, but the 3090 and specifically EVGA 3090 cards are hardest hit.
- If your EVGA card has already died and you need a replacement right away, you might be in for a bad time. (WCCFTech)
They asked for a deposit of €1,728.20 to replace a 3080. Which is double MSRP for the card itself.
- Why CAPTCHA photos are so unbearably depressing. (Clive Thompson)
If we ever get general AI and put it in an autonomous vehicle, it will probably commit suicide.
- If you have one of the listed WiFi routers, either patch it right away or yeet that sucker straight out the window. (Bleeping Computer)
The list includes models distributed by Verizon and Telstra so it might not even be one you bought yourself.
- Go and Rust are vulnerable to that weird mixed octal/decimal IP address thing. (Bleeping Computer)
The problem is, decades ago when octal was still in use - I'm old enough to have seen an octal core dump, but I've never used one in anger - someone had the bright idea that the addresses 127.0.0.1 and 0127.0.0.1 would go to entirely different locations.
It was never much used and pretty much all software gets it wrong. Except routers, which follow the spec to the letter and will send your packets to somewhere you never expected.
- It doesn't matter how secure your hashing algorithm is if your password is 123. (ZDNet)
So... Don't do that.
- To sum up, again:
Elasticsearch built a search server, based on the open source Lucene library, and released it as open source. So far, so good.
The reserved certain features for paying customers. Okay, gotta make a living.
This reservation extended to even the most basic security mechanisms, so anyone using the free version was left completely open to attack. And this led to a whole string of data breaches. I was reporting on them weekly for a year. Not so good.
Amazon came along and offered their own paid Elasticsearch-as-a-service, even calling it Elasticsearch, which Elasticsearch had trademarked. Also not good.
Elasticsearch responded by changing the licensing of their code so it was no longer open source. Double plus ungood.
Amazon responded by taking the last open source release of Elasticsearch, forking it, and releasing it as OpenSearch. This is kind of a jerk move given where Amazon started out, and would have been better received if another party had done it, but here we are.
Elasticsearch responded by breaking API compatibility so that code libraries for Elasticsearch no longer work with OpenSearch. (The New Stack)
Elasticsearch uses semantic versioning - supposedly. Moving from 7.13 to 7.14 can add new features and can certainly fix bugs, but shouldn't break your code. They've always been bad at sticking to that, but this time the sole purpose of the update was to break things.
And now Amazon has responded by forking the API clients as well to restore compatibility.
It takes talent and determination to make Amazon look like the good guy. Congratulations, Elasticsearch.
Curiously enough I was recently talking to one of the original developers of Lucene and he apologised to me when I mentioned using Elasticsearch extensively. But it's not Lucene I have a problem with.
- A network of 350 fake accounts have been spreading Chinese propaganda. (BBC)
Tree fiddy, you say?
A Long Way to a Your Mom Joke Video of the Day
The smallest and largest bodies in the Universe are black holes, ranging from the size of a proton to - in the case of 618 YOURMOM - eleven times the width of our entire solar system.
They're charging you street prices for the card if you do an "advanced RMA", which is apparently some fancy new way of saying "we cross-ship you a new one." If you ship your card back the regular way and wait for them to ship you a replacement after they receive your card, you pay MSRP.
The reason is fairly obvious: to prevent people from shipping them an empty box so they can get a card at MSRP instead of street price. In other words, it's an anti-cheat process.
Posted by: Rick C at Monday, August 09 2021 01:16 AM (eqaFC)
Just to be clear--it's not a bug, it was a deliberate design choice, because C was designed on the PDP-7, which was an 18-bit machine, and the natural nibble size was 3 bits, not 4. Note that the 0 prefix on a number is analogous to 0b (binary) and 0x (hex), but (presumably) they didn't use 0o because it was probably considered the most common non-base-10 base, and they wanted to save a byte.
It's wildly obsolete behavior, but it was intentional, and it's probably still with us because standards bodies don't like breaking changes. I'd be willing to be that the people who designed TCP/IP didn't intend as such for it to work that way so much as they just used the standard library and you get that conversion for "free" when you use ...scanf. And everyone else spent the next several decades copying C's behavior.
Posted by: Rick C at Monday, August 09 2021 01:32 AM (eqaFC)
Posted by: normal at Monday, August 09 2021 01:36 AM (obo9H)
"I hope he will be more respectful in the future," Supa commented."
If Supa didn't tell Bob what xe had done, it seems unlikely.
ZDnet used vanity pronouns for Supa, so I'm just guessing here.
Posted by: Rick C at Monday, August 09 2021 01:36 AM (eqaFC)
On octal IP addresses - yeah, the bug is that a whole bunch of libraries and languages don't handle it. They just strip out the leading 0 and treat it as decimal. Node, PHP, Python 3.8 and 3.9, Rust, and Go are all affected.
Posted by: Pixy Misa at Monday, August 09 2021 01:43 AM (PiXy!)
(for those of us who grew up using base 10) using octal representations is a closer and generally more readable shorthand than hex or binary. As far as I recall the 0x & 0b representations were a retrofit to the existing convention.
And outside of weird edge-cases, octal was a handy way to show unix permissions back when people still knew how to use computers.
But yes, you're probably right about the whole "oh, that non-obvious problem comes free with the standard library!"
Posted by: normal at Monday, August 09 2021 01:44 AM (obo9H)
Posted by: Pixy Misa at Monday, August 09 2021 01:45 AM (PiXy!)
Posted by: Rick C at Monday, August 09 2021 01:48 AM (eqaFC)
I've realized recently that I think marching in the streets is completely pointless.
Folks currently in 'power' in the US won't listen to others, and only use protests to try to justify what they would do already.
They can be removed from power or they can be killed, but they cannot be persuaded. I'm not sure if their brains are degraded too much for persuasion to work, or they misunderstand politics and figure that folding under the pressure of enough opposition is purely a matter of personal character.
Posted by: PatBuckman at Monday, August 09 2021 01:54 AM (DHVaH)
As far as the EVGA thing--yeah, but like I said, they're only charging that price if you want them to cross-ship you a new card. The article even says that if you do a regular RMA they charge the regular price. It's annoying but as you said, if they're doing it, they've been ripped off by it, and you know it wasn't just a couple of times, so I understand it. (It's why I didn't sell my old card the last time I upgraded, unlike those poor slobs who sold off their 2080 Tis for reasonable prices and then wouldn't pay scalper prices for a 3000-series card, and are now unable to game at all. If something happens to my 2070, I have a 1060 and a 1050 to keep me going.)
Posted by: Rick C at Monday, August 09 2021 01:55 AM (eqaFC)
To be fair, if you are using a Ryzen CPU (as opposed to the relatively rare APUs), or an F-series Intel one, and your video card breaks, you aren't just unable to play games, you're unable to use the computer at all.
Posted by: Rick C at Monday, August 09 2021 02:10 AM (eqaFC)
I always forget that most people don't have a box of obsolete video cards sitting in a closet. I mean, I might even still have an old VESA local-bus card (great if you have an itch on your back you just can't reach) if I dig a bit. I do think I discarded all the CGA & EGA cards some years ago. Of course, I don't have anything that has an ISA slot in it, anyway, so there's also that. I really feel like I shouldn't search to see if someone even makes an ISA->PCIe adapter. Or ISA->USB . . . because if I had a POTS line, I could fire up that old 1200baud modem for some good times.
Posted by: normal at Monday, August 09 2021 12:37 PM (obo9H)
Posted by: Rick C at Monday, August 09 2021 01:18 PM (eqaFC)
And a full x16 4.0 slot is 128x faster than that.
Posted by: Pixy Misa at Monday, August 09 2021 02:58 PM (PiXy!)
58 queries taking 0.1218 seconds, 347 records returned.
Powered by Minx 1.1.6c-pink.