* Posts by Frumious Bandersnatch

2243 posts • joined 8 Nov 2007

'Jarvis' brings AI to the Linux command line, without Iron Man

Frumious Bandersnatch
Silver badge

For example, if a developer defined MD5 as a hash ...

... DevSkim would show a pop-up telling the user they're making a critical error

Maybe, maybe not. What if I'm aware of its shortcomings and decide that it doesn't matter in my case. For example, I could be using it in a program to de-dupe a filesystem, but I know that before hard-linking files together I'm going to do a bit-for-bit compare on them because I'm paranoid about accidental hash collisions and my own programming errors.

Right now, I wouldn't be too concerned about using MD5 in a HMAC (hash-based message authentication code) implementation. The Wikipedia page here states "attacks on HMAC-MD5 do not seem to indicate a practical vulnerability when used as a message authentication code." Likewise, I wouldn't be too concerned about using it in a Merkle tree implementation where hash collisions are only advisory (like the file de-dupe example above) or I have other explicit measures that prevent pre-image (or whatever) attacks.

1
0

Hold 'em, don't fold 'em: How to bite Bitcoin pools

Frumious Bandersnatch
Silver badge

Re: house of cards question

> I guess what happens to them is the same thing that happens to all those decade+ old laptops and desktops.

Yes, the ASIC hardware is ultra-specialised, so it can really only calculate sha256(sha256(message)) < D, where "message" is the concatenation of the previous block's header, a proposed new block and a "nonce" (effectively a random number, though they are scanned in sequence).

This kind of thing is no use for, eg, breaking passwords, so if Bitcoin dies, the hardware is effectively useless.

https://www.bitcoinmining.com/ has a nice block diagram explaining this. See the "What Is Proof of Work" section.

1
0
Frumious Bandersnatch
Silver badge

Re: QiBitCoin

> One wonders how the arrival of quantum computing will upset these crypto-currencies.

Presumably not at all. A quick check on how Shor's algorithm (which could potentially defeat RSA) works tells me that it relies on the quantum Fourier Transform, which isn't applicable to SHA256 or hashing functions in general.

1
0

Force employees to take DNA tests for bosses? We've got a new law to make that happen, beam House Republicans

Frumious Bandersnatch
Silver badge

Re: Drain the swamp?

I think that anyone who uses this phrase (non-ironically) should see the film "Ikiru".

0
0
Frumious Bandersnatch
Silver badge

re: GATTACA

Also, Black Mirror's "Men against Fire" episode.

3
0

'Password rules are bullsh*t!' Stackoverflow Jeff's rage overflows

Frumious Bandersnatch
Silver badge

Re: It only makes it easier to crack...

True, there should be protections against brute-force dictionary attacks, say, by increasing the delay between attempts. On the other hand, you need "defence in depth": if the password file is lifted through some sort of vulnerability, you need (at a minimum) to have those passwords salted and hashed. Not reusing passwords across sites is another sensible level of defence. Hope for the best, but plan for the worst.

5
0
Frumious Bandersnatch
Silver badge

Re: Sometimes I can't use a long password

Unix password files have never stored passwords in the plain, so saying that : is disallowed because it might appear there is rubbish.

11
0

Favored Swift hits the charts: Now in top 10 programming languages

Frumious Bandersnatch
Silver badge

Re: Oddness in the rankings

Yeah, seeing Perl listed as first of the runner-ups in the subhead raised an eyebrow with me. Earlier in the day I'd been reading up about the decline of Perl: why it lost its spot to languages like Python (mostly) and Ruby, and whether it's effectively a legacy language like Cobol now.

I guess that it's only people of a certain vintage (dinosaurs) that still think Perl is a great language. I never bothered (fully) learning things like Java, JavaScript, Go or Python. I still find that C and Perl do everything I could ever need. On the plus side, practically any platform you can think of will have both of these available when you want them.

2
0

Lawyer defending arson suspect flees court with pants on fire

Frumious Bandersnatch
Silver badge

Re: Ahh colloquial meanings of words.

and a long time ago, Mork and Mindy's landlord and next-door neighbour was one Mr. Wanker. Quiet down, he had a wife, you know!

0
0

User lubed PC with butter, because pressing a button didn't work

Frumious Bandersnatch
Silver badge

"use a scanner to read the barcodes directly"

Or just use cddb. It does require scanning the CD's table of contents (number and length of tracks) so it needs mounting each disk (slower than a barcode read), but I suppose you're going to be ripping them anyway at some point.

2
0

Arista-cats curl up in cloudy containers

Frumious Bandersnatch
Silver badge

arista-cats

LOL, for natural raisins.

(search: aristocrats joke)

0
0

CIA hacking dossier leak reignites debate over vulnerability disclosure

Frumious Bandersnatch
Silver badge

Re: I've been saying this since the Snowden revelations came out...

I've been saying my own stuff. I remembered a post I made back in 2014.

I would say that the chickens have come home to roost, but the last time that expression made the news, it didn't go too well for the guy who used it.

1
0

That CIA exploit list in full: The good, the bad, and the very ugly

Frumious Bandersnatch
Silver badge

Re: Claim drain

> it's starting to look like any plan that [the Kremlin] had is coming unraveled.

Or, if you believe a certain news outlet, it's actually progressing too fast for them:

http://www.theonion.com/article/russian-officials-scrambling-plan-delegitimize-wes-55434

2
1

AMD does an Italian job on Intel, unveils 32-core, 64-thread 'Naples' CPU

Frumious Bandersnatch
Silver badge

Re: Multicore Performance Improvement for the PC ?

I was thinking about this as I read the article. Although this new AMD offering has better memory bandwidth than Intel's, the bandwidth per core is less. It's similar to the situation with AMD's desktop range: decent compute power, but not quite as good memory bandwidth (which matters for, eg, games that need to transfer a lot of texture data). At least that was the case when I bought my at-the-time top-of-the-range AMD A10-7870K.

Of course, it's all about making engineering trade-offs, and I think that this is something that AMD does very well. Depending on the amount of L1 cache (L2 is usually* shared across cores, so it doesn't have quite as big an impact, but is still important) and the particular workload, it should be possible for this new offering to out-perform the Intel part quite a lot of the time, as AMD is claiming with their "seismic data" chart.

As for the OS, I know that Linux (can't speak for Windows or others) scales pretty well when you throw extra cores at it. The main overheads will come from the algorithms used in applications: their memory access requirements, inter-thread/-process synchronisation patterns and whether they're written to be cache-aware.

* Actually, following a link to a previous article here, it appears that the L2 is 512Kb per core, not shared. There's also 8Mb of L3 (shared), so I could imagine using this sort of system to run a Docker farm (probably not the right word). The base OS + Docker + shared guest binaries could easily fit in L3. With a more heterogeneous collection of components (different VMs with different guest OSes, effectively like a shared-hosting scenario), there won't be as much duplicated code (or static data) so there'll be many more page faults needing to access real memory.

5
0

Top tip: Unplug your WD My Cloud boxen – now

Frumious Bandersnatch
Silver badge

Top tip: Unplug your WD My Cloud boxen

Also, save money by not throwing away your used-up disposable razors: instead use them for peeling potatoes!

1
0

Aah, all is well in the world. So peaceful, so– wait, where's the 2FA on IoT apps? Oh my gawd

Frumious Bandersnatch
Silver badge

"Your home is your safe haven"

Pshaww! It's my castle, and nothing less.

I will not have you denigrating the sanctity of my ancestral demesne, replacing it with the fig leaf of this "Safe Haven", as you call it.

(Gaston, fetchez la vache)

2
0

Ohi-D'oh! US prison hands inmates' SSNs over to... an identity thief

Frumious Bandersnatch
Silver badge

This particular FOI request

needed more chokey-points.

2
0

A mooving tail of cows, calves and the Internet of Things

Frumious Bandersnatch
Silver badge

What's m2m?

moo to moo?

1
0

Sir Tim Berners-Lee refuses to be King Canute, approves DRM as Web standard

Frumious Bandersnatch
Silver badge

insanity

What big content want is end-to-end control of the entire distribution channel. This includes them having the ability to run arbitrary code on your machines. No doubt they will also continue lobbying until they get the next piece of the puzzle: namely, being able to bring you to court if you try to circumvent these "protections" on devices that you and you alone own.

Notwithstanding the fact that I'm sure that these "protections" will be easily defeated by simply lying to the EME code (supplying them with fixed DNS, time and random number generator) and replaying a valid authorisation exchange, nobody wants the kind of DRM that lets big media run whatever sort of code they want on their own machines. The only way that this scheme will not be easily defeated by an emulation-based environment is if the DRM hooks invasively into your OS. Remember the Sony rootkit fiasco? Well, maybe they said sorry, not our fault, but in their heart of hearts, this sort of invasive spyware is exactly the sort of thing that big media execs have wet dreams over.

Shame on Tim Berners-Lee.

9
1

Li-ion king Goodenough creates battery he says really is... good enough

Frumious Bandersnatch
Silver badge
Pint

Mr. Goodenough

Enemy of the Good...

I think that my nominative determinism circuit just suffered a paradox. Still, better batteries--way hey! Have a pint on me.

2
0

BONG! Lasers crack Big Ben frequency riddle BONG! No idea what to do with this info BONG!

Frumious Bandersnatch
Silver badge

Useless scientific factoids?

Well, a bell is a cup, until it's struck.

1
0

Passport and binary tree code, please: CompSci quizzes at US border just business as usual

Frumious Bandersnatch
Silver badge

> 2. "Write what the sign on the Statue of Liberty says"

Ooh, I think I know this one:

Give me your hungry, your tired, your poor I'll piss on 'em

That's what the Statue of Bigotry says

Your poor huddled masses

Let's club 'em to death

And get it over with and just dump 'em on the boulevard

2
0

US military drone goes AWOL, ends up crashing into tree 623 miles away

Frumious Bandersnatch
Silver badge

Re: Many years ago ....

I guess that they shouldn't have made it watch "Catch 22" the night before sending it off on its mission.

3
0

Two-thirds of TV Licensing prosecutions at one London court targeted women

Frumious Bandersnatch
Silver badge

Re: re: End this insanely illiberal tax now.

> Since both sides complain equally stridently

Seems logical. It reminds me of the quote (not sure from who) that goes something like "The thing about being in the middle of the road is that you'll get knocked down by traffic coming from both sides"

2
0

In a loving tribute to its fiery washing machines and Note 7... Samsung management explodes

Frumious Bandersnatch
Silver badge

while meanwhile in a "proper" western democracy

The head honcho^Hhombre^Hstud is rolling back on anti-bribery regulations.

(example link, not vetted):

https://www.theguardian.com/us-news/2017/feb/14/donald-trump-anti-corruption-rules-dodd-frank-oil-companies

1
0

US Air Force terminates Predator drones. Now you will fear the Reaper

Frumious Bandersnatch
Silver badge

Re: AI and blockchain and social media will replace these tired pilots!

> And bombs we can rename Happy Cake Full of Surprises!

Or just call them "bombes", which are pretty much as you describe.

1
0

Google Chrome 56's crypto tweak 'borked thousands of computers' using Blue Coat security

Frumious Bandersnatch
Silver badge

Re: "That these products broke is an indication of defects in their TLS implementations,"

This is the Register. Windows 10 Trumps^Htrumps Godwin.

1
0

Pack your bags! NASA spots SEVEN nearby Earth-sized alien worlds

Frumious Bandersnatch
Silver badge

44 million years to get there at the speed of a standard jet aircraft

But how long by bus?

0
0

Zuckerberg thinks he's cyber-Jesus – and publishes a 6,000-word world-saving manifesto

Frumious Bandersnatch
Silver badge

did he just ...

spin that Kodos and Kang bit from The Simpsons out to 6,000 words?

but tonight I say, we must move forward, not backward; upward, not forward; and always twirling, twirling, twirling towards freedom!

1
0

FAKE BREWS: America rocked by 'craft beer' scandal allegations

Frumious Bandersnatch
Silver badge
Unhappy

Re: "India Pale Ale went *to* India"

> Or the Bristol Stool Cha

Hmm. I thought that might have been a reference to "ale conning" (being germane to the article) but it turns out it's just about stools (not of the bar variety).

1
0

Why I had to sue the FCC – VoIP granddaddy Dan Berninger

Frumious Bandersnatch
Silver badge

and Minitel

0
0

GRAPHENE: £120m down, UK.gov finds it's still a long way from commercial potential

Frumious Bandersnatch
Silver badge

Re: 2D

Have an upvote. Edwin Abbott salutes you.

0
0

Despite the spiel, we're still some decades from true anti-malware AI

Frumious Bandersnatch
Silver badge

the undecideability problem

Dr. Fred Cohen talked about this way back at the start of the history of computer viruses. Simply put, if the virus writer has access to the scanner, they can detect it and abort doing something that will identify its presence. You still see that in modern malware, such as when it detects that it is running under a VM (common practice when trying to analyse the buggers), it will do something different than it normally would.

Putting a Post-It labelled "AI" on the black box that does the scanning does not change the fundamental nature of the setup. So long as the virus/malware (or its author) has access to the box, it can use it as an oracle and keep trying different behaviours until it finds something that isn't detected.

1
0

High tides: Boffins spy on dolphins baked on poisonous piscines

Frumious Bandersnatch
Silver badge

Not new, AFAIK

I'm pretty sure that I remember seeing reports of this before. Either that or it happened to me once (allegedly).

6
0

Planned Espionage Act could jail journos and whistleblowers as spies

Frumious Bandersnatch
Silver badge

Re: So?

WFT? Is that an 's' I see after http in the forum URL? Excellent.

I guess that puts el Reg in the "anti-spy" camp. Finally!

1
0

Get orf the air over moi land Irish farmer roars at drones

Frumious Bandersnatch
Silver badge

re: No, I believe in the UK, [...]

What's the UK got to do with anything? You do know that places like Tipperary and Limerick aren't in the UK, right?

Anyway, the law in the Republic of Ireland is that you can use "reasonable force":

http://www.thejournal.ie/new-law-not-a-licence-to-kill-says-minister-327010-Jan2012/

34
1

You want WHO?! Reg readers vote Tom Baker for Doctor 13. Of course

Frumious Bandersnatch
Silver badge

Re: Sean Pertwee

Funnily enough, I came across this recently:

http://www.slashfilm.com/which-actor-dies-the-most-on-screen/

So John Hurt (who already played the Doctor, natch) has more on-screen deaths, but fewer deaths per appearance.

Of course, what with John Hurt having shuffled off his mortal coil IRL recently, ...

4
0

Soz telcos you're 'low priority' post-Brexit, says leaked gov doc

Frumious Bandersnatch
Silver badge

Re: "cross-cutting issues"

I thought of shredders, but I assume that it means that these mean issues that are common across a variety of different industries. Obviously analysts and their ilk have a penchant for making up new words when we already have perfectly sensible other ways of saying the same thing ("cross-industry" in this case).

0
0

ITU-T wants video sizes to halve again by 2020

Frumious Bandersnatch
Silver badge

4d interferometry

AFAIK, pretty much all video codecs assume that the video to be compressed is 2D and intermediate frames only take account of the difference between one frame and the next. Both are reasonable simplifications if you want something that's fast to encode or decode, but they mean that a lot of exploitable structure is ignored. Another feature common to most codecs is that self-similarity within a frame is mostly ignored, with most focus being put on motion estimation as a way to compress inter-frame differences in common cases (eg, panning, moving objects within the frame).

If you think about algorithms that can turn images (or objects in them) into 3D approximations, this is a lot easier to do if you have a video camera attached to a vehicle (or carried) than if you present the algorithm with an unordered collection of stills of the same target from different vantage points. It's easier to reason about the relative motion of the camera between frames. It's going to be more smooth, and looking at a sequence of images it's going to be easier to divide up areas between static (modified only by relative viewpoint) and transient (moving objects passing through the frame).

If the cost of encoding isn't so much of a problem, you could apply interferometric analysis to a sequence of images. For the relatively fixed objects, you could build up a 3d approximation of those objects and generate a pixmap to skin them. Taking a sequence of images like this might also help to sharpen the image, hence cutting down on the amount of noise, leading to better compression. You can't sharpen single images, but you can with multi-sampling over time or slightly different viewpoints. To make interferometry work, you'd have to be able to adapt to things like focus and motion blur, detecting it on the way in (and tagging affected regions per frame) and adding it on the way out.

Videos also have various spatial self-similarities, besides the time-based ones. The most easily-exploitable option for compression is to assume that self-similar blocks will be neighbouring each other, and that's now most codecs work (mostly through compressing the palette across neighbouring blocks, AFAIK). If the codec tried representing areas as simple 3d meshes with pixmaps, then it could maintain a cache of these over an extended period. An algorithm would explicitly compress these mesh+pixmap objects based on their self-similarity. If a transient object moves across a surface, it wouldn't necessarily mean that the data about what's currently invisible due to the occlusion gets kicked out of the cache, meaning that once the transient object has passed, it should be cheap for the decoder to repair the "damage". Likewise with things like fast cuts, where the data for one bunch of frames can be re-used when the camera comes back to them a few seconds later rather than starting with a new key frame each time.

If encoding cost is no object, then you can try to reverse engineer lighting information from the original stream. When the contribution from lighting is removed from each area, you can compress the forest of mesh+pixmap cache objects much more efficiently. Or, you can use it to refine your idea of what a surface is by tesselating its original mesh and throwing out a lot of the pixmap data (which takes up a lot of space relative to a mesh + lighting model).

Going from (effectively) a simple block-based compressor to one with meshes, textures and lighting does, of course, make things a lot more costly for the decoder. Still, if there aren't too many light sources or reflectance, I could imagine a next-gen GPU managing to handle this. (Too much reflected light turns it into a generic ray tracer, which has very poor locality of memory references)

This sort of thing could handle fairly static objects, but there's also the problem of how to compress deformable objects like faces or the silhouettes of transient objects that aren't spatially modelled. Probably some completely different approach is warranted there.

This all sounds pretty pie in the sky, but getting an extra 30%-50% out of existing approaches probably won't be easy, IMO.

1
0

Canadian telco bans a little four-letter dirty word from texts: U B E R

Frumious Bandersnatch
Silver badge

why

are they filtering text messages in the first place?

I know the article mentions "spam", but you don't filter spam by simple keyword searches.

(Reverend Bayes would be unimpressed)

24
0

Hard numbers: The mathematical architectures of Artificial Intelligence

Frumious Bandersnatch
Silver badge

Re: Srsly!?

> "Statistics *above* Maths!? Isn't that like saying Marketing above Engineering?"

Probably in the same sense as TCP is "above" IP. The higher, the cloudier.

0
0

Microsoft foists fake file system for fat Git repos

Frumious Bandersnatch
Silver badge

Another option

Just adding an observation: git allows for shallow clones with 'git clone --depth 1'

For big projects, this won't have the same level of bandwidth saving as a custom lazy file system (as here) but it can still have huge savings over doing a full clone of a repo with a long history.

1
0
Frumious Bandersnatch
Silver badge

Re: GVFS eating its own tail??

Why should it be turtles all the way down? Presumably the GVFS code isn't large enough or have enough developers to warrant being self-hosted.

Even if it was self-hosted, there's nothing stopping you from making a full clone onto a non-GVFS disk. That's probably what people who have to work away from the office have to do anyway. I think that someone else made a comment about having a single point of failure, but realistically speaking you will have one or more backup clones. The cost of keeping them up to date (on non-virtualised storage) will be trivial. All this does is cut down the overheads for a horde of developers who would regularly clone full repos and not do much work on them.

0
0
Frumious Bandersnatch
Silver badge
Thumb Down

Re: Proves Git is unsuitable for commercial dev work

re the title: no it doesn't

I clone various Linux kernel trees quite regularly. It can be a bit of a pain over slow links, but once I have the clone, I can pull updates with minimal hassle.

MS isn't "bastardising" git, either. Neither is it forcing a centralised model on developers. It's using lazy fetches to minimise the amount of downloads that individual devs need to make before they can start bashing on the code. Granted, if they want to actually *compile*, they'll need to do more fetches, but not, one would assume, the full repo + history. Anyway, a few things:

* The basic copy-on-write semantics are still there (developer's local edits are still local until pushed back and they still have to be merged back in in exactly the same way as before)

* Nobody is forcing anyone to use this file system, since they can still use regular clone to a local, non-virtual disk

* This is probably aimed at intranet deployment, where it should definitely help reduce unnecessary traffic (though I guess if it's well-designed, with well-thought out security, you could also use it on the wider net)

It's a file system, not a fundamental change to git itself, hence it's not enforcing a centralised development model, nor proving that git is fundamentally flawed.

2
0

Apple weans itself off Intel with 'more ARM chips' for future Macs

Frumious Bandersnatch
Silver badge

Doesn't seem very feasible

Initial big/little implementations basically hid the fact that there were 8 ARM cores running at the high (application) level, but later iterations let you use all cores at full tilt if you wanted, leaving the pairing of big/little cores (and transparent migration of processes between them) as more of a secondary option.

So that's how big/little seems to have panned out in practical terms in a purely ARM system.

The article suggests that somehow there can be transparent migration of workloads from high-draw Intel cores to low-draw ARM cores. This between systems that don't share an ABI or machine code or whatever. So how is that supposed to work? Some sort of qemu-like emulation of the workload? Even if it's only doing the translation once, I can't see how emulation is going to be power-efficient enough to warrant sticking in a new CPU.

I guess the other option is that there is no migration and that the hardware uses all native big/little ARM code. Sounds a bit like winmodems, and I don't mean that in a good way.

4
3

'Mafia' of ageing scientists, academics and politicos suck at picking tech 'winners'

Frumious Bandersnatch
Silver badge

Re: Graphene

Indeed. I saw a report on that on NHK World last night. They also had a segment on building a space elevator, with a Japanese company planning to use carbon nanotube cables to get up there by 2050.

I found their web site and it mentions:

The current technology levels are not yet sufficient to realize the concept, but our plan is realistic, and is a stepping stone toward the construction of the space elevator.

Are carbon nanotubes strong enough for this to even work, assuming it's possible to make a 96,000-km cable?

1
0

Father of Pac-Man dies at 91

Frumious Bandersnatch
Silver badge

obligitory cultural references

#1 Zappa's Valley Girl

"You know me, I'm like into like the clean stuff. Like PAC-MAN and like, I don't know?"

#2 Marcus Bridgstocke's (him an his misplaced 'e') Fringe-worthy joke:

“If Pac-Man had affected us as kids, we'd all be running around in dark rooms, munching pills and listening to repetitive electronic music.”

0
0

Doomsday Clock moves to 150 seconds before midnight. Thanks, Trump

Frumious Bandersnatch
Silver badge

Re: This is the year...

> the year when I finally get my act together, write that novel, ...

The Doomsday Clock certainly didn't stop Alan Moore writing "Watchmen". Contrariwise, he used it to good effect throughout the book.

0
0

I'm deadly serious about megatunnels, vows Elon Musk

Frumious Bandersnatch
Silver badge

Re: Anyone buying the LA earthquake argument?

> Tunnel projects almost always go massively overbudget

So they'll end up sapping his cash, you say?

1
0

Forums

Biting the hand that feeds IT © 1998–2017