* Posts by Henry Wertz 1

3137 publicly visible posts • joined 12 Jun 2009

Three things that have vanished: $3.6bn in Bitcoin, a crypto investment biz, and the two brothers who ran it

Henry Wertz 1 Gold badge

Yup should have been suspicious

Yup they should have been suspicious being promised 10% daily returns (as first poster and many have said.)

Cryptocurrencies are highly volatile, higher volatility means high and fast potential gains, but also faster potential losses (and the potential to make 0 if the money is sitting but not being actively traded.) Indeed if these people were promised any particular level of profit they should have run straight away.

Also, you'd hope some of these people would do due diligence to realize they do not have to take their money to some magic startup to roll the dice on cryptocurrency, there are forex traders who got bored with the relative stability of currency trading and have applied their techniques to crypto trading. If you want to invest in crypto without watching over it yourself, you do not have to take your money to some magic crypto startup, there are conventional investors who are happy to professionally* invest your money in crypto.

*Crypto in general, due to the high volatility, is really above the risk levels professionals typically take. But they will apply their hard-earned professional techniques and experience they use to eek out profits from some 1% price difference in forex, to try to make and hold profits in crypto, so they're likely to be better at it than a lot of randos who just go on and trade some currencies around.

Containers make life easier for the software vendors you buy from, and that's why they'll win

Henry Wertz 1 Gold badge

I guess either way

Wow, it's dead even (when I voted), over 1000 votes and it's 50/50!

I voted "agreed", but...

Virtual machines? Linux kernel on a VM is aware it's on a VM, it's tickless (so it's not generating interrupts and so slowing down the shared system when it's not doing anything) and the "virtual server" distros are pretty light. Running stuff on VMs is not too bad. But you have then a kernel running, virtualized disk access, then running through another kernel; multiple caches (both the VM and physical box will have a disk cache for example); you then have a in-VM scheduler and physical system scheduler... there's overhead there. But, the VM has it's own OS, there's no worrying over kernel differences or distro differences, or your app is for Linux but someone wants to run it on Windows. Security-wise, both the VM and the container are supposed to isolate everything, but the VM restricts the attack surface rather severely in terms of what can be done to the physical machine.

BUT.. containers have nearly 0 overhead, you are not having to pre-allocate RAM or disk space, there's nice controls for the disk, RAM, and CPU usage (VMs let you change # of CPUs and at least on VirtualBox reduce % speed of the cores VirtualBox exposes, but the containers have nice CPU usage control too.) Modern containerization solutions in linux, the containerized app has it's own /proc and /sys, it's own process list, and some kind of user id mapping stuff so you can "be root" inside a container, but have no special privileges outside it. it can have it's own view of CPUs and available RAM or have access to the whole thing, etc., and that can generally be changed on the fly. Conversely to the VM, the container does have direct access to the real system kernel, you've got the real system kernel as an attack surface instead of having to get through a VM kernel, bust through the virtualization and then try to dick with the physical system.

In the case of both, you have the disadvantage of not taking advantage of your distro's package mechanism, your distro is likely to update vulnerable libraries straight away, while a container or VM you are at the whim of whoever updating the whole package to replace vulnerable libs. But, there's plenty of containers and VMs where you simply don't expose them to the outside world, and it won't matter if you get these updates immediately or not.

Edit: technology maturity. VMs have been around on IBM kit since the late 1960s, of course it was kind of "rediscovered" in the late 1990s/early 2000s for use on PCs, UNIX servers, etc. Plenty mature technology by now. Containers, they can be quite flexible, UNIX has had "chroot jails" since like the 1970s; the enhancements to make a /proc, /sys, seperate process list for "top", etc. and give a better illusion of being on your own full system came out more like late 90's-early 2000s too. But besides the cloud providers, you have shared web providers that run this stuff on a massive scale quite successfully, it's well-understood and mature technology too. I've used a few "shared server" setups where you update your own kernel; they're using a VM; a few where it seemed just the same but no kernel to update (you were in a container.) They're good enough now that that was literally the only apparent difference, it seemed like I was on my own (these were like a $5-10/month plan) 1 or 2-core server with 512MB or 1GB of RAM.

Samsung pushes out single console all-in-one RAN kit for cramped European markets

Henry Wertz 1 Gold badge

They can blend in pretty well!

They can blend in pretty well!

Verizon Wireless in my area (Iowa, United States).. Coralville, IA has no microcells, there's a couple "tower" sites and that's it; Iowa City, IA (these two towns are directly adjacent and sprawled together..), microcells about every 2 blocks. So you're going along this bit of highway (Coralville strip), you're getting like 10mbps with occasional dips to like 1-3mbps, you keep going and you're in Iowa City, 90mbps+ all the time with the "worst case" dips being like 30mbps.

Those things really blend in!

One, those barrel-shaped grey power transformers up on the power pole, there's a third "transformer" that's plastic and has fiber optics running up instead of ground wires (we have above ground power and cable, but buried phone lines, here.).

The other I've been able to find (only because I have a signal strength app and can see it pegging out so I know it's there...), the side of this building has like a building-sized air conditioner and the utility boxes and meters for phone company, power company, etc., apparently one of the "etc." is a cell site made to look like a generic utility box. I know I was looking right at it and couldn't even tell which it was (I suppose the required markings ... thing saying it's owned by Verizon WIreless, the "no digging" for the fiber, etc., must have been on the back so they face the building? Otherwise you'd think you'd at least see the box with cell phone company markings on it.)

Third one there's a grass area like between two houses with a maybe 2 foot tall green pipe sticking up, it looks all faded though like the smaller size phone company boxes. Not sure if the pipe's it, or (given how the other two were hidden) there's just an extra "utility meter" or something tucked in next to the houses, I didn't care to walk into someone's yard just to take a look. But from the sidewalk, you could look at the equipment and I would have guessed there was no cell site there.

I was very surprised, generallly in areas with this site densification the "big 4, now 3..) (Verizon Wireless, AT&T, T-Mobiile, and former Sprint, who T-Mo just bought) did just end up (occasionally) putting up new masts but otherwise using what clearly look like cell site antennas stuck to street poles, power poles, toops of buildings and whatever else.

Google cans engineering diversity training scheme after alumni complain of abysmal pay packages

Henry Wertz 1 Gold badge

Problem is probably cost of living

Honestly part of the problem is probably cost of living based, depending on how abysmal those abysmal pay packages are. I could tough it out with lower pay for a genuine opportunity to get in at a place like this. But, the prices in silicon valley area and areas like that are so extreme you could be paid what would be a very good pay scale here in the midwest, there you would essentially have a choice of sharing an apartment with a bunch of roomates (and have some discretionary money left over to save up or spend) or rent on your own but barely scrape by. Could be especially difficult if you got through the first year, and the pay scale offered at that point is still low enough for this to be a problem.

Deadline draws near to avoid auto-joining Amazon's mesh network Sidewalk

Henry Wertz 1 Gold badge

fun!

it's going to be fun to find out how to tap into this and get a few GBs of free internet off various rings'n'things.

JBS Foods ransomware gang: White House 'engaging directly' with Russia about attack on massive meat producer

Henry Wertz 1 Gold badge

Re: A simpler explanation

>Maybe whoever is behind these attacks simply single out large (rich) organisations with crappy security?

Spot on. These usually spread the same way as any windows viruses... they spaff out spam with virus payload and port scan, finding poorly secured Windows PCs and automatically infecting them. Found a nice clump in one place? Flip on the "encrypt and ask for ransom" switch for them via command & control.

Refurb your enthusiasm: Apple is selling an 8-year-old desktop for over £5k

Henry Wertz 1 Gold badge

1980s?are you kidding me?

1980s? are you kidding me?

maybe this is different in uk, but in us 1980s are squarely part of the "malaise era" of automobiles. modern vehciles are much safer, better gas mileage (somewhat better while being much faster, or much better mileage while being somewhat faster, depending on engine in the modern vehicle.) Quieter, and better handling (excluding gross SUVs).

Big Tech has a big problem with Florida passing a law that protects politicians from web moderation

Henry Wertz 1 Gold badge

Leave the state

Honestly, I would just cut off the state of Florida from service, and let anyone who was not automatically geoblocked that if they are from Florida, they are using the service without permission and must stop using the service.

AWS Free Tier, where's your spending limit? 'I thought I deleted everything but I have been charged $200'

Henry Wertz 1 Gold badge

First thing I looked into..

First thing I looked into when I had AWS Free Tier... how do I set things up so I don't have massive potential cost overruns. There's a few machine types where they throttle your CPU usage when you "burst" to using too much usage, so your maximum monthly bill is like $5/month. I made sure to use those (I didn't exceed free usage, but if I did I couldn't end up with that large a bill. Of course, it also meant I didn't have much more processing power than I'd have on my personal desktop anyway).

It's true though, (not that I blame it on Amazon, they are there to make money off usage...), their documentation didn't really even discuss this kind of thing, and they make it much easier to start up machines and rack up usage than to make sure they are shut off, and it's harder than it should be to accurately track what your actual usage (and thus bill) is (I didn't realize the alerts are like a day behind though -- that's pretty ridiculous given you could potentially blow through a month's expected spending in a minute or two if things went seriously sideways... for instance by having some auto-scale thing turned on, have your stuff malfunction and fire up like 10,000 instances.)

Firefox to adopt Chrome's new approach to extensions – sans the part that threatens ad blockers

Henry Wertz 1 Gold badge

Why at all?

"Why do Mozilla need to implement manifest v3 at all?"

They don't, I think the idea here is most of the rest of the stuff in manifest v3 is legitimately useful to protect against malicious extensions (while not impacting legitimate ones), while the part regarding webrequests cripples ad blocking without a suitable replacement.

Big red buttons and very bad language: A primer for life in the IT world

Henry Wertz 1 Gold badge

Replacement hardware?

I would think, if those RM03s and RM05s were getting all that finicky, that they'd be phased out for newer equivalents. I can't find the info now, but I'm fairly sure by then vendors sold equipment for PDPs and the like that let them replace these drives with regular SCSI hard disks (possibly even IDE, although I rather doubt it.) Although I've certainly seen shops like that, if it works don't touch a thing other than the required upkeep.

That Salesforce outage: Global DNS downfall started by one engineer trying a quick fix

Henry Wertz 1 Gold badge

Did they ignore procedure or "ignore procedure"?

Did the tech ignore procedure or "ignore procedure"? I worked at a place like that for a while (not IT)... There were procedures to be followed (developed by some people who had not worked on the line at all), and a schedule to be met, but it was physically impossible to meet the schedule if the procedures were followed. So, in actuality there were on-paper procedures to be followed, and the procedures followed in reality (which saved about an hour a shift without affecting quality at all.)

It does make me wonder, if this tech really kind of "went rogue", or if this was just routinely done until something went wrong. To me, it sounds like a middle ground would be good -- having so much red tape and asking permission for a change they know they have to make that it's tempting to skip it is not great. Rolling out everywhere at once is not great. It seems like a fair middle ground would be not to require all the multiple permissions and red tape (since they know DNS records must be rolled out, jsut a notice that thye're doing it now seems like it should be adequate); but rolling out to 1-2 regions/partitions first then the rest after hours to days is definitely a good idea to avoid a global outage.

Help wanted, work from anywhere ... except if you're located in Colorado

Henry Wertz 1 Gold badge

Re: I want to know the salary rang

Yeah they really sound like a bunch of douchebags; I've seen a bit of that first hand, and read about plenty of it. Both the jerking you along that long without any hint of where the job is or what it pays; and that whole "ego trip" that (mainly larger) companies have of thinking you're applying because you're EVER SO EXCITED to work at their company, as opposed to "I work to get paid" or even "I am interested in this line of work".

Henry Wertz 1 Gold badge

*woosh* right over their heads

"If large employers are refusing to comply, they risk being seen as refusing to address racial and gender equity," (plus quote from Coloardo senator): "Just recently, this has come to my attention," she said. "Women here are outraged because this bill was something they worked for years and years and the pay transparency piece was a huge part of that."

*woosh* right over their heads!

It didn't even occur to me this would be some racial/gender equality thing... since it's not. It's a matter of some of these places not wanting to pay the Silicon Valley payscale for someone that is living in Idaho (.. which may not be fair either, if someone remote works from somewhere inexpensive perhaps they should get the same pay and get to pocket that money... but you also have places in UK that pay London pay bumps and so on.) Plus, for whatever reason, it's simply common for firms to not even hint at what their payscale is, they think it's some kind of negotiating tactic.

Cloudflare stops offering to block LGBTQ webpages

Henry Wertz 1 Gold badge

Fair point, but...

Fair point, but I'm quite sure there's a direct filter for porn.

BadAlloc: Microsoft looked at memory allocation code in tons of devices and found this one common security flaw

Henry Wertz 1 Gold badge

Responsible disclosure?

So, as much as Microsoft use to whine about so-called responsbile disclosure (thinking flaws should be sat on indefinitely, until the vendor gets around to patching it; and presumably sat on forever if the vendor can't be bothered)... did they follow this policy? Just saying.

UK watchdog would cease to enforce data protection law if Supreme Court sided with Google, its lawyer tells judges

Henry Wertz 1 Gold badge

Agreed with ICO

Agreed with ICO -- if one has to prove damages (i.e. their data used for identity theft most likely) rather than that the company violated data privacy laws, then I could see ICO saying "the hell with it" and not enforcing the law at all. Showing abusing privacy is easy, showing it lead to identity theft or other actual damages is difficult. The thing is, once the identity theft occurs, the company could be sued for real damages anyway, so obviously the point of the privacy law is to provide more protection than that.

Stealthy Linux backdoor malware spotted after three years of minding your business

Henry Wertz 1 Gold badge

systemd is the devil

"As linux users (and especially the admins of servers) , aren't you supposed to read and understand the entire sourcecode to your running install ? Isn't that why we have open source in the first place ? So you can inspect it before running."

Yes, and this is a reason why systemd is the devil. Replace readable and understandable scripts with poorly-documented opaque binary blobs* that tentacle their way through the system, subsuming more and more system functionality.

*Obviously systemd does have source code, but compared to just having shell scripts booting the system it's still pretty opaque.

Appeals court nixes online blueprint sharing ban on 3D-printed 'ghost guns'

Henry Wertz 1 Gold badge

"My take on the issue is that the gun issue is very much a cultural issue, especially in America where things like the Mountain Men have become a part of the country's lore. Plus, there's the whole 2nd Amendment "guard against tyranny" thing."

Problem I've seen, very often you have the "mountain men", and regular rural people who like to hunt (deer usually), stuff like that. A large number of the "lets take away gun rights" types live in the middle of cities (New York, Chicago, etc.) where there honestly is nowhere appropriate to fire off a gun, if you go hunting rats or pigeons each miss is going to hit a building or bystander; but they seem to think they don't need guns so nobody else should possibly need them either.

"Plus, there's the whole 2nd Amendment "guard against tyranny" thing. "

The reason people are so distrustful of any gun regulations, in the past the anti-gun lobby in the past has gotten what should be minor, sensible laws passed then intentionally abused them, at which point they get repealed. Years back, a law got passed so people who get guns at gun shows should have to get a background check, with the ability to do an "instant" background check that can be run in 10 minutes to an hour (which is sensible, and even the NRA thought it was fine, if they actually stuck to doing it this way); then, they decided it'd be really cute to intentionally delay these background checks so they would take 3 days (since the gun shows usually only last 2-3 days), intentionally to make the checks too slow to try to shut down gun shows. Of course, at this point the law was repealed. The "assault weapon" bans are similar.. it sounds sensible! But, if you push most people who want one (including the congressmen etc.) they'll admit they don't actually know what an "assault weapon" is (... for the most part these are automatic machine guns that are already illegal.) In the past there were leaked plans to get an "assault weapon" ban passed, then just redefine more and more types of guns as "assault weapons" so eventually a hunter would not even be able to legally go hunting with their hunting rifle because now it's an "assault weapon". Third example, a few states have had laws so the sherriff gets final OK on gun permits, with the sensible reason that this way if someone does act all crazy (but legal), they could still be turned down for a gun permit. But, this law didn't require any actual reason for denying permits, so in some jurisdictions (not the middle of a city either, rural), the sherriffs just decided they'd deny all permits except a few friends of theirs. Of course the law then got repealed.

Henry Wertz 1 Gold badge

Freedom of speech issue

"I have not looked at the drawings or the bill of materials for these guns but knowing something about metallurgy I wonder about how the parts are heat treated so they have the correct properties so they are safe for the user."

No, that's one of the points that was made back when Defense Distributed put these up back in 2013. The 3D printer material is in no way correct for guns, when they printed a few at the time, I don't think they necessarily even fired once, after 1-2 shots maximum they were warped. I don't know if guns really can blow up in one's hand if they misfire, but if they do these probably have a decent risk for that.

The point of this when Distributed Defense put it up in 2013 was not to distribute a useful 3D printed gun design; it was in fact to make a point that those who are willing to ignore the 2nd ammendment right to bare arms will also be perfectly willing to ignore the 1st ammendment freedom of speech (which is in fact what happened -- with no laws on the books barring this type of blueprint, the feds got it pulled anyway, despite it just being a description and not a physical object.)

I don't have any guns myself, but fully pro gun runs -- there are procedures for modifying or rescinding constitutional ammendments (2/3rd vote), that's the way to restrict guns. Until that point, anti-gun right types in the US are simply deciding it's OK to pick and choose which parts of the bill of rights they want to follow and which they don't.

(Incidentally, if the concern is about the amount of shootings in the US, the big issue now isn't too many guns, it's the total lack of mental health treatment availability in the US, it's pretty ridiculous. Both lack of capacity, and of course keep in mind the US health insurance system is broken so most uninsured cannot even consider this; and you can be fully insured and still have your insurance company decide they're not going to pay for it. You can have someone muttering "Only my gun understands me" and acting full-out "The Shining" crazy but stroking a gun instead of an ax, and in some jurisdictions nothing would happen at all until they start shooting (they haven't broken any laws yet) and in others, they'd be taken to a police station, but even if they're found to be 100% nuts, the choice in most of the US for nutters is release them or find some reason to throw them in prison. People will have a relative who is full-on schizophrenic, and (if they have insurance, otherwise too expensive to even consider) they will spend a month or more finding anywhere to put them.)

Microsoft joins Bytecode Alliance to advance WebAssembly – aka the thing that lets you run compiled C/C++/Rust code in browsers

Henry Wertz 1 Gold badge

Essentially webassembly *is* Javascript

Webassembly at it's base uses tokenized versions (i.e. few-byte opcodes rather than full names) of a very limited set of Javascript functionality, I assume on a big byte array, using assembly-language-level Javascript instructions (i.e. probably huge amounts of use of 8-bit, 32-bit and 64-bit values, and no use of strings and other data types, object oriented anything, and so on). So, with some Javascript compatibility wrapper (to de-tokenize the webassembly) it can actually run in a straight Javascript interpreter (probably rather slowly).

Any modern browser (Firefox and Chrome for quite a while at least) handles the webassembly as actual bytecode (not a series of tokenized Javascript instructions); instead of the a compiler front end breaking C or C++ down into bytecode and using LLVM (or backend of gcc) or custom JIT compiler or whatever to optimize and compile, it pulls in the webassembly and LLVM or custom JIT or whatever optimizes and compiles it, so you essentially get native performance if you have a good webassembly compiler.

If you want to see a fun demo of this, go around on archive.org and find the stuff on there for like DOS games, C64 games, Atari 8-bit games, etc. -- instead of like "here's the disk images to download", a lot of these pages are like "here's the disk images to download, or click on this box to boot up the game and play it", click the box and an Atari 800XL powers up, boots off the floppy and there's your game.

Shadow over Fedora 34 as maintainer of Java packages quits with some choice words for Red Hat and Eclipse

Henry Wertz 1 Gold badge

btrfs?

btrfs?

Hmm... I tried it years back; it seemed unstable and I suffered some data loss from it. I tried it about a year ago, people report it's nice and all that. I ran an dedpluicater on some of my stored stuff, and compression on some stuff. It would run fine as long as you had 100% up time. Oh, you had a power cut or something? btrfs still has no strategy to recover from that kind of thing; it'll detect issues and go read-only, if you're lucky enough to not lose access to any files at that point (I had files or directories just go at that point), it can tell you that a generation of stuff is corrupted.... ok, it tells you the most recent generation. fsck doesn't help. Rolling back a generation fixes problems there, then it goes read only again because the generation count doesn't line up somewhere else in the directory tree. Seriously it was crap unless you have flawless hardware. rsync and virtualbox both seemed to have remarkably poor performance on btrfs.

Plain ext4, never a problem -- worst case if you have a poweroff is an empty file if you were in the middle of copying over a file. But, no deduplciation, no compression.

s3qlfs lets you have a filesystem mount with deduplication and compression, with the actual data stored on your ext4 filesystem. I had a dodgey USB drive for a while so I can tell you it's pretty fault tolerant. It has a proper fsck command that usually worked; once or twice it complained about the database being corrupt (which it does back up regularly, so you don't have a total loss if it's irrecoverable, you use one of the about dozen backup copies), I was able to run a sqlite3 .recover on it, and with an fsck it had everything but whatever I copied in within the last minute or so (which it stuck in lost+found). The performance is quite good, I back up a bunch of junk into s3ql and can also run virtualbox out of it (I doubt the .ova files shrink much since they're probably already compressed, but the live .vdis sure do.)

Traffic lights, who needs 'em? Lucky Kentucky residents up in arms over first roundabout

Henry Wertz 1 Gold badge

Kansas City "virtual highway"

Kansas City has some kind of, I'll call it a "virtual highway" going through, something like a dozen highways combined in these couple stretches of road. (Those couple miles of road were in about the shape you'd expect from having a road having like a dozen times the traffic with 1 times the maintenance.). To stay on the one I wanted to stay on, I ended up taking something like Exit 1B, then multiple multi-lanes split off that offramp (that I didn't take) until something like exit 1Y, which also split off exits, had to gun it left across like 3 lanes of traffic to get to something like exit 1AC (I saw signs for up to 1AF.) Yep, 32 exits in one mile. The signage was good but there sure were a lot of them 8-).

Henry Wertz 1 Gold badge

Man

Man... as a US'ian, I can say that video is some real hillbilly shit. (I've been to Kentucky, and this doesn't really represent it, generally people there are fine. But man, roundabouts are not that difficult.)

One problem I've seen with the roundabouts in the US though -- there's zero standard for signage, or even a suggestion of what the signage should be, or how they should be set up (...edit: or there is and cities just aren't following it and doing their own things.). The one in the video, that's pretty bad but there appears to be no signage whatsoever. A little sign with a circle and arrows point around it counterclockwise will tell most people what it is, and at least keep them from driving around it backwards. But I've seen one with that, several without it, and several where they decided to get cute and overcomplicated, and have like 3 lanes going in and one going out as you go around the circle or whatever; one of these, the sign is incorrect and shows two lanes going around when actually the right lane splits off with an island, onto a road that has nowhere to turn around (I went about 5 miles and finally did a 3-point turn on the highway, to narrow to do a u-turn; I must admit the 2nd time I got to this roundabout and made the same mistake of trusting the sign, I said "the hell with it" and hopped over the island.) I saw one in Kansas with excellent signage making it very clear what street or highway each exit off the roundabout was, but a freakin' stop sign, making it 100% useless compared to just having a 4-way stop and standard highway signage.

Don't blame rural carriers for buying Huawei, says FCC Commissioner. They couldn't afford the top-shelf stuff

Henry Wertz 1 Gold badge

OpenRAN

OpenRAN does look promising. The short of it, with the remote radio units (on the cell site "mast"/cell tower), software defined radios (at the base), and telco switching equipment (wherever it is), it should be possible to have these be interoperable, but at present they aren't; OpenRAN is spec'ed tightly enough that stuff following OpenRAN does interoperate, and has support from both a bunch of small vendors and (more importantly) several large vendors.

From a technical standpoint, with newer cell phone hardware you've got an SDR setup (software defined radio.) Up on the cell tower/mast with a traditional setup you'd have some antennas, then antenna lines running to radios and such at the base; now those antennas have hardware behind them (remote radio units, RRUs) that do the radio receiving and transmitting (no processing), it's sent digitally via ethernet (fiber if you care about lightning protection, copper otherwise) to the base, and the radio processing is all done at the base.) This means the SDR setup can be updated via software (T-Mo US and Verizon both upgraded their 4G hardware from within the last 5-6 years to support 5G via software update), but the present SDR setups are still proprietary between RRU and base, and there's a good amount of vendor lockin going on.

OpenRAN standardizes the link between RRU and SDR equipment so it can be mixed and matched; allows having the SDR off-site (within about 10ms latency, if the cell co has fiber to the cell sites OpenRAN supports concentrating the processing at one site or some local data center, instead of having beefy computing hardware at each and every site.) And apparently in practice it allows mixing those with whatever brand of telco switching hardware too. Verizon and AT&T in US have both pushed OpenRAN pretty hard, and apparently Nokia & Samsung (if nothing else to get those sales) have pushed OpenRAN pretty hard too, and (even if reluctantly) Erricson more recently inidcated support for OpenRAN. (A nice standard wouldn't be too helpful if the big vendors didn't follow it.)

Linux as root partition on Hyper-V: Microsoft submits patches for kernel 5.12

Henry Wertz 1 Gold badge

Hyper-V by itself?

I'm wondering how you actually get Hyper-V alone? I mean, you're potentially running a Linux root, with Linux VMs on it.... but AFAIK Hyper-V is treated as some component of Windows, so how do you even get a hold of it if you have no copies of Windows in play at all? I'm not trying to be a smartass here, I'm genuinely wondering this since I haven't seen anything shipping that would be just Hyper-V.

As Linux 5.12 released, Linus Torvalds warns next version will probably be rather large

Henry Wertz 1 Gold badge

N64 in mainline kernel

"I'm all for diversity in platforms, but does N64 support really belong in the mainline kernel?"

N64 is effectively an SGI in a console. MIPS CPU, Reality Engine, etc. I think you'll find rather than having a large amount of new code written just to support N64, that the existing SGI code (already in kernel) just had some "ifdefs" and tweaks added in to also support N64. Whether MIPS-based SGI support still needs to be in kernel either is another matter, those are long in the tooth these days too.

I must agree with this being a novelty port, though. The 93mhz CPU is no big deal (obviously it's slow but you don't need much CPU power to have fun), but the 4MB RAM is very tight these days. I used a 16mhz 386 system when I started out with Linux, with 4MB RAM (and later with 8MB), and it sucked, not due to the CPU power but the low amount of RAM. Late 1980s-era UNIX systems had 4MB base and preferably 8MB or more. So mid 1990s with 4MB was command-line only (I could start X and run xclock and xterm but that was about it for X software without running out of RAM... I did have a few fun SVGAlib games though like a nice asteroids game and such.) Slackware back then did not use Unicode (I don't know if any Linux distro did), adding Unicode does make current command line software a tad bigger than back then. I recall on my 40MB HD I started out with, having to set 4MB of it for swap so I wouldn't run out of RAM.

Volunteer-run pirate Manga website attacked, loses hashed passwords, has ‘nobody’ to fix the mess

Henry Wertz 1 Gold badge

No diminshed sales

Yeah, the diminished sales is a weak excuse. These fans tend to get the "unofficial" version of these manga and anime, and actually buy the official translations as soon as they come out; I seriously would guess rather than reducing sales, this probably increases the number of fans who purchase their products. Translations have a healthy cost, so they decide which series they will translate and which they won't... (... I know the "politics" of it makes this impossible, but wouldn't it be interesting if a publisher simply bought the rights, then kicked a couple bucks toward the "pirate" anime/manga sites and simply used their translations?)

Does the boss want those 2 hours of your free time back? A study says fighting through crowds to office each day hurts productivity

Henry Wertz 1 Gold badge

What an outdated view

"He said he believe that remote working does not allow teams to collaborate or businesses to engender a "great culture and an inspired workforce.""

What an outdated view. I suppose next they'll want me to fax some documents over, then look them up on my Rolodex and call up on my landline. Don't get me wrong, I'm sure there's cases where a team really gels in a way where they wouldn't when they're all remote, but I think in most cases this is managers that didn't bother to adopt to using Slack and Zoom wanting everyone sitting around at a meeting table (or, wanting to be able to tell people to stay at the office and put in some overtime.)

Apple faces another suit over its allegedly misleading water resistance claims

Henry Wertz 1 Gold badge

Re: Wouldn't have bought phone

"Since most people are tied to either Android or IOS what phone would Smith have bought otherwise? It isn't like there is a lot of choice of manufacturers offering IOS phones."

But there are manufacturers making actual IP68-compliant Android phones.

GCHQ boss warns China can rewrite 'the global operating system' in its own authoritarian image

Henry Wertz 1 Gold badge

Screw them

So the people behind the internet standards have pushed the availability of anonymity, strong cryptography, fault resilience (being able to route around faults, including "faults" being someone trying to "shut down" internet connectivity.) GCHQ (and equivalents in the US) have directly opposed this, wanting every tool an authoritarian regime would want; then have the nerve to bitch when someone besides themselves decides to take full advantage of this.

Salesman who helped land Veritas UK's 'largest ever' deal was lawfully docked £275k in commission, says judge

Henry Wertz 1 Gold badge

Demotivation

And Veritas will wonder why their sales people are not motivated to go after the larger contracts. Honestly, claiming a fairly large commission (10% seems high to me) but then finding ways to weasle out of paying it is no way to motivate anybody.

University duo thought it would be cool to sneak bad code into Linux as an experiment. Of course, it absolutely backfired

Henry Wertz 1 Gold badge

Legitimate research

I can see the harsh response, for wasting the limited time of the maintainers.

But I do see the research as legitimate research, they wanted to see if code like this was caught at all or not, and what the reaction to it was; well, they sure found out!

Docker Desktop for Apple Silicon is here, but probe a little deeper and you'll find Rosetta 2 staring back

Henry Wertz 1 Gold badge

threading and performance

The problem I ran into several years ago, running x86 and x86-64 binaries on my ARM with QEMU (Acer Chromebook 13) was that ARM has weaker memory consistency guarantees than x86/x86-64; so, running a single-threaded application was 100% fine. Once you got a second thread involved, all hell would break lose, without explicit cache flush instructions ARM in no way guarantees a consistent view of memory between two CPUs, and QEMU's dynamic translation of x86/x86-64 to ARM instructions does not insert these instructions (it's a work in progress, but has been for like 5 years -- put cache flush instructions everywhere and execution would be correct but slow as hell, but putting them just where needed is a trick thus this whole situation.)

As for usefulness -- I threw Ubuntu onto the Chromebook, this had a Tegra K1 (same as in the Nintendo Switch) -- a quad-core 32-bit ARM, and NVidia GPU pretty equivalent to a NVidia GTX 650, altogether using low enough power for a 20 hour battery life. I had full Ubuntu desktop, even flash (some kludge to use the Android flash plugin) and Java, and the NVidia driver supported OpenGL and CUDA. For regular use, it compared worst case to being equivalent to a Core 2 Duo, for typical use it's pretty close to my Core i5 750 desktop (actually bout CPU and GPU wise, it has a GTX 650 in it), for video encoding NEON reallly helps and the quad-core ARM trounced my I5, to the point that I'm looking into reviving the chromebook for this use. Unfortunately, Acer seemed to be quite good at engineering to spec or however you want to put it, after like 1.5 years of flawless service... the battery packed up, power connector got flakey, case started cracking, touchpad started acting up, and SDCard with Ubuntu on it died (can't blame that on them, I supplied the card) all within like 2 weeks of each other.

(Yes, I did find you could use qemu to run x86-64 bins on the 32-bit ARM -- it's cross-compiling anyway, so had no complaint running a 64-bit app on a 32-bit system. I used this for a print driver, and since there was no ARM Android Studio back then, the bulk of Android Studio runs in Java... thankfully since the qemu performance was not blazing by any means... but it runs a few binaries when it buiilds a Java app, so those ran under QEMU.)

Zorin OS 16 beta claims largest built-in app library 'of any open source desktop ever'

Henry Wertz 1 Gold badge

wine's not that bad

Wine's really improved a lot in terms of compatibility even within the last year or two. I've actually had pretty good luck just installing whatever arbitrary windows app and having it work. I'd include winetricks out of the box if I were rolling a distro with wine, a few games that didn't work right off did after I google'd it, and ran "wintericks (whatever they said to run)", installing some d3dcompiler_xx.dll libs and some fonts.

I'm going to try out Zorin in a VM and see how it looks. Sounds fun!

Got $10k to burn? Ultra-rare Piet Mondrian-esque Apple laptop is up for grabs on eBay

Henry Wertz 1 Gold badge

wifi

If I were going to get one of the antique PowerBooks, I'd go for the 190. It had a PCMCIA slot and actually had drivers for a few old WaveLAN cards and such so (if you can still find the card) you can actually get online with it wirelessly.

After years of dragging its feet, FCC finally starts tackling America's robocall scourge

Henry Wertz 1 Gold badge

Hopefully the FCC imprisons them

"I am not sure if this is possible, but what I would like is for the phone providers -- whether landline, mobile, or VoIP -- to provide us an option to automatically block all VoIP numbers that originate outside the country. For instance, if I am in the United States and a VoIP call is made whose source IP is from India, block the call."

Not helpful. The greasy Indian scammers are based in India (probably) but the massive assholes running the VOIP are almost all Florida-based. I am all for cutting Florida off from the PSTN though.

"One thing that would make a much larger dent in their operations is a caller ID system which does not allow forged numbers"

I suggested that a few years ago in the FCC's robocall contest -- if the caller ID does not match the routing info for that number (i.e. it's says it's a local number, but it's coming in from Florida) -- block the call. Cell phones and phone numbers that have been ported from one part of the country to another, the calls already are routed properly, so those can be handled too. As a fallback, if it turns out running these checks on every call is too resource-intensive, then run the check after 5 or 10 calls. The thing that won the contest was one of about 50 submissions for a box that shows caller ID, and lets calls be blocked based on caller ID (useless really, since the robocallers falsely and fraudulently rotate their caller ID, I have gotten some where I the same # is reused months apart, but the 8-10 a day I get from these fucks are all from different numbers.)

Ironically, the current solution being rolled out is to authenticate the caller ID -- don't know if they saw my suggestion or not. SHAKEN/STIR is using DIAMETER (a successor to RADIUS apparently) to authenticate caller ID. VOIP providers can whine about it if they want, but if they don't implement SHAKEN/STIR they will be cut off from the telephone network.

The big change now is the FCC has decided they will quit giving companies "warnings", and when they fine these companies thea are actually going to enforce it! FCC of the past was assuming they were dealing with businessmen, not criminal greasy scammer shitheads. So, they would give them a warning, kindly ask them to cut it out, ask them kindly to cut it out again, then levy a fine (after a year or more) -- BUT!! -- they then would let these shitheads self-report their assets, so the FCC would fine someone like $100 million, but since they would falsely and fraudulently claim they had no assets, would let them pay this fine off at like $10 a month or something. And, they have not imprisoned the bad actors in Florida (like Adrian Abramovich; the FCC will put in an injunction saying they must not keep doing what they are doing, but not arrest them for violating the law or the injunction. They will just close an illegal robocaller company and immediately move the same equipment (which the FCC failed to seize, either for being used in a crime, or simply as assets to help pay off that fine) to another illegal robocaller company.

"Genuine callers will say "hello?" into the silence, robocallers will wait about 10 secs for a response and then hang up, and as I understand it will mark my number as non-responsive and not try it again." Nope! I never say "hello" to it, in an effort to do exactly this. No reduction in illegal robocalls whatsoever. I get TONS of 10 second illegally abandonded robocalls, they don't let up; and the assholes here even dial out faster than the recordings can play, so sometimes the recording is all choppy (just like you'd expect if you have a system that can play like 60 calls trying to play 80).

Hopefully the FCC can imprison some of these assholes.

Texan's alleged Amazon bombing effort fizzles: Militia man wanted to take out 'about 70 per cent of the internet'

Henry Wertz 1 Gold badge

Surveillance much?

Surveillance much? I'm not a fan of government surveillance. But, if you have a site called "Mymilitia.com", for organizing militias*, it might be something the FBI should just have someone monitoring, not waiting until someone reports odd posts on it.

*To be clear, in the US, there's plenty of people who believe strongly in the right to bare arms (I do too, I don't have any guns but I figure if people do want to remove gun rights, they HAVE to do it honestly by having the 2/3rds vote needed to repeal the 2nd ammendment; knowingly passing laws that violate the 2nd ammendment just shows you're willing to ignore the bill of rights in general as far as I'm concerned.) Anyway back on topic..

Some "militias" are just people who have from a couple guns to a minor arsenal, but just show it off to their friends and fire them off at a gun club or range. This is harmless. But other militias fully intend to attempt government overthrows, get ready for big showdowns with the feds, attempt to secede from the US, etc., and sometimes the main group is probably the harmless type but attracts individual nutjobs who are harmful, etc.

Microsoft drops 64-bit OneDrive into the pool: Windows on ARM fans need not apply. As usual

Henry Wertz 1 Gold badge

Have to admit I was shocked

A sync client shouldn't have to be 64-bit. But I do have to admit I was shocked when I booted up Win10 in a VM and saw all this 32-bit cruft still running at bootup, I just assumed the out-of-the-box software would all be 64-bit. Just as an FYI, a Ubuntu system out of the box has ZERO 32-bit apps or libraries. And it's not like you go to install some apps afterword and it starts pulling those 32-bit libs in either, unless you run Wine or Steam you can probably keep the system entirely 64-bit (not that it's that big a deal to have some 32-bit libs installed...)

The quickest way to end up with some 32-bit libs on there, install Steam or Wine, and they depend on a healthy pile of 32-bit libraries. Steam -- not sure, people complained in the past a few bits of the steam runtime itself may still be 32-bit, but also for running 32-bit Windows games via Proton, as well as whatever native Linux games there are in steam that are 32-bit only. For Wine, I think if you ONLY needed to run 64-bit apps you could get by without 32-bit libs; but who does that anyway?, even most 64-bit apps have a 32-bit installer.

Airline software super-bug: Flight loads miscalculated because women using 'Miss' were treated as children

Henry Wertz 1 Gold badge

specifications?

So how about specifications? For software that is considered safety-critical, who left it up to programmer discretion to decide if "Miss" means a child or an adult? I worked on some software recently to automate cryptocurrency trading in a few specific circumstances, risks were relatively low (if it bought some cryptocurrency, it can just be sold back off after all) but I still made sure to go over failure modes and such with them rather than me guessing what they'd want (If the system says a trade failed, it's unlikely but possible it made the trade but didn't return a success message; should I just message the user to tell them what happened, with small risk of missing a lucrative buy?, or message the user and attempt to resubmit the trade, with small risk of a duplicate trade?)

I would expect a COMPLETE list of terms and what weight should be assigned to them (or probably female child and adult wieght, male child and adult wieght, and a list of which term matches to which weight). I would expect the time for the programming team to decide "Miss" may mean a child to be when they see this table, ask whoever wrote the specs "So, doesn't Miss mean child?" "Nope!" "OK then."

US national parks to be smothered under blanket of liquid-hot Magma. Yes, the open-source 5G software

Henry Wertz 1 Gold badge

vendor agnosticism

Yeah, this is a big difference with the 5G deployments. Not strictly speaking related to the 5G standard (it's not suddenly more specific compared to 2G, 3G, and 4G, in specifying how the backend equipment hooks together... it'll still be entirely possible to make a 100% 5G compliant system with 100% vendor lockin.) But de facto, a lot of the new vendors are using full open source (which is probably following OpenRAN interoperability standards), and several of the cell cos (at least in the US) have insisted on interoperable hardware so several of the "traditional" vendors (Nokia etc.) so they are also using OpenRAN.

Keep in mind (to make sense of "radio controllers"), the cell cos have used software defined radio systems for years now -- the radios on top of the cell site are JUST radios (no cell standard processing done there), the software defined radio processing is done by a radio controller (probably at the cell site base, but part of OpenRAN is that you could have like a shed with controllers for a whole group of cell sites in it rather than having to have one at each cell site, assuming fast enough fiber or whatever between them.)

So, Verizon Wireless (and T-Mobile if I recall correctly) have insisted on OpenRAN hardware -- the switch, the radio controllers, the radios themselves, etc., are supposed to actually be interchangeable now, for a vendor to get "vendor lockin" they have to provide superior performance, pricing, or customer service. In theory if a cell site's radios croaked out (lightning strike?) on an OpenRAN site it should be possible to pop them off and pop on new ones without consideration of what brand hardware is on the site.

Myanmar junta suspends all wireless broadband networks until further notice

Henry Wertz 1 Gold badge

I don't know who to support there

It's tough, I don't know who to support there.

Myanmar/Burma had a military dictatorship, during this time Aung San Suu Kyi was under house arrest for years and years for speaking out against the military dictatorship that ran the country. Successfully, the country finally got elections and elected her. From what I've read, she was apparently just fine for 6 months to a year then... I don't know what happened (sounds like it was pretty sudden, almost like she had a mental breakdown or stroke or something) but she suddenly became quite brutal toward her political opponents, there've been no elections since (after speaking against dictatorship, she became a dictator), and there's been widescale genocide under her regime (... whether she ordered it, or just let her officials do what they wanted and didn't stop it, I don't know... but as a dictator she obviously could have stopped it if she wanted to, and in fact did stop it for the first year or so of her rule.)

I'm not for a military overthrow, especially when it's brutal. But, the person they overthrew was a rights advocate in the past, but in the present she was a brutal and genocidal dictator, so I'm not for her getting put back in place either. Welp, de 'nada, it's not my problem 8-)

I think what Alan Brown says is accurate; these religious/cultural groups there do not get along at all, to the point that there's widespread popular support for genocide (whatever group you're a member of, lets just wipe out one or two of the others.) I have no insight into this, if they are even fighting over anything (some resources they want control over) or if it's just tit-for-tat killings (this has been the cause of a lot of gang deaths in the US.. sometimes, they don't even remember what started it, but it'll just be "they killed one of ours, we've got to get one of theres", going on for decades.)

Could a Nelson Mandela show up, have a truth and reconciliation commission and put an end to it? I don't know; with apartheid, you definitely had those who thought they were better than the rest, and the reconcilliation commision did a great job of putting and end to this in a clean way; but, it seems like the Burmese have even stronger divides so I just don't know...

Absolutely fab: As TSMC invests $100bn to address chip shortage, where does that leave the rest of the industry?

Henry Wertz 1 Gold badge

More capacity needed anyway

So, living in the US, I don't care one bit if the chips are made in Taiwan or US. But, the simple fact is there are ongoing shortages, and having production come online in Taiwan, US, and Europe, will help with these shortages more than just having a single fab open up in Taiwan.

Side note, I don't worry about China taking over Taiwan either; physically, they could, but China does try to avoid taking actions drastic enough they would affect their world trade, and wholesale taking over Taiwan would be one of these. Second reason, I have heard there is a large amount of highly profitable arbitrage (essentially, making cash by carrying goods and services back and forth between China and Taiwan... not illegal goods, just goods where the market price in China and Taiwan are drastically different). The politicians wetting their beaks in this would not want it disrupted, and probably do have enough power and clout to lean heavily in that direction.

Microsoft welcomes 'raddest' and most 'feature-dense' Kubernetes release to AKS, shows 1.17 the door

Henry Wertz 1 Gold badge

No LTS versions?

"Sorry but that kind of cadence just writes it off for production use. It's nothing more than a toy."

Agreed. No LTS (Long Term Support) versions at least? It's one thing when software goes "out of support", but you have it set up and stable; quite another to be in a hosted service where they are going to yank it out from under you!

Ubuntu (for example, and I'm not saying this is the ideal schedule, it's just an example) has their non-LTS versions every 6 months, which they only support for 6 (or is it 9?) months or so, but the LTS versions (every 2 years) supported much longer. Of course, you then have a whole pile of changes at once (2 years worth instead of 6 months.) So, they go through the pain of making sure a LTS to LTS upgrade is relatively painless (in some cases, even kludging a compatibility package or 2 in to try to smooth the process over a bit.)

QNAP caught napping as disclosure delay expires, critical NAS bugs revealed

Henry Wertz 1 Gold badge

Re: Confused ...

"I'm probably missing something here, but what do you get from a QNAP or other consumer device that you don't get from a small server"...?

Nothing, but you can plug it in and go, more convenient. This article aside, QNAP does release fairly frequent firmware updates for their devices, even old ones, so (unlike some products) this isn't a "roll your own and get updates" or "use stock firmware, and get updates until the product is discontinued then 0 updates".

I don't have a QNAP, but I do have my wireless access points where I got a wireless access point rather than building one from components (... that said, I did replace the terrible stock firmware with DD-WRT.) Simply for convenience really.

Turns out humans are leading AI systems astray because we can't agree on labeling

Henry Wertz 1 Gold badge

Reason for errors

So, I think there's 2 main reasons for these errors:

1) People (both in the article and forum) have discussed the structural problem, if you have to give each image "a" tag, a bucket of balls is not accurately tagged.

2) The other issue -- who tagged these things? I bet when these were tagged, you either had someone getting paid minimum wage to go through 1000s of images; some Amazon mechanical turk type thing where they're getting like 1 cent an image (which might make it even less accurate since they'd then prefer to just tag them as fast as possible and probably still not get minimum wage); or student interns (whether paid or not) being asked to tag piles of images. I don't have a suggestion of a better way of doing it, but a) I'm guessing most people would do this as quickly as possible rather than as accurately. b) Even if the person doing it was going for accuracy, after like 1000 images how many people will be paying full attention to what they're doing still?

Henry Wertz 1 Gold badge

Re: compounding errors

I do what it asks -- I will not mark scooters as motorcycles since they aren't; I will not mark SUVs as cars since an SUV is not a car. Go ahead and claim I'm wrong, I know I'm right.

The other one that it seems to have problems with are marking the traffic lights, where I'll mark off the traffic lights and it'll claim I'm wrong (I assume some people are probably marking off the whole pole and everything, not the lights? I don't even know.)

For some reason, some people don't seem to know what a crosswalk is either, given being able to exactly mark the crosswalks and having it fail.

IBM, Red Hat face copyright, antitrust lawsuit from SCO Group successor Xinuos

Henry Wertz 1 Gold badge

so ridiculous

Continuing these charges is so ridiculous -- in the previous case, it came out that SCO only had source code control and corporate records going back 5 or 10 years, they simply found code that was both in UNIXWare etc. and AIX and Linux with no record of how it got there and drew their own conclusions, which IBM thoroughly destroyed. IBM had records (both source code control and contracts) going back to the early 1980s, showing that the AIX code that was also in UNIXWare was licensed over to IBM in the 1980s under a perpetual irrevocable license. The code that SCO claimed was copied into Linux was actually copied from Linux into UNIXWare etc. in an effort to provide a Linux-compatible ABI so Linux binaries could be run in UNIXWare.

Canonical releases Ubuntu on Windows Preview with early builds, new tools for the brave

Henry Wertz 1 Gold badge

" Can anyone help me see the point of runnig Gimp on Linux in WSL on Windows instead of just runnig it on Windows ? I'm expecting something beyond the 'just because we can'."

No point. gedit's pretty close to notepad, gimp is quick and easy to install ("apt-get install gimp") and exercises the X server a little more.

Microsoft really should just support an X server, there's already a couple vendors that make Windows X servers (.. both running a whole X session in a window if you want the full GUI.. and rootless mode, if you want to start GUI apps up and have them integrate into the Windows desktop better.)

Just to quickly describe rootless mode; in normal operation, starting Unity, gnome, kde, xfce, etc. desktop, some particular app takes over as the "window manager", it takes care of keeping different apps in there own windows, the window borders, and so on; the root window (window 0) is the screen background. In rootless mode, you have no root window, and no X-side window manager, the rootless X server passes whatever through to Windows' window manager takes care of the X app's windows. Start up a Linux-side app and it'll show up seamlessly on your WIndows desktop, like they are aiming to do but... well, I don't know why they don't have it going via X already to be honest.

Security pro's time-travelling Twitter bot suspended after posting download link for Adobe Acrobat for MS-DOS

Henry Wertz 1 Gold badge

Didn't know there was a DOS version!

I didn't know there was a DOS version! Very surprised!