Posts by Michael Wojcik

Re: Tab = four  

In terminals and printers, a TAB character classically moves to the next divisible-by-8 position.

Traditionally, tabs were settable, on mechanical typewriters. That mechanism dates back at least as far as 1900 (Hillard patent). In the era dominated by mechanical typewriters, the first tab position was often set to 5 or 6 spaces for start-of-paragraph indentation.

ISO 6429 includes control codes for setting tab stops. I don't know offhand of any terminal that implemented them.

Every-8th-position is a convention that came later, perhaps because it's a good divisor for the 80 columns of the common 80-column punch card, though the author of the page linked above suggests it's because calculating the next fixed tab stop is simpler in binary if it's congruent to 0 modulo 8 (add 8 and mask the three low bits). Both justifications could apply, of course.

It's also perhaps worth noting that ASCII codepoint 9 was originally defined as "HT/SK", the "SK" meaning "skip", a control function for card readers. See e.g. the third page of Smith, "New American Standard Code for Information Interchange".

This wileness has forced the coding standards in my workplace to degree that only spaces shall be used for indentation...

The different-settings-for-horizontal-tab problem existed long before IDEs were available on most systems. I well recall problems reading code formatted with tabs, and particularly with tab-and-space combinations, in the 1980s on UNIX systems where most developers used vi or emacs¹. vi, of course, was infamous for aggravating the problem when autoindent was set.

Since it's impossible to know what anyone else's editor will do when displaying tabs, I've always adhered to the spaces-only school. Yes, for much indentation you can get away with tabs-only; but that falls down if you want to align text on anything other than a tab boundary, as some people like to do when splitting long statements, for example.

¹emacs is not so much an IDE as a shell with a really ambitious command-line editor.

They kind of suck off-road, though, according to the videos I've seen. Certainly they're less capable off-road than my 1992 Toyota truck, which also offers such highly-preferable features as not having a fucking touchscreen anywhere in it, and a gasoline engine which can easily and quickly be refueled, even in the wilderness (using a gas can).

Musk pitched it as a great off-roader ("go anywhere") but it's actually fairly terrible for anything more ambitious than mall-crawling. Even if you don't hate every other thing about it.

Re: Humm and Hummer

Hummest?

Re: "No, I said he was a *cult*... though he's that as well"

Cult members generally respond to the failure of their central belief by- perversely- doubling down on it, and rationalising it as being the fault of everything else except that.

To be fair, this is one of the most pervasive cognitive traps humans fall for. Schulz discusses it at some length in Being Wrong, and it's essentially a compound of various well-documented more-specific cognitive traps, such as confabulation, confirmation bias, and post-hoc rationalization (McRaney discusses these and others in You Are Not So Smart).

To a first approximation, people will dig in their heels rather than admit they were wrong, when presented with opposing evidence.

Re: The truth a bout Truth Social

I have to agree. Obviously the price of the stock (let's leave "value" alone, since that requires some reference class and it's really unclear which one to use) isn't based on the fundamentals; Truth Social is an expensive dog whistle, nothing more.

So the stock price appears to reflect three factors, all of which have been mentioned upthread:

1. Speculators assuming Trumpists would push the price up and they could cash out quickly, or make money shorting the stock, or make money off derivatives, etc.

2. As a vehicle for would-be influencers to curry favor with Trump — the same reason why, when he was President, foreign dignitaries generally stayed in his hotel in DC.

3. Idiot Trump fans buying it either to demonstrate loyalty or because they believe it'll be the next Meta and they just need to hold on long enough.

Group 1 are already selling or planning to sell; they anticipate Trump dumping and intend to be out first. Group 2 don't care, because they accomplish their goal simply by buying the stock, and aren't counting on being able to recoup any of that investment directly. Group 3 are delusional and have ample cognitive dissonance to excuse any move Trump makes.

Re: The truth a bout Truth Social

To be fair, spelling in English asymptotically approaches randomness.

Re: Antique Joke

I died a little inside at the thought of a joke about Amazon Alexa being "antique".

Sometimes you can find "smart" devices that can be left in a non-connected state. Our LG range is one — we simply ignored the instructions to connect it to the home network, and it's never been a problem.¹ But finding those is difficult too.

¹Yes, it'll be a problem on the day we want to turn the oven on remotely, probably to pre-heat it for those unicorn steaks we're bringing home.

Re: Oh no -not AGAIN!!!!

I think "test credentials" are generous. I'm more inclined to believe Chirp put these in as a deliberate backdoor so they could reset things for management companies that lost their password. Property management does not always attract the best and brightest, and a vendor like Chirp would like to appear "responsive" to requests for assistance.

These "smart locks" are largely security theater; very few vendors show any evidence of actually being interested in security. They're interested in sales, and a customer complaining that they locked themselves out and the vendor couldn't quickly get them back in is bad for sales.

Re: I actually wouldn't worry all that much about this

Particularly for multi-tenant buildings, which is where these locks are mostly used. Certainly if I were in the business of domestic burglary I'd have the Chirp backdoor in my pocket (literally), because why wouldn't you?

And for the same reason I'm very dubious of the "no evidence it's been used" comment from CISA, which may be technically correct (if glossed as "no evidence they're aware of"). Where this would be used is in burglary of apartments, for the most part, and the management company would do its best to 1) blame the tenants and 2) hush it up. "Oh yes, you say things were taken from your unit, but how do we know it wasn't someone you gave access to?"

Re: Plenty of strong locks

Yes. There are use cases for good locks, and use cases for just enough to discourage the opportunists. As always, it's all about the threat model.

My current home (Mountain Fastness 2.0) is unusual for me, in that it's the first one I couldn't easily break into (without doing serious damage) myself, if I were locked out for some reason. That's because it's a new build with decent windows and such. But if I wanted in badly enough, I could certainly break a window or door with nothing more than improvised tools.

Though I wouldn't, because I know where the hide-a-key is, and if my car's there I can open the garage door. (My car is parked outside; the garage is for my wife's car.) And, of course, so can anyone else, if they think to try it.

But in more than five decades, no one has ever burgled any home I've lived in. And it's particularly unlikely for MF2, where a stranger can't walk or drive down the (private, dead-end, gravel) road without becoming a subject of discussion among the neighbors. Burglary is not high on my priority list of risks.

Re: The government creates the rules, we just play by them

I used to file paper returns too, and before that used to help my father do our family's return. But mine got too complicated to make that a good use of my time. My return this year was just under 100 pages, including the state returns.

I had some complex investment activities to report due to a corporate acquisition. And those are all from employee stock programs of one sort or another — I don't play the market myself. And some complex deductions due to mortgage activity. Some of that stuff is quite difficult to figure out, even when you read through the IRS instructions and guides.

I want to use local tax-prep software, not anything online, because I want to be sure I can work on my taxes even if there's a network failure, and be able to open old returns if I need to. (Yes, I have them as PDFs and paper too. I'm just paranoid about it.) And I have little faith in the security of any of the online tax-prep vendors. And as much as I hate TurboTax and Intuit, I've been using TT for decades and it generally works fairly well. So even if there are other offline options (I haven't looked recently), I'm leery of switching.

Re: A solution?

The cost of building a house, especially the timber-frame type popular in the US, is not really very much

You're using weasel terms like "not really very much", but relative to median US household income, this simply isn't correct. Homebuilding material costs in the US have risen sharply in recent years, and lumber in particular has greatly outstripped inflation. (There was a brief dip back to pre-pandemic levels last year, but they're higher than any time between 2004 and 2018, in inflation-adjusted terms. Adjusted, lumber is more than twice as expensive today as it was in 2009.

Other materials are also more expensive.

Code requirements have pushed up the cost of construction too, requiring thicker exterior walls and more insulation in most parts of the country, and much more expensive window and door units. AFCI circuit breakers, now required for many domestic applications are around 5x more expensive than conventional ones. And so on.

Around here, home construction costs start around $350 per square foot, which means more than half a million dollars even for a 1500 square foot home, which is very modest by US standards. And with mortgage rates quite high in recent-historical terms, that would mean a monthly payment around $4000 on a 30-year fixed mortgage.

For most US families, that is really very much.

Re: Attack of the Russian cyber spies

Both good points.

Microsoft is "all about sharing" because it improves vendor lock-in. Users have a choice between low-friction sharing of information, between users and between applications, or assembling their own portfolio of preferred applications and imposing fine-grained control on access to information. The former choice inculcates laziness, carelessness, and complex and undocumented ad hoc workflows, so it's what users will gravitate toward. Then it becomes difficult to get them out of it.

The "application suite" concept was a trap, as was the IDE and other forms of software integration. Many have noted this over the years, of course.

Re: If it's Microsoft.....

While this in no way excuses Microsoft for what was a series of really quite shameful blunders, no one who understands security should "expect [anything] to be SECURE". Security is not an absolute; there is no such thing as a "secure system" in an absolute sense. Security is relative and represents the degree to which a system resists each of the attacks available under a given threat model.

And it's not possible to have a universal threat model, even with complete information, which you never have.

Any time you think "X is secure", you're already in error.

Re: Maybe for writing tests ?

It's pretty straightforward for an autoregressive model with a large context window to write unit tests, particularly when the target uses a language that has a strong unit-test framework already available.

The problem is that such tests would only confirm that the units do what they're written to do. Whether that has any relationship to what they're intended to do is quite another story. The point of unit testing isn't so much to exercise the code as it is to exercise the expectations.

Re: Overhype

Well, yes. These are the people who popularized the term "hype cycle". "Beware of high expectations" is one of their key messages.

Re: Gartner estimates that by 2028, 75%

I'm giving Gartner some credit on this one, since they correctly (if too conservatively) applied Amdahl's Law: A time reduction factor (inverse of speedup) of X in a fraction Y of the overall job (X, Y < 1) gives you a total speedup of XY.

As it is, I think they're overestimating both X and Y. For decent programmers, I doubt LLMs will provide a 0.5 time reduction in writing code, and more importantly, few good developers should be spending even 0.2 of their time actually writing code. There may be brief periods while implementing major new features where developers produce a lot of source, but those should be unusual. Design, testing, addressing technical debt should all be taking priority. And in particular, people who are generating the sort of code which an LLM can hand to them are probably reinventing some wheel, when they ought to be reusing an existing implementation.

Re: Let’s hope it improves

Oh, it'll get better, because that bar is very, very low.

By the same token, SotA LLMs trained on large source-code copora can already complete mundane tasks (e.g. "write an Android app that does X" where X follows the well-worn pattern of CRUD operations on a simple database, front-ended with simple forms and views) as well as a great many professional developers. That's because a great many professional developers don't do anything very challenging; they're producing software that's not significantly more complicated than what I used to have the students in my university web application design class do.

(Those students were undergraduates in either the User Experience or the Professional Writing major, not CS or similar — CS students would have been doing much more interesting programming than that. This class was meant to give the students some insight into how software works and what the development process is like, so they'd be better able to communicate with developers.)

Now, that's not the sort of software I work on, and I imagine the same is true for many Reg readers. But it's important to remember that the range of difficulty and sophistication in professional software development is huge, and the range of developer knowledge and skill is commensurate. There absolutely are professional programmers who could be replaced today with LLMs with no discernible loss of quality or quantity of output, just as there absolutely are professionals who do work that current SotA models are far, far away from generalizing to.

Re: Plantents

Well, thanks for your expert and detailed analysis.

The bar for a patent is a mechanism which is 1) not already patented, 2) not clearly duplicated by prior art, and 3) not obvious to an ordinary practitioner in the art.

An ordinary practitioner. I'm quite certain that among a random sample of, say, a hundred software developers, very few would be able to tell me what a distributed hash table is. Do you know what a DHT is, without looking it up? Can you implement one, without doing some research?

Opinions are cheap. Try coming up with an actual argument.

It may be "notorious", but it's also incorrect. USPTO patent examinations typically take years and rarely result in a patent on initial review — most applications have to be revised and resubmitted. And USPTO has consistently denied around half of all submissions for years now.

I really wish people would stop repeating this bullshit argument, particularly without citing any evidence. Put up or shut up.

(I note you have no lack of supporters, which just demonstrates that most people are happy to endorse unsubstantiated claims. Hell, why think when you can just be angry, eh?)

You do realise it was Obama and Biden who went after him?

Oh, get a clue.

The IRTF which requested Assange's extradition was a DoD body. Obama was POTUS (just starting his first term; the IRTF was established in 2010 and met for about ten months), but this wasn't some personal vendetta of his. I don't see much evidence that Obama particularly cared, especially given Obama's commutation of Manning's sentence; the pursuit of Assange appears to have been primarily driven by the Defense and State departments, possibly spurred on by DHS and the intelligence agencies (though I suspect by that point they didn't much care either). And even then it was fairly weak, for example with Carr undermining his own task force's recommendation when testifying at the first extradition hearing.

And you hugely overestimate the influence of the Vice President here.

Assange is almost certainly very, very far down on the list of things Biden personally gives a damn about.

Re: “The Land Down Under's”

Meanwhile, OP apparently hails from the Land Down Voted. Congratulations on racking up that score, AC.

And that's why CVSSv2 and CVSSv3 have Environmental score modifiers. The base CVSS score isn't terribly meaningful for users of a software package; it's more relevant for maintainers. Users should be recalculating with Temporal and Environmental values appropriate to their situation.

Right. It's more accurate to say that C implementations on Windows pick an approach, and then at least it's consistent for programs using that implementation; and because (as you say) C has been around on Windows for a long time, those implementations are more or less the de facto standard for argument splitting for programs running under cmd.exe, and they've been fixed for at least some of the corner cases. So other implementations, in whatever language, need to conform to what the major C implementations do for consistency and avoiding surprise, and they need to try to address those corner cases.

To answer OP's question: Calling out Rust in the headline was clickbait, pure and simple. It's just one among many. But since it's both popular and controversial right now, it'll attract more readers than, say, "Erlang fixes critical command injection bug on Windows". (JFTR, many security claims have been made about Erlang, too, and with some justification.)

Sigh. Expected stupid comments are expected.

I'd be surprised how many people think it's clever to make this "joke", if I didn't know people.

Re: Ha! Rust Is The Answer To All Our C Programming Security Issues?

"Rust", not "RUST". It's not an acronym.

Re: As an outside observer...

Yes. And if you generate your own electricity you don't have to worry about attacks on the power infrastructure.

Re: As an outside observer...

Right. Also demonstrated in some ARM designs and in PowerPC — references are easy to find online.

The x86 ISA, with its deep pipelines, would be completely uncompetitive in today's world (and indeed decades ago) without speculative execution. Perhaps that would have been a better world (I'd be happier if Power or some ARM variant, or failing that Alpha or MIPS or SPARC, had become dominant); but it's not the one we live in, and discarding x86 will not happen quickly or comfortably.

And, of course, even those RISCier ISAs eventually got spec-ex because the performance gaps between CPU and cache, and between cache and RAM, are just too big. You want branch prediction and speculative loads and the rest, because otherwise your actual computational units just sit there much of the time waiting for data. This sort of thing hits deep-pipelined CPUs harder, but even the simplest RISC designs will run into it.

Not me. I'm going to have an AI-based company which actually produces something. I'm thinking cryptocurrency scams.

Re: Billion dollar unicorn?

Or to put it another way: If readily-available machines are doing all the work, where's the moat?

Currently the answer seems to be "prompt engineering", but the size of that moat is directly proportional to the amount of work you put into it. There's no evidence yet to believe with any decent probability that there are "genius" or "extraordinarily creative" prompt writers. So if Hypothetical Single-Person Unicorn Inc is making a large profit, then Hypothetical Small-Team Unicorn Inc can just put a handful of people on prompt creation until they achieve a similar product, as you suggest. You'd need a prompt writer (or other form of AI wrangler) who's several orders of magnitude better than the average to have any sort of decent defense against near-instantaneous competition.

In industrial capitalism, there are four main forms of defense against competition: having more capital (and high capital costs as a barrier to entry); intellectual property; marketing and brand lock-in (so the market gravitates toward your product not out of intrinsic value over competition but for external reasons); and "market distortions" such as regulations and tariffs. AI's supposed promise is to destroy the first and largely destroy the second. The fourth is very difficult to apply against similar AI-based competition, because it's hard for the law to distinguish between you and your competitors and because the law moves slowly. That leaves only marketing and lock-in, and a deluge of cheaply-produced content will swamp marketing in noise.

Oh, many people have answers. Whether they're good answers is another question, but you can find plenty of links to pieces speculating about how a post-AI, post-AGI, or post-ASI economy would look like in, say, the LessWrong archives. Believe me, these topics are fiercely and extensively debated in some quarters.

There are plenty of people who claim that a post-AI economy will have so much surplus value that it'll be relatively trivial to distribute it among people who lose their jobs, in an extremely vague macroeconomic "rising tide" way with little in the way of specifics. That's generally the line that corporate AI boosters from Microsoft et alia take. Then there are the e/acc types who think we'll rapidly end up in a post-AGI and post-scarcity economy where there will be more surplus value than we know what to do with, and everyone will live in luxury courtesy of our AI overlords.

Post-ASI the economy is all paperclips, so no need to worry about it; no one will live to experience it anyway.

Some others, of course, are dubious about how much value will be produced, and/or about how it will be distributed, and/or about how well things will work out in general. Many of these are the same Debbie Downers who didn't think cryptocurrency was a great idea, or aren't sold on the obvious enormous benefits of the Internet of Things, or don't believe in the wonders of self-driving cars.