sadly, there are reasons why some couples cannot have children: i know of a couple that had infertility treatment, and the result was that their child was born severely handicapped.
i suspect that nature has some form of "checksum" that detects if there is damage to the DNA. in speaking with an expert from the Cambridge Genome Project over ten years ago, what they described to me was that human DNA expresses something very close to a Turing Machine, *including* a byte-code-like "machine language".
when i showed this same person the beautiful pictures of 3D mandelbrot sets that were discovered several years ago and published here on slashdot, he responded, "but those are exactly like the pictures i see under my microscope, every day!"
so it is not outside the realm of possibility that DNA expresses a fully-functioning biological computer, complete with checksum capability. this is why messing with that - trying to bypass the safeguards - through any kind of genetic manipulation - is so incredibly dangerous.
in the film "Ready Player One", the end scenes, the new owners of the VR Game decide to shut the entire game down, one day a week.
except, the new owners portray *ethical* responsibility that, unfortunately, would be financially irresponsible as far as the enactment of the Articles of Incorporation of a profit-maximising Corporation. bottom line: if Epic Games actually tried to do something as socially responsible as shut Fornite off for one day a week, their shareholders could legitimately sue them for adversely affecting profits, and the Directors would be prosecuted and struck off as a result.
I still can't put my figure though on why it never went anywhere with anyone I knew,
i wrote about this at the time. facebook is known for being non-mission-critical. if facebook doesn't like your use of its service, and terminates your account, so what, big deal.
however as *actually happened* with several people, the forced requirement of an incredibly dangerous "real name" policy, if people joined up to google+ and refused to accept the dangerous requirement, ACCESS TO TEN YEARS OF EMAIL AND DOCS WAS TERMINATED WITHOUT WARNING. and there was absolutely no recovery mechanism.
i have over 50,000 messages dating back 12 years, on which i critically rely for business and for coordinating software libre projects. termination of access to all of that would be catastrophic.
i also wrote about why "real name" policies are incredibly dangerous. they break the rule that everyone knows: everyone KNOWS that you DO NOT TRUST an online identity. period.
any Corporation that sets itself up as the "God Of Identity" is just... so wrong on so many levels, it's just not funny. youtube data breach only a few months ago. equifax data breach. ashley madison data breach. cambridge analytica. dozens more that can be found on https://haveibeenpwned.com/Pwn...
*how many more* of these are we going to have to have before people start to wake up?
I'm assuming at this point we're probably at least a couple of CPU generations away from Intel fixing this properly.
unfortunately, it's much wose than the press is making out. i've had to investigate this in-depth as part of the design of the libre-riscv soc, because we criically rely on out-of-order execution for the vectorisation. i was shocked to learn that even in-order systems are potentially vulnerable to timing attacks.
the first thing that people need to get absolutely clear: spectre was *just the first* in a *class* of timing attacks that opened researchers and hardware designers eyes to a blind-spot in computing architectures.
the definition of a timing attack is as follows: one instruction may affect the completion time of past OR future instructions through resource starvation / contention, OR through state not being reset after use to a known uniform initial state.
the FIRST spectre attacks were against memory and caches, on speculative designs.
however it is perfectly possible, for example, for a multi-issue IN-ORDER system to have insufficient numbers of register ports, such that a certain unique combination of instructions may be arranged by an attacker to starve future instructions of the ability to complete instructions in a uniform time... and REQUIRE that they stall.
by forcing instructions to stall, that is the very DEFINITION of a timing attack.
against an *IN-ORDER* design.
now, it is possible to put in place certain speculation mitigation barriers in hardware, however these barriers *ONLY* occur at interrupts, exceptions and, at a software / OS level, on "context switches". hence the reason why this paper says that no matter what hardware designers try to do, *intra-process* attacks simply CANNOT be mitigated without moving to an *INTER*-process software security model.
FastCGI is toast, basically.
there is a solution, and it's going to require a massive world-wide campaign to introduce a concept to the entire computing software world: the creation of intra-process speculation barriers. if we wish to keep using FastCGI, and if we wish to keep using Firefox and python-gevent (the single-process paradigm), we *need* a hardware instruction that "quiesces" internal state *AS IF* the hardware had just made a context-switch, terminating all speculative execution, resetting all internal state and so on.
one way in which that may be possible to do in an out-of-order system that does not have such hardware-assisted in-process speculation barrier instructions is to issue about a hundred NOPs. the back-lash against doing so will be extreme, however it's not like there's much of a choice, here.
bottom line is: this has been a major, major oversight by the entire computing industry for over 25 years. it's a problem *across the entire industry*, not just Intel, not just AMD, it's *everybody*. it's not going to be fixed in a couple of hardware revisions by one company.
The issue here is you are dealing with a country without an open market system. China's economy has market mechanisms for some things, but mostly, it's tightly controlled by the state. The state has direct influence and control over nearly every aspect of the economy.
what many people do not realise about china is that the state is not in control: the "old families" are. these are the descendents of the warlords you may recall from chinese history. there are five families, and they're each responsible for unbelievably enormous areas of land and the associated population. they own the banks. they basically own and indirectly run *everything*.
once you understand this, the way that china operates becomes a bit clearer.
I have some doubts about how a tiny "grain of rice sized chip" can both send and receive data
an RFID device uses the remote transmitter's power to charge up a capacitor sufficient to power the entire RFID processor, and the response transmitter (at very low power).
an RFID transceiver plus its power circuit *and* the antenna would easily fit within a compromised ASIC, under the packaging case.
i fully expect the next news report to be, "Supermicro computers discovered in second audit to have been compromised by auditing company. The first audit company, itself secretly compromised by {insert government-of-paranoia-choice-here}, was found to have tampered with the master copies of the bootloader firmware, during its on-site privileged access to Supermicro's Headquarters".
i was the last year (1988) in the UK where grants were available. i still had to work thursday evenings and all day saturday at sainsbury's, cromwell road, to stay out of debt. an older friend shared an insight with me, that it is the young people who have all the vitality, energy and enthusiasm. the younger people are the ones that will be creating the wealth and (directly or indirectly) looking after the older generation..... so what the HELL are we doing by destroying their enthusiasm and vitality by CRIPPLING THEM WITH DEBT?
the older generations should be going, as a community, "these are the people who are going to be looking after us when we're older. buy them some land, GIVE them a home to live in and get them the resources they need to build a stable future, for us *and* them, for god's sake!"
there's a book about this phenomenon, called freakonomics. it has interesting economics questions like, "why do drug dealers live with their mums?", despite something like a 25% death rate, and the answer turns out to be that they earn LESS money than if they went and worked for macdonalds, but they are attracted to the POSSIBILITY of becoming the "Drug Overlord". the big boss.
also just as interestingly, the moment they get a serious girlfriend, the researcher found that they quit immediately and... went to work for macdonald's. which leaves me really, really concerned as to why and how lyft and uber drivers are being psychologicall hoodwinked....
in china, due to the number of people who travel to meet family at chinese new year (85% of a major city's population just... ups and leaves for 2 weeks), they're cramming 1,500 people into the larger planes, with special "half-standing" seats. 71cm legroom? ha, you never had it so guuhhd.... mind you, on the last 5 13-hour flights i've been on (taipei-brussels) i've spent 3 hours standing and walking around, due to persistent deep vein thrombosis. i know the warning signs really well, now...
y'know... there's a reason why a friend of mine, when his children asked "dad, dad can we get a computer", he went up into the attic, brought down a TRS80 and a stack of byte magazines, dropped them on the table and said, "here you go!"
they looked at him like he'd grown two heads or something. when they asked him about it, he said, "when you've gone through all of the programs in there, and typed them in and seen how they run, i'll get you a PC"
i have never heard of any other parent doing this. basic self-running computers just do not exist these days. not even arduinos: they require ANOTHER COMPUTER to program them.
BBC Basic, the Jupiter ACE (which ran FORTH), the ZX-Spectrum, these were computers that were *critical* to understanding.
this has been studied for many decades, not related to software libre at all. the book i recommend is named "invisible dynamics": https://www.amazon.co.uk/Invis...
it outlines six systemic laws - and they are laws (not "guidelnes") - which, when you examine them closely, you will find that any software libre project (or any business) that violates one of those laws is a project that *will* be in trouble, in some form. as the book has to be paid for, i extracted the systemic laws and outlined them here: http://libre-riscv.org/charter...
they're really very simple, and are a down-to-earth reflection of the complexities of interaction between people. the systemic laws require that people recognise:
* the right to belong (to feel welcome) * their role and the role of others * the understanding of their difference in *their* level of expertise and that of others * the understanding of the *seniority* of themselves (their length of service) and that of others * the acceptance of reality (no "denial") * the acceptance of both guilt *and* merit (no trying to take credit, and no taking away people's right to learn from their mistakes) * REWARDING of achievements (this is *severely* lacking in the software libre world) * RECOGNITION of achievements
if you think back on every newsworthy horror story on slashdot over the past 20 years, you will find, behind every one of them, that one of the above has been violated in some way.
* codes of conduct: so horrifically toxic that people feel sickened and repulsed by them, and leave. those that don't leave are under a constant cloud of toxicity and "guilty until proven innocent". * corporations spongeing off of software libre projects results in shellshock, heartbleed, the GPG developer getitng USD $10,000 into debt; the gentoo lead developer having to work for microsoft due to USD $45,000 of debt * the samba team taking credit, receiving awards, sponsorship, donations and shares based on my work, causing me to have to go work on building sites in order to feed myself.
there are many many more examples.
so it's been done... it's just not very well-known.
AIUI, under SSPL if you now sell "MongoDB Instances" for people to connect to, and that you'll cover replication and backups for those MongoDB Instances them using some nifty new proprietary add-on you built, then you're going to need to open source that replication and backup code too.
I don't think this would cover some large SaaS provide that simply *uses* MongoDB on the backend, only one that's *selling* MongoDB instances as a service in and of itself.
unfortunately this subtle distinction makes SSPL a non-free license. debian for example will be forced to move mongodb and anything under this SSPL license into the "nonfree" distribution section, thus ensuring that it is excluded from use in all and any debian critical core-level services.
it's a particularly sad state of affairs - a reaction to unethical corporate spongeing - that a major prominent software team has to consider changing the license to a non-free one just to be able to pay their developers to keep working, whilst corporations all around them make hundreds of millions of dollars in profits, using their work??
it's a repeat of the exact same pattern of corporate exploitation that caused me to stop working on samba-tng and exchange 5.5 reverse-engineering, 18+ years ago.
haven't these pathological spongeing corporations learned yet from heartbleed, shellshock and the lessons of the gentoo developer that was $45k in debt and had to go work for microsoft, and the GPG developer that was $10k in debt??
.... you don't say no. if you recall i think it was "Kingsmen", samuel jackson saying, "y'know, the chinese secret service is so secret it doesn't even have a name?" that's because it's operated along isolated cell network lines. *not even the chinese government* can contact those independent cell networks! the only way to "contact" them is for the chinese government - just like everyone else - to make a bit of a fuss, publish a press release and hope like hell that the relevant cell happens to be reading the local or national news.
"Unusual communications from a Supermicro server and a subsequent physical inspection revealed an implant built into the server's Ethernet connector"
translation: someone from an unidentifiable cell called someone in supermicro up, and sai something along the lines of, "we know where you live, we know where your children go to school. we know the manager at the bank and how much is in your bank account, and we know where the bank manager lives as well. now, _about_ those servers you ship to the USA..."
y'know... the planet doesn't care if humans are on it or not. if we're all dead (cooked, starved, killed in food riots), the planet will be peaceful and recover from our cancerous pathological behaviour, soon enough. Agent Smith: "you humans are like a plague. a disease. and we? we... are the cure..."
where is the cobalt (a conflict resource) coming from? where's the lithium coming from? and how's the recycling coming along? also, do we have enough copper to supply absolutely everyone currently owning a car with their own personal 2 tonne electric vehicle? and what's the environmental cost of neodymium refining? https://www.theguardian.com/en...
the question is clearly comprehensive enough that the poster knows there's something deeply, deeply wrong with PHP. a more detailed investigation shows that the actual core developers are ignorant of system-level security programming... but it takes time to actually find that out.
what stood out for me was that the poster clearly sees an extremely high degree of incompetence surrounding PHP. as in: way-above-average. in part this is i feel down to PHP attracting "web-only" developers who have "a bit of HTML and CSS" and consequently genuinely believe that they are god's gift to the internet, but it's more than that: it's down i feel to the way that PHP programming started out.
in 1995 i remember being incredibly excited to do my first PHP programming, sitting in CB1 Cafe in Cambridge, after downloading all the source code for apache2, mysql and php onto a NeXT Workstation over a 56k dialup modem. embedding actual dynamic functions into HTML, seeing the results change depending on what was in the database, that was just absolutely ground-breaking.
what didn't occur to me at the time was how much damage the approach of embedding a programming language's functions into HTML.
fast-forward ten years later and a friend and i were tasked with "recovering" an absolutely disastrous PHP application gone wrong. the programmer had written 3,000 line PHP pages.... times four.... one for entering a "new" record (with 40 or 50 fields per record), one page - cut/paste modified with "error strings" inserted. a SEPARATE page for edit and a SEPARATE page for edit-with-errors.
this "style" was copied enough times so that the application was over a HUNDRED thousand lines of ineffective unmaintanable code. my friend cut out EVERYTHING so that there was not a single piece of interleaved php plus HTML, and with a lot of refactoring the entire application was down to under 10,000 lines and much more powerful.
he wasn't the only programmer i've seen make this mistake.
the point is: it wasn't so much the incompetent developers' fault: it was the style that allows PHP functions to *be* embedded into HTML/CSS that *causes* people to think that this is both "normal" and "acceptable" (readable / maintainable).
now, there are likely to be quite a lot of replies saying "But You Don't Have To Do It That Way, You Can Use Templating Library {insert name of one of dozens of templating libraries here}", that's not the point and it's not helping: the point is that people who *don't know* that those libraries exist *will* end up writing shit unmaintainable code, by default.
there's more than that, obviously, which boils down to: where there are inherently good programming practices *right from the start* as well as an easy-to-read inherently tidy and elegant "style", even bad programmers have to work really quite hard to screw up.
and that's why i love python, particularly for web programming. i maintain a top fastest 1% website for a client (the render time is under 0.7 seconds even from half way across the world), and it's entirely written in python *with absolutely no external framework dependencies*. i gave up using sqlalchemy, django and so on, a *LONG* time ago, as i learned that using python's string "format" function is perfectly sufficient. do a for-loop, generate the fields from a python list with a function, voila you have the input fields for a form. or the fields from a database query. if you want readable HTML rather than {0} in the thing, you just use python main_html_page_string.replace("", left_menu_string). it really couldn't get any easier.
whilst i am well-known (even myself) for not known for getting things totally accurate, i'm sure you know what i mean: a student or professor publicly criticising a highly-respected person... for example david patterson to pick one hypothetical name, would raise... a lot of eyebrows.
Isn't this a general criticism of any democratic system? It would raise a lot of eyebrows because one would expect that the authority figure is qualified in making his/her judgements.
eeexactlyyyy. and unfortunately, we are talking about people who, by virtue of being professors, are used to teaching, used to being always right, and used *never* to being questioned. and, indeed, *in their area of expertise*, they are almost 100% right, 100% of the time. this is an example of the systemic law "respect expertise, respect length-of-service".
unfortunately there are two (quite different but related areas) where this becomes a problem:
(1) when the experienced and long-standing expert encounters something OUTSIDE of their area of expertise and (2) when there exists confusion between SPECIFICATION and IMPLEMENTATION ADVICE (implementation-specific optimisations)
the first should be fairly clear: someone who is used to always being right, suddenly has to deal with someone who knows more than them. this is happening particularly in the embedded field: liviu and many others who have a lot more experience in the embedded world, and who have implemented embedded cores for a living, are finding it *REALLY* difficult to deal with the experts in the RISC-V Foundation. and even MIT had to fight tooth and nail to get a simple one-page specification chapter added, so that they could explore a different type of (more secure, formally-provable) memory-model.
the second is a different variation on that: people who *do* have similar domain expertise to the experts within the RISC-V Foundation are finding that the specification has many many areas where a decision has been made on the basis which basically boils down to "well nobody in their right mind would ever want to do this differently because in OUR experience and to OUR knowledge, that's sub-optimal, therefore we can optimise out all and any possibility of ALLOWING anyone to do different from what WE DICTATE, by actually TELLING people in the specification, it MUST be done this way and this way alone".
there are dozens of examples where this has happened, and unfortunately, the amount of effort required to do anything different, due to a cascade of critical dependencies, is quite literally man-decades of work and millions of dollars worth of ostracism from "The One True Way".
i'm being deliberately harsh, there, so as to emphasise the extent of the problem.
in terms of the Systemic Laws, we're basically seeing a clash between people with similar levels of high *non-overlapping* levels of expertise, but where the founders clearly have the "length of service".
"Don't be Dilbert" seems to be a good mantra to follow.
basically... yes.:) but you know how Dilbert is disregarded by Management:) whereas something that's been used regularly and successfully for 20+ years by extremely large companies like Mercedes Benz and contains neutral rational advice is much more likely to be taken seriously.
What is the motivation for the Shakti engineers to deviate so far from the base ISA that their hardware will no longer be compatible with the general ecosystem? Also, I still don't understand how any of these criticisms are due to the management of the RISC-V community. This just seems like a general criticism of any open-source/libre project.
first thing, the RISC-V Project is *not* an open-source / libre project. it's Trademarked, and the Trademark takes absolute precedence. secondly, it's a restricted (closed) group, you have to sign the RISC-V Member Agreement just to gain acc
(b) i'm not affiiated with a university, so do not have a "tenure" that could be threatened
I believe the purpose of tenure is to grant academic freedom to the researcher. I don't see how criticizing RISC-V would "threaten" a tenured position.
whilst i am well-known (even myself) for not known for getting things totally accurate, i'm sure you know what i mean: a student or professor publicly criticising a highly-respected person... for example david patterson to pick one hypothetical name, would raise... a lot of eyebrows.
over the years i've read enough to be able to watch for the signs, and to give people the opportunity to sort things out for themselves... if they so wish. the six Systemic Laws of Organisations listed in "Invisible Dynamics" is one of the best guides i know. any one of those Systemic Laws gets violated, an organisation is guaranteed to be in trouble. *fixable* trouble... if they choose, but still trouble nonetheless.
Do you know of any online reference to these "systemic laws?" If these laws are reasonable, I'd like to perform my own analysis of the RISC-V community's stability. If there aren't any references online, would you mind briefly outlining what the six laws are?
the book's available on amazon, my copy's in storage and i really wish it wasn't. it costs quite a lot to replace https://www.amazon.co.uk/Invis...
as i can best recall them they are listed on page 23 with their associated "anti-laws" if that makes any sense, and they are something like:
* all contributions by all members, past and present, shall be respected. * both the length of service and the level of expertise of any member shall be respected and taken into account * there shall be no "denial". acceptance of "what is" is crucial.
i'm really sorry but those are the only three out of six that i can recall vividly. they're pretty obvious, and you can almost certainly think of situations in which you've seen these Systemic Laws be disregarded. hilariously a lot of them are the subject of Dilbert strips. CEOs telling you that "everything's well" (when it clearly isn't) has an *extremely* damaging effect as it completely locks up the *entire* company.
this despite trying to warn them that the Shakti Foundation is backed by UNLIMITED resources from the Indian Government, and if the RISC-V Foundation doesn't get their act together they'll fork the entire RISC-V software and hardware eco-system, and over the next 5-10 years drop a hundred million completely incompatible processors onto the planet, causing *exactly* the scenario that ARM described in their now-offline website.
Hmmm, this does seem like a worst-case scenario, but I don't see any incentive for the Indian developers to pursue a hard fork, especially if they are planning to release RISC-V commercial processors. A hard-fork for the governmental sector seems more plausible, but that would hardly jeapordize the integrity of RISC-V.
it does if i am helping them to create a mobile-class processor, that goes into smartphones, tablets, netbooks and chromebooks, which, due to their reduced cost due to huge volume, result in them being sold out of india on amazon, making their way world-wide, and people find that they're not DRM-locked and that they can quite easily replace the OS right down to the bedrock.
the problem will come when they find that the standard debian-riscv and standard fedora-riscv distros.... don't work. they'll then start investigating and find that they need a complete total hard forked version of debian, fedora and so on. at that point it becomes hell for the debian and fedora maintainers, who are pretty much guaranteed to be swamped with requests for support of such low-cost low-power hardware.
i couldn't put it in the main article, but i spoke to Madhu back in november, and it was USD $24 million.
Luke that number is preposterous.
then that gives you some idea of how much of a threat A... err... the unnamed company that tried to bribe^Whire their engineers.
Brian Krzanich never even received that much.
Also it is a little misleading to characterize GS. Madhusudan as "another PhD in amongst 100 other PhDs". He is the one of the leaders of India's homegrown semiconductor movement.
my understanding was that it was neel who received the "offer", but i can't be sure. ahh.... yes it was. ohhh that's reeeallly interesting. fuckers who published the article REMOVED the bit about neel's "offer"... and "the author of the article no longer works with us". mmmm rrriiiight....
"Some of that open source zeal can be seen in the Shakti team here. Gala, who was offered a ‘good seven digit package’ by one of the big chip giants, decided against it. “This was an interview over a cup of coffee. The moment of realisation for me was sitting in the cafeteria, and seeing a hundred other PhDs there. The only distinction I had over them was Shakti. If I left it, I would just be another ball in the bag. So that’s why I didn’t leave,” he says."
Luke could you provide sources for your claim that "some of ARM's criticism has merit?". The link provided is to your own mailing list post. I have been following RISC-V closely, and I'm curious what the "systemic failures" you describe there are.
*sigh* that's difficult to do, to provide "independent" sources, as no fucker is brave enough to put their neck on the line and stand up to them. the only reason i can publicly hold them accountable is because:
(a) i'm used to challenging people (and getting banned and censored and then predictably 100% so far seeing the project fail or fork or undergo a major change in leadership within 6-18 months) (b) i'm not affiiated with a university, so do not have a "tenure" that could be threatened (c) i do not work for a company, so there is no employer to fire me (and no shareholders or profits to think of, first) (d) i am not even a member of a software libre project so have no "standing" or reputation to be destroyed or have my team members ostracised
so... pretty lonely if i'm honest!
over the years i've read enough to be able to watch for the signs, and to give people the opportunity to sort things out for themselves... if they so wish. the six Systemic Laws of Organisations listed in "Invisible Dynamics" is one of the best guides i know. any one of those Systemic Laws gets violated, an organisation is guaranteed to be in trouble. *fixable* trouble... if they choose, but still trouble nonetheless. what's interesting about those Laws is that one of them is "denial". including denial of the existence of the Six Systemic Laws!
Bob Podolski's "Bill of Ethics" is the benchmark against which i.... how can i put it... self-check my own behaviour / decisions. the BoE includes a mandatory requirement to always seek (and accept) constructive feedback.
for the Libre RISC-V project however things have to be a little different. this SoC is important. what i used to do is: let people kick me out (basically). if they wanted to be self-obsessed narcissic lying bullying motherfuckers i gave them every opportunity to be otherwise, but never, not once, backed down. the subsequent fall-out that was witnessed (and archived permanently for everyone to see) had the desired effect... but here i can't let that happen.
so in this case i'm trying a different approach, using this page http://www.crnhq.org/12-Skills... as a literal step-by-step guide to resolving issues. one of them interestingly is called "Appropriate Assertiveness", which is the main "skill" i am having to apply right now. it's specifically listed as "not nice" and as "a necessary first step" in a resolution process.
so far, sadly, however i have yet to actually receive a response from anyone where i have had to use that guide. there does not appear to be *any* interest from the key founders behind the RISC-V Foundation in actually acknowledging that there's a problem (Systemic Law violation, "Denial"), and i can guarantee that's going to bite them, sooner rather than later.
this despite trying to warn them that the Shakti Foundation is backed by UNLIMITED resources from the Indian Government, and if the RISC-V Foundation doesn't get their act together they'll fork the entire RISC-V software and hardware eco-system, and over the next 5-10 years drop a hundred million completely incompatible processors onto the planet, causing *exactly* the scenario that ARM described in their now-offline website.
Slashdot Mirror
sadly, there are reasons why some couples cannot have children: i know of a couple that had infertility treatment, and the result was that their child was born severely handicapped.
i suspect that nature has some form of "checksum" that detects if there is damage to the DNA. in speaking with an expert from the Cambridge Genome Project over ten years ago, what they described to me was that human DNA expresses something very close to a Turing Machine, *including* a byte-code-like "machine language".
when i showed this same person the beautiful pictures of 3D mandelbrot sets that were discovered several years ago and published here on slashdot, he responded, "but those are exactly like the pictures i see under my microscope, every day!"
so it is not outside the realm of possibility that DNA expresses a fully-functioning biological computer, complete with checksum capability. this is why messing with that - trying to bypass the safeguards - through any kind of genetic manipulation - is so incredibly dangerous.
in the film "Ready Player One", the end scenes, the new owners of the VR Game decide to shut the entire game down, one day a week.
except, the new owners portray *ethical* responsibility that, unfortunately, would be financially irresponsible as far as the enactment of the Articles of Incorporation of a profit-maximising Corporation. bottom line: if Epic Games actually tried to do something as socially responsible as shut Fornite off for one day a week, their shareholders could legitimately sue them for adversely affecting profits, and the Directors would be prosecuted and struck off as a result.
I still can't put my figure though on why it never went anywhere with anyone I knew,
i wrote about this at the time. facebook is known for being non-mission-critical. if facebook doesn't like your use of its service, and terminates your account, so what, big deal.
however as *actually happened* with several people, the forced requirement of an incredibly dangerous "real name" policy, if people joined up to google+ and refused to accept the dangerous requirement, ACCESS TO TEN YEARS OF EMAIL AND DOCS WAS TERMINATED WITHOUT WARNING. and there was absolutely no recovery mechanism.
i have over 50,000 messages dating back 12 years, on which i critically rely for business and for coordinating software libre projects. termination of access to all of that would be catastrophic.
i also wrote about why "real name" policies are incredibly dangerous. they break the rule that everyone knows: everyone KNOWS that you DO NOT TRUST an online identity. period.
any Corporation that sets itself up as the "God Of Identity" is just... so wrong on so many levels, it's just not funny. youtube data breach only a few months ago. equifax data breach. ashley madison data breach. cambridge analytica. dozens more that can be found on https://haveibeenpwned.com/Pwn...
*how many more* of these are we going to have to have before people start to wake up?
I'm assuming at this point we're probably at least a couple of CPU generations away from Intel fixing this properly.
unfortunately, it's much wose than the press is making out. i've had to investigate this in-depth as part of the design of the libre-riscv soc, because we criically rely on out-of-order execution for the vectorisation. i was shocked to learn that even in-order systems are potentially vulnerable to timing attacks.
the first thing that people need to get absolutely clear: spectre was *just the first* in a *class* of timing attacks that opened researchers and hardware designers eyes to a blind-spot in computing architectures.
the definition of a timing attack is as follows: one instruction may affect the completion time of past OR future instructions through resource starvation / contention, OR through state not being reset after use to a known uniform initial state.
the FIRST spectre attacks were against memory and caches, on speculative designs.
however it is perfectly possible, for example, for a multi-issue IN-ORDER system to have insufficient numbers of register ports, such that a certain unique combination of instructions may be arranged by an attacker to starve future instructions of the ability to complete instructions in a uniform time... and REQUIRE that they stall.
by forcing instructions to stall, that is the very DEFINITION of a timing attack.
against an *IN-ORDER* design.
now, it is possible to put in place certain speculation mitigation barriers in hardware, however these barriers *ONLY* occur at interrupts, exceptions and, at a software / OS level, on "context switches". hence the reason why this paper says that no matter what hardware designers try to do, *intra-process* attacks simply CANNOT be mitigated without moving to an *INTER*-process software security model.
FastCGI is toast, basically.
there is a solution, and it's going to require a massive world-wide campaign to introduce a concept to the entire computing software world: the creation of intra-process speculation barriers. if we wish to keep using FastCGI, and if we wish to keep using Firefox and python-gevent (the single-process paradigm), we *need* a hardware instruction that "quiesces" internal state *AS IF* the hardware had just made a context-switch, terminating all speculative execution, resetting all internal state and so on.
one way in which that may be possible to do in an out-of-order system that does not have such hardware-assisted in-process speculation barrier instructions is to issue about a hundred NOPs. the back-lash against doing so will be extreme, however it's not like there's much of a choice, here.
bottom line is: this has been a major, major oversight by the entire computing industry for over 25 years. it's a problem *across the entire industry*, not just Intel, not just AMD, it's *everybody*. it's not going to be fixed in a couple of hardware revisions by one company.
The issue here is you are dealing with a country without an open market system. China's economy has market mechanisms for some things, but mostly, it's tightly controlled by the state. The state has direct influence and control over nearly every aspect of the economy.
what many people do not realise about china is that the state is not in control: the "old families" are. these are the descendents of the warlords you may recall from chinese history. there are five families, and they're each responsible for unbelievably enormous areas of land and the associated population. they own the banks. they basically own and indirectly run *everything*.
once you understand this, the way that china operates becomes a bit clearer.
I have some doubts about how a tiny "grain of rice sized chip" can both send and receive data
an RFID device uses the remote transmitter's power to charge up a capacitor sufficient to power the entire RFID processor, and the response transmitter (at very low power).
an RFID transceiver plus its power circuit *and* the antenna would easily fit within a compromised ASIC, under the packaging case.
i fully expect the next news report to be, "Supermicro computers discovered in second audit to have been compromised by auditing company. The first audit company, itself secretly compromised by {insert government-of-paranoia-choice-here}, was found to have tampered with the master copies of the bootloader firmware, during its on-site privileged access to Supermicro's Headquarters".
quis custodiet custodiens?
All this drives up the cost, and for some reason students are willing to pay.
... you mean, they're willing to go massively into debt without realising the consequences on the rest of their life...
i was the last year (1988) in the UK where grants were available. i still had to work thursday evenings and all day saturday at sainsbury's, cromwell road, to stay out of debt. an older friend shared an insight with me, that it is the young people who have all the vitality, energy and enthusiasm. the younger people are the ones that will be creating the wealth and (directly or indirectly) looking after the older generation. .... so what the HELL are we doing by destroying their enthusiasm and vitality by CRIPPLING THEM WITH DEBT?
the older generations should be going, as a community, "these are the people who are going to be looking after us when we're older. buy them some land, GIVE them a home to live in and get them the resources they need to build a stable future, for us *and* them, for god's sake!"
there's a book about this phenomenon, called freakonomics. it has interesting economics questions like, "why do drug dealers live with their mums?", despite something like a 25% death rate, and the answer turns out to be that they earn LESS money than if they went and worked for macdonalds, but they are attracted to the POSSIBILITY of becoming the "Drug Overlord". the big boss.
also just as interestingly, the moment they get a serious girlfriend, the researcher found that they quit immediately and... went to work for macdonald's. which leaves me really, really concerned as to why and how lyft and uber drivers are being psychologicall hoodwinked....
"fatherland card... fatherland card...." where have we seen that before? oh yes!
apartheid in south africa: https://en.wikipedia.org/wiki/...
hitler's nazi germany https://en.wikipedia.org/wiki/...
yeah i'll stop there.
in china, due to the number of people who travel to meet family at chinese new year (85% of a major city's population just... ups and leaves for 2 weeks), they're cramming 1,500 people into the larger planes, with special "half-standing" seats. 71cm legroom? ha, you never had it so guuhhd.... mind you, on the last 5 13-hour flights i've been on (taipei-brussels) i've spent 3 hours standing and walking around, due to persistent deep vein thrombosis. i know the warning signs really well, now...
y'know... there's a reason why a friend of mine, when his children asked "dad, dad can we get a computer", he went up into the attic, brought down a TRS80 and a stack of byte magazines, dropped them on the table and said, "here you go!"
they looked at him like he'd grown two heads or something. when they asked him about it, he said, "when you've gone through all of the programs in there, and typed them in and seen how they run, i'll get you a PC"
i have never heard of any other parent doing this. basic self-running computers just do not exist these days. not even arduinos: they require ANOTHER COMPUTER to program them.
BBC Basic, the Jupiter ACE (which ran FORTH), the ZX-Spectrum, these were computers that were *critical* to understanding.
this has been studied for many decades, not related to software libre at all. the book i recommend is named "invisible dynamics": https://www.amazon.co.uk/Invis...
it outlines six systemic laws - and they are laws (not "guidelnes") - which, when you examine them closely, you will find that any software libre project (or any business) that violates one of those laws is a project that *will* be in trouble, in some form. as the book has to be paid for, i extracted the systemic laws and outlined them here: http://libre-riscv.org/charter...
they're really very simple, and are a down-to-earth reflection of the complexities of interaction between people. the systemic laws require that people recognise:
* the right to belong (to feel welcome)
* their role and the role of others
* the understanding of their difference in *their* level of expertise and that of others
* the understanding of the *seniority* of themselves (their length of service) and that of others
* the acceptance of reality (no "denial")
* the acceptance of both guilt *and* merit (no trying to take credit, and no taking away people's right to learn from their mistakes)
* REWARDING of achievements (this is *severely* lacking in the software libre world)
* RECOGNITION of achievements
if you think back on every newsworthy horror story on slashdot over the past 20 years, you will find, behind every one of them, that one of the above has been violated in some way.
* codes of conduct: so horrifically toxic that people feel sickened and repulsed by them, and leave. those that don't leave are under a constant cloud of toxicity and "guilty until proven innocent".
* corporations spongeing off of software libre projects results in shellshock, heartbleed, the GPG developer getitng USD $10,000 into debt; the gentoo lead developer having to work for microsoft due to USD $45,000 of debt
* the samba team taking credit, receiving awards, sponsorship, donations and shares based on my work, causing me to have to go work on building sites in order to feed myself.
there are many many more examples.
so it's been done... it's just not very well-known.
AIUI, under SSPL if you now sell "MongoDB Instances" for people to connect to, and that you'll cover replication and backups for those MongoDB Instances them using some nifty new proprietary add-on you built, then you're going to need to open source that replication and backup code too.
I don't think this would cover some large SaaS provide that simply *uses* MongoDB on the backend, only one that's *selling* MongoDB instances as a service in and of itself.
unfortunately this subtle distinction makes SSPL a non-free license. debian for example will be forced to move mongodb and anything under this SSPL license into the "nonfree" distribution section, thus ensuring that it is excluded from use in all and any debian critical core-level services.
it's a particularly sad state of affairs - a reaction to unethical corporate spongeing - that a major prominent software team has to consider changing the license to a non-free one just to be able to pay their developers to keep working, whilst corporations all around them make hundreds of millions of dollars in profits, using their work??
it's a repeat of the exact same pattern of corporate exploitation that caused me to stop working on samba-tng and exchange 5.5 reverse-engineering, 18+ years ago.
haven't these pathological spongeing corporations learned yet from heartbleed, shellshock and the lessons of the gentoo developer that was $45k in debt and had to go work for microsoft, and the GPG developer that was $10k in debt??
.... you don't say no. if you recall i think it was "Kingsmen", samuel jackson saying, "y'know, the chinese secret service is so secret it doesn't even have a name?" that's because it's operated along isolated cell network lines. *not even the chinese government* can contact those independent cell networks! the only way to "contact" them is for the chinese government - just like everyone else - to make a bit of a fuss, publish a press release and hope like hell that the relevant cell happens to be reading the local or national news.
"Unusual communications from a Supermicro server and a subsequent physical inspection revealed an implant built into the server's Ethernet connector"
translation: someone from an unidentifiable cell called someone in supermicro up, and sai something along the lines of, "we know where you live, we know where your children go to school. we know the manager at the bank and how much is in your bank account, and we know where the bank manager lives as well. now, _about_ those servers you ship to the USA..."
y'know... the planet doesn't care if humans are on it or not. if we're all dead (cooked, starved, killed in food riots), the planet will be peaceful and recover from our cancerous pathological behaviour, soon enough. Agent Smith: "you humans are like a plague. a disease. and we? we... are the cure..."
where is the cobalt (a conflict resource) coming from? where's the lithium coming from? and how's the recycling coming along? also, do we have enough copper to supply absolutely everyone currently owning a car with their own personal 2 tonne electric vehicle? and what's the environmental cost of neodymium refining? https://www.theguardian.com/en...
how on earth would you instrument *this*?? https://en.wikipedia.org/wiki/...
" But you keep the latter guarded, because it's how you prove who you are. "
nooOoo: when you type in a password, it authenticates the *username*. it does *not* authenticate the *user*.
the question is clearly comprehensive enough that the poster knows there's something deeply, deeply wrong with PHP. a more detailed investigation shows that the actual core developers are ignorant of system-level security programming... but it takes time to actually find that out.
what stood out for me was that the poster clearly sees an extremely high degree of incompetence surrounding PHP. as in: way-above-average. in part this is i feel down to PHP attracting "web-only" developers who have "a bit of HTML and CSS" and consequently genuinely believe that they are god's gift to the internet, but it's more than that: it's down i feel to the way that PHP programming started out.
in 1995 i remember being incredibly excited to do my first PHP programming, sitting in CB1 Cafe in Cambridge, after downloading all the source code for apache2, mysql and php onto a NeXT Workstation over a 56k dialup modem. embedding actual dynamic functions into HTML, seeing the results change depending on what was in the database, that was just absolutely ground-breaking.
what didn't occur to me at the time was how much damage the approach of embedding a programming language's functions into HTML.
fast-forward ten years later and a friend and i were tasked with "recovering" an absolutely disastrous PHP application gone wrong. the programmer had written 3,000 line PHP pages.... times four.... one for entering a "new" record (with 40 or 50 fields per record), one page - cut/paste modified with "error strings" inserted. a SEPARATE page for edit and a SEPARATE page for edit-with-errors.
this "style" was copied enough times so that the application was over a HUNDRED thousand lines of ineffective unmaintanable code. my friend cut out EVERYTHING so that there was not a single piece of interleaved php plus HTML, and with a lot of refactoring the entire application was down to under 10,000 lines and much more powerful.
he wasn't the only programmer i've seen make this mistake.
the point is: it wasn't so much the incompetent developers' fault: it was the style that allows PHP functions to *be* embedded into HTML/CSS that *causes* people to think that this is both "normal" and "acceptable" (readable / maintainable).
now, there are likely to be quite a lot of replies saying "But You Don't Have To Do It That Way, You Can Use Templating Library {insert name of one of dozens of templating libraries here}", that's not the point and it's not helping: the point is that people who *don't know* that those libraries exist *will* end up writing shit unmaintainable code, by default.
there's more than that, obviously, which boils down to: where there are inherently good programming practices *right from the start* as well as an easy-to-read inherently tidy and elegant "style", even bad programmers have to work really quite hard to screw up.
and that's why i love python, particularly for web programming. i maintain a top fastest 1% website for a client (the render time is under 0.7 seconds even from half way across the world), and it's entirely written in python *with absolutely no external framework dependencies*. i gave up using sqlalchemy, django and so on, a *LONG* time ago, as i learned that using python's string "format" function is perfectly sufficient. do a for-loop, generate the fields from a python list with a function, voila you have the input fields for a form. or the fields from a database query. if you want readable HTML rather than {0} in the thing, you just use python main_html_page_string.replace("", left_menu_string). it really couldn't get any easier.
whilst i am well-known (even myself) for not known for getting things totally accurate, i'm sure you know what i mean: a student or professor publicly criticising a highly-respected person... for example david patterson to pick one hypothetical name, would raise... a lot of eyebrows.
Isn't this a general criticism of any democratic system? It would raise a lot of eyebrows because one would expect that the authority figure is qualified in making his/her judgements.
eeexactlyyyy. and unfortunately, we are talking about people who, by virtue of being professors, are used to teaching, used to being always right, and used *never* to being questioned. and, indeed, *in their area of expertise*, they are almost 100% right, 100% of the time. this is an example of the systemic law "respect expertise, respect length-of-service".
unfortunately there are two (quite different but related areas) where this becomes a problem:
(1) when the experienced and long-standing expert encounters something OUTSIDE of their area of expertise and
(2) when there exists confusion between SPECIFICATION and IMPLEMENTATION ADVICE (implementation-specific optimisations)
the first should be fairly clear: someone who is used to always being right, suddenly has to deal with someone who knows more than them. this is happening particularly in the embedded field: liviu and many others who have a lot more experience in the embedded world, and who have implemented embedded cores for a living, are finding it *REALLY* difficult to deal with the experts in the RISC-V Foundation. and even MIT had to fight tooth and nail to get a simple one-page specification chapter added, so that they could explore a different type of (more secure, formally-provable) memory-model.
the second is a different variation on that: people who *do* have similar domain expertise to the experts within the RISC-V Foundation are finding that the specification has many many areas where a decision has been made on the basis which basically boils down to "well nobody in their right mind would ever want to do this differently because in OUR experience and to OUR knowledge, that's sub-optimal, therefore we can optimise out all and any possibility of ALLOWING anyone to do different from what WE DICTATE, by actually TELLING people in the specification, it MUST be done this way and this way alone".
there are dozens of examples where this has happened, and unfortunately, the amount of effort required to do anything different, due to a cascade of critical dependencies, is quite literally man-decades of work and millions of dollars worth of ostracism from "The One True Way".
i'm being deliberately harsh, there, so as to emphasise the extent of the problem.
in terms of the Systemic Laws, we're basically seeing a clash between people with similar levels of high *non-overlapping* levels of expertise, but where the founders clearly have the "length of service".
"Don't be Dilbert" seems to be a good mantra to follow.
basically... yes. :) but you know how Dilbert is disregarded by Management :) whereas something that's been used regularly and successfully for 20+ years by extremely large companies like Mercedes Benz and contains neutral rational advice is much more likely to be taken seriously.
What is the motivation for the Shakti engineers to deviate so far from the base ISA that their hardware will no longer be compatible with the general ecosystem?
Also, I still don't understand how any of these criticisms are due to the management of the RISC-V community. This just seems like a general criticism of any open-source/libre project.
first thing, the RISC-V Project is *not* an open-source / libre project. it's Trademarked, and the Trademark takes absolute precedence. secondly, it's a restricted (closed) group, you have to sign the RISC-V Member Agreement just to gain acc
(b) i'm not affiiated with a university, so do not have a "tenure" that could be threatened
I believe the purpose of tenure is to grant academic freedom to the researcher. I don't see how criticizing RISC-V would "threaten" a tenured position.
whilst i am well-known (even myself) for not known for getting things totally accurate, i'm sure you know what i mean: a student or professor publicly criticising a highly-respected person... for example david patterson to pick one hypothetical name, would raise... a lot of eyebrows.
over the years i've read enough to be able to watch for the signs, and to give people the opportunity to sort things out for themselves... if they so wish. the six Systemic Laws of Organisations listed in "Invisible Dynamics" is one of the best guides i know. any one of those Systemic Laws gets violated, an organisation is guaranteed to be in trouble. *fixable* trouble... if they choose, but still trouble nonetheless.
Do you know of any online reference to these "systemic laws?" If these laws are reasonable, I'd like to perform my own analysis of the RISC-V community's stability. If there aren't any references online, would you mind briefly outlining what the six laws are?
the book's available on amazon, my copy's in storage and i really wish it wasn't. it costs quite a lot to replace https://www.amazon.co.uk/Invis...
as i can best recall them they are listed on page 23 with their associated "anti-laws" if that makes any sense, and they are something like:
* all contributions by all members, past and present, shall be respected.
* both the length of service and the level of expertise of any member shall be respected and taken into account
* there shall be no "denial". acceptance of "what is" is crucial.
i'm really sorry but those are the only three out of six that i can recall vividly. they're pretty obvious, and you can almost certainly think of situations in which you've seen these Systemic Laws be disregarded. hilariously a lot of them are the subject of Dilbert strips. CEOs telling you that "everything's well" (when it clearly isn't) has an *extremely* damaging effect as it completely locks up the *entire* company.
this despite trying to warn them that the Shakti Foundation is backed by UNLIMITED resources from the Indian Government, and if the RISC-V Foundation doesn't get their act together they'll fork the entire RISC-V software and hardware eco-system, and over the next 5-10 years drop a hundred million completely incompatible processors onto the planet, causing *exactly* the scenario that ARM described in their now-offline website.
Hmmm, this does seem like a worst-case scenario, but I don't see any incentive for the Indian developers to pursue a hard fork, especially if they are planning to release RISC-V commercial processors. A hard-fork for the governmental sector seems more plausible, but that would hardly jeapordize the integrity of RISC-V.
it does if i am helping them to create a mobile-class processor, that goes into smartphones, tablets, netbooks and chromebooks, which, due to their reduced cost due to huge volume, result in them being sold out of india on amazon, making their way world-wide, and people find that they're not DRM-locked and that they can quite easily replace the OS right down to the bedrock.
the problem will come when they find that the standard debian-riscv and standard fedora-riscv distros.... don't work. they'll then start investigating and find that they need a complete total hard forked version of debian, fedora and so on. at that point it becomes hell for the debian and fedora maintainers, who are pretty much guaranteed to be swamped with requests for support of such low-cost low-power hardware.
i couldn't put it in the main article, but i spoke to Madhu back in november, and it was USD $24 million.
Luke that number is preposterous.
then that gives you some idea of how much of a threat A... err... the unnamed company that tried to bribe^Whire their engineers.
Brian Krzanich never even received that much.
Also it is a little misleading to characterize GS. Madhusudan as "another PhD in amongst 100 other PhDs". He is the one of the leaders of India's homegrown semiconductor movement.
my understanding was that it was neel who received the "offer", but i can't be sure. ahh.... yes it was. ohhh that's reeeallly interesting. fuckers who published the article REMOVED the bit about neel's "offer"... and "the author of the article no longer works with us". mmmm rrriiiight....
https://web.archive.org/web/20...
"Some of that open source zeal can be seen in the Shakti team here. Gala, who was offered a ‘good seven digit package’ by one of the big chip giants, decided against it. “This was an interview over a cup of coffee. The moment of realisation for me was sitting in the cafeteria, and seeing a hundred other PhDs there. The only distinction I had over them was Shakti. If I left it, I would just be another ball in the bag. So that’s why I didn’t leave,” he says."
Luke could you provide sources for your claim that "some of ARM's criticism has merit?". The link provided is to your own mailing list post. I have been following RISC-V closely, and I'm curious what the "systemic failures" you describe there are.
*sigh* that's difficult to do, to provide "independent" sources, as no fucker is brave enough to put their neck on the line and stand up to them. the only reason i can publicly hold them accountable is because:
(a) i'm used to challenging people (and getting banned and censored and then predictably 100% so far seeing the project fail or fork or undergo a major change in leadership within 6-18 months)
(b) i'm not affiiated with a university, so do not have a "tenure" that could be threatened
(c) i do not work for a company, so there is no employer to fire me (and no shareholders or profits to think of, first)
(d) i am not even a member of a software libre project so have no "standing" or reputation to be destroyed or have my team members ostracised
so... pretty lonely if i'm honest!
over the years i've read enough to be able to watch for the signs, and to give people the opportunity to sort things out for themselves... if they so wish. the six Systemic Laws of Organisations listed in "Invisible Dynamics" is one of the best guides i know. any one of those Systemic Laws gets violated, an organisation is guaranteed to be in trouble. *fixable* trouble... if they choose, but still trouble nonetheless. what's interesting about those Laws is that one of them is "denial". including denial of the existence of the Six Systemic Laws!
Bob Podolski's "Bill of Ethics" is the benchmark against which i.... how can i put it... self-check my own behaviour / decisions. the BoE includes a mandatory requirement to always seek (and accept) constructive feedback.
for the Libre RISC-V project however things have to be a little different. this SoC is important. what i used to do is: let people kick me out (basically). if they wanted to be self-obsessed narcissic lying bullying motherfuckers i gave them every opportunity to be otherwise, but never, not once, backed down. the subsequent fall-out that was witnessed (and archived permanently for everyone to see) had the desired effect... but here i can't let that happen.
so in this case i'm trying a different approach, using this page http://www.crnhq.org/12-Skills... as a literal step-by-step guide to resolving issues. one of them interestingly is called "Appropriate Assertiveness", which is the main "skill" i am having to apply right now. it's specifically listed as "not nice" and as "a necessary first step" in a resolution process.
so far, sadly, however i have yet to actually receive a response from anyone where i have had to use that guide. there does not appear to be *any* interest from the key founders behind the RISC-V Foundation in actually acknowledging that there's a problem (Systemic Law violation, "Denial"), and i can guarantee that's going to bite them, sooner rather than later.
this despite trying to warn them that the Shakti Foundation is backed by UNLIMITED resources from the Indian Government, and if the RISC-V Foundation doesn't get their act together they'll fork the entire RISC-V software and hardware eco-system, and over the next 5-10 years drop a hundred million completely incompatible processors onto the planet, causing *exactly* the scenario that ARM described in their now-offline website.
it's not crunch-time yet, but it's close.