Azure can do the same thing, but my sense is that most of their business is actually just hosting Office 365 and other Microsoft products. I don't meet many people who run arbitrary workloads on Azure - it's just the runtime for O365.
I'm not sure if it's still the case, but Apple was running most of their cloudy services on Azure a few years ago. We've had a load of contributions in Hyper-V support to FreeBSD because (apparently) Microsoft had Azure customers asking for FreeBSD support, so at least one company must be using it.
I think this is the big advantage for Microsoft. If they play it right, then Azure hosting is not really a product, it's an advert that happens to also generate revenue. The real product is Azure Stack (HyperV is now a standard feature on Windows and Azure Stack lets you use the same management tools in your internal cloud). Hosted cloud offerings are cheap when you're very low volume, but Microsoft is the only big cloud hosting provider that sells you a good migration strategy for when it becomes cheaper (or regulatory / confidentiality requirements make it essential) for you to host at least some of it in-house. Other cloud providers don't want to make that easy, because you won't be paying them money when you move things into your own datacentre. Microsoft will happily sell you the software to do it yourself and, if you do, then they can likely still sell you hosted offerings for when you suddenly have unexpected demand spikes.
Google's API set is probably one of the crappiest I've ever seen
This seems to be a systematic problem at Google. I've yet to see one piece of code written by Googlers that has well-designed APIs. My guess is that it comes from the way that refactoring is baked into the Google workflow. When you can run a job that will run an automatic refactoring tool over an entire codebase and all of its in-house dependencies quickly, then it's less important to get things right the first time.
It's much older than that. OS X was Apple's renaming of OPENSTEP, which was a renaming of NeXTSTEP, which debuted in 1988. Mac OS X has been in constant and active development since only a few years after Classic MacOS and for five years longer than Windows NT.
I'm typing this on a late 2013 MacBook Pro. Not sure what the author of TFS who thought they hadn't updated since 2012 was smoking - this model was released just under 3 years ago and was the first generation to use Haswell. They've done a small speedbump since then. I'd happily buy a faster one if it existed, the problem is that the new Intel chips are only marginally faster than the previous ones. Every previous laptop upgrade for me (on a roughly 3-year cycle) has at least doubled performance. I'd be interested in 32GB of RAM and 2TB of SSD (or more of both) and a faster GPU, but it's still not that compelling. I was hoping that Skylake would give us 8-core (not 4+4 hyperthreading) in a mobile chip, but it hasn't.
But these scenes are always offset by a damned fucking good script that keeps them lighthearted and sardonic
Actually, the script was pretty bland. Ghostbusters, like the original Star Wars trilogy, was made by the ad-libs from the actors. I've not seen the remake because at least one of the following is true:
The film sucks.
The people who made the trailer managed to showcase the worst parts of the film.
The claims that people don't like it because they hate women make me slightly cranky though, because judging from the trailer the film itself was misogynistic and racist. If you want to make a good film with female leads, I'd suggest that you try a few simple rules:
Make the characters original. Don't make a female James Bond or a female Egon. If you don't know how to do this, look at pretty much anything that Joss Whedon has ever made. Guess what, a lot of the people who hated Ghostbusters obsessively bought entire DVD boxed sets of a bunch of TV shows with female leads that didn't suck.
If you're going to take traditionally male stereotypes and apply them to women, pick the positive ones. Don't just make your female characters socially awkward if they're clever because 'oooh, geek stereotype, we can make that apply to women too!'. It's not edgy, it's cringe-worthy.
Don't pick the ethnicity of your characters until you're near the end of the script drafting process. A bunch of negative black stereotypes in a character played by a black actor doesn't make your film good.
Don't make 'has female leads' a selling point. If the best thing about your film is the gender (or colour) or your actors, then your film sucks. Make a good film first. If you make a good film that happens to be female led then you'll do a lot more to make female leads accepted than if you make a crap film that shouts how proud it is that all of the leads are women.
For a lot of products, the choice is either a) crap made in China that breaks on first use, or b) expensive crap made in China that breaks on first use.
Of course, if someone could get in far enough to hijack the password database, then you've got bigger security issues than just those pertaining to a single account anyway.
Not necessarily. A lot of places have quite lax security on their hashed and salted password file, because it's regarded as secure (it will take a long time to brute force). In other places, it just takes an information disclosure vulnerability (accidentally making something world readable when it shouldn't be, like those fun web server things where you could go to http://example.com/../../etc/p... and grab the file), not a full system compromise, to get the passwords and then if you can crack one then you can log in properly and do something more dangerous.
If all of the passwords are reasonably strong, then you'll need to do a large search to find a hash collision, but it's something that can be trivially parallelised (and works nicely on GPUs, so a targeted attack from someone with a cluster of GPUs to throw at it might be lucky). A few years ago, someone with 25 GPUs was computing 348 billion password hashes per second. If your passwords are upper case, lower case, number, and one of 20 punctuation symbols, then that gives you 82 symbols per character. For an 8-character password, that's about 100 seconds to search every possible combination. The time increases by a factor of 82 each extra character, so that's about 2 hours for 9-character passwords. For 10-character passwords, that's a bit over a year, but remember that I'm using 4-year-old numbers for performance (GPUs are faster now), and it's an embarrassingly parallel problem, so using 250 GPUs (not that expensive in comparison to the value of your corporate assets) would bring it down to about a month.
Hopefully your password database is using a slow hash (e.g. sha512crypt), which takes a lot longer, but an adversary able to throw more (or custom) hardware at the problem can still likely manage it for most 10-character passwords.
Password rotation is intended to prevent against offline attacks. If someone who grabs a copy of your password db can break the hashes in 30 days, then rotating passwords every 30 days is a good defence: by the time someone has found a password, it won't be valid anymore. The problem is that it's a threat model that doesn't really make sense for most organisations.
Debt should be used for investment, not consumption
The flip side of the grandparent's point is that a lot of people have been taught that debt is unconditionally bad and so don't believe this. They then miss out on investment opportunities because they're afraid of debt. Look at the discussion about credit cards yesterday - a lot of posters even here believed that they were bad, even though if you pay automatically you're just getting a permanent interest-free loan of one month's expenditure (which you can put into an interest-earning account) and a 1% discount on everything that you spend. A lot of younger people are either avoiding debt entirely, even when it could benefit them, or using it badly.
If that's true, then I think it would be the first ever instance of poverty causing a decline in sexual activity and would be a very interesting research result.
The key thing that a lot of later things that attempted to replace Logo missed was that Logo was not a tool to teach programming, it was a tool to teach computer-aided thinking. Programming follows naturally from that.
Exactly. And this is now going to be problematic when someone on an Apple device sends a message saying 'I'm going to shoot you with a U+1F52B,' to a user of another system, who will see 'I'm going to shoot you with a {glock image}' and not 'I'm going to shoot you with a {waterpistol image}'. It's a nice case study of why Emoji in unicode are a brain-dead idea. What was wrong with the MSN Messenger convention of [[water pistol]]? If a client had an image that corresponded to the string 'water pistol' it could show it, otherwise it would show the text and the user could figure it out.
I've heard that claim, but it doesn't really ring true. I spend about £10-20K on my credit card a year (a lot of it is business expenses) and pay it off every month. My card issuer seems to care a lot about customer retention - every time I've had a minor issue with them, I've had a written apology, credit of £20 to my account, and someone call me to check if I'm happy with the outcome. Which makes sense, when you consider that they're making a few hundred pounds from me every year with no risk.
I forgot to mention the ones that they like the most, which is people like me except who occasionally miss a month of payment, then pay it back the following month. These people are very low risk but are even higher return. Like everything else in finance, it's about maintaining a broad portfolio of risk/reward. Credit card companies need to have a lot of low-risk transactors to create enough demand in shops for credit cards and to reduce the overall risk of their business. Without them, the ones that didn't pay back would be too high risk.
In real-world terms, a 1.5GHz dualcore ARM9 is roughly equivalent to a 500-900MHz Pentium 3 from 15 years ago
I very much doubt that. ARM9 was introduced in 1998 and the last ones were designed in 2006. They're simple in-order cores that are closer in structure to a 486 than a Pentium 3.
ARM was optimized to be low-power, simple, and economical
That varies hugely between cores. The M profile is designed to be low power and cheap. The R profile is designed to be similar to the M profile but with stricter determinism constraints. The A profile is designed to scale from high-end embedded devices to servers. Systems like the Cavium Thunder X have 48 cores per package and support two packages per board, with multiple 10GigE adaptors on die.
The i7 was designed to win every race at any cost through sheer brute force... and for the most part, it succeeds 100%.
Not quite. The Pentium 4 was the last core that Intel designed with no thought to power consumption. Recent i7 cores, for example, are more conservative in estimating dependencies between instructions than Netburst (which was 100% accurate). This means that you occasionally hit false dependencies and can introduce pipeline bubbles, but in exchange you're using a lot less power and the scheduler is far less likely to produce enough heat to trigger thermal throttling, so you end up with a net win for most workloads.
Yes, it's totally possible to build an ARM9-based system that can beat the best i7-based system in every measurable way
No it isn't and no one would try. The only people still using ARM9 for anything are the ones that have some embedded device that's been in production for a decade that they don't want to change in case it breaks (and a lot of those are switching anyway because a more modern core can be cheaper). The rest of your post indicates that you have absolutely no idea about either Intel or ARM microarchitectures and, in particular, nothing that you've said is even vaguely connected to the claim that I made in my post.
You don't have to be... but it sure helps. Some of my colleagues just had a proposal rejected with positive reviews from all of the reviewers, and a note saying that this time, for the first time, 'other factors' were considered when evaluating EU grants. Other colleagues have seen institutions in the EU decide that it's too high risk to have partner institutions in the UK on grant applications, which is problematic given that a load of EU funding requires multiple collaborating institutions in different countries. And that's before we even invoke Article 50 - do you think it will become easier after that?
That's a map of areas that have free trade agreements (i.e. unregulated flow of capital), not the map of areas that have any trade agreements. There are quite a few places on that map that do have free trade agreements where at least one side probably doesn't see a benefit.
The important difference is that taxes in states like Texas and California are moved by the Federal government to states with weaker economies. This helps to ensure that the difference in purchasing power between a dollar in Texas and a dollar in Alaska is not too great. The Germans vetoed such a mechanism in the Eurozone, which economists at the time said was required to prevent exactly the kind of crisis that we've seen over the last few years.
There was a blog post on Surfin' Safari (the WebKit blog) and on the llvm.org blog with a bunch of numbers when they did the FTL implementation. That showed around a 60% overhead for C to JavaScript to LLVM IR to native code with FTL vs C to LLVM IR to native code with clang. 60% is less than the speedup that we've seen in C compilers (and typically less than you'll see for the difference between a modern LLVM or GCC vs something like PCC, except in very IO-bound workloads).
You understand how the chip is supposed to work. There are a few attacks that work. For example, it turns out that a lot of terminals use a very predictable 'unpredictable number', so if you temporarily have the card then you can generate a response for a challenge that you predict will happen from a buggy PoS (in both senses) machine, then you can use a fake card to issue that response when you get the challenge.
If it works anything like the contactless system in the UK, then the thing that's stopping it is that this kind of attack is basically the same as stealing a card and replacing it in someone's wallet with a piece of paper containing your name and address. The number that's generated is valid for a single transaction of a specified amount with a single merchant, as part of a challenge-response protocol. If the transaction goes through, then the bank will record the recipient of the money. If a lot of people notice fraudulent transactions going to you then you're likely to get a visit from the police. Oh, and you won't even get to keep the money, because there's a delay between people spotting the transactions and your being able to get at the money.
I've never had a credit card that charge fees. Most have very high interest rates, but they don't charge interest between the purchase time and the date that the statement is due (14 days from the statement date, so you get an interest-free loan for 14-45 days, depending on when in the month you make the purchase). Any reputable card lets you pay by direct debit, so the money goes out of your account on the due date each month for the previous month's spending so the interest rates are totally irrelevant because you never actually hit them. You get to keep the money in an interest-earning account (you can put one month more spending into a savings account if you have a credit card than if you don't). Most cards also have some kind of reward scheme - mine gives me 1% of all purchases back.
Credit card companies like two kinds of customers. The first are people who spend a lot and pay it back every time. They like these people because they're low risk and the company makes 2-3% of everything that they spend. The other people are ones that go into debt quickly. They like these people because they can get a judgement against them that forces them into effectively perpetual repayment. If you think you might be in the second category, then don't get a credit card.
Oh, and it's worth remembering that it isn't free for a merchant to take cash either. They have to keep tills balanced, they have to trust their checkout staff more, they have to keep tills stocked with change, they have higher insurance premiums if they have a lot of cash in the store, they have to arrange to have their takings moved securely to the bank, and so on. Cash is only cheaper for very small retailers - the point at which it's cheaper to have the majority of transactions from cards is lower than you might think.
paying with a debit card is faster than cash (mostly cos the checkout staff can't actually count).
I think you have that back to front. The reason that paying with cash is faster in the USA is that many retailers have no expectation of basic numeracy of their checkout staff and so have the tills count the money and produce the change.
Slashdot Mirror
Azure can do the same thing, but my sense is that most of their business is actually just hosting Office 365 and other Microsoft products. I don't meet many people who run arbitrary workloads on Azure - it's just the runtime for O365.
I'm not sure if it's still the case, but Apple was running most of their cloudy services on Azure a few years ago. We've had a load of contributions in Hyper-V support to FreeBSD because (apparently) Microsoft had Azure customers asking for FreeBSD support, so at least one company must be using it.
I think this is the big advantage for Microsoft. If they play it right, then Azure hosting is not really a product, it's an advert that happens to also generate revenue. The real product is Azure Stack (HyperV is now a standard feature on Windows and Azure Stack lets you use the same management tools in your internal cloud). Hosted cloud offerings are cheap when you're very low volume, but Microsoft is the only big cloud hosting provider that sells you a good migration strategy for when it becomes cheaper (or regulatory / confidentiality requirements make it essential) for you to host at least some of it in-house. Other cloud providers don't want to make that easy, because you won't be paying them money when you move things into your own datacentre. Microsoft will happily sell you the software to do it yourself and, if you do, then they can likely still sell you hosted offerings for when you suddenly have unexpected demand spikes.
Google's API set is probably one of the crappiest I've ever seen
This seems to be a systematic problem at Google. I've yet to see one piece of code written by Googlers that has well-designed APIs. My guess is that it comes from the way that refactoring is baked into the Google workflow. When you can run a job that will run an automatic refactoring tool over an entire codebase and all of its in-house dependencies quickly, then it's less important to get things right the first time.
It's much older than that. OS X was Apple's renaming of OPENSTEP, which was a renaming of NeXTSTEP, which debuted in 1988. Mac OS X has been in constant and active development since only a few years after Classic MacOS and for five years longer than Windows NT.
That quote is also bullshit. The current generation MacBook Pro was introduced in late 2013 and received a small speed bump some time after that.
I'm typing this on a late 2013 MacBook Pro. Not sure what the author of TFS who thought they hadn't updated since 2012 was smoking - this model was released just under 3 years ago and was the first generation to use Haswell. They've done a small speedbump since then. I'd happily buy a faster one if it existed, the problem is that the new Intel chips are only marginally faster than the previous ones. Every previous laptop upgrade for me (on a roughly 3-year cycle) has at least doubled performance. I'd be interested in 32GB of RAM and 2TB of SSD (or more of both) and a faster GPU, but it's still not that compelling. I was hoping that Skylake would give us 8-core (not 4+4 hyperthreading) in a mobile chip, but it hasn't.
But these scenes are always offset by a damned fucking good script that keeps them lighthearted and sardonic
Actually, the script was pretty bland. Ghostbusters, like the original Star Wars trilogy, was made by the ad-libs from the actors. I've not seen the remake because at least one of the following is true:
The claims that people don't like it because they hate women make me slightly cranky though, because judging from the trailer the film itself was misogynistic and racist. If you want to make a good film with female leads, I'd suggest that you try a few simple rules:
For a lot of products, the choice is either a) crap made in China that breaks on first use, or b) expensive crap made in China that breaks on first use.
Of course, if someone could get in far enough to hijack the password database, then you've got bigger security issues than just those pertaining to a single account anyway.
Not necessarily. A lot of places have quite lax security on their hashed and salted password file, because it's regarded as secure (it will take a long time to brute force). In other places, it just takes an information disclosure vulnerability (accidentally making something world readable when it shouldn't be, like those fun web server things where you could go to http://example.com/../../etc/p... and grab the file), not a full system compromise, to get the passwords and then if you can crack one then you can log in properly and do something more dangerous.
If all of the passwords are reasonably strong, then you'll need to do a large search to find a hash collision, but it's something that can be trivially parallelised (and works nicely on GPUs, so a targeted attack from someone with a cluster of GPUs to throw at it might be lucky). A few years ago, someone with 25 GPUs was computing 348 billion password hashes per second. If your passwords are upper case, lower case, number, and one of 20 punctuation symbols, then that gives you 82 symbols per character. For an 8-character password, that's about 100 seconds to search every possible combination. The time increases by a factor of 82 each extra character, so that's about 2 hours for 9-character passwords. For 10-character passwords, that's a bit over a year, but remember that I'm using 4-year-old numbers for performance (GPUs are faster now), and it's an embarrassingly parallel problem, so using 250 GPUs (not that expensive in comparison to the value of your corporate assets) would bring it down to about a month.
Hopefully your password database is using a slow hash (e.g. sha512crypt), which takes a lot longer, but an adversary able to throw more (or custom) hardware at the problem can still likely manage it for most 10-character passwords.
Password rotation is intended to prevent against offline attacks. If someone who grabs a copy of your password db can break the hashes in 30 days, then rotating passwords every 30 days is a good defence: by the time someone has found a password, it won't be valid anymore. The problem is that it's a threat model that doesn't really make sense for most organisations.
How many times do you have to go to them in a month before it's cheaper to rent a small flat?
Debt should be used for investment, not consumption
The flip side of the grandparent's point is that a lot of people have been taught that debt is unconditionally bad and so don't believe this. They then miss out on investment opportunities because they're afraid of debt. Look at the discussion about credit cards yesterday - a lot of posters even here believed that they were bad, even though if you pay automatically you're just getting a permanent interest-free loan of one month's expenditure (which you can put into an interest-earning account) and a 1% discount on everything that you spend. A lot of younger people are either avoiding debt entirely, even when it could benefit them, or using it badly.
If that's true, then I think it would be the first ever instance of poverty causing a decline in sexual activity and would be a very interesting research result.
The key thing that a lot of later things that attempted to replace Logo missed was that Logo was not a tool to teach programming, it was a tool to teach computer-aided thinking. Programming follows naturally from that.
Exactly. And this is now going to be problematic when someone on an Apple device sends a message saying 'I'm going to shoot you with a U+1F52B,' to a user of another system, who will see 'I'm going to shoot you with a {glock image}' and not 'I'm going to shoot you with a {waterpistol image}'. It's a nice case study of why Emoji in unicode are a brain-dead idea. What was wrong with the MSN Messenger convention of [[water pistol]]? If a client had an image that corresponded to the string 'water pistol' it could show it, otherwise it would show the text and the user could figure it out.
I've heard that claim, but it doesn't really ring true. I spend about £10-20K on my credit card a year (a lot of it is business expenses) and pay it off every month. My card issuer seems to care a lot about customer retention - every time I've had a minor issue with them, I've had a written apology, credit of £20 to my account, and someone call me to check if I'm happy with the outcome. Which makes sense, when you consider that they're making a few hundred pounds from me every year with no risk.
I forgot to mention the ones that they like the most, which is people like me except who occasionally miss a month of payment, then pay it back the following month. These people are very low risk but are even higher return. Like everything else in finance, it's about maintaining a broad portfolio of risk/reward. Credit card companies need to have a lot of low-risk transactors to create enough demand in shops for credit cards and to reduce the overall risk of their business. Without them, the ones that didn't pay back would be too high risk.
In real-world terms, a 1.5GHz dualcore ARM9 is roughly equivalent to a 500-900MHz Pentium 3 from 15 years ago
I very much doubt that. ARM9 was introduced in 1998 and the last ones were designed in 2006. They're simple in-order cores that are closer in structure to a 486 than a Pentium 3.
ARM was optimized to be low-power, simple, and economical
That varies hugely between cores. The M profile is designed to be low power and cheap. The R profile is designed to be similar to the M profile but with stricter determinism constraints. The A profile is designed to scale from high-end embedded devices to servers. Systems like the Cavium Thunder X have 48 cores per package and support two packages per board, with multiple 10GigE adaptors on die.
The i7 was designed to win every race at any cost through sheer brute force... and for the most part, it succeeds 100%.
Not quite. The Pentium 4 was the last core that Intel designed with no thought to power consumption. Recent i7 cores, for example, are more conservative in estimating dependencies between instructions than Netburst (which was 100% accurate). This means that you occasionally hit false dependencies and can introduce pipeline bubbles, but in exchange you're using a lot less power and the scheduler is far less likely to produce enough heat to trigger thermal throttling, so you end up with a net win for most workloads.
Yes, it's totally possible to build an ARM9-based system that can beat the best i7-based system in every measurable way
No it isn't and no one would try. The only people still using ARM9 for anything are the ones that have some embedded device that's been in production for a decade that they don't want to change in case it breaks (and a lot of those are switching anyway because a more modern core can be cheaper). The rest of your post indicates that you have absolutely no idea about either Intel or ARM microarchitectures and, in particular, nothing that you've said is even vaguely connected to the claim that I made in my post.
You don't have to be... but it sure helps. Some of my colleagues just had a proposal rejected with positive reviews from all of the reviewers, and a note saying that this time, for the first time, 'other factors' were considered when evaluating EU grants. Other colleagues have seen institutions in the EU decide that it's too high risk to have partner institutions in the UK on grant applications, which is problematic given that a load of EU funding requires multiple collaborating institutions in different countries. And that's before we even invoke Article 50 - do you think it will become easier after that?
That's a map of areas that have free trade agreements (i.e. unregulated flow of capital), not the map of areas that have any trade agreements. There are quite a few places on that map that do have free trade agreements where at least one side probably doesn't see a benefit.
The important difference is that taxes in states like Texas and California are moved by the Federal government to states with weaker economies. This helps to ensure that the difference in purchasing power between a dollar in Texas and a dollar in Alaska is not too great. The Germans vetoed such a mechanism in the Eurozone, which economists at the time said was required to prevent exactly the kind of crisis that we've seen over the last few years.
There was a blog post on Surfin' Safari (the WebKit blog) and on the llvm.org blog with a bunch of numbers when they did the FTL implementation. That showed around a 60% overhead for C to JavaScript to LLVM IR to native code with FTL vs C to LLVM IR to native code with clang. 60% is less than the speedup that we've seen in C compilers (and typically less than you'll see for the difference between a modern LLVM or GCC vs something like PCC, except in very IO-bound workloads).
You understand how the chip is supposed to work. There are a few attacks that work. For example, it turns out that a lot of terminals use a very predictable 'unpredictable number', so if you temporarily have the card then you can generate a response for a challenge that you predict will happen from a buggy PoS (in both senses) machine, then you can use a fake card to issue that response when you get the challenge.
If it works anything like the contactless system in the UK, then the thing that's stopping it is that this kind of attack is basically the same as stealing a card and replacing it in someone's wallet with a piece of paper containing your name and address. The number that's generated is valid for a single transaction of a specified amount with a single merchant, as part of a challenge-response protocol. If the transaction goes through, then the bank will record the recipient of the money. If a lot of people notice fraudulent transactions going to you then you're likely to get a visit from the police. Oh, and you won't even get to keep the money, because there's a delay between people spotting the transactions and your being able to get at the money.
I've never had a credit card that charge fees. Most have very high interest rates, but they don't charge interest between the purchase time and the date that the statement is due (14 days from the statement date, so you get an interest-free loan for 14-45 days, depending on when in the month you make the purchase). Any reputable card lets you pay by direct debit, so the money goes out of your account on the due date each month for the previous month's spending so the interest rates are totally irrelevant because you never actually hit them. You get to keep the money in an interest-earning account (you can put one month more spending into a savings account if you have a credit card than if you don't). Most cards also have some kind of reward scheme - mine gives me 1% of all purchases back.
Credit card companies like two kinds of customers. The first are people who spend a lot and pay it back every time. They like these people because they're low risk and the company makes 2-3% of everything that they spend. The other people are ones that go into debt quickly. They like these people because they can get a judgement against them that forces them into effectively perpetual repayment. If you think you might be in the second category, then don't get a credit card.
Oh, and it's worth remembering that it isn't free for a merchant to take cash either. They have to keep tills balanced, they have to trust their checkout staff more, they have to keep tills stocked with change, they have higher insurance premiums if they have a lot of cash in the store, they have to arrange to have their takings moved securely to the bank, and so on. Cash is only cheaper for very small retailers - the point at which it's cheaper to have the majority of transactions from cards is lower than you might think.
paying with a debit card is faster than cash (mostly cos the checkout staff can't actually count).
I think you have that back to front. The reason that paying with cash is faster in the USA is that many retailers have no expectation of basic numeracy of their checkout staff and so have the tills count the money and produce the change.