Is this study actually telling us anything about the sounds, or just about response to novel sounds vs. overwhelmingly habituated ones?

I donâ(TM)t doubt that novel musical tones got better response that that-spurious-out-of-range-alarm-thatâ(TM)s-never-worth-checking; but would that remain the case if you started hammering people with spurious musical alarms?

This guy can do whatever he wants, of course, he doesn't work for them anymore and the license allows forking; but it seems like a bizarrely small dispute to take such action over(unless it's just the proximate cause and there were longer-running togetherness problems).

Both parties agreed that there was a bug; corporate said that the affected code was in use by some customers and wanted to issue a CVE; devs apparently wanted to treat it as a just-a-bug-that-has-security-implications-but-doesn't-need-a-CVE-for-reasons; and that is the corpo oppression that shows that nginx is no longer in the public interest?

I could see if it were the other way around, and F5 was demanding silence and secrecy in order to downplay their vulnerability numbers; but how could warning whoever is using the experimental feature that they'd better take mitigation steps until it is fixed be a problem? If it's really that experimental almost nobody will care, and a few people will be helped. Is there something I'm missing?

It's not a huge surprise that the general response to Altman's scheme would be that it's grandiose puffery(even aside from his "I will create the machine god, but in a responsible way" vibes; leaving a price estimate of 5-7 trillion creates the impression that you've not really nailed the details down if the window of uncertainty is quite large relative to both the low and high values; and stupefying large in absolute terms); it seems a bit more interesting that Nvidia would be publicly pushing for a markedly smaller figure when they are one of the ones who would seem to stand to benefit.

Disagreement between Altman and Huang over whether 'AI' is the emerging superintelligence or just a tool for churning out 'content' real fast, with correspondingly different estimates for how much people will actually want to spend on it? Nvidia perturbed because they think that Altman's plan involves trying to expand fab capacity enough to making taking his pick of second-tier fabless designers, rather than paying Nvidia a premium, the preferred strategy? Fundamentally greater optimism on Nvidia's side; with assumptions that improved efficiency will actually deliver as much 'AI' as the market wants for $2 trillion or so without huge shakeups in the supply chain; while Altman thinks that only maximum brute force will deliver what the problem requires?

Basically all the hypervisors support PCIe passthrough(except the 'desktop' ones, neither vmware workstation nor win10/11 hyper-v do); though there's a risk of...complications...because doing that relies on the platform's IOMMU and PCIe ACS support to both exist and not just be a buggy stub that's enough to tick some checkboxes.

Had to do some of that a little while back; and found that getting anyone to confirm the presence or absence of PCIe ACS was like pulling teeth; and that there were PCIe peripherals that outright weren't passthrough capable, ones that were; and the fun ones that claimed to be and brought the system down hard if you believed their lies and actually tried it.

Part of it is.

Digital signature support is pretty widespread across productivity software. Where the fun begins is managing the signing keys.

Docusign isn't really selling the signature feature(indeed, to be worth using, they pretty much have to use the standardized options mentioned in the various standards that give e-signatures legal force); they're selling abstracting the key management away from you; and the service of offering a 'free' barebones setup that the people you send forms to can use to sign them regardless of whether or not they are set up properly in terms of software, signing keys, etc. That's why accounts that can send stuff out for signature are $$(with stuff that has full workflow integration for hooking into ERP systems and stuff being $$$); but it's free to create a basic login if someone sends you something requesting a signature.

It's hard to hold out too much hope for them, or at least their margins, longterm; since the signatures are standardized, productivity software vendors already support them, and (aside from people who are looking to offer basically the same thing as Docusign, like Adobe's offering they push with Acrobat) the people trying to set themselves up as big players in authentication(eg. facebook and google serving as logins for a variety of 3rd party websites; Apple having IDs tied very closely to their users on all Apple devices; MS' AAD-related stuff on the corporate side and MS accounts on the consumer side); would find it relatively simple; were they interested; to generate a signing key tied to their accounts and offer that as another feature.

"Which is not to say there isn't a gradient of "fake"; obviously some are more manipulated ( or fabricated ) than others. Doesn't change the underlying point, however."

That's arguably why it deserves to be classified as 'malarkey'. He's responding to accusations that his just-hallucinate-in-details-the-optics-can't-gather system is faking by making the (true) statement that all photos are fake in order to change the subject from whether all photos are fake in the same way and to the same degree(which is obviously untrue; and presumably why he doesn't really want to mount a defense there).

A lot of the best deception is achieved when you can avoid telling outright lies, with the accompanying risk of being called on them, and focus on misleading truths instead.

Arguably it depends on whether you are expecting sudo to act as a rigid security barrier that you can use to create accounts if intermediate privilege; or whether you are treating it mostly as a tool for people you'd give root to reduce the amount of stuff they actually run as root.

It's pretty tricky to use it as a security barrier, even when it works perfectly, because so many of the tools that you'd potentially want to use sudo to grant access to are not really designed to restrict the user: once you have a package manager running as root you can use it to do basically anything by installing a package that imposes the changes you want; all kinds of utilities can just pop a shell or be used to edit files; etc. Even if sudo itself is free of holes; you'd really need a whole set of deliberately constrained utilities in order to prevent it from being used for privilege escalation. At that point it probably makes more sense to rethink the security model from the other direction; and focus on reducing the number of operations that are root-only in favor of ones that can be delegated to groups.

Where it's much more useful is allowing someone who is basically trusted as root to not just log in as root and run giant chunks of software that don't need(and probably shouldn't be trusted with) high privileges with high privileges just because they logged in as root and so everything they do is running as root.

That's what amazes me.

Maybe I'm just old; but "Signature Authority List" is supposed to mean what it says(possibly blue pen if you really are old; cryptographic if you aren't); it doesn't mean "verbal authorization in a video chat that may or may not even be being recorded somewhere with retention policies set".

I'd be more sympathetic if this were one of the low-value ones where someone impersonates the CEO and tells a random executive assistant or other fairly low-on-the-food-chain employee to make a relatively petty cash transfer to the scammers: you have to feel bad for the person who doesn't want to hassle the big boss, even if they have doubts; but someone with approval authority in the multiple millions is someone whose job description(implicitly or explicitly) is to be slightly prickly about actually approving things.

I'm curious whether the backend for hosting this is disproportionately complex(either following a design from when 19GB of data was still something of some note; or perhaps quite literally a configuration that has been brought forward for a couple of decades with only minimal changes, I'd assume that it's not still running on literally the same FTP servers it started on); whether it was someone's passion project and they are retiring/died; or whether the bean counters are looking so carefully and squeezing so tight that university IT isn't being allowed to throw a pittance at preserving a piece of history that they can't cross charge to another cost center.

Coming from working on much more recent systems it's a little hard to wrap my head around; we have Legal browbeating people and having us enforce retention policies specifically to keep vastly larger amounts of data from just being inadvertently retained because it's actively a hassle to go through and weed things out; and while storing it doesn't cost nothing it often compares favorably to the cost of determining who can give the OK to delete it and hassling them.

I can only assume that, given its age, this system has a lot more infrastructure complexity(possibly understood best by people who are leaving or gone) per GB; so it's not really about the disk space, or the brutal bandwidth load imposed by the tiny OS/2 enthusiast community; but about a comparatively fiddly backend.

Either that or someone in bean counting is being astonishingly petty.

Aside from the potential effect on upgrades of "the lost decade"(or decades, sources differ) that started in the early 90s; it actually seems like a reasonably common pattern: technology buildouts that are impressive and functional for their time have a habit of becoming entrenched and(through some combination of relative adequacy vs. rev.1 of the new stuff and incumbents with investments they don't want to write off) remaining stickier longer than one would like.

We certainly saw a similar thing in the US with, say, wireline telco: you may not have loved the monopoly prices; but aggressive coverage levels were a national policy, reliability was high, and Bell Labs was doing all sorts of neat stuff. That all proved to be...unhelpful...when it came to cellular adoption at either reasonable prices or with reasonable handset features: stateside a Blackberry was the future; everyone else was dealing with carrier-locked BREW garbage and paying per-SMS(and paying more for WAP, except that that sucked so much that most people couldn't be bothered); while over in Europe pay-per-SMS was much less of a thing; and Symbian-type arguably-smartphones were reasonably common; and Japan had i-mode and all the handsets built around its still-a-weird-proprietary-mess-but-way-the-hell-better-than-WAP capabilities.

Of course, that ended up being the same phenomenon again, in its turn: US carrier-based services(SMS, MMS, WAP, etc.) were expensive or hot garbage or both; which made the US market ripe for rapid adoption of 'contemporary' style smartphones that do support cellular standards; but are fundamentally oriented around doing as much as possible over TCP/IP with the carrier just acting as a pipe; because only Blackberries were even remotely non-garbage as more telco-oriented 'smart' phones. In Europe and Japan the old style didn't last forever; but the relative quality and sophistication of pre-"It's all just TCP/IP on a small computer; right?" style designs actually gave the iphones and androids a run for their money. In some cases (like ability to do contactless payments in certain subway systems and things from your phone) the new gear remained a regression in certain respects for years afterwards.

There is the additional complication of whether 'cloud' just means "VPS" or whether you are hitting the more abstracted tools that most of the cloud guys offer.

They'll all certainly sell you very classical VMs, just with more room to scale them up or down or bring more online than you probably have at home; but you are starting to look at architectural changes if you wander into the "managed instance" or "serverless" offerings(Cosmos or Aurora DB; AWS Lambada or Azure Functions; S3 buckets; etc.)

Obviously those are still someone else's computer under the hood; "serverless" just means that it's hidden and you can't touch it; not that it's truly absent; but if you start hitting those sorts of services you are making changes that mean that "your datacenter vs. their datacenter" only remains true at a fairly high level: if you wanted to move back you'd either have to change back how you are doing some things; or go with something like Openstack that is dedicated to making your computers present AWS-style abstractions.

For too long Goodhart's Law has oppressed those who seek to reward some certain measurable behavior by inspiring the measured to game whatever the target is.

Now, with Watson just-screw-the-employees technology IBM has demonstrated a bold path forward: just make it real clear that whatever measure you are treating as a target might actually result in no rewards whatsoever; so it's not worth gaming!

I, for one, am delighted that the least-patched general purpose computer in the house is getting a tighter interface between its most complex web-facing interpreter of untrusted and untrustworthy inputs and its biggest and most complex driver. Nothing could possibly go wrong here.

They generally seem to be better behaved than the software that runs on them; but computers absolutely aren't reliable(especially the ones that skip things like ECC and storage medium redundancy). What's even worse is that(unlike software, which at least in principle can be correct, even if it's generally uneconomic to write it at the level of formal verification and people don't bother) hardware fails unpredictably. Some particularly bad designs or defective components can make certain failures so overwhelmingly likely as to be good guesses(as during the capacitor plague era; or with certain laptops that are known to stress their internal display cables at the hinge); but sooner or later physical degradation catches up with them all in one way or another.

There will probably be Itanium users for a while; but only the ones who have some legacy workload that absolutely cannot be touched for some reason or another.

Some of those people will probably be willing to pay for careful security backports; some will just firewall it and roll the dice; but neither are really of any interest to the mainline kernel.

Worse, there's no incentive whatsoever to use it outside of that handful of legacy cases: it was produced in fairly modest quantities; and the last significant improvement in the architecture was with Poulson chips in late 2012(Kittson came in mid 2017 but was on the same process side and included no architectural improvements; the project was on life support at that point); and even at release Itanium was having a pretty good day when it traded blows with Xeons; so we're talking something between a Sandy Bridge Xeon on a bad day and maybe a Haswell one with a following wind; except really obscure. Also no afterlife as an embedded instruction set or other niche application; it was only ever one product line.