Author Archives: pappp

Article note: Ehhh, They're hammering the "Programmable/Stored Program" requirement real hard. There were lots of useful devices for performing calculations, switching signals, data acquisition, and control prior to full-bore computers (arithmetic aids, telephone switches, etc.), and many of them were necessary preconditions for the stored-program computer. There were also very clearly people who understood the potential of computing machines before they were realizable, which were necessary to their development. I do agree that Babbage and Lovelace get over-emphasized because they are _compelling characters_ rather than because of their centrality. (And I have a pet peeve that the important thing from Lovelace is that she was the first person to write down that you could use a computing machine for something-not-arithmetic, the claims about programming are more disputable and less interesting.

Article note: In everything. The incentive structures around research and research careers virtually guarantee a degree of successful fraud-or-fraud-adjacent behavior, which has been steadily growing to dominate as it tends to be locally incentivized. This study found 19% of medical publications on chronic stress in rats tripped a trivial, long-established standard for likely manipulation looking only at images in the paper. They also found that papers with the features were neither penalized nor localized... and that the garbage level is high enough to change the results of systematic reviews. (Also, I find the method of looking for duplicated/tampered images interesting - magnified insets are pretty standard in image processing research and would show up as suspicious. The benign reasons doing so is common is largely that we still pretend meaningful publications have to be printed on 8.5x11 offset printing, so any image you want to intelligible _has_ to be tampered... once again, let's burn the publishers to the ground and start over on that front.)

Article note: Ever wilder: it now appears the call interception is setting up an RCE for the holder of a specific private key, because login attempts with a specific RSA key would result in the next part of the packet being executed by the sshd process via system(). That's _real_ bad nation-state actor type shit.

Article note: I have a _very_ "all of this has happened before and all of this will happen again" attitude about VCS and especially VCS hosting. Don't get attached, the tools are all awful and the hosts are perfectly situated middlemen to abusively enshittify (like Sourceforge eventually did with bundled crapware).

Article note: This shit is subtle and scary. Supply chain attack on xz's liblzma (compression tool + library) which is linked by libsystemd, which is linked by openssh, putting it in the same namespace so it can intercept some function calls from openssh to open a backdoor. Injected into the release tarball (not in git), activated by the build scripts (such that it will typically only exhibit if a deb or rpm is the target), with various obfuscations to make it evade common instrumentation. By a moderately prolific and established contributor to a number of high-profile projects. Discovered because it caused a noticeable performance regression because of Debian's build time tweaks.

Article note: Because our whole culture had to grapple with discovering that present-ism not just useless but harmful? Because we've discovered that the highly gamified, bureaucratized, one-size-fits-all education model we've converged on doesn't appear to be be working? Not coming to school (or work) sick is a _good_ thing. We should be trying to find avenues for students not served by the sit-quietly-and-be-academic model; we've just demonstrated that a small-but-substantial subset of students are _much_ better served by more individual and self-paced education model than sitting in class (and a larger set cannot handle that environment and _do_ need more structure), and long known (and apparently partially forgotten in the quest for faux equality) that by the time you hit secondary ed many students would be better served by at least partially hands on/vocational programs or the like than acting like we're preparing the lower quartile to drop out of college with a bunch of debt after two semesters.

Article note: I've had "Play with Proxmox and XCP-ng on some spare boxes" on my list forever, one of these days I'll get the time.

Enlarge (credit: Proxmox)

Broadcom has made sweeping changes to VMware's business since acquiring the company in November 2023, killing off the perpetually licensed versions of VMware's software and instituting large-scale layoffs. Broadcom executives have acknowledged the "unease" that all of these changes have created among VMware's customers and partners but so far haven't been interested in backtracking.

Among the casualties of the acquisition is the free version of VMware's vSphere Hypervisor, also known as ESXi. ESXi is "bare-metal hypervisor" software, meaning that it allows users to run multiple operating systems on a single piece of hardware while still allowing those operating systems direct access to disks, GPUs, and other system resources.

One alternative to ESXi for home users and small organizations is Proxmox Virtual Environment, a Debian-based Linux operating system that provides broadly similar functionality and has the benefit of still being an actively developed product. To help jilted ESXi users, the Proxmox team has just added a new "integrated import wizard" to Proxmox that supports importing of ESXi VMs, easing the pain of migrating between platforms.

Article note: Because the web is fucking intolerable without.

Article note: That's a wild little passion project. The ST isn't Atari ST, it's the author's initials. They've built their own substantially enhanced MS-DOS-like with a bunch of POSIX-isms and TCP/IP, and a multitasking graphical shell for it, and ...