* Posts by sbegrupt

16 publicly visible posts • joined 28 Apr 2023

Alibaba Cloud reveals network telemetry tool that helped cut number of engineers needed by 86%

sbegrupt

Did anyone say TWAMP?

And this is different from TWAMP/OWAMP https://datatracker.ietf.org/doc/html/rfc5357 how exactly?

Open source versus Microsoft: The new rebellion begins

sbegrupt

Re: If LibreOffice provided anything even approaching an alternative to 365 in functionality ...

How about collaborative editing online on your private nextcloud instance? 100% as smooth as on 365?

Microsoft unbundling Teams is to appease regulators, not give customers a better deal

sbegrupt

Re: speaking as a Linux guy

Isn't Chrome going to be supported too (not Chromium)?

German state ditches Windows, Microsoft Office for Linux and LibreOffice

sbegrupt
Meh

It seems to be a custom flavour of Ubuntu. Typically such builds are produced to bake in validated SSO/smartcard/VPN setup for the users to use out of the box.

What worries me is that offering a custom Linux build may be also used to deprive upstream projects like Ubuntu, LibreOffice, Thunderbird of support money. Which brings back the question of long-term sustainability of this endeavour. It would have been much simpler for a German public entity to get supported SLES from German Suse.

Microsoft confirms memory leak in March Windows Server security update

sbegrupt

Re: Smoking gun?

"Adequate testing" is a rush against the clock when a vendor announces that the patch contains security fixes.

Two years on, 1 in 4 apps still vulnerable to Log4Shell

sbegrupt

reload4j is the answer

The blessed fix – migrating to log4j2 – is a large undertaking. And I would recommend migration to slf4j anyway. Not to mention that you need access to the source code of your app for either of them.

However, one of the original creators of log4j1 created a drop-in replacement https://reload4j.qos.ch/. It also works if you have software that is out of support – a single JAR could be replaced.

Many people didn't know this fix or didn't trust it because they weren't aware who created reload4j.

Microsoft calls time on ancient TLS in Windows, breaking own stuff in the process

sbegrupt

I fail to see why rip and replace is needed to upgrade from TLS 1.1 to TLS 1.2.

Want to pwn a satellite? Turns out it's surprisingly easy

sbegrupt

Re: What A Load of Nonsense

Also, a lot of amateur frequency allocations forbid encryption or cubesats themselves explicitly state accessibility of telemetry to HAMs as their goal, leaving HMAC on commands as the only protection.

Google launches $99 a night Hotel Mountain View for hybrid workers

sbegrupt

Re: Possibly unpopular opinion, but...

> This doesn't sound like such a bad deal.

Except for people with families, perhaps?

Let's have a chat about Java licensing, says unsolicited Oracle email

sbegrupt

Did someone try to tell those poor sods about Eclipse Temurin?

Rocky Linux details the loopholes that will help its RHEL rebuild live on

sbegrupt

Re: making them Red Hat customers, at least briefly

The only message RH is trying to send here is that RH clones do not get RELIABLE and TIMELY support, including for security fixes (which I can see embargoing from their own customers for a few days/weeks). This is enough for any serious company to buy from RH instead of using a clone if they operate a mission-critical system on RHEL. All the code in question is released by RH under GPL, often before it makes it to RHEL, sometimes after (eg security fixes). RH needs to just delay when the code is made available under GPL, not to actually prevent it from being shared.

Rocky Linux claims to have found 'path forward' from CentOS source purge

sbegrupt

Re: A bit of advance warning wouldn't have gone amiss

I think this is part of the plan: not only to hinder the rebuilds, but also to signal to all users that the reliance on rebuilds is not stable by any means. And the announcement does not affect the stability of paid RH products in any way.

Five billion phones are dead in drawers – carriers want to mine them

sbegrupt

Re: Data

Well, if you know which chips store the data, you can just desolder them with a hot air gun first and return a phone will all chips except for the flash storage chips. An example guide: https://www.ifixit.com/Guide/Unlock+NAND+Data+for+NAND+Repair+-+Fix+iPhone+X+Stuck+in+Recovery+Mode/145293

Dropbox drops 16% of staff, points finger at hard-up customers and AI

sbegrupt

Perhaps, it's just that all poor souls using Dropbox on macOS had almost a whole year to suffer, contemplate life, and cancel their Dropbox subscription while Dropbox HQ was leisurely contemplating whether to implement the new Apple File Provider API well?