BSides LV Video is now online
Didn't see a link to the video itself in the article, but it seems to be online now:
272 posts • joined 1 May 2007
> platform CSV exporter
Errr.... which platform? Almost every CSV exporter is custom build.
Also note, "the CSV RFC" is not as clear cut as you're making it out to be.
It was only an attempt to draw a sand in the line as there were so many incompatible implementations already floating around.
That RFC does cover most of the common stuff, but doesn't cover a few key areas (null values? binary encoding? unicode bom? field names?).
There have been some follow up concept docs started since, but nothing has become a new & improved RFC yet either.
> I've never been disappointed by CentOS ...
No KDE in RHEL7, so unless there's a solid 3rd party repo created for it, CentOS7 is the last version of CentOS I'll be running as a desktop. :(
Interestingly, OpenSUSE Leap looks like it might do the job as a replacement adequately instead.
> In this case, unless you DID check beforehand, the error was on YOUR side for taking the word of a front desk "sales girl" about the bonus before putting in the effort.
Oh, they had leaflets to the same effect for her to put up. Wasn't just her imagination. ;)
> I'm not trying to advocate a monopoly, but the market data does not look good for Mellanox in spite it being the superior product.
Mellanox had a very large headway - nearly a decade - to make Infiniband popular.
Unfortunately, they did their level best to kill all possible grass roots uptake by ensuring SysAdmin's, Hobbiests, etc couldn't use the gear unless it came directly from them.
Mellanox (on purpose) drop driver support for any cards that are not current models for sale, and remove their older drivers.
So, the large supply of super cheap Mellanox cards cards on Ebay (for years)... were useless for the majority of people.
It's a good thing FreeBSD and Linux included working drivers in the OS distribution, as if it was up to Mellanox they'd have stopped that too.
Ask a question on their "Community" forums about a non-current model, and you're told it's an old card, ending the "conversation".
End result... most SysAdmin's & System Architects haven't ever played with Infiniband, so when the time comes to include or recommend network gear for new projects, guess what's never included as it's "exotic"? The only place it then gets a look in, is for things where "exotic" is ok.
A decade of consistently doing this, and it's literally no wonder Infiniband never "caught on" despite being the better tech. Friggin Morons for their "Sales and Marketing" leadership. "Short term thinking" played out for a decade.
> And then there are all the more aggressive options. Yes, there is miniscule and mitigatable probability of property damage where the bullet might land - what is that damage likely to be vs. economic damage caused?
Not seeing a need to use bullets?
If the problem drone can be seen clearly enough to shoot it, then why don't the authorities just grab some drones themselves (from any kids store!) and ram those into the thing?
Sure, kids store drones are unlikely to be strong. But several (say 10) of the things should do the trick.
If they can't find someone with the required piloting skills... ask some kids. Pretty sure they'll be up for it. :)
> JFrog anticipates rapid growth of the library as the community takes advantage of the freebie service, reckoning the repository will soon be home to thousands of modules, including packages for tech such as Kubernetes.
So, their "modules" are going to be precompiled bits of Go code? Which developers should trust, instead of just compiling the same code themselves. Which Go would compile very quickly anyway.
Frankly, really not seeing the point. It sounds like JFrog are trying to insert themselves into the Go ecosystem, but haven't really figured out where they could do so usefully.
> Go lacks a central, public repository for modules.
No, it really doesn't.
The default central, public repository for modules is GitHub. Developers are free to place their code in other places too, but GitHub is the generally accepted source. Also happens to be version controlled.
> Without an immutable source for code, developers have to repackage their modules
Huh? Is someone getting mixed up with Python?
> ... and, rightly, eye modules pulled off the 'net with suspicion since the code could easily change without warning.
How is having your code in JFrog going to be more trustworthy than (the same code) from GitHub?
> ... but some residual value in a Mac, and resale will mean disk wiping, and refurbishment, ...
It'll be interesting to see if the "glued in" approach to disks means the whole Mac mac will need shredding for data security.
If the storage really can't be practically replaced, anyone using Mac's in (at least) reasonably secure environments isn't going to find much resale value in them.
> ... recently noted that HiFive RISC-V chips have proprietary pieces.
SiFive (the maker of the HiFive) apparently got the message, and is putting in the extra effort in to open up the rest.
Not sure if that's actually happened yet or not.
Hopefully it has, or does soon. :)
While some of the frothing-at-the-mouth OSS advocates ;) will blindly dismiss this as bad, it's an attempt to solve a real problem.
Sure, it may go poorly. But also it may work, or provide useful information to Redis to determine a real working solution.
Let's give them some time to see how it goes in the real world. If they turn out to be idiots about it, we can grill them later. ;)
> As a trivial example, I have developed Java applications on x86 then run them on ARM (on a Raspberry Pi). I have also written Qt C/C++ applications on x86 and recompiled them for ARM.
Go (the language) will have ARMv8 support in the next release (1.11). Been testing it already in production deployment with the recent betas, and it works well.
> But I would recommend buying the kit to learn about how it works...
Yeah. I bought a FlashForge Creator Pro. 2015 model from memory. When it started acting up, I had no clue at all how to fix it.
Went and bought a Shapeoko 3 (CNC) instead, and made sure it was a kit so I learned how the bits all went together. As you mention, now I can build and upgrade stuff reasonably effectively. :)
> "We don't need a £2000 key ring. And you don't play chess!"
That sounds familiar. :)
I tried out the 3D printing thing, but wasn't impressed by the end result. Have since gotten into doing CNC stuff instead. Today's task was to make full height brackets for some cheapo 10GbE Mellanox cards picked up on Ebay.
Turned out pretty well I reckon. Much more rugged than the 3D printed bracket version. :)
Photo's here, in case it's interesting.
> So you need something with the speed of a computer and the subjectivity of a human ...
Needs wisdom too, and someone to keep an eye on it's developing nature. Something like you suggest that - for example - starts leaning towards various forms of intolerance / racism / badness-in-general could go pear shaped very quickly.
> the SF that was embedding extra stuff - can't remember what, ...
They were bundling malware with the Windows downloads of popular Open Source projects, and giving the developers a cut of the profits.
FileZilla comes to mind, their forums have many archived/closed threads from people negatively affected (eg spyware installed on the PCs) but the Filezilla admin just stuck their fingers in their ears and went "la la la".
Disgusting behaviour all around.
> Dammit, I still have i7-920's in use. Fortunately, not on the public interwebs though. And now I'd better make sure they never are.
Fuck. Just checked, and my main gaming rig is on the list too. It's an Intel Core2 Extreme X9650. It does absolutely fine for the stuff I use, and there's no damn way it's "too slow", etc.
Intel, you'd better think again. You screw this up, it's on you to fix it.
> BUT they have already chosen a processor board they would like to use (an A20-OLinuXino-LIME2). ...
Sure. They've definitely jumped onto the bits they feel comfortable with, and obviously have not much clue with the rest.
However, it does sound like they'd be open to constructive pointers telling them they pieces they need to clue up on. You obviously have depth in areas they lack but need.
As an idea, maybe point out the electrical bits they need in order to not completely burn their own houses down ;), and see if they manage to get something useful for people happening after all.
Their skills are stronger in software, so they might turn out to have a decent software side to things anyway. :)
> And, as an avid PC gamer, I've yet to see a single game demanding over 16GB+ RAM.
Highest RAM requirements I've seen to date is for Star Citizen:
Windows 7 (64bit) with Service Pack 1, Windows 8 (64bit), Windows 10 - Anniversary Update (64bit)
* DirectX 11 Graphics Card with 2GB RAM (4GB strongly recommended)
* Quad Core CPU
* 16GB+ RAM
* SSD strongly recommended
Haven't tried it out, so no idea personally what the performance is like with various hardware configs (eg <16GB, 16GB, 32GB, etc).
> > Nothing you can't setup on your own with free tools, if you don't want to pay, and get better ones with far more control.
> Some links would be helpful.
Gitea is a good start. Decent UI, and very lightweight on resources. eg can be run effectively on Raspberry Pi style hardware, though for real business use you'd want it on something proper. :)
GitLab has more features than Gitea, though it's user interface fairly sucks and it's a resource pig (written in Ruby). It can also grow into a PITA to admin over time if your needs aren't basic.
Pick whichever takes your fancy, or do some searching online for others. The above two aren't the only ones. :)
Wow. I'd forgotten about Reach for the Stars. Used to play it years ago:
> ... and didn't realise plaster of paris heats as it sets.
Hmmm, isn't Plaster of Paris used (with gauze) to make plaster casts? eg for broken limbs and similar
Asking because I've personally cast body parts (using commercial prepared plaster gauze), and the "heating" isn't anything like bad enough to worry about. Were they doing something really strange?
> You just need the firewall, and I don't recall firewalls going away with IPv6, not even on home routers, unless you can prove otherwise.
It would be great if it was that simple. :)
Home routers are often used by people with no real knowledge of computers/IT. They have no understanding of TCP, let alone what the heck a "port" is. So getting them to (correctly) configure a firewall for their new something-they-just-plugged-into-the-network isn't really practical.
Some home routers have a GUI which lets people select a protocol (eg HTTPS) for a device, and can build a basic firewall based on that. That definitely helps. But it's not a real solution to the problem, as many devices use non-standard ports, and the end user won't have a clue what to do.
NAT in the IPv4 world was a "good enough" solution to that problem. Not because it expanded the address space, but instead because it (incidentally) hid users end devices from external things being able to reach them. That seems to be what Bombastic Bob is talking about.
> Oh really? Such as what ...
The v4 CC licences are definitely for data (earlier ones less so), several governments have their own licences (UK, Taiwan, others).
There's a fairly well established forum specifically for discussing such matters, which the Linux Foundation doesn't seem to have engaged prior to this announcement.
The discussion of their announcement, on that forum: https://discuss.okfn.org/t/cdla-permissive-and-sharing-licenses/6095
Licence Proliferation was a growing problem with OSS Communities for a few years, until people got sick of it. With effort then taken to focus on a few main ones (~GPLs, ~MIT/BSDs).
Wonder if this is a sign of similar problem happening for the Open Data world? There are a fair number of licences for "Open Data" available already. This new set doesn't really seem to add anything novel though. :(
The CDLA website (only has four pages so far) doesn't yet have contact info for engaging the working group creating these licences. Hopefully that gets fixed, as being Open to discussion is kind of important for Open licences. :D
We (sqlitebrowser.org) received the same email from Rackspace announcing about the program being ended, and thus needing to find a new home by the end of the year.
Haven't received any kind of follow up email saying anything different though. Sounds like we'll need to ask.
The way the OSS program has worked is that Rackspace would allow up to US $2k of spend on their services (per month) and not charge for it. Anything over $2k they charge for.
The term "Keep their credits" mentioned in the article is a bit confusing. Hopefully it's just a badly worded way of saying we don't need to change providers after all. :)
> Holding 32bit and 64bit libraries in memory here is likely not possible if the OS is to have any semblance of responsiveness.
Really, don't agree with this. These devices are working fine with both 32 and 64 bit apps in iOS 10. Magically iOS 11 suddenly can't fit them? Not even for running in some special legacy mode to keep their users with "legacy 32-bit apps" happy?
If iOS 11 has blown out in size to no longer fit in the hardware's memory, that's a good sign that unneeded bloat has been introduced, or people aren't prioritising optimisation enough. Either way, dropping support for 32-bit apps isn't good enough. They need to figure out a solution and fix it, instead of abandoning their users like this.
> I’m pretty pissed off that I can’t run Civilization anymore - but I don’t hold Apple to blame for this.
I absolutely do. Our industry in general considers backwards compatibility extremely important. That's why Windows (ugh) supports binaries created from much earlier versions, as does OSX itself unlike this new iOS. It's a pretty solid rule of thumb that things which guarantee backwards compatibility have more success than things that don't. Assuming no other monumental fk-ups of course. :)
This is 100% apple's choice to drop backwards compatibility, in full knowledge it would have a bad effect of some sort on part of their userbase. They seem to have forgotten the goal of people is to use their phone as a tool (eg apps and things it can do), rather than the goal being to run the latest version of iOS. That they're thinking has gone so far down this incorrect track to actually affect users like this... is an extremely bad sign. If they don't continue releasing security updates for 10.3.x series iOS, they've effectively turned many devices into paperweights (including my iPad Pro) as lots of people have 32-bit apps that cannot be upgraded as there's no 64-bit version available.
Personally, I feel most sorry for the ~1 million users of apps like Safe Note:
That's a password storage app (seems poorly done tbh) which was popular for several years... and the developer has gone bust. No 64-bit version forthcoming, so people (many not super computer literate) that updated have lost multiple years of their passwords. Ouch.
I know about the above one as they're using a DB GUI I help out on for recovering their data. There's likely many more similar stories to the above.
Someone has created a bug report on the Mozilla issue tracker, asking for this to be stopped.
Please log in (can be done using a GitHub account if you're feeling lazy :> ), and vote (under "Details") for this.
The ONLY way to be sure malware and the subsequent backdoor are removed it to rebuild the machine from scratch.
That did used to be the case. Unfortunately, these days malware which can persist in the "Mgmt Engine" and/or other attached peripherals seems like it's starting to be a thing.
For reference, if that kind of thing is of interest:
Biting the hand that feeds IT © 1998–2022