Posts by Justin Clift 288 publicly visible posts • joined 1 May 2007
Unsure about VMware, as I haven't personally used it in ages. Other host platforms (eg Linux + KVM) definitely do this, as Linux provides the mirroring natively. (you just need to configure it)
Haven't yet tried this with FreeBSD, but it would be kind of surprising if it didn't work.
As a thought, instead of doing the replication below the SCST layer, how about exporting the raw LUNS from each of the storage servers to the VM host, then doing the mirroring there? That should maintain the full io / transfer rate of things, instead of being (potentially) slowed down by storage server side replication.
the sound hungry and wild gnuistas being let off the leash
Hmmm, I'd be more worried about Oracle. They have a reputation for aggressive legal shenanigans, especially towards competitors.
It sounds like Debian have been careful to not step on the license, so won't have "provided an excuse".
Canonical though... hmm.... wonder what the terms they agreed to are? Perhaps they'll have a new owner soon. ;)
Seems like p7zip isn't affected:
https://sourceforge.net/p/p7zip/discussion/383043/thread/9d0fb86b/#3220
That'll be good news for some. :)
While it's not the same as an immediate root level exploit, it's still pretty bad. Any kind of tooling which can be compromised just by opening a .zip file (or similar) still has a lot they can do from a user account.
It also sounds capable enough to be very effective when paired with a (local-only) root privilege escalation vulnerability.
It's hard to tell. There is some discussion about this on the p7zip forum:
https://sourceforge.net/p/p7zip/discussion/383043/thread/9d0fb86b/?limit=25#3933
No indication of a new release or similar though, at the time of writing this.
One of the points of having upstream review/merge is to have more people notice otherwise-obvious problems like the code here.
It's definitely not a perfect approach, but having more people review stuff instead of less is generally a good idea (as long as it doesn't lengthen the developer iteration time too much, which causes other problems).
Although they make a torrent file available:
https://cloudfront-files-1.publicintegrity.org/offshoreleaks/data-csv.zip.torrent
It's just their processed database data in CSV format, 36MB in total:
$ unzip ../offshoreleaks_data-csv.zip
Archive: ../offshoreleaks_data-csv.zip
creating: offshore_leaks_csvs/
inflating: offshore_leaks_csvs/Addresses.csv
inflating: offshore_leaks_csvs/Entities.csv
inflating: offshore_leaks_csvs/Intermediaries.csv
inflating: offshore_leaks_csvs/Officers.csv
inflating: offshore_leaks_csvs/all_edges.csv
$
Well, the Win 10 being forced down everyone's throats (my wording :>) seems to be become MS forecasters have seen the massive plummet in new-box-PC-shipments. Thus massive negative change in likely revenue in the years going forward.
So, someone realised they'd better force everyone to subscription mode to offset that... regardless of how unhappy it makes people. Kind of like a "survive" or "not survive" event.
From that perspective, the pain they're (knowingly) causing people with the Win10 forcing makes sense. That perspective also says theres' literally no way they're going to stop doing it, due to the fear of revenue shortage.
Anyway, it's definitely time to look at alternative suppliers.
From the article:
When we’re talking to the team on the video, they’re in the midst of figuring out how to use infiniband – a technology that they’re seeing for the first time today.
That's both dissapointing, and kind of weird. Infiniband is extremely common in the HPC scene, and dirt cheap on Ebay. (A minimal 2 node setup can be put together for about £60 in total). How have these students been doing HPC and not had access to the bog standard connectivity type gear?
I'm checking it out as I'm an obscure OS geek.
If you do install it in a VM, it'd be interesting to hear whether some of the more popular "known to be pretty portable" Open Source Software compiles & runs on it. (suggestion: PostgreSQL, though there are others too)
Out of curiosity, went looking for more info as there wasn't any kind of reference/follow-up link in the article.
Main ClearPath info seems to be here:
http://www.unisys.com/offerings/high-end-servers/clearpath-forward-systems/clearpath-mcp-software
There's also a free "ClearPath MCP Express" for download, which the description says:
"Students, teachers, hobbyists and ClearPath enthusiasts can use it for non-production evaluation, personal or educational purposes to explore and practice developing and testing ClearPath MCP-based applications."
Doesn't seem to be Open Source in any way though, which would have been nice. Oh well.
What is far from certain is that among those 34 there is even a single FOSS developer who has actually contributed any code anyone cares about it.
Btw - code isn't the only way to significantly contribute to a project. Other ways are just as valuable to OSS projects, sometimes even more so at strategic times. ;) eg: Writing user docs, doing solid QA/testing/reporting, project co-ordination, etc.
As for projects people are involved in, here's one I've been putting time into for a while:
https://github.com/sqlitebrowser/sqlitebrowser
As a measure of usage, it's about 150k downloads a month (and trending upwards), which isn't too bad:
https://api.github.com/repos/sqlitebrowser/sqlitebrowser/releases
systemd-free Debian fork
The download site seems to be having capacity issues at the moment. There is a .torrent file available (on the download site, oops!):
https://files.devuan.org/devuan_jessie_1.0.0-beta.torrent
A working magnet hash instead is this, if that helps: 9b0fa597ab8bdd89a57434876947dbe378a79aad
The torrent download is 10.55GB, containing:
Cool. :)
The native ethernet support for Mellanox adapters seems to "just work" (after compiling in the driver). It's been pretty much trouble free.
IPoIB mode though... not so much. Kernel panic when switching from Ethernet → Infiniband mode (post boot - still chasing this bug down), and connected mode IPoIB exhibits weird behaviour too at the moment.
I think the Infiniband mode problems are rooted in something to do with the TrueOS base (not pure FreeBSD) that FreeNAS is built upon, as the same drivers on a FreeBSD base are pretty flawless. I'll be digging into this more over the next few days to see if I can figure out WTF is causing the issues, and then get it fixed. :)
If someone's just after Ethernet support (10GbE/40GbE/etc) out of Mellanox adapters though, it seems to be already good enough. Naturally, test the living heck out of it before deploying to production, just to be safe. :D
Even FreeNAS (FreeBSD based NAS) has people playing with adding Infiniband support to it. Note, self promotion. :)
I don't see the other mentioned browser markers offering such bounties..
As a data point, Mozilla does for Firefox (and other software):
https://www.mozilla.org/en-US/security/client-bug-bounty/
Note - they have more than one bug bounty program. There's a very short overview page here, with links to the individual programs in the bottom two lines.
Not so "Unbreakable" now are you Oracle?
And, just coz: http://ded.ninja/dear_oracle/dear_oracle02.jpg
Looks like they're using a remotely exploitable version of OpenSSL:
https://github.com/edent/BMW-OpenSource/tree/master/FOSS_S1/openssl
Oops. ;)
Yeah, the new owners emailed my twice with their "SlashdotMedia - Fair processing notice", about how I can request them to remove my data/etc.
Twice I've responded to them. They've not deigned to reply to either.
So, not so hopeful the new owners are going to be doing the right things after all. :(
Personally, I've been interested in doing some FPGA stuff combined with Infinband for very fast data processing/extraction. Was thinking perhaps Spartan FPGAs could be used to make it happen. This Broadwell with FPGA built in could make it much more achievable instead, depending on its specs/capabilities of course.
debateable, but to me programmable means i can use itself to program it. the ios platform needs a real computer to write the programs. a real omission to my mind as it is powerful enough to have some level of programming built in.
Pythonista is excellent, if you're on an iPad of any variety.
There is some discussion about this on Hacker News too:
It's being reported as more like 38-40 TB in size.
Lots of papers have diagrams and other non-text based information, so it's more likely they're pdfs' and/or other formats able to do that.
47 million pdfs' could be pretty hefty in disk space. Possibly in the terabyte range. Even broken up into a collection of x sized archives (say 10GB), that would be tricky to manage effectively using torrents. Technically possible though... yes.
The new owners have terminated the DevShare program:
https://sourceforge.net/blog/sourceforge-acquisition-and-future-plans/
That's a good start.
Hoping they do this all properly, and SourceForge becomes a positive thing again.
... but only if the new owners are open to doing things differently → providing equal or greater value to their hosted projects than GitHub, and also (actually) being trustworthy for the users of their hosted projects. None of this is rocket science, it just requires the willingness to get it done and keep doing it.
While I hope good things happen... it's way too early to pick which way the new owners will take it. ;)
The Nvidia Quadro M5000M is a reasonably (overpriced) graphics card for gaming... but conversely, if you're using CAD/CAM software which requires pro level cards, then a gaming card (eg GeForce) won't generally do an adequate job.
It all revolves around the software you need to use.
Thought about this the other day... it will make for an interesting turning point when such a thing exists as legal AI which can hold the entirety of a legal system in it's working memory, understanding it, then developing strategy from that.
Such an AI would leave human based law professionals in the dust. Whoever can create/hire such AI's... will literally own the legal system in the relevant country. And once you own the legal system... interesting things can happen.
In this context, Google & IBM's efforts towards this make a lot of sense.
(side note - bet the current and ex lawyers (politicians) scramble to outlaw that when they cotton on! Unsuccessfully.)
This sounds like what you're after, for ARM servers at least: :)
There's an online archive of his account here, if that's useful.
Same thing, but with replies here.
(taken from the Hacker News post)
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
