Re: Not knowing who or what KH is
Umma Hopkins. Unless there is part of her back story I've missed...
4344 publicly visible posts • joined 21 Jul 2009
Surely, as IT pros, our first tweet from beyond the grave should be something like:
"Finally got the routing right! w00t! You have no idea how tricky IP over Angel Radio is, makes IPv6 seem like childs play!"
or perhaps
"You thought BT was bad? Took me !!6 MONTHS!! to get ADSL in Hell! And it's run by Verizon :("
I find amusing that no one here is asking why systemd-resolved was introduced, or what problem was it intended to solve, read this post:
To paraphrase for anyone not wanting to read it: "DNS is probably too complex for you to manage, so we're adding an extra caching resolver to every machine, which simplifies certain desktop configurations".
If I'm going to be treated like a child, I expect milk and cookies at 3pm, and then a nap.
HOWEVER, this is just a bug, people. All code has bugs.
Right, all code has bugs. However this bug is a direct consequence of putting kitchen sink + all in to init. This is the bug that most everyone who has written software and looked at systemd thought it would eventually, inevitably, get.
Is it wrong when someone is hoisted by their own petard, that we point out the crater of the explosion?
When it comes to SW the trick is to make sure that you're not exposed to the risk of bugs unnecessarily. Design your SW so as to limit the impact of the inevitable bugs.
It's unclear whether you think that the language should have protected the developer from risks, or that the software should have been composed of more coherent, smaller, and less tightly coupled components.
That's not even taking in to account the ridiculously slow speed of windows update downloads. I installed Windows 7 for a friend the other day, it took over 3 hours to format, install OS and install updates - a good hour of that was downloading 600MB of updates, and that's with gigabit fibre internet.
I suppose you don't get what you pay for...
Cloud is nice.
It allows you to not deal with most of the plumbing
In my experience, you still have to deal with the plumbing, except now you have bits which have metric connectors AND bits which have imperial connectors, and you have to hook it up to something that Heath Robinson* rejected for using pre-industrial age fittings.
* Rube Goldberg for those of a left-pondian
I'd be surprised if overall battery consumption actually went down with compression.
Be surprised then. For starters, guess what? It's already using compression, just gzip compression - 15-40% is how much better brotli is compared to gzip at compressing.
Less radio usage results in less battery consumption, and these are very simple decompression algorithms. Radio on for 5 seconds vs radio on for 1 second and 0.1 second to decompress, which do you think is better for the battery?
Brotli in particular is designed to be at least as fast as gzip in decompression, as good at compressing as bzip2, but at the expense of not overly caring how slow compression is.
"Why can't you just give the permissions you need to the relevant user? "
Because you should always run with the least possible permissions required to do the operation you're carrying out, not the maximum you may need across all operations you might perform.
And because "giving the permissions you need to the relevant user" is exactly what sudo does. How else would you suggest doing it?
I think you are arguing against yourself here - running with the least possible permissions is the opposite of what sudo does. Say you want to run a program to write a CD, and your user does not have access to the CD device. You could run the program with sudo, in which case it can access the DVD device, but also everything else.
Alternatively, you could create a group for CD access, change the group on the device and make it group writable, and add your user to the group. You can then run the program without sudo, and the only thing you can access is the CD device.
Any terrorist with even a modicum of competence
Well thats the thing isn't it. Read the trials of the people caught preparing an attack; these are not competent people. I remember one trial where they were using an single letter substitution cipher for "encryption"! Look at the aftermath of the ones they didn't catch; competent people.
Counter terrorism relies on that most people who are disposed to terrorism are not usually particularly sound. The rest is just security theatre.
Encryption backdoors won't stop competent terrorists, just the incompetent ones, and we're already stopping them.
That's different, purchasing from Amazon US when you are in the UK is not the same as purchasing from Amazon EU when you are in the EU
Why? There are no laws stopping Amazon US selling to EU customers, just like there are no laws stopping Amazon UK selling to EU customers. Amazon decide that they do not want to deal with EU customers on their US site; they might equally decide that they do not want to deal with NL customers on their UK site. They don't even have to be consistent about it!
It's not that hard, a 1 metre dish works fine in the south of France.
When its not raining, or the wind blows, then yes, you can pick up the UK beam in the closest neighbouring country to us. Shocker. Try in the south of Spain, or Croatia, or Greece. It's as geofenced as is possible with the technology available.
If they were really worried about viewing outside of the licensed regions they would shut down the broadcast of their transmissions via satellite.
As would Sky.
Sky and BBC already do, they transmit from Astra 28.2 2{E,F,G} using a narrow UK targeted beam precisely to achieve this. Every channel broadcast on Freeview is broadcast using the UK beam, which makes it much harder to pick up in Europe now - you need a big dish, and no bad weather.
Not to defend Amazon or that, but they dont sell below cost which is really the case here. Amazon can sell cheaper because they dont have store fronts and everything is in one giant warehouse
Amazon sell all of their hardware and some ebooks below cost. Mainly popular ebooks, so that you choose a Kindle over another e-reader.
I'm totally fine with taking Uber rides at the moment. Their VC backers are subsidizing my fare, excellent. When they stop doing that, I'll go back to taking the night bus.
Why not a 40 year old with over 20 years of driving experience? Presumably because the latter is a much better driver
Supposition much? How old do you think those wankers tailgating in BMWs are?
The biggest benefit to fully automated road transportation would be the higher throughput that would be achievable on the roads. This will be particularly noticeable in traffic jams or road works, where a lot of the slow down is due to driver uncertainty of what to do.
My first uni (Warwick 98), in order to get access to your email, first you rebooted the Windows PC in the lab to a DOS terminal emulator, which then allowed you to log in to one of the servers and run pine.
This wasn't just CompSci students - everyone had to get email like this. Very weird seeing all these 'regular' people tapping away in consoles, and suddenly being slightly in demand as the guy who can get your email back working again by typing "pine" in the shell after they quit accidentally.
If only people today would reward me for fixing IT issues with alcohol and vague promises of sexual encounters. Actually, considering the people I work with now, I'd be OK with just the alcohol.
Every morning I go to check the status of my reviews in Fisheye, and forget that before reloading the page I need to view, I have to open the Fisheye homepage so that it logs me in.
Unsurprisingly, they have an SSO system for logging in to their different sites, but for some reason Fisheye doesn't track what resource you were trying to access and just dumps you on the frontpage.
I have to fix bugs like that on my system, but apparently they don't...
JIRA is good, but some of the other stuff is very meh. I guess it is a rush to ensure that they can tick all the checkboxes as a suite, and that the shittier offerings will improve over time.
Even without a specific suicide law prohibiting it, this would fall squarely under Reckless Endangerment/Culpable Negligence: "conduct that is wrong and reckless or wanton, likely to produce death or grievous bodily harm to another person"
Like what? If we're running an remotely accessible service on a VM, its because something remote needs to access it. Remote as in "another device on this network", not as in "any internet accessible device".
Eg, on our web worker VMs there is just one remotely accessible service, sshd. On our DB servers, sshd and mysqld/postgres. Externally, the only ways to interact with our web cluster is via HTTP, first via Akamai and ELB, then to a trivial interface server, which turns requests in to messages that are then received by the web workers, processed in to responses and returned to the interface server, which returns them to the web client.
A malicious user could (theoretically) attack ELB or our interface server, but if they can cause a programming error in *our* code, it is extremely difficult to turn that in to an exploitable error, as there is no return channel connected to the malicious user.
With our EC2 routing rules, (almost) all our cloud servers aren't addressable from the internet, they get an internal private address and we have a VPN connecting in to them. Anything that the public need to get out is provided by ELB (Elastic Load Balancer) talking to our internal cloud servers.
I don't really get why anyone would do it differently than this.
AAh, econet :)
Was fun the year we found that
a) you logged your device in to the network
b) your network ID was how that was identified
c) you could POKE a new network ID on to your machine
d) nothing checked or verified the new address as long as no conflicts
So, the game went like this. Person A goes to sysadmin to "check their quota". He logs in to his operator account. Person B distracts sysadmin. Person C checks network addresses, switches his network address to the operator, and grants larger quotas to A,B and C.
Was all fun and games until we realized we allocated 400MB space on a 80MB disk.Then we got BUSTED :/
It looks like Trump pulled out in a half-hearted way to placate his base, but the timeline for pulling out that extends until the day after the next election seems to indicate his daughter was more successful in talking him out of it than Rush and his other cronies would have liked. If he was really pulling out of Paris, it would have been effective immediately, not 3 1/2 years from now.
Nice thing about agreements, people have to go along with what was agreed with, or people won't bother going along with the other things they've agreed on.
The Paris agreement, amongst other things, put in place a policy for people who want to leave the agreement. They cannot do it at all within the first three years of the agreement, and it takes a year from giving notice to leave before you have actually left. He has actually left at the earliest possible moment.
The country as a whole needs to take pension funding more seriously, for starters they should NEVER be allowed to run in deficit.
It's not that simple though. The deficit of a pension fund is the difference between their assets and their potential exposure, but the potential exposure doesn't only depend on the number of subscribers, but also on the current annuity rates. During times of low growth, like now, interest rates are very low and consequently annuities cost significantly more than they would at other points in time. Put another way, the only thing keeping BT's fund in deficit is that interest rates are historically low.
So, do we need to fund our pension funds to be larger than their maximal potential exposure (like now)? Will everyone enrolled in that scheme retire during this low interest rate period, or will their annuities be bought when much cheaper?
Requiring all pension funds to never be in deficit would require that pension funds would have to be much much larger, in order to account for these low interest periods, whilst still providing the same benefits.
This inevitably means that pensions will cost more, but who should pay this? If it is the employee who is still working that is paying in extra to reduce the benefit, this is massively unfair. They are paying because the previous pool of employees, despite intentions, failed to put aside enough money to fund their desired pension benefits.
Skinny by 1990's standards would to be fair probably have been considered practically morbidly obese in ...
Blahblah. 110lbs is less than 50kg, or 7st 12lb, BMI* of 15 or "very severely underweight". I know you only ate coal and lived in a shoebox in the 70s, and kids today don't know how good they got it, but no storm trooper was 110lb.
* Oh god, I mentioned BMI. Any chance of avoiding the 70 replies saying how BMI is meaningless and just wrong for you and agree that a BMI of 15 is inconceivably low for a storm trooper. I'm sure your BMI of 30 is all muscle and that you are very tall, you don't need to explain.
Because you are running custom software that's incredibly picky about OS versions[1] and patches? Because you don't have anyone that knows about WSUS or SCCM? Becuase your CxO doesn't give you any budget for anything other than getting their team the latest and greatest and certainly not for wasting time fiddling about with servers?
All of those are valid explanations why an individual techie working at an afflicted organization might not have applied the fix that would have prevented this.
None of them are valid explanations as to why an organization allows their technology to be so poorly maintained. None of them explain why CTOs across the country are not getting canned for failing to ensure business continuity.
I've no problem with people getting paid big money for CxO roles, but together with the money comes the responsibility; if you are the CTO of a hospital trust, and your policies on patching desktops led to surgeries getting cancelled, you should be cancelled.
"the company has no obligation whatsoever" - apart from the law, the contract they signed, etc etc..
So, this article is about them not following their contract. They were supposed to use the data to train and discard it. They are now running a service using that data.
Ignore whether it is a good or a bad thing; evidently they are not following their contract now so what happens in the future?
If he had said "I accidentally found a kill switch but I will wait few weeks to provide details" we could accept this as part of responsible disclosure, and it would have given the rest of the world a week to plug the holes
So now we are expected to maintain responsible disclosure for malware now? What, in your mind, is the acceptable amount of time to wait before deciding that ivan@shadowbrokers just isn't going to respond and push out a fixed version of the malware before we disclose it?
Any semantic algorithmic flaw like this in malware should be discussed widely and openly, because either the code may be reused in other malware, or might be written from scratch with the same semantic flaw.
The only flaw that needs to be plugged is the one in Windows; MS released the patch in March, the vulnerability was disclosed in April, and now in May people who don't patch their systems are crying.