Posts by theblackhand

Re: What I would be more interested in .....

Limited liability doesn't protect a company director if said director is breaking the law...

Re: Soooo...

My guess is that they tried to allow RDP access to their server, but couldn't get it working with a single port so allowed full access to all port/protocols...

Re: Recovery wasn't rate limited?

I would suggest you are looking at the problem from the wrong direction. The issue isn't existing DNS mappings. They work.

It's new mappings. You have to be able to create/delete records to flex services up

/down/between data centres (US-EAST-1 is a collection of around 100 large data centres) and each new instance that is required to cope with increased load or the migration of load between your capacity groupings (i.e. a data centre hall is likely the smallest grouping)

Once your DNS move/add/delete process is delayed, demand will create a situation where key services reach capacity and then you enter the downward spiral of no capacity to cope with current load and no ability to increase capacity.

This ignores any systems used to avoid this situation (DNS planner and DNS Enactor) - my assumption is that something triggered the DNS issue such as maintenance/power outages causing a loss of data centre capacity causing some of the initial demand issues, because historically, that has been the cause of a large number of previous US-EAST-1's outages.

It's worth noting that a number of AWS people have said that US-EAST-1 is too big to be stable BUT customers want it and it provides valuable data for how to run other AWS regions reliably as they have been built to avoid the extreme scale issues US-EAST-1 has. Ref: https://www.theregister.com/2024/04/10/aws_dave_brown_ec2_futures/ and

Re: BS

You're ignoring spreadsheet errors...

And if there's a real risk to the board, they will outsource the risk to a third party.

Maybe Rishi could help companies avoid the dangers of TCS and encourage them to use Infosys instead?

Oh dear, my sarcasm jar seems to have emptied unexpectedly.

Re: £60 million?

"Which part of the world would you like to visit? We can setup "an existing trial" there tomorrow and arrange a visit during the tender process to show a 'working system'..."

Re: Meanwhile

Using a wrist watch to distract your mouse still allows you to clock watch unless you choose to binge watch your favourite series...

Re: Good times!

So we look back with nostalgia at Clippy making an underpowered laptop take 5 minutes to start as we mumble "f*&£ off Clippy"?

It's an interesting comparison between Google and Oracle. Both were unable to keep pace with the huge infrastructure spend or AWS and Azure.

Google specialised to try and make their spend sustainable. While they have challenges, they also have some very sizeable revenue streams even as search falters.

Oracle fell behind for years, depending on renting space rather than building like the others.

Then OpenAI comes along and signs a deal that promises expansion at rates that AWS or Azure would be laughed at for suggesting. The lead times required for power and planning new builds make it time consuming and competition for existing space drives up pricing. Sure, you can get lucky a few times, but Oracle has to get lucky for years and years...

Re: Unbelievable!

The advisory is for organisations to:

- patch equipment

- remove any end of life equipment ASAP as at best, it has another month of vendor support.

Insert whatever vendor you wish into those statements and it remains true.

While it would be nice if Cisco or any other vendor could write perfect code that anticipated any possibility, we have to accept reality isn't that perfect.

I'm wondering how you got from "a surveillanceware company" and "targeting individuals" to the UK government being involved? It looks like German and US companies were responsible for the software rather than known UK surveillanceware companies.

Amnesty International report "Shadows if Control" suggested this was being used in Pakistan and more widely against journalists.

Re: Not Clear About The Impact On Linux Systems....

The jump from "encrypts NTFS partitions" to "encrypts a range of OS partitions" does not seem to be large...

Re: Who is responsible here?

The article suggesting older kit could not be patched for these vulnerabilities while failing to mention they could be disabled, ACLs applied AND good practices applied around securing the management plane against 8+ year old vulnerabilities on kit that is likely 13+ years old equipment based on Cisco patching vulnerabilities for at least 5 years if we ignore the prosumer Linksys rebrands.

If your grandparents or elderly parents used an unpatched Windows 8 PC that was was compromised, you would question if they should be using such a difficult to maintain piece of kit.

We should treat companies similarly and get them to use people for important tasks if they can't manage to run networked equipment in a competent manner.

"The EU could be hammering China with fines, and he'd still claim we're doing nothing, if the lie was useful to him."

That's just portraying Trump as untrustworthy - if you would also acknowledge that Trump would approve of the fines if there was a kickback to Trump's family because Trump had invented fining other countries, then you could also capture his corruption and narcissism.

Re: Tinfoil Hat time

If you want any insight into what Intel might be o dered to do, it would have been "survive".

Not much point having a conspiracy to introduce advanced spying capabilities into new chips if the company never makes them...

Re: Putin on the glitch

Biden didn't fix it but it was really Obamas fault.

Everyone said there would be no consequences for wearing a tan suit but wow, look at all the consequences.

Re: Nope. It was Win95 that got the ball rolling...Nope, nope

While Microsoft and Intel had clearly started to become a threat in the 1980s, Intel had significant competition in the x86 space and the server space was dominated by non-x86 systems until the release of the Pentium Pro in late 1995.

While Microsoft was doing better on the desktop with Windows 3.x in the early 90s, Windows NT 3.1 lacked software support and NT 3.51 only partially addressed that. NT 4.0 in mid-1996 was where we started to see a full range of enterprise software products both from MS and third parties. NT4 was also able to compete with NetWare for file and print - NT3.x required a lot of hardware and delivered much less performance for anything other than small workgroups.

I would point to WordPerfect as an example of Windows real usage - the Windows version was barely usable until Win95 and 90% of our customer base used WordPerfect for DOS - we had more Mac Word users than Windows Word users... WordPerfect's peak sales were 1993.

While Winter was dominant by the end of 1990s, it was as much down to poor execution from competition as pure dominance - Novell killed NetWare and WordPerfect, the Unix workstation market self-destructed in the face of Itanium vaporware and amongst all of that Apple rosé from the dead.

Re: "there's nothing illegal in its approach"

Or...visit my website: https://ameatgrinderisfor lifenotjustsoftwarerenewal.com

We have a large range of models to cater for all of your Oracle (or Microsoft or AWS or Google etc) license renewal needs - from the portable models for one to one meetings to full room size models to efficiently handle larger discussions.

And as we do every Oracle licensing season, we are throwing in a free sausage maker so you can surprise the replacement salesperson with a tasty snack.

Re: Obligatory

IBM doesn't have a cloud solution just a lot of inefficient old data centres with customers entrapped in contracts they regret.

Making cloud jokes will only please IBM execs...

Re: Simple options

While the article discussed the importance of moving away from MS, the comment around E5 licensing perfectly encapsulates the behaviour that has led to the the current situation.

The current Microsoft usage is driven by the combination of desktop dominance and providing security and compliance tools to meet (or at least be capable of meeting) regulatory and audit requirements. Every part of the government reseller/procurement/IT/compliance stack is comfortable with a Microsoft solution and know that substituting alternative products increases the risk of failure AND higher costs.

Instead of getting Mexit and a decrease in government spending, the M7 with co-pilot and increased spending seems the likely future.

Re: Security device is full of bugs :o

A security device that doesn't validate parameters. In 2025...

If only there had been 30+ years of examples of why this should be avoided.

Re: Eh?

I don't have much time to answer as I've just been recruited by Cisco as part of their AI initiative.

What if instead of using AI to do "requirements-> pseudo code-> actual code" you did 100 x (Requirements-> pseudo code-> actual code)?

I know, my genius amazes me! It's amazing what the right AI prompt can give you.

I'm also working on an aggressive approach to "the requirements are wrong" - AI will go along way if we can fix the "time traveller from the future trying to stop us" problem.

Re: Compromise

I'm also struggling with the rags-to-exceeds national standards security story.

While not wishing to undervalue the investigation and recovery operation, telling the world everything is OK when you don't know how the attackers got in the first time or how long they were operating within your infrastructure feels a little risky.

It's like the cartoons where after a character almost gets hit by a truck, they walk off, seemingly OK, before they turn to reveal they lost all the clothing off their backside.

Re: Give them your keys?

20 years ago, $8bn may have been enough to start a cloud computing company. Now you have to compete with the 5 largest providers who are already well established and have cululativrly spent $1tn+ to reach the current positions (AWS/Azure/GCP have spent ~$20+bn/year each for 10+ years with smaller investments in the previous 10 years).

To enter the hyper scale realm now, you need to invest around $10bn/year and will likely need 2-3 years to start churning out newer, larger DCs to be competitive both in procurement and scalability to justify the spend.

We are already seeing consolidation (Oracle and IBM using AWS/Azure/GCP) from those who have spent tens of billions as they can't compete with the data centre build rate of the largest providers when power and space are at a premium in thr regions with the largest demand.

Can an existing mid-tier provider get a significant injection of capital ($40-50bn to cover a 5-10 year build out in Europe) to be genuinely competitive? Maybe but I doubt they will get the investment needed as they will likely struggle to be competitive even if there are stricter data protection requirements for EU data.

"your call is important to us...."

And the betting on how long they will wait begins..

Just make sure you don't do it over a long weekend, we wouldn't want a repeat of the guy in finance who gnawed off his own foot due to hunger while he was waiting.

Re: As JFK said

Wouldn't the most relevant JFK related quote be Marilyn Monroe saying "President Kennedy is very democratic and very penetrating"?

Re: Open Door

And in this case, "too many" was how many exactly?

We all know the perfect firewall has no connectivity to the outside world. By extension, the perfect building would have no doors...

Re: It's the bug bounty

If you "deepfake" the video, MS can get a team of relatively low skill security people or potentially even AI, to review your submission and if the steps provided do not match your results downgrade or reject the submission.

Potentially they could even create a submission "cost" that involves no cost for actual submissions but could be offset against any bounties you do legitimately claim in the future.

Luck is stumbing across something you never knew existed.

Poor judgement is finding a gun with an attached note that says "caution, point away from you before pulling the trigger", aiming it at your foot and pulling the trigger. Redis may argue that the didn't know that a gun called "changing licensing models" would hurt so much but its hard to make those arguments when your customers are walking away and Redis can only limp after them owing to the damage done to their feet...

Re: Ouch

I don't believe this is a tariff issue - the parts are produced in Taiwan and likely assembled somewhere in Asia so likely miss the tariffs.

The issue is export restrictions - as nVidia is a US company and H20-based products are currently export restricted, they can't be sold to China.

At a minimum, export licenses are required - there was a rumour that nVidia would be exempted from this following the Mar A Lago dinner. Looks like $1m doesn't buy as much influence as you need to sell $5.5bn of AI chips...

Re: "If you're serious about protecting your privacy from your smartphone"...

There seems to be some sort of collective amnesia about how common call monitoring was before mobile phones where call tracking was less necessary because people were either at home or at work so they could take calls (some sarcasm but a big chunk of truth).

Privacy briefly peaked between 1999-2004 with the introduction of TLS 1.0 before hardware caught up and alternative monitoring/decryption systems were available.

Re: Could you describe the ruckus, sir?

The one where the front fell off?

Ref for your Tuesday viewing pleasure

https://youtu.be/3m5qxZm_JqM

Re: Pop...

Intel's bubble popped in 2018 when 10nm wasn't commercially viable (and it would still take a few more attempts before Intel was prepared to concede that fact) and TSMC was providing ARM and AMD 7nm with a viable next generation strategy.

The sound you are hearing isn't a pop, it's inertia - the sound of the gears continuing to turn but lacking any driving force.

There is still time to restart the engine but can anyone find the key?

Re: Shaking

$2bn farming subsidy? More like almost $8bn for soybean subsidies and $12bn in subsidies overall to cover loss of earnings due to Chinese agricultural tariffs (ref: https://en.m.wikipedia.org/wiki/Trump_administration_farmer_bailouts)

"Delays and share loss" is just a nice way of saying that Intel continues to be unable to make a competitive CPU product since moving on from it's 14nm line launched in Q4 2014.

That's 5 generations of bleeding edge fabs that have failed to deliver competitive products.

Sure, Intel managed to add makeup and new names to 14nm to hide the fab failures for a few generations but the moneys going to run out for gen-next.

They spent $69 billion to acquire VMware - saying they aren't in this to recoup that investment would be unlikely.

They aren't in this to develop VMware into a better product - they are in it to reduce operational costs as much as possible and bleed customers dry.

Broadcom have taken the risk that customers might realize how badly they will be pillaged for ongoing support that they will instantly jump ship. I would suggest current customer behavior is to try and minimize support costs rather than jumping to a new vendor. If it takes the majority of customers 3+ years to realize things won't get better, Broadcom likely make money on their investments.

So ~<15% loss of market share per year means Broadcoms strategy is working.

Time-frames/market share numbers are pulled out of my butt but based on Broadcom getting around $16bn annual revenue from VMware and successfully reducing operational costs from $6bn to $2-3bn/year for the next 5 years.

Re: Still not "safe and compliant"

Auditing was enabled in Oracle in August 2023 after an "oversight" - if I was wagering money on it I would suggest it was done to reduce hardware or storage requirements as the fix required additional hardware purchases.

For multi-year contracts that were entered prior to auditing being enabled, the council is unsure if details were entered correctly as there's no auditing - as pre-August 2023 contracts age out of the system, they will eventually get to the point where they have either have full audit data for spending or have reviewed any contracts that weren't audited to get to the point where they are confident that the figures being produced are correct.

Re: See elsewhere for details.

How about a 250MW solar project? https://nationalgridrenewables.com/press-release/national-grid-renewables-signs-power-purchase-agreement-with-microsoft/

Re: Variable Names : Case Sensitivity

Avoid spelling mistakes by using single letter variable names.

26 variables is more than I could ever conceivably need.

'You would think that cloud computing vendors would benefit massively from economies of scale"

They do - that's why AWS and Microsoft Azure make around $26bn and $35bn respectively per quarter and growing.

Why isn't it cheaper? Because they are still building their monopolies to the point where they are the only game in town for low latency, high bandwidth compute services