Posts by Fazal Majid

The best way to avoid audits

Is of course to replace proprietary software with open-source alternatives wherever possible. Anyone still choosing Oracle for greenfield deployments in 2020 needs to have their head examined (and be fired).

You have it backwards

Cassandra was written at Facebook by Avinash Lakshman, one of the authors of Dynamo at Amazon. DynamoDB is essentially the external version of the in-house Dynamo tool that predates Bezos' famous API directive.

As for ScyllaDB vs. Cassandra, if you are starting from scratch, why would you incur the overhead and GC pauses of Java if you don't have to? There's a reason why Facebook doesn't use Cassandra for anything critical in-house, even though they originally developed it.

Low-end, really?

The A13 in the soon-to-be replaced iPhone beats all Apple's laptops other than the highest-end 16" MacBook Pro. I can only imagine what the A14 in a thermally less constrained body can achieve, and I suspect the "low-end" laptops mentioned will actually be superior in all respects (speed and battery life) to the Intel ones. All apps submissions the App Store have been sending a LLVM Intermediate Language variant that can be retargeted to any architecture supported by LLVM, including arm64. Obviously, poor coding practices and assumptions can still cause the code to work incorrectly, but I would think the transition will be better than the PPC to x86 one was.

WiFi 6 is not enough

You need the additional 1.2GHz bandwidth from the 6GHz band That was recently allocated to WiFi (despite the LTE scum making a last-minute grab for it). Obviously it hasn’t been implemented yet by chipset and RF PHY makers, and it’s US-only for now.

Vivaldi is great

I’ve been using it for years now as my primary browser, with uBlock Origin, uMatrix and Privacy Badger.

Galileo is hardly a success story either

It’s had major outages and the atomic clocks in the satellites are failing much faster than expected, so the satellites’ lifetime will be curtailed.

Foreign control of the press

The single most important measure would be to ban non-EU control of the press (a certain Australian-American press baron comes to mind) or non-EU political campaign-finance contributions. The US does not allow foreign nationals or corporations to control its media and telecommunications firms (or airlines, for that matter), nor does it allow campaign contributions from non US persons.

The futility of premium Android handsets

It's clear from Samsung's dropping market share that there is no market for premium Android phones, and the winning formula is Huawei and Xiaomi's, near premium quality at midrange prices. As with PCs, Apple has captured the entire premium market.

Denial of service is one threat. All the others can be addressed with end-to-end encryption, which is becoming the norm on the Internet and should already be for sensitive government operations. Telephony for the general public is practically unencrypted, but that's because our spooks like it this way and have made sure that encryption remains inconvenient if not illegal, and thus they are responsible for this vulnerability.

As for standards, they are built on a baroque foundation of legacy telco crap designed by C-team standards committees, leading to grossly vulnerable protocols like SS7 (in addition to the laughable lack of security, the network also crashes if it is pushed above a certain traffic threshold). In practice, because they are so sloppily specified, interoperability requires access to the other vendor's equipment, which they make sure is not available to potentially disruptive new entrants. In the case of 5G, the 4G already deployed is predominantly Huawei, and since modern networks are essentially software-defined, they can mostly be upgraded but Huawei will do so only if you stay with them.

It would be best if 6G were totally software-defined to work on white boxes and got rid of the legacy ITU cruft, but chances are low.

As for telcos monitoring their network traffic, the author's naive faith in their technical competence would be charming if it weren't misplaced. Read Bert Hubert's excellent paper on how they have been so hollowed out technically through outsourcing:

https://berthub.eu/articles/posts/5g-elephant-in-the-room/

Not OK

I use a Ubiquiti USG as my firewall for the convenience of a single management pane of glass. This is completely unacceptable.

In the short term I am going to block them in DNS, and in the slightly longer term I am going to have to get another OpenBSD box with PF in transparent bridge mode to block them.

Unlikely to be effective

This will stop carriers from profiting off their own failure to implement SS7 and Caller ID security by charging consumers for anti-robocall services. It won’t stop the robocall scourge itself, as it is conducted by scam operators who are already criminals, mostly located offshore, and unlikely to comply with any fines levied.

Outrageous

It is outrageous how executive branch agencies feel they can exempt themselves from Congressional oversight using transparently bogus arguments (it's not as if there are privacy matters like personnel files involved). Congress has subpoena powers and it's long past time they were exercised.

It’s a GDPR violation, for starters

Deceptive marketing

I find it astounding the Advertising Standards Authority actually endorsed OpenReach resellers deceitfully calling their shitty DSL offerings as "full fibre". How is a consumer supposed to know what is true fibre vs. fake?

The problem is not libraries dropping Python 2 support

But dormant libraries that are still in use that will never be upgraded to Python 3.

At some point, companies will have to bite the bullet. In my case, my migration plan is to switch to Go.

Can't understand why anyone would buy the 20TB drive

Shingled drives are horrendously slow, why would anyone get the SMR 20TB drive instead of the almost as capacious, but presumably much faster 18TB CMR ?(conventional magnetic recording, i.e. PMR before SMR)

One more reason I am happy I switched to Vivaldi

I'm old enough to remember when the 5-1/4" floppy disk was the fast alternative to cassette tape, and a floppy drive cost almost as much as the computer itself, until Wozniak's brilliant software-controlled design.

Unless you are lucky enough to have Hyperoptic, all you have is a Hobson's choice of fake-fibre warmed-over DSL from BT or expensive cable with spotty reliability from Virgin. Switching from one lousy OpenReach reseller to another is not going to improve service.

It has nothing to do with being pro- or con- privacy. It has to do with which industries she is shillng for. Telcos want to gut privacy laws that would block their ability to sell marketing profiles collected by deep packet inspection, but at the same time they want to hobble their Google/Facebook webco competition.

I thought hyperscalers didn't buy from Enteprise server vendors

Certainly Google and Facebook go direct to ODMs like Quanta for their servers, with none of the proprietary lock-in "value add" the enterprise vendors love to include. With projects like Open Compute, you'd think smaller hosters like Rackspace would follow as well.

FIPS stands for reduced security

It's well known among the security community that FIPS standards are significantly behind best practice, whether that is deliberate is open to question (e.g. how the NIST and NSA made DUAL_EC_DRBG with weak P and Q a requirement for FIPS certification).

It's a hard problem

Much as I loathe to defend telcos, authenticating callers to determine if they are legitimate police officers is a hard problem. There are so many agencies that unless the States take charge of implementing some sort of authentication or 2FA challenge-response mechanism, the telcos have really no viable way to do so in an emergency situation.

Belgacom hack

Cisco routers were actually backdoored by GCHQ when it spear-fished Belgacom engineers to spy on EU communications (whether for themselves or for their American masters is open to conjecture).

Stopgap at best

This is a stopgap, but since the flawed design of the keyboard hasn't been corrected, they will be back for repairs until AppleCare runs out, but if Apple wants to avoid the cost of class-action lawyers, they'd better put in place an unconditional warranty extension until the butterfly keyswitch can be corrected and all MacBooks and MacBook Pros made since 2005 recalled.

Mark Warner has a tech background, even if he is not an engineer. He is no idiot.

I don't know how much consumer IoT the Federal Government purchases, though. I hope not too much, otherwise we are already 0wned by the Chinese and Russians...

During the WWII Manhattan Project, copper was hard to come by, and they needed huge amounts of conductors for the electromagnets in the uranium refineries. So they used silver from the Federal Reserve instead. 6000 tons of it:

https://hubpages.com/education/The-Manhattan-Project-and-The-Borrowed-Silver

You can get a lot done with Redis

Specially since they added HyperLogLog support to calculate fast approximate unique counts.

Unfortunate

Whether the Bloomberg article about Chinese compromise of SuperMicro is accurate or not. It was good to have a made-in-Europe manufacturing source for servers not susceptible to American or Chinese interference.

Vanity project

Isn't ChromeOS untouchable at Googlebecause Sundar Pichai used to be its PM?

British banks seem particularly bad at IT

You don’t hear about anywhere as many incidents in other developed countries.

An artifact of outsourcing culture fostered by the liberal-arts elite that runs the country, perhaps?

You've got to respect her for her integrity.

As for Assange, isn't it a rather big conflict of interest for him to be both trustee and beneficiary?

Gaston Julia

The language is named after French mathematician Gaston Julia, not horse face Roberts.

About California's initiative process

Until 1911, California's venal legislature was fully in the pockets of the Big 4 (Huntington, Crocker, Hopkins and Stanford, yes, that Stanford). They controlled the Southern Pacific Railroad, and were not shy of abusing their monopoly to extract rents from Californians (most of the markets for agricultural produce were on the East Coast, which meant Southern Pacific could charge pretty much whatever it wanted).

In 1911, Hiram Johnson, a Progressive governor was elected, with a mandate to reform the corrupt legislature. He did that by creating the initiative, referendum and recall processes that give California an unusual level of democracy for the US. In this case the initiative process is working exactly as intended, allowing the people to prevail over entrenched interests that captured the legislature.

Of course, the lobbies adapted and learned to abuse the initiative process for their own ends, as the sugary-drinks lobby is using the same tactic to blackmail the legislature into preempting city soda taxes like Berkeley or San Francisco's.

Lack of LIDAR

Tesla cheaped out by not including a LIDAR, unsurprisingly as those are still extremely expensive, but no self-driving car or ADAS 3+ should be allowed without it.

As for Musk, he richly deserves all the opprobrium headed his way for his despicable attempts to pin blame on the victim.