* Posts by Pascal

350 publicly visible posts • joined 25 Dec 2009

Page:

CrowdStrike blames a test software bug for that giant global mess it made

Pascal

Re: It worked on my machine!

How would you put that into practice for what happened here?

Use multiple different security vendors staggered across your redundant server infrastructure so that any cluster-type service maintain quorum, in case one of them throws a Crowdstrike?

(That means at least 3 different vendors, licensing, training, managing).

Make sure critical staff has access to at least 2 different workstations not sharing a single unique component of the critical software stack?

Protecting yourself against every imaginable incident means eventually you're just juggling hundreds of tiny little different baskets!

BOFH: An 'AI PC' for an Acutely Ignorant user

Pascal

Re: purple is the color of AI working

Microsoft already added a Copilot key after all, so the purple LED is very likely

Boeing's Starliner finds yet another way to not reach space

Pascal

This is not what "redundant" means.

> ... The trouble was caused by a single ground power supply within one of three redundant chassis ...

and

> Boeing said: "All three of these chassis are required to enter the terminal phase of the launch countdown to ensure crew safety."

Not very redundant, is it?

US Treasury says NFTs 'highly susceptible' to fraud, but ignored by high-tier criminals

Pascal

It's funny that criminals ignored NFTs from the get go / knew there was nothing worth stealing there.

BOFH: Looks like you're writing an email. Fancy telling your colleague to #$%^ off?

Pascal

Re: Another one bites the dust

Just wait until someone figures out a way to put AI and BLOCKCHAIN in the same product, somehow.

Edit: I should have googled that first obviously. The first hit is an entire website section at IBM dedicated to that pairing :(

Google exec: Microsoft Teams concession 'too little, too late'

Pascal

Re: Really!?!

Killing Domains was a shitty move for sure, especially "we sell your business, without your say so, including all your billing data, to a shitty bargain bin dns outfit that doesn't handle even half of the TLDs google domains supported".

Pascal

Re: Sorry

Not just "with and without permission", also "legally and illegally".

After all why would you follow the law of the land when the only consequences are fines that are less than 1% of what breaking the lawn earns?

Stoner Cats NFT project declawed for being an unregistered security

Pascal

"The company must also destroy all NFTs in its possession."

What does "destroying an NFT", aka the ultimate vaporware, actually involve?

Deleting the bookmark to the URL that points to a JPEG of stoner cat from their company browser?

Deleting the "wallet" that's listed as the owner of that bookmark in whatever blockchain they used to pawn off their URLs that point to JPEG of stoner cats so that it can't ever be pawned off?

Deleting the actual JPEG of a stoner cat from the web server that's hosting it?

Microsoft whips up unrest after revealing Azure AD name change

Pascal

Hi MoM!

US Air Force tests its first fully functional hypersonic missile

Pascal
Joke

Given the speed of sound in a vacuum, just give your air-breathing missile a big shove out the airlock and it'll actually be hyper-sonic!

FCC gives SpaceX OK to launch 7.5k Gen2 Starlink satellites

Pascal

Re: Smaller batches

The Gen2 satellites are not only 4x heavier but also much bigger than Gen1.5 that they currently launch.

The largest batch with Falcon 9 was 54 satellites but it's generally in the 45-50 range depending on target orbit.

For Gen2, it would be single-digit counts. Not economically (and timely) viable.

Only way they can get 1000s in orbit is with the ~100+ tons to LEO (and massive volume) of Starship.

The truth about that draft law banning Uncle Sam buying insecure software

Pascal

Not even a little bit, since they can still go ahead as long as the existing vulnerabilities don't affect security or there is a mitigation plan. At best it encourages disclosure --- and only of KNOWN vulnerabilities at that. If the biggest flaw imaginable is discovered the next day, it "was there", but it wasn't known.

Pascal

Re: What with the what how?

The law should deal with the "what" and determine what agency is responsible for defining/managing the "how".

Supply chain blamed amid claims of Azure capacity issues

Pascal

The 80 weeks lead time for some network switch semiconductors is no joke.

Some lower-end edge switches that we use (and you could bargain down to 1500-2000$ per switch pre-covid), we've had to buy refurbished / used for twice the price because we can't even get a 6-months delivery commitment.

Beijing needs the ability to 'destroy' Starlink, say Chinese researchers

Pascal

Once starlink v2 satellites (the ones with satellite-to-satellite comms) are widespread, the obvious US Military application would be to strike a deal with Starlink to piggyback on the network without using Starlink ground station. Plane-to-Carrier, Boat-to-Boat, Drone-to-Drone or whatever they fancy.

Space Launch System dress rehearsal canceled for repairs

Pascal

Re: might... you forgot the word might.

After all what's wrong with a few R.U.D.s between friends.

SpaceX could blow up their next 10 prototypes and still get to orbit cheaper than each and every SLS launch will cost.

Pascal

From Boeing's point of view, this is a spectacular success.

SLS is a "cost plus" contract for up to 10 of these beasts so the faster / better the rocket works, the less profitable it is for Boeing.

AI-powered browser extension to automatically click away cookie pop-ups now promised

Pascal

Re: You need AI/ML for that?

It sounds exhausting to hate javascript that much.

Microsoft dogs Strontium domains to stop attacks on Ukraine

Pascal

Re: For a tech site...

What Michael Roe got was a big cease-and-desist letter from Microsoft for what clearly looked like trademark infringement. When it came out that it was a kid that probably did that because he thought it was funny, they actually traded him training, an xbox, and all sorts of goodies for the domain. So in that other, legal-defense-of-their-brand case, MS actually treated the guy pretty well in the end.

Crypto inferno: Intel's Bitcoin-mining Blockscale ASIC to arrive in Q3

Pascal
Trollface

Re: Efficiency

For Intel, power efficiency being within 20% of the best is effin' spectacular

The metaverse of fantasy worlds is itself still a fantasy

Pascal

Re: Most boring?

Definitely bitcoin, without a shadow of a doubt.

Simply because nobody in the office keeps explaining to everyone how awesome and futuristic the metaverse is -- since nobody gives a rat's ass about it.

Users sound off as new Google Workspace for Education storage limits near

Pascal

For Google this was never about corporate charity, this was a well thought plan to get students used to their toolset - hopefully driving more future use case towards them instead of Microsoft 365. Seems it just ended up costing them more than anticipated.

Pascal

Nobody should have entered in "free, infinite storage" agreement with Google and not know this would come to an end at some point.

The fact that there are entire universities that rely on that for their data storage and are at a loss as to what to do with their petabytes of data all of a sudden is however absolutely insane. Then on top of it to have this huge blindspot where this deadline announced a year in advance is causing a stir *now*. Think of all the potentially insanely critical research data that is just entrusted to Google, with no idea of what their backup plans / recovery procedures are.

Alert: Let's Encrypt to revoke about 2 million HTTPS certificates in two days

Pascal

Re: Let's cert pin

Don't pin the certificate, pin the CA.

Death to HPKP!

Pascal

Re: Would be really nice

90 days was chosen for a couple reasons.

One of which was to force automation.

With 1 year certificates, inertia would have caused LE certs to be managed by hand as a majority of certs from old CAs are. 90 days, nobody goes live with that before automating them.

The other one is stated as "They limit damage from key compromise and **mis-issuance**".

Which ties in real well with the current situation: why not let them expire?

Sophos: Log4Shell would have been a catastrophe without the Y2K-esque mobilisation of engineers

Pascal

Right. "Immediate/urgent but also fairly simple".

Which is why sqlslammer is a more apt comparison. That thing went around the world overnight and needed immediate attention (much more urgently than log4j in fact) but was solved with a patch or a firewall change.

Pascal

Indeed. I would compare Log4j to sqlslammer, maybe?

But not even 0.1% of the effort that happened to 'fix' Y2K.

Pascal

Or you know. Look at the dependencies.

Or go with the lube if that's what you're into!

Intel's mystery Linux muckabout is a dangerous ploy at a dangerous time

Pascal

Re: Paranoia?

It could easily work with an internal key in the CPU that intel needs to counter-sign to activate a feature, that can easily be done a) offline so "phone home" component, and b) with zero danger if the key leaks because it will only activate the feature for that one particular chip.

Of course Intel's private key that signs all these things would be prime target for leaks/espionnage!

Thousands of Firefox users accidentally commit login cookies on GitHub

Pascal

"You'll be authenticated on any services which the user was logged in on when they committed the database"

Not to diminish the importance of the issue but the above statement assumes that "all authentication/session cookies for any and all web sites ever have no server-side expiration mechanism".

VMware imagines 'memory servers' – a new source of shared software-defined RAM

Pascal

Re: Need to see the Numbers

One one side of reality we carefully organize VMs to not cross numa node boundaries because the interconnect between 2 CPUs slow down memory access and performance too much... And on the other side, these lunatics think "off-system in the next rack" would be useful for any practical application.

Things that are not PogChamp: Amazon's Twitch has its source code, streamer payout data leaked

Pascal

Re: Waiting...

"Security is *a* priority, insofar as leaking all your data could impact our bottom line. But we also know you'll still use our service even if we leak it all".

Norwegian student tracks Bluetooth headset wearers by wardriving around Oslo on a bicycle

Pascal

In a perfect utopia, wireless devices being trackable by static identifiers would be a thing that mattered.

But you know 99% of these devices' owners just have Facebook automatically post every location they step in for the world to see anyway.

This drag sail could prevent spacecraft from turning into long-term orbiting junk. We spoke to its inventors ahead of launch

Pascal

Still:

Assuming the artist rendition in the article is accurate, the sail increases the footprint of the satellite by about 3 or 4 times. 3-4x is still 3-4x, no matter how negligible the initial risk is.

The added drag is expected to reduce deorbit from 25 days to 15 days, a 40% reduction.

So how much is the risk of collision reduced over those 15 days given the higher surface, compared to the risk of collision with the original size over 25 days?

Full Stream ahead: Microsoft will end 'classic' method of recording Teams meetings despite transcription concerns

Pascal

Re: Yup It's so easy to walk away from Microsoft

It's not about "accepting", it's about "getting business done".

As a service provider you align with what your client provides, if LibreOffice fits that's fine, if it does not, MS Office's license is just part of the cost of doing business.

Adobe's licences are more less the same, your client provides photoshop files only compatible with the latest version that your free software can't handle right? Well, the Adobe license is part of your cost of doing business.

Sometimes you are in a position to recommend technology to a client, or help a startup pick what they will use, and you can then push as much as you like towards your preferred technology.

But if you try to take a stance and tell a client "yeah no, don't send me .docx files" or "don't send me psd files" and try to put it on them to align with your preferences instead of the other way around, you'll be "that weird guy they stopped doing business with".

Google will make you use two-step verification to login

Pascal

"The same is true of emails - easy to spoof, but far more difficult to intercept (especially if using a private/company email address & server rather than a web-based public server)"

You are saying it's easier to steal email content from a specific email account hosted at Google than from the average, halfass-configured corpo mail server that is most likely something installed 10 years ago and left unimproved?

IBM says it's built the world's first 2nm semiconductor chips

Pascal

"the size of the process node is more of a naming convention"

... "No part of it is 2nm in size" ... "The actual transistor gate length is 12nm" ...

I went from "YAY, 2 nm!" to "fuck you, marketers" in 3 sentences flat.

To have one floppy failure is unlucky. To have 20 implies evil magic or a very silly user

Pascal

In my youth (1991-92) I worked a couple years as a technician in a local computer shop, so of course Ihave a lot of funny stories in that day and age of people being completely clueless about computers.

The one regarding floppies:

The DOS format command had a message stating "you can format multiple disk" when you started it (the exact form it took is lost to my memory).

What that meant of course is that after formatting a floppy it showed a prompt asking "Do you want to format another disk (Y/N)?".

One of the calls I got went: "No matter what I do, I can't put more than 2 in at the same time".

South Africa's state-owned energy firm to appeal after court rules Oracle does not have to support its software

Pascal

Re: Contract...

Was it?

I am legitimately curious.

One one side, you buy a licence and support contract for something, and that support is due.

Then other people install too many copies, unlicenced; you are at fault for sure, and the supplier can seek reparations.

But can they actually refuse to support the bits that you use legitimately, with your paid-for contracts?

Or can they only refuse to support the "extra" licences that are under dispute?

Just when you thought it was safe to enjoy a beer: Beware the downloaded patch applied in haste

Pascal
Joke

So that would be the one and only known instance in history where someone was heard saying, "Glad we're using Lotus Notes!" ?

Page: