Posts by Mike 125

Tech is slowly taking control.. because we let it.

The average 'home router' is modem + firewall + router.

One major risk is following instructions that come with your shiny new IoT garbage to configure port forwarding.

Here's a suggestion to ISPs: supply non-configurable routers.

In one easy step, we make people safer... and sadly, dumber.

Comments are missing the point

This is the significant point here:

"Tesla supremo Elon Musk, however, claimed data logs from the vehicle showed neither Autopilot nor the automaker's Full Self-Driving mode was engaged. "

Wow. I can just hear the investigators, lawyers, claims managers, etc. etc. forming a queue.

As I've said before- Musk should have been satisfied with the best electric car. He'd have sold just as many.

But then.. what sort of nut job / tech disruptor reuses rockets...

3

"Two firewalls are better than one, right?"

"Remy gently explained that the DSL router had a firewall that would deal with most threats and sticking another one on the PC with everything cranked up to maximum"

By my reckoning, that makes 3 in total. And yes, as with drinking: 1 is good, so more must be better.

ROOT CAUSE

"Google’s underlying networking control plane consists of multiple distributed components that make up the Software Defined Networking (SDN) stack. These components run on multiple machines so that failure of a machine or even multiple machines does not impact network capacity. To achieve this, the control plane elects a leader from a pool of machines to provide configuration to the various infrastructure components. The leader election process depends on a local instance of Google’s internal lock service to read various configurations and files for determining the leader. The control plane is responsible for Border Gateway Protocol (BGP) peering sessions between physical routers connecting a cloud zone to the Google backbone."

See, we have this 'system stuff' which is incredibly reliable. But it's terribly complex. It turns out we don't really understand its full dynamic failure modes ourselves, but we don't admit that ;-)

"Google’s internal lock service provides Access Control List (ACLs) mechanisms to control reading and writing of various files stored in the service. A change to the ACLs used by the network control plane caused the tasks responsible for leader election to no longer have access to the files required for the process."

Someone changed some 'system stuff' and for some reason, it all fucked up :-O

"The production environment contained ACLs not present in the staging or canary environments due to those environments being rebuilt using updated processes during previous maintenance events. This meant that some of the ACLs removed in the change were in use in europe-west2-a, and the validation of the configuration change in testing and canary environments did not surface the issue."

Our 'system stuff' is so reliable that we don't really need to validate changes properly before rollout. So we didn't. We just validated any old configuration :-~

"Google's resilience strategy relies on the principle of defense in depth. Specifically, despite the network control infrastructure being designed to be highly resilient, the network is designed to 'fail static' and run for a period of time without the control plane being present as an additional line of defense against failure."

Our system stuff is incredibly reliable, so reliable that it'll kind of 'appear' to run normally, even when completely knackered! Isn't that just great? :-}

"The network ran normally for a short period - several minutes - after the control plane had been unable to elect a leader task. After this period, BGP routing between europe-west2-a and the rest of the Google backbone network was withdrawn, resulting in isolation of the zone and inaccessibility of resources in the zone."

Our completely knackered system stuff ran for several minutes. I know! Amazing! Unfortunately, during that time nobody actually managed to spot its complete knackerement because, well, why would they? They weren't even looking- our system stuff is incredibly reliable :-)

Very soon our system stuff fell over completely causing visible errors, which we weren't expecting AT ALL.

So why did our system, taken as a whole, fail to be resilient? Well, it's 'system stuff' and it's terribly complex. So. Hmmm... we don't... really... know... :-(

Pure frustration, yes, ok, but...

"Email is perhaps the nearest thing to a universal identity system for the internet, but if it is such a thing, it is much flawed."

Apart from those behind the corporate firewall, and maybe pushfraud victims, (who often don't have the insight), I didn't think anyone took an email address as any sort of ID seriously any more.

The total lack of authentication is kind of a red flag.

same old

1: Not enough threads?

2: Configure more threads

3: backto 1

----------------------

1: Too many cars?

2: Build more roads

3: backto 1

-----------------------

1: Not enough cheap meat?

2: Burn the Amazon for more cows (see what I did there)

3: backto 1

oh dear...

"Nothing like personal experience of your own products "

The implication being that's your first experience of it?

Way to go client-centred app design- that's nothing like it.

infinite dumb

> Windows 10

> Your device needs the latest security updates

> Can't download updates

> We couldn't download some updates.

> More info.

Good, because that's zero information so far.

"Opening Times (Customer Restaurant)"

Now we're talking.

How hard can it be to replace those 'helpful' Windows messages with a corporate banner, e.g. 'IKEA' on error? You'd think that would be standard behaviour for anything unexpected in embedded versions.

It would spoil Bork spotting though..

Babel

Languages.

Different hardware architectures => assembly.

Thin layer abstracting most of those differences => C.

Thinnish layer abstracting common OS features => probably Rust, Go etc., but nothing 'unsafe'.

Everything above => whatever maps best to the requirement. And that's the hard part.

But it's not C++.

As always, horses for courses.

competitive tendering

"Minns slammed the outcome as "another national joke" that ranks alongside "intercity trains that don't fit the track, or the 'Ferry McFerryface' fiasco"."

Wikipedia on a related ferry fiasco, care of The Rt Hon. Chris Grayling:

"The announcement that Seaborne Freight had been awarded the contract caused controversy after it was revealed that at the time contract was signed, the company had no ships and had never operated any. Critics also pointed out that the Port of Ramsgate would need to be dredged before services could begin and raised questions as to whether due diligence checks had been undertaken before the award of the contract.[14] By 3 January 2019 dredging had begun in Ramsgate."

On hearing about Transport for NSW's troubles, Chris Grayling was later heard to comment:

"Look, it's not a goddamn competition."

insider trading

"the attackers successfully manipulated a small number of employees and used their credentials to access Twitter's internal systems,"

This is an attack from inside the security model. This is equivalent to an Intel processor side channel attack.

*Some* employees will always have access to tools which permit account access, at the very least enabling a credential reset. *Some* can modify system code! If those employees go rogue, or stupid, then it's game over. There's no mystery to that.

"the UK government is examining the possibility of giving broadband firms access to more than a million kilometres of underground infrastructure owned by other utility firms: including electricity, gas, water, and sewerage networks."

Joined-up stinking.

still up...

'Over 3.5 million lines of programming code were used tocreate Horizon's sophisticated functionality.'

"Wow. I mean like. WOW. I gotta get me some of that." thinks the suit.

Horizon