* Posts by Mike 125

285 posts • joined 1 Jun 2010

Page:

Fastly 'fesses up to breaking the internet with an 'an undiscovered software bug' triggered by a customer

Mike 125

Re: Fastly 'fesses up'

Fine.

Then these outfits must stop claiming the whole edifice is anything other than a flaky, fingers-crossed, hackjob.

Mike 125

Fastly 'fesses up'

Jeeez all the congrats on here??? WTF????

"Even though there were specific conditions that triggered this outage, we should have anticipated it," he wrote.

What utter gibberish. Show me an outage without specific conditions. Everything is a specific condition.

The shares haven't budged. There's a significant perverse incentive for an outfit like this to occasionally 'prove' just how 'critical' it is. It needs to really hurt in the wallet when this happens.

Also, where is the testing? Where is the evidence of the ridiculous uptime guarantees they make? Redundancy is a thing. Reliability engineering is a thing. Fault tree analysis is a thing. And if hardware can do it, so can software.

Slowing down, Ok. Dropping out of the air stone dead- not acceptable.

These outfits are a joke. If we're serious about crititical infrastructure uptime, they need to buck the 'uck up.

Brit retailer Furniture Village confirms 'cyber-attack' as systems outage rolls into Day 7

Mike 125

Re: A cyber-attack and no data had been leaked

I don't get why any of this is surprising.

SolarWinds and its ilk planted the seeds. The tools were then dumped to grow the seeds. And now the 'script kiddies' can reap the whirlwind on whoever they choose.

Nation states are still discrete. It's just that now everybody else can start to take a profit. That's democracy.

As long as it's legal to pay up, this won't end.

Nobody expects the borkish bank-wisition: When I said I wanted some notes from the ATM, I never thought I'd see...

Mike 125

Actually MS have recently updated it: to 'handle' MS/Unix line endings.

And that really bugs me because it used to be an easy way to check the line endings!

Big red buttons and very bad language: A primer for life in the IT world

Mike 125

Re: Red Buttons, children

"Guess what I learned at school today, Mummy!"

I.T. is a lot more fun than I thought!

NHS-backed org reacted to GitHub leak disclosure with legal threats and police call, complains IT pro

Mike 125

Re: ftfy

Yep- indeed. I vaguely sensed that as I posted it. Getting lazy. Thanks.

Mike 125

>NHS-backed company not only threatened him with legal a

NHS and related managament hate whistleblowers. It's instinctive. They just can't help themselves.

Elon Musk hits the brakes on taking Bitcoin for Tesla purchases

Mike 125
Mike 125

Re: Odd that

>one wonders where he thinks the electricity comes from that powers his cars?

Batteries. DUH.

We need to move around. We don't need to mine an ephemeral, toy currency.

During the transition to renewables, a massive needless increase in consumption helps nobody.

Which? warns that more than 2 million Brits are on old and insecure routers – wagging a finger at Huawei-made kit

Mike 125

Tech is slowly taking control.. because we let it.

The average 'home router' is modem + firewall + router.

One major risk is following instructions that come with your shiny new IoT garbage to configure port forwarding.

Here's a suggestion to ISPs: supply non-configurable routers.

In one easy step, we make people safer... and sadly, dumber.

Bill to protect UK against harmful foreign investment becomes law

Mike 125

Yep. The British culture has become: grow, and sellout as fast as possible, for the fastest buck. Never mind investing for the future.

Oh, and: posh people don't do engineering. That's for plebs.

Mike 125

Re: Harmful foreign "investment" in political parties.

Damn you beat me to it...........

I was going to ask does it cover Boris Johnson selling most of London to Russian oligarchs who are happy with assassination, and Saudi princes who favour beating women?

Watchdog 'enables Tesla Autopilot' with string, some weight, a seat belt ... and no actual human at the wheel

Mike 125

Comments are missing the point

This is the significant point here:

"Tesla supremo Elon Musk, however, claimed data logs from the vehicle showed neither Autopilot nor the automaker's Full Self-Driving mode was engaged. "

Wow. I can just hear the investigators, lawyers, claims managers, etc. etc. forming a queue.

As I've said before- Musk should have been satisfied with the best electric car. He'd have sold just as many.

But then.. what sort of nut job / tech disruptor reuses rockets...

Ever wondered what it's like working for Microsoft? Leaked survey shines a light on how those at the code coalface feel

Mike 125

For me, it's more: is the work worth doing, from a design / engineering view? Will it make the product or service better?

The larger the company, the more likely it is that people who haven't a clue, get to control people who have. And the more clueless they are, the more they feel the need to micro-manage.

The clueless can survive in large outfits.

Mike 125
Trollface

>One of the better places I've worked tbh, which I know won't go down well with the regulars around here.

unless the other places were a Sports Direct warehouse and a garment factory in Leicester.

Nespresso smart cards hacked to provide infinite coffee after someone wasn't too perky about security

Mike 125

>Security matters, people. Wake up and smell the coffee

This one is McAfee's cup of tea.

Severe bug in Libgcrypt – used by GPG and others – is a whole heap of trouble, prompts patch scramble

Mike 125

>That's not what that phrase means.

Yea, I got it. Appreciate the guidance.

Mike 125

tough crowd

>Valsorda points out that the vulnerability was introduced in an effort to mitigate timing side channel attacks,

Side channel mitigation is probably the hardest, most thankless and most boring job imaginable. It can destroy any structure to code, and all the old rules about how to create and maintain good code fly out the window.

We need some new science here. Sadly it's my bet that AI in some form or other will beat us to it.

Mike 125

Re: Not best for every use...

>In Rust there is "unsafe" code -

This.

Mike 125

>What does There's also a lot of reliance on distant state invariants, which is unsafe even by C standards. mean?

#define SHA1_BLOCK_SIZE 64

Engineers blame 'intentionally conservative' test parameters for premature end to Space Launch System hotfire

Mike 125

Re: Well That Doesn't Sound Too Bad

>Figured out a while back as a software engineer that legacy code will eventually hit a point where F it, it's time to create something new

And I figured out that young guns always think they can do better, which is why we end up with so many wheels.

Good code does not inevitably corrode. But it does require intelligent maintenance. It's the hacking around by incompetents which does the terminal damage.

And it's the same with hardware, and absolutely with houses. Get a good builder.

Starting again is always more fun of course, as Elon knows very well...

Linus Torvalds rates his own words 'incoherent ramblings of a crazy old man'

Mike 125

Re: Linus is mistaken...

>Linus is mistaken....... >He's not young

Oh FFS. *google google* Hmmm. You're both right.

These times are making crazy old men of all of us, and that includes all sexes, colours, and variations.

Linus sounds (dis?)comfortingly human.

Ah, right on time: Hacker-slammed SolarWinds sued by angry shareholders

Mike 125

Re: In their defence

Did it do you any good?

The curse of knowing a bit about IT: 'Could you just...?' and 'No I haven't changed anything'

Mike 125

3

"Two firewalls are better than one, right?"

"Remy gently explained that the DSL router had a firewall that would deal with most threats and sticking another one on the PC with everything cranked up to maximum"

By my reckoning, that makes 3 in total. And yes, as with drinking: 1 is good, so more must be better.

US nuke agency hacked by suspected Russian SolarWinds spies, Microsoft also installed backdoor

Mike 125

Re: "full rebuild"

>The scale of this hack cannot be understated

The scale of this hack can only be understated.

FTFY.

But yea, agree with all the shock and awe.

Google told BGP to forget its Euro-cloud – after first writing bad access control lists

Mike 125

ROOT CAUSE

"Google’s underlying networking control plane consists of multiple distributed components that make up the Software Defined Networking (SDN) stack. These components run on multiple machines so that failure of a machine or even multiple machines does not impact network capacity. To achieve this, the control plane elects a leader from a pool of machines to provide configuration to the various infrastructure components. The leader election process depends on a local instance of Google’s internal lock service to read various configurations and files for determining the leader. The control plane is responsible for Border Gateway Protocol (BGP) peering sessions between physical routers connecting a cloud zone to the Google backbone."

See, we have this 'system stuff' which is incredibly reliable. But it's terribly complex. It turns out we don't really understand its full dynamic failure modes ourselves, but we don't admit that ;-)

"Google’s internal lock service provides Access Control List (ACLs) mechanisms to control reading and writing of various files stored in the service. A change to the ACLs used by the network control plane caused the tasks responsible for leader election to no longer have access to the files required for the process."

Someone changed some 'system stuff' and for some reason, it all fucked up :-O

"The production environment contained ACLs not present in the staging or canary environments due to those environments being rebuilt using updated processes during previous maintenance events. This meant that some of the ACLs removed in the change were in use in europe-west2-a, and the validation of the configuration change in testing and canary environments did not surface the issue."

Our 'system stuff' is so reliable that we don't really need to validate changes properly before rollout. So we didn't. We just validated any old configuration :-~

"Google's resilience strategy relies on the principle of defense in depth. Specifically, despite the network control infrastructure being designed to be highly resilient, the network is designed to 'fail static' and run for a period of time without the control plane being present as an additional line of defense against failure."

Our system stuff is incredibly reliable, so reliable that it'll kind of 'appear' to run normally, even when completely knackered! Isn't that just great? :-}

"The network ran normally for a short period - several minutes - after the control plane had been unable to elect a leader task. After this period, BGP routing between europe-west2-a and the rest of the Google backbone network was withdrawn, resulting in isolation of the zone and inaccessibility of resources in the zone."

Our completely knackered system stuff ran for several minutes. I know! Amazing! Unfortunately, during that time nobody actually managed to spot its complete knackerement because, well, why would they? They weren't even looking- our system stuff is incredibly reliable :-)

Very soon our system stuff fell over completely causing visible errors, which we weren't expecting AT ALL.

So why did our system, taken as a whole, fail to be resilient? Well, it's 'system stuff' and it's terribly complex. So. Hmmm... we don't... really... know... :-(

Mike 125

Re: Clouds are great!

>the complexity of modern technology solutions is staggering,

1) You seem to think that's an inherently good thing. It's not.

>it always amazes me that people get so upset

2) People get upset when their heart monitor fails, electric car stalls, front door remains stubbornly locked, child's bedroom light won't switch on, etc. It's not the fault of those people. It's the complete insanity of designing every day products which require a live connection for even their most basic functionality. People get upset because they can't believe any product designer could be that much of a moron.

Cybersecurity giant FireEye says it was hacked by govt-backed spies who stole its crown-jewels hacking tools

Mike 125

Re: Freely available hacking tools

What you're missing is that states and big corporates with lawyers must be seen to be doing the right thing.

So they all agree with the lawyers what that means in security terms: hire one of their own to do security- a big corporate with a bunch of lawyers. And that's it. That's all that matters.

All the reactions we observe following an incident are dictated by legal. We never find out what actually happened in technical terms. We just get bullsh't. And the cover-all is: 'A completely secure system is impossible', they say.

But if some poor guy in his bedroom discovers a z day which actually matters and which fixing could actually save someone's skin, and makes the mistake of blabbing about it, he gets locked up or must go on the run.

So in other words, nothing changes. Great system.

(Nothing against lawyers........ phew.... think I got away with it...)

Pure frustration: What happens when someone uses your email address to sign up for PayPal, car hire, doctors, security systems and more

Mike 125

Pure frustration, yes, ok, but...

"Email is perhaps the nearest thing to a universal identity system for the internet, but if it is such a thing, it is much flawed."

Apart from those behind the corporate firewall, and maybe pushfraud victims, (who often don't have the insight), I didn't think anyone took an email address as any sort of ID seriously any more.

The total lack of authentication is kind of a red flag.

AWS reveals it broke itself by exceeding OS thread limits, sysadmins weren’t familiar with some workarounds

Mike 125

same old

1: Not enough threads?

2: Configure more threads

3: backto 1

----------------------

1: Too many cars?

2: Build more roads

3: backto 1

-----------------------

1: Not enough cheap meat?

2: Burn the Amazon for more cows (see what I did there)

3: backto 1

Test and Trace chief Dido Harding prompted to self-isolate by NHS COVID-19 app

Mike 125

oh dear...

"Nothing like personal experience of your own products "

The implication being that's your first experience of it?

Way to go client-centred app design- that's nothing like it.

Tim Berners-Lee asks everyone to do new biz a Solid and let him have another crack at fixing the Web's privacy

Mike 125

>How is the pod protected against an attack from the server's manager?

Same way any site protects data: encryption and authentication. This guy's on board: Bruce Schneier.

Mike 125

It is not hosted for free.

"That leads immediately to the question of whether it would be hosted for free"

My data has value. Without my permission and even when I don't have an account, Facebook is stealing that value via industrial scale, surreptitious slurping.

If I had an account, I would sign a contract agreeing that Facebook hosts my data in return for its value.

In neither case is it "hosted for free". Banks claimed for years that their current accounts (checking accounts) are "free" and it was always a lie. Now that interest rates are approaching zero, they may have a case.

It's early days for this, but I've signed up. Tim's been banging on about it for a while, so give it a chance.

Remember when the keyboard was the computer? You can now relive those heady days with the Raspberry Pi 400

Mike 125

>If the product number is irrational

Raspberry π

Just cough into your phone, please... MIT lab thinks it can diagnose COVID-19 from the way you expectorate

Mike 125

Re: Useless

>I'm not going to spoil my indignation by actually reading the original to check!

Yea, I'm generally going with that too...

"For asymptomatic subjects it achieves sensitivity of 100% with a specificity of 83.2%."

'asymptomatic' adjective, definition: (of a condition or a person) producing or showing no symptoms.

Anyone else see a problem here..?

I call bullsh't, (but hope to be wrong.)

Remember the days when signs were signs and operating systems didn't need constant patching?

Mike 125

infinite dumb

> Windows 10

> Your device needs the latest security updates

> Can't download updates

> We couldn't download some updates.

> More info.

Good, because that's zero information so far.

"Opening Times (Customer Restaurant)"

Now we're talking.

How hard can it be to replace those 'helpful' Windows messages with a corporate banner, e.g. 'IKEA' on error? You'd think that would be standard behaviour for anything unexpected in embedded versions.

It would spoil Bork spotting though..

Family wrongly accused of uploading pedo material to Facebook – after US-EU date confusion in IP address log

Mike 125

Re: 11Oct16

>11Oct16

> it is unambiguous

No, that's biguous.

How is this so hard.

Mike 125

Re: FFS

England, London, Downing Street 10, The Blustering Blonde Balderdasher

"Hear, hear!"

And I agree.

Classy move: C++ 20 wins final approval in ISO technical ballot, formal publication expected by end of year

Mike 125

Babel

Languages.

Different hardware architectures => assembly.

Thin layer abstracting most of those differences => C.

Thinnish layer abstracting common OS features => probably Rust, Go etc., but nothing 'unsafe'.

Everything above => whatever maps best to the requirement. And that's the hard part.

But it's not C++.

As always, horses for courses.

A bridge too far: Passengers on Sydney's new ferries would get 'their heads knocked off' on upper deck, say politicos

Mike 125

competitive tendering

"Minns slammed the outcome as "another national joke" that ranks alongside "intercity trains that don't fit the track, or the 'Ferry McFerryface' fiasco"."

Wikipedia on a related ferry fiasco, care of The Rt Hon. Chris Grayling:

"The announcement that Seaborne Freight had been awarded the contract caused controversy after it was revealed that at the time contract was signed, the company had no ships and had never operated any. Critics also pointed out that the Port of Ramsgate would need to be dredged before services could begin and raised questions as to whether due diligence checks had been undertaken before the award of the contract.[14] By 3 January 2019 dredging had begun in Ramsgate."

On hearing about Transport for NSW's troubles, Chris Grayling was later heard to comment:

"Look, it's not a goddamn competition."

Pay ransomware crooks, or restore the network? Guess which way this city chose after weighing up the costs

Mike 125

Re: I wonder if...

> the possibility that the crims might just take the money and run.

Assuming they leave their calling card and have a 'reputation' to protect, that would be a fairly dumb strategy. It's no cost to them to follow through on the deal.

The victim's choice to pay is understandable, but supremely selfish.

Co-inventor of the computer mouse, William English, dies

Mike 125
Pint

Re: Revolutionary

"Doug Engelbart had the idea. Bill English did the engineering"

Add a dreamer to an engineer. Subtract a beancounter. Sprinkle some place and time. Stand back and watch.

It doesn't always work, but it's a damn good start.

Twitter says spear-phishing attack hooked its staff and led to celebrity account hijack

Mike 125

Re: Give us the method details!

Barry's a great guy. And I like to help people. What's wrong with that?

Twitter hackers busted 2FA to access accounts and then reset user passwords

Mike 125

insider trading

"the attackers successfully manipulated a small number of employees and used their credentials to access Twitter's internal systems,"

This is an attack from inside the security model. This is equivalent to an Intel processor side channel attack.

*Some* employees will always have access to tools which permit account access, at the very least enabling a credential reset. *Some* can modify system code! If those employees go rogue, or stupid, then it's game over. There's no mystery to that.

Fasten your seat belts: Brave Reg hack spends a week eating airline food grounded by coronavirus crash

Mike 125

Re: We should retain only minimal flights; no 50-mile jollie

>Do YOU decide what is a "jollie", and what is "essential travel"?

No, COVID-19 decides. And CO2 decides.

None of the shouty little kids like their nasty medicine, but sometimes they have to suck it up. Can't be much worse than "protein chunks in spiced slurry".

Oh crap: UK's digital overlords moot new rules to help telcos lay fibre in sewer pipes

Mike 125

"the UK government is examining the possibility of giving broadband firms access to more than a million kilometres of underground infrastructure owned by other utility firms: including electricity, gas, water, and sewerage networks."

Joined-up stinking.

Brit MP demands answers from Fujitsu about Horizon IT system after Post Office staff jailed over accounting errors

Mike 125

still up...

'Over 3.5 million lines of programming code were used tocreate Horizon's sophisticated functionality.'

"Wow. I mean like. WOW. I gotta get me some of that." thinks the suit.

Horizon

Software bug in Bombardier airliner made planes turn the wrong way

Mike 125

Re: At least..

This was a bug. It requires a fix.

Boeing MAX was a catastrophic, company busting, system design failure. And that requires instant denial, followed by total focus of company resources on defending it.

They can't outsource denial.

Turns out Elon can't control the weather – what a scrub: Rain, clouds delay historic manned SpaceX-NASA launch

Mike 125

I approve.

-Arm Launch Escape System

-Load Propellant

-Scrub Scrub Scrub

-Offload Propellant

-Disarm Launch Escape System

That's a good sequence. I like that sequence.

It was oddly gripping, partly because it's been a while, and partly because it's such a relief from the relentless idiocy of politics. At last: real people, doing a proper job, and doing it well. (You too NHS)

Roll on Saturday.

While waiting for the Linux train, Bork pays a visit to Geordieland with Windows 10

Mike 125

Re: Need a bit of Raspberry Pi action

>New versions need to be tested properly before roll out.

Ermmm... BORK?? You had me, up to that point. I think you'll find testing any new version or patch is generally... a good idea.

"but "we're about to upgrade all of our production machines to a custom Linux build to improve their stability and generally operate with more efficiency." "

Excellent!

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2021