Posts by teknopaul 1574 publicly visible posts • joined 11 Mar 2011
IMHO Actions is a bad idea it the first place. Apart from being badly implemented.
It's tempting, because 2fa and general Microsoft lockin techniques make github painful to operate from outside.
But in the end imho you want to run build locally, it's not really something that you need to scale randomly to something you can't handle.
Security is an f-ing nightmare if you try CI/CD, so you might as weel do your builds locally too.
Can you imagine having 550 million unhappy customers!
I mean. Out of the context of being employed by Microsoft. ;o)
The company I work for has essentially 100% similarly unhappy customers.
None of them want to upgrade to our 2.0.
They have working systems. The vast majority not connected to the Internet. And they want their code on these systems to continue working because their business has not changed and these forced upgrades are simply considered a rip off. Security, being touted as the reason the "have to" upgrade.
Despite happily running other systems of ours, sometimes 30 years past the managlement announcing official end of life.
They are right. Forced upgrades are a rip off. I wish out company would not do it. We have to look people we work with in the face at meetings while management tell this reoccurring lie. Our version 2.0s are as unwelcome as a new windows version on a working PC.
I think people should sue. It's a standard lie, but still it's fraud.
It not that they don't want to pay. They don't want to pay for 2.0 with "AI" support and 20gb of bundled bullshitware they do not need and only causes them headaches while hardware long out lasts the support contract and is still easily replacable with something faster and equivalent for their needs. .
Capitalism is failing us, because honesty is not a legal requirement.
Who said it was cloud?
"The incident refers to Red Hat's self-managed instance of GitLab Community Edition... Customers who deploy free, self-managed instances on their own infrastructure"
Ie not in the cloud. It not like Redhat even wrote gitlab.
If you put up an apache with insecure CGI I can't see that Apache org would be paying you ransoms.
Tbh the extortionists are likely to get nothing from this one. Certainly not from ibm who it seems lost nothing.
Some consults look red in the face.
Gitlab/redhat customers who put shit on the Internet probably didn't care too much about the markdown text documents specified. No?
If they did, the bad guys wouldn't be trying to make a media drama out of it. They would be trying to extort the data owners.
GDPR has nothing to do with this. Redhat are neither data owner nor broker. They provided 3rd party os software to someone who used it insecurely.
I know how that's done...
X25 links have a protocol that works like this
Fromaccount\n
Toaccount\n
Amount\n
Datetoday\n
Literally that. The protocol has a name I thinks it's edi.
No security, no check sums.
No support for \r\n, so that stops Windows hackers ;o)
But literally, you can clamp crocodile clips on wires outside banks and shovel cash around.
I know people who have done it.
All PCs and phones come with outbound Internet working a d the world keeps on spinning.
Cloud operators blocking the cloud access by default seems preset nuts.
Obviously people will have to enable it in everything that uses an Api of any sorts.
"Don't break userland"
They could ask and announce it over one year for example.
Secbods consider access denied to be fully functioning security.
Businesses consider sales and operating to be their security.
All this is fine while your customers are afloat and growing.
But when times are hard. Forced payments like this will send people out of business. They won't be able to tick over and not invest in the hard times. They will be more likely to shut down. You cannot exist without email these days.
It's starting to happen in the US. These bastards obviously don't care. But they might after it affects their bottom line and after the human impact is un recoverable.
Adobe behaviour is more significant to small agencies. But there are eplent of struggling SMEs at the moment. Microsoft _should_ care about keeping them afloat
Trump's pardon of Ulbricht is just nuts. He was found guilty of attempting to murder people.
I don't believe in life in prisonment ever. But that's for professional parole agents to work out.
Trump seems to have done it simply because he likes evil. He sides with the bad guy because he is one. And has no shame.
The idea of a camera, is often to make public, a place that's otherwise dark & dingy where criminals can lurk.
E.g they used to put mirrors on atms. Now they put cameras.
The idea that cameras are necessarily "insecure" because people generally can use them, is debatable.
I think publically accesible camera of public spaces _should_ be open to public viewing, and if they were, security in public spaces & scrutiny of security forces would be improved.
Security bods often mixup irl and oti security. It bugs me. They get paid to winge.
Does more stronger security forces make you more secure. Or do more eyes?
a tool with such a dizzying array of options you do actually need an AI to get across them.*
Nooo, you need a simple bash script. Quite literally that is what the cli is good for.
Bash is so poorly understood it pains me.
What you might find aí usefulfor is working out what the best compression settings might be for a given video, reducing the trial and error and retry loop.
I know/hope it was sarcasm, but still.
Gotta be github no?
Recent ou mished breaches in github actions perhaps?
I don't like gh actions. Running up a Linux build box is not a hard task. It would be hard to build an in house system less flaky, less safe or that required less maintenance hours by your devs than github.
Actions is great for open source projects that want to support Apple but don't want to pay 1000 buck for the ability to give apple stuff for free.
I'll bet this problem was doing CI/CD on a github or similar. Prod data in the build seems like it's already got security architecture problems. Whatever the "dev platform."
I really hope that ai eats itself. Throwing more data from already aí generated Internet may make this big beasts get worse. And Deepseek has shown a bit if intelligence goes a long way.
USA immediately banned the power cheap option because of national security, ahem.
But if more intelligence works, even in the medium term. All this spend might kill a few of the big boys.
Not only do they have to pay off the investment, but they have to pay a huge power bill and persuade people output is better than "intelligent AI", when it's starting to look like it really isn't.
Clever language, doesn't make up for brains.
Interesting takes some far.
But what do people think the real reason Trump and the AG are interested in Chromium for?
Trump is not thinking "hmm too much power in the hands of the few".
Trump has no problem with monopoly power abuse.
A search engine that no longer finds facts or figures and answers with weighted AI generated responses that make no pretence to be based on fact, is a powerful tool n the hands of the post truth government.
I would happily pay to not have that on my desktop.
What else would Trump be doing here?
Trump's corruption is no longer conspiracy theory.
Re "Regulators can't act on abuses that haven't happened yet "
Yes the bloody can! Sensible anti-trust regulation can and should be simple laws.
People act like it's only illegal if you get caught and us companies act like there is no right or wrong in business. Just the outcome of court cases. This os wrong in so many senses.
Regulators can and should make sane laws and punish to prevent them being broken in the future. Companies are not humans, you can kill them as punishment. And prevent wrong doing starting new ones.
USA is very very corrupt now. But don't pretend to yourself no other world is possible.
Had anyone invented a management twaddle LLM yet?
What I'm lookin for is something that can automatically answer
Have you finished yet?
With
"Coding phase is close to termination. We started the métrics gathering to assess completenes and help triage the requirements signoffs. Obviously we need to prioritise reliability and redundancy technical workflows...."
And about 500 words more.
Different each time they ask.
I dont have time to write that shit.
Input from me being simply: 1 or 0
I have faith that he is wrong and will be proven to be wrong at every turn.
He has wasted huge amounts of effort and 10 trillion dollars on tariffs. In 3 months.
Al his steps will be missteps. All his effort will be in denying, blaming others, vindictivness, and recovering from his own gaffs.
He won't have time to hurt anyone but his own.
That is exactly what happened last time. This time it will be more exaggerated.
Pillow guy lost millions. Elon Musk has lost hundreds of billions.
That will continue.
Just take one step back and give him a pistol.
But only if you can detect success. If you hash an md5 twice and the input is binary, or noone knows you hash twice (or 12348 times)? Md5 is as good as a barrel shift.
It bugs me that people think any use of xxx algo is "insecure", because Ive have had to rewrite chksums that use sha1: it was impossible to explain to security bods and managers what a chksum is.
Citation needed. I work with Ukrainian techies writing code for all the e wallet and financial transfers of one of our big customers.
We were on conf calls when bombs were dropping.
Nice folk, top tech, intelligent, well spoken fluent English.
Everyone worls from home since covid, natch.
All reported business is legal business, you cant count the black market so your presumptions are slightly rude to a people fighting for their lives, their independence, a hope of joining Europe economic union, and being treated decently by neighbours.
They are much better at using tech and brains for war, than their invaders, which are just throwing scared kids with guns at them. That has been widely reported and I believe it to be true.
Oh and don't forget the litteral king. Who is above the laws and signs all new ones. Owns personally one 3rd of the land and pay no inheritance tax.
Beheaded his unfaithful wife and ostracised his bastard son because he married a black girl.
That is what the UK looks like from the outside. And brits think thats just how it is and wave flags when ever he passes.
Outside the UK that is called systemic corruption by a family, that for 1000 years, has never had to face a court of law.
Brits call it simply "history" ;)
I don't think you realise how corrupt the West is and UK in particular. Nigel Farage has a private company for a party. Tories rinsed billions, openly. Torys peers swanning a round in stolen yachts. Met police have done murders. UK banks run massive laundering operations for the world...
All normalised and never called " corruption " by the press which is told what to say and when.
This is all taken for granted in the UK that they will get away with it. China has the death penalty goes for guys at the top with these pseudo death penalty things where they don't kill you but they jail you without communication to the outside world for a year.
Be great if my Samsung TV could tell my Samsung washing machine that now is not the time to play 60 seconds of screeching folk music to celebrate finishing a load.
Anyone know where the speaker is located for a fortunate accident with hot glue?
Is it too much to ask that appliances deaf and dumb.
Ai is very good at translating between languages.
UK has a huge advantage from speaking English and AI will undoubtedly _reduce_ that advantage.
Human written code is written in more or less English. So are code docs, blogs and manuals. Aí written code does not require native English input. Understanding and correcting /debugging aí written code is easier than writing it.
Not sure the English hemegomony it it will last much longer. Especially if the Chinese are forced to develop on their own.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
