Posts by kosh 61 publicly visible posts • joined 9 Apr 2011
systemd-free Devuan Linux hits version 1.0.0
You're mistaking hate for indifference.
If you have such a lousy 'net connection, why aren't you using a download manager? It'll make life much more bearable. And use a local mirror. https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mirrors-ftp.html
You'll find this a more productive solution than complaining on the Internet.
We don't actually need tech companies at all for messaging. Why harp on about Apple and WhatsApp? Just use a distributed/federated protocol, like XMPP with OTR or whatever you need. The tools already exist for strongly encrypted, decentralised anonymous communication.
Of course VMware would much rather you used their storage management and got all nicely locked into their volume formats at so forth.
Because why would you want to use anything native to your storage array? What do you mean, "some of your stuff isn't in VMDKs" ? I hope you don't use bare metal servers. Please call our sales staff immediately.
This is crap. Not only have Paypal signed their domain, but they also defer email for you if your domain signatures don't validate.
Are Paypal not a "big e-commerce site"? I guess not if you're Secure64 pulling a marketing angle for credulous journalists. But they handle most of the payments for eBay, which is the big name trumpeted in this article. So, er ... oops.
Hint: querying PR flacks isn't "checking the facts".
Needed to be a distributed federation (a la email or xmpp) to kill facebook. But then Google wouldn't control the data, and we can't have google without big data, can we?
On the bright side, this post prompted my monthly visit to G+.
On the downside, I find myself actively avoiding posting, since the death spiral means I'll just end up having to rescue the content later.
This attack is prevented by DNSSEC chains of trust. Just because Verisign sign the root and .com, doesn't mean they can undetectably fake a response from further down the tree, because they don't have the keys for that.
They could sign a false delegation, in which case it would be instantly detectable because it wouldn't match any other published delegation data.
You could execute this attack on a single target, assuming you can sit inline with their IP transit and spoof DNS responses from the listed nameserver, but that isn't SOPA.
Finally, no-one owns the root key. You should take a look at the root signing ceremony. That's quite of list of people you'll have to compromise. Have fun working out how to hack it.
Probably troll, though. I have met recruiters this arrogant, but they're not this eloquent.
There are two messages in this pieces:
1. Write your CV with the audience in mind.
2. Hire direct (as I do, using my network) - recruitment agents add no value.
However, it doesn't need this many words to deliver, and the attitude dulls the edge rather than driving it home.
You've missed the point in a rush to be negative.
I didn't suggest including certificates in DNS. The suggestion is to include a hash of an existing certificate in DNS, then sign the hash, to provide an additional avenue of verification.
Your point is also made by Marlinspike but he then goes to on to promote Convergence as the dynamic, personal-choice layer (using notaries) building atop multiple functional trust layers. And this DNSSEC mechanism is actually one of them, and he even suggests it in the Convergence talk.
You've also taken the client-side perspective. From a server operator point of view, clients using DNSSEC protects you against *everyone who isn't Verisign* from issuing certificates in your name. No wonder Google are interested (see DNSSEC stapled certs in latest versions of Chrome).
Finally, DNSSEC supports DLV if you don't trust the root. In other words, it already has look-aside notaries.
We can't fix the burgeoning sprawl of CAs -that horse has already bolted.
However we can create a second validation of every certificate via DNSSEC, which means a counterfeit cert becomes detectable by failing a positive check. This is better and easier than the negative OCSP revocation checking that we currently do, or at least it will be when everyone's recursive resolver supports DNSSEC.
Unfortunately the IETF has two groups (DANE and PKIX) both working on this in parallel and there is not yet clarity over which DNS record to use or how. However, the DANE group has just published their scope RFC (http://www.rfc-editor.org/rfc/rfc6394.txt). So there is progress.
Not only have I read the specification but by referring to it as "tunneling" I am quoting it. You can't split the difference between tunnels and encapsulation; the latter is simply the wire format of the former concept.
The truth of the matter is, a man was once faced with problem. A network that wasn't quite numbered how he liked it for a clean topological separation. "I know," he said, "I'll use a dynamic mesh of self-discovering tunnels". Now he had two problems.
Having done so frequently in the past, I am not currently recommending NetApp to my consulting clients; for three reasons:
1. They've totally dropped the ball on delivering the shared-nothing cluster capability in OnTAP 8.x. It is way behind schedule and the release is looking half-baked. Whether the development group has run into insurmountable technical difficulties, lost some key talent, or suffered from BigCo processes (rather than being allowed to innovate like a startup) I cannot say but I fear a mix of all three.
2. The management UI has always been crap and despite repeated promises to develop a high-quality modular interface, it remains crap. I think they hired too many developers with a Java Enterprise background. Oops.
3. Even with VAAI the integration with VMware remains saddening. It's so easy to imagine array-assisted snapshot/clone integration for zero-copy backups & VM management. The prospect remains unfulfilled, unlike in Citrix/Xen land. VMware shares the blame for this but with the HQs twenty minutes apart I remain unimpressed by VAAI.
Alone I guess my recommendations haven't contributed more than a few $m to NetApp's net worth, but other like-minded infrastructure consultants may be expressing similar concerns.
I'm trying to think of two companies I'd less like to do business with again.
Telstra, who I have repeatedly seen bring their toxic internal culture to customer engagements from $5m to $50m. Accenture, the team that taught me the phrase "justifiable non-delivery".
I wouldn't touch this unholy marriage with a ten-foot barge pole.
Article is pandering to switch vendor marketing without any critical thinking.
Article is downright wrong.
Flat layer 2 networks have horrible scaling, security, managability and reliability characteristics, all of which get solved by layer 3 segmentation. Not by reinventing the layer 3 wheel at layer 2 (c.f TRILL and other half-arsed horrors)
Just because your virtual OS is running as a VM doesn't mean you don't have to reboot it. A great many applications are still very stateful - you can't just pull a host out of a pool.
Moreover, if you are selling shell logins or zones then live kernel patching is a great thing to have.
Of course, rootkits have been doing this for donkeys
Let me get this right. VMware's vision of the future is to have a database, an app server, a message queue and so forth, all running on top of a "hypervisor" that mediates shared disk, memory, cpu resources?
Can anybody remember what the definition of "multi-tasking operating system" was?
D'oh, because we're reinventing the wheel.
If a business owner can just finding cheaper hosting elsewhere, they will. The resulting feral IT is wholly uncoordinated with other systems.
The result: fragmented services that don't integrate or interoperate.
So don't take on pay-as-you-go scheme. You can still pinpoint inefficient users through cost reporting.
... They look good in my house
... I'm a UNIX hacker and this is the best desktop *nix by far
... I can afford them
... I can still use Windows apps if necessary. Bootcamp, Crossover, Fusion, Citrix, View depending on where I am.
I dream of being able to justify them in the enterprise, but Apple's entire operational strategy is geared against that (even with the chunky discounts and embedded support guy they offered me on the quiet). They remain harder to integrate and manage en masse vs PC clients, and there's no line of DC-grade servers.
How is that "bad at security"? Bad at security would've been leaving the vulnerable forum code running.
It's not wrong to be vulnerable - all systems are. What's wrong is allowing glaring problems to fester.
I'd hate to be CCP. Browsing the forums reveals they have some of the most awful, ungrateful, childish, self-serving customers. Add in that EVE is a haven for real-money-traded russian & chinese goldfarming, and I'm not surprised they get owned, and quickly how la.
It's an over-engineered mess. The cloud: a way to abstract DC resources and run multiple applications across an arbitrary cluster of hosts.
So, uh, like processes running on a kernel.
Virtualization solves a problem only Windows ever had: software co-existence. But not even DLL Hell is a problem anymore.
So why do the likes of BNP rate it a success?
1. The provisioning tools are really simple (this is why VMware beat Xen), and
2. It is really easy to describe to CIOs whose last hands-on was with COBOL.
As for chargebacks, the psychology and economics are disastrous. Shame on the register for even suggesting that internal markets are a solution, not a problem.
So we should hire for versatility and imagination, not certification.
This is as true now as it has been for the last forty years. The "cloud" is irrelevant. Indeed the so-called cloud is not a new computing model either. It's just bureau computing, rehashed with a better abstracted data model and horizontal rather than vertical scaling.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
