* Posts by oldtaku

246 publicly visible posts • joined 18 Aug 2011


China’s GitHub clone makes all repos private pending mysterious ‘review’

oldtaku Silver badge

It's definitely the second - probably especially about Shanghai

Chinese citizens have been sharing stories that get immediately censored on news or socials via git. Like when officials beat up an old lady to take her property, the usual stuff that happens every day. Or right now, how bad the Shanghai covid lockdown really is and how incompetent the government's response has been - Shanghai has a lot of tech savvy people.

Jeffrey Snover claims Microsoft demoted him for inventing PowerShell

oldtaku Silver badge

He should feel kind of ashamed

Yes, it's what you do admin things in on Windows, but Powershell was such a lost opportunity. It was obviously designed by someone who'd never used *nix and therefore made all the same mistakes as its shells but learned nothing from some of the great design decisions. In an ideal world Powershell would have been an object oriented tcsh (or zsh, bash, whatever your oshi is), like C# improved on everything Java, but instead it's just another clumsy mishmash of inconsistent design and baffling omissions. It's better than DOS BAT, I'll give it that.

Heresy: Hare programming language an alternative to C

oldtaku Silver badge

Not seeing the advantages over Rust

Rust is actually buffer overflow safe, memory safe, fast, and the syntax is no more different than C than this is (and Hare has some really awful syntax). Rust has far more libraries available. Yes, the default statically linked Rust binaries can be huge, but that's a linker issue (as with gcc/glib) - if you use the right flags Rust will happily spit out a 300 byte static binary by having the linker toss anything you're not using.

Hare might end up being a bit faster if you're really leaning on things that take more time in Rust (like dynamic memory management), but if I really need that extra 5% performance for tiny tight loops I'll just write it in C. I always write in the laziest possible language for some bit of code because it's faster to write, much easier to maintain, and the big gains are all algorithmic.

Remember D? That was better designed, and I'd use that over this too.

Microsoft fixes Point of Sale bug that delayed Windows 11 startup for 40 minutes

oldtaku Silver badge

Re: unbelievable that ANYONE thought that W11 was remotely needed for a till!

If you'd every worked on POS systems as an implementer you'd know it's the same reason why gaming is overwhelmingly Windows - devices just (mostly) work. And the problem is far, far worse on the POS side even than on the gaming side.

You can have a POS system, the printer goes bad, so you just plug in a new printer - even if it's not the same model Windows finds it and uses it. Adding new printers to a linux system is still a crapshoot. Now add in an incredible range of scanners, scales, cash registers, interfacing with the payment system, etc. etc. Windows handles a lot of this transparently while there aren't even Linux drivers for most of these.

Of course that's a chicken and egg problem, but one that Linux has never really cared to solve (or has tried to in various incompatible ways). And that's why people use Windows on POS. Even if you do have to reboot the damn things every morning, the support load is much less.

Now is there any excuse for running Windows *11* on these things? Not yet.

Insteon's vanishing act explained: Smart home biz insolvent, sells off assets

oldtaku Silver badge

Status page is now gone

The system status page you refer to at the end of the article is now just gone. No 'sorry, it's all shut down', it's just 404 now. They're being corporate wankers to the very end.

At last, Atlassian sees an end to its outage ... in two weeks

oldtaku Silver badge

Cheers to that guy who hit the ENTER key!

I've certainly done some eff-ups, but nothing that comes remotely close to this scale.

Any fool can write a language: It takes compilers to save the world

oldtaku Silver badge
Black Helicopters

Re: C of the '80s

I'm sure he's referencing things like the PC side, which had monstrosities like Microsoft C, which was based on Lattice C and was not K&R. Later on they made it K&R compatible (breaking back compat), but it was still a stupendously slow, buggy, piece of dog crap. There was also Watcom C (similar, though less buggy, but slow). Then Turbo C for PC came along (which was re-branded Wizard C) came along and kicked everyone's ass. These were all incompatible with each other unless you stuck to the barest of bare bones C.

So yes, it was somewhat about the systems you were forced to code on. Things were better on the UNIX side. But if you weren't in academia then it was hard to ignore the PC market in the late 80s, even if your company had some UNIX as well.

Nor was 'UNIX' a complete panacea at the time. Various vendors like HP and IBM were busy perverting things with abominations like HPUX and AIX. You couldn't just download, compile, and run anything but the simplest standard UNIX C applications on these. Almost anything needed tweaking or, god forbid if it had a GUI component, major hacks.

Expect 'long tail of cyber retaliation' from Russia for sanctions, says ExtraHop CEO

oldtaku Silver badge

They were aleady doing it, just a matter of scale

Putin's hackers were already attacking infrastructure, stealing data, stealing money, and breaking things globally before the invasion of Ukraine (since breaking things is all Putin's Russia can do).

This will be kind of like a COVID spike.

IT blamed after HR forgets to install sockets in new office

oldtaku Silver badge

I want to believe, but...

I've seen enough @#$% to believe the first part of all these Just So Stories, but given that I so rarely see biblically appropriate justice handed out, if ever (especially because enterprises are so dumb, by definition), I can no longer enjoy the tacked on 'and then there was a deus ex machina, and all the badguys got their comeuppance' bit. It just doesn't seem plausible.

I'm mostly bemoaning my own cynicism from having Seen Too Much #@$%, so if you want to believe this please do, but also think about what a company is like and whether a random executive would actually do a 180 pivot from something a random mob character said.

And looking at the other comments this seems to be the norm: the first giant f@#$up part happened, and then nobody was actually held accountable.

Google's DeepMind says its AI coding bot is 'competitive' with humans

oldtaku Silver badge

Sure, it'll beat outsourcers

Since most humans 'coders' are terribly educated and can only search Stackexchange for code snippets, then blindly copy and paste them and randomly beat on them till there aren't any syntax errors (and/or post replies to said same Stackexchange threads begging people to do their work for them), then yes, this is a decent advance on having to hire bottom-tier programmers who should be in another line of work anyhow.

It's not a threat to anyone competent, and having read the pre-print I don't feel threatened at all - heck, I welcome it. The non-thinking but painstaking accounting crap is far too much of the job and I completely welcome automating that away.

Nvidia promises British authorities it won’t strong Arm rivals after proposed merger

oldtaku Silver badge
Thumb Down


You can trust them as much as Facebook

National Cyber Strategy will lead to BritChip for mobile devices by 2025, claims UK.gov

oldtaku Silver badge

security 'features'

"The BritChip will, so the strategy says, contain UK-designed security features – though it didn't go into depth about what those might be."

The biggest security feature the UK (and the FBI) want and have been fighting for for over a decade is the fabled encryption that the Home Office can easily decrypt (but only when Bad People are using it) but no bad guys can possibly exploit. That is of course impossible, but I would bet you my bottom dollar it is somewhere on the complete classified list.

Mars helicopter mission (which Apache says is powered byLog4j) overcomes separate network glitch to confirm new flight record

oldtaku Silver badge

Safe as long as the trolls don't have space internet access

They do have a space internet running, with TCP/IP optimized for the crazy long round trip times, but it's safe as long as the Chinese, Iranian, Russians, Norks, 4channers, or other purely malicious trolls can't get at it. China might not bother since there's not much IP they could gain from hacking Ingenuity, but Russia would do it from pure spite since destroying nice things (like the ISS) is all they can do now.

Of course someone's computer at JWP is probably on both Worst Internet (our normal internet) and Space Internet, so I sure hope they have things firewalled well and there's nowhere for the jndi query to go.

At least the rover is running VxWorks, so that's pretty solid.

More than half of UK workers would consider jumping ship if a hybrid work option were withdrawn by their company

oldtaku Silver badge

I definitely will quit

If my workplace mandates physically going back to work 5 days a week I will quit. If they mandate going back to work more than 1 day a week (or as necessary, I'm always willing to go in if necessary), I will quit.

I'm demonstrably more productive from home. And being in tech, I get 5-8 job inquiries a week, so finding a new job will not be a problem. There is absolutely no reason for me to go back on a daily basis other than for management to pretend they do something useful, and I'm not going back to those dark ages.

Russia blows up old satellite, NASA boss 'outraged' as ISS crew shelters from debris

oldtaku Silver badge

Burning down the jungle gym

The end of life of the ISS is approaching really fast. Russia's space program is a joke. And since Russia's only function in the modern world is to destroy nice things and drag everyone else down so they're as bad as Russia's kelptocracy, starting their own Kessler Syndrome to render near earth orbits unusable so nobody else can have things in space either would be entirely consistent with Putin's Russia.

Blizzard co-leader Jen Oneal leaps into escape pod after just three months in the role

oldtaku Silver badge

Oh yeah, I am hopeful as all f@#$

'I am doing this not because I am without hope for Blizzard, quite the opposite – I’m inspired by the passion of everyone here, working towards meaningful, lasting change with their whole hearts'

Oh yes, I am hopeful as f@#$ - but by jaysus, this is too nasty for me to deal with, adios! Thoughts and prayers (snicker) for you all.

But seriously, I don't blame her - she was the only decent person in management. The other execs at ABK refer to employees as 'human capital' (no joke). And I'm sure in private they use 'human cattle'.

For her career she has to say good things while fleeing the sinking ship. But it's unfixable, and I think she's pretty smart to not go down with the unfixable ship.

You've heard of HTTPS. Now get a load of HTTPA: Web services in verified remote trusted environments?

oldtaku Silver badge

Yeah, nice marketing

I might be more interested in this if it didn't come from Intel, a company that constantly skimps on security in order to market segment (they're the reason consumer computers don't have ECC by default), whose 'security' features just open up buttloads more security holes (IME), and are desperate because they completely botched the last chip transition.

And the whole 'trust' thing seems pretty easily fakeable by bad actors anyhow.

US nuke sub plans leaked on SD card hidden in peanut butter sandwich, claims FBI

oldtaku Silver badge

War Thunder is a top leak spot

This isn't even the first time people have posted classified docs to the War Thunder forum over dick-swinging about how things should Actually be.

The one you posted was about France's Leclerk tank, but just months before a commander of the UK Royal Tank regiment posted pages from the Challenger 2 tank manual in the forum to support his bitching about the tank mantle. Cue the UK Ministry of Defense getting involved. https://www.pcgamesn.com/war-thunder/challenger-2-classified-documents

Meanwhile, here these geniuses are smuggling SD cards in peanut butter sammiches and then trying to sell the info on craigslist.

Microsoft sinks standalone Hyper-V Server, wants you using Azure Stack HCI for VM-wrangling

oldtaku Silver badge

Working as intended

Any confusion in the naming and licensing is entirely deliberate. It's a standard technique for shitty enterprisey crap to confuse you to where you don't even know what you're buying or what you even need to buy and just sign something to make the problem go away.

It's something Oracle and IBM have used forever and it's sad to see Hyper-V go that way. But like the article said, not being assholes wasn't winning them enough market share. So now it's time to be enterprisey.

Microsoft's Cloud PCs debut – priced between $20 and $158 a month

oldtaku Silver badge

Not great pricing, but they'll get the Office people.

$20/mo will get me a very snappy 4 GB RAM, 2 CPUs, and 80 GB SSD at DigitalOcean, who have a much, much more polished environment which makes it easy to deploy, hibernate, and remove VMs, group them, add volumes, tack on databases and extra storage, has great monitoring, etc. I'm sure you can get it even cheaper, but this is an example for a plush ecosystem.

But Microsoft Cloud PCs are after the corporate customers who only know how to do Windows and Exchange and Office, are used to terribly clunky configuration, and aren't that concerned about price (to say the least). I'm guessing they'll do just fine with this.

US Surgeon General doubles down on Facebook-bashing amid vaccination information blame game

oldtaku Silver badge

Completely true - Facebook allows and encourages anti-vaxxers

He's totally right. My Mom is on Facebook (noooo), and it's just awash in the anti-vax stuff. And Facebook, contrary to whatever they may say (they have always been lying a-holes), actively shows her and everyone else this crap because they know it increases engagement. I'm lucky I got her vaccinated months ago before she saw too much of this.

Yes, it's the dumbasses and cynical bastards on the left and right who are producing all the content, but Facebook is deliberately disseminating it because that helps them financially. Anything they claim to be doing to halt the spread is just covering their ass. They'd grind live kittens into blood meal if that were profitable. And spreading anti-vax information is profitable.

Security warning deluge from 'npm audit' is driving developers to distraction

oldtaku Silver badge

99% false positives is worse than nothing

You need below 5% false positives at the very worst, 1% is better (0% is impossible). Remember when Windows implemented UAC and programs triggered it every 5 minutes (because they weren't UAC-aware at the time) so everyone just turned it off because it was worse than useless? This is like that. You're not even going to notice a legitimate security issue in all the spam.

Eventually, if npm is actually more interested in making it useful rather than revenue enhancement, I think this can be largely mitigated. It's just a retread of what's been done before with compiler errors/warnings and lint errors/warnings though most of the JS people may have no idea what that even means or that this is hardly a new problem. The compiler (checker) gets better at deciding what's a real error and what's just a warning, the package authors get better about adapting their code to the compiler (checker) - which usually always results in better code - and then you get the option to manually disable specific things for specific packages. Just getting rid of the cascading errors (where a single thing generates 20 errors) would be a big start.

You wait ages for a neutron star and black hole to collide, then two pairs come along at once

oldtaku Silver badge

Re: Lies, damned lies, and statistics...

As long as we see it once a month there's no reason to think the recent past (1Byo is relatively recent) was substantially different from the present. It should still be cranking on at about that rate even if we're only still seeing the old ones.

If you went back 13By it would be a different story, but not a 'mere' 1By.

Indian police visit local Twitter HQ after government spokesperson's tweet labelled as 'manipulated'

oldtaku Silver badge

Re: Totally Manipulated

They don't have to have direct orders.

As with Trump, the whole point is to have legions of sycophantic goons who will do your bidding as long as you just wink in their general direction, thereby demonstrating what loyal asslickers they are.

Trump was quite good about never actually explicitly telling anyone to do anything bad. For instance, in his speech before the US capitol invasion he told them 'you need to fight' 'to save the vote' two dozen times, but he never actually told them to go invade the US Capitol and kill people, so later on he could deny all culpability and even call them traitors, throwing them under the bus. When he called the Georgia's Francis Watson to get her to produce fake votes that would let him win, he never actually told her to do it, he just strongly hinted that it would be a good thing if she did it and she should do it. Thankfully, she had a spine.

Modi is in a stronger position. The police know where their bread is buttered now and will move with crushing force over any legitimate criticism of the regime. Even when Modi himself is hiding in a bunker now, curled up crying and licking his balls out of sight like he does any time there's a crisis.

oldtaku Silver badge

Totally Manipulated

Twitter is absolutely in the right here. Modi's government are complete lying sacks of shiat, and nearly everything they say is a lie (sometimes the BJP does accidentally tell the truth).

It's the same gameplan as with every other country run by a populist, racist, incompetent angry toddler. India, the US (last year), Brazil, the Philippines, Russia, Britain (now saved by aggressive vaccination), Belarus, Hungary, plus too many in Africa to list.

These governments spend more resources on crushing critics and media than fighting COVID-19 because they've already declared that COVID-19 is not a problem and we should all have our unmasked religious festivals where we all french kiss each other because God will protect us.

Narenda Modi is an aggressively evil, incompetent tyrant, and he's unleashed the full might of his normally useless, ass-kissing sycophants in the Indian government to crush any dissenters so hundreds of thousands of more Indians can die as long as he can cling to power.

Surprise! Developers' days ruined by interruptions and meetings, GitHub finds

oldtaku Silver badge

Two meetings a day? That's still crazy.

Okay, some days you will end up with two meetings a day, but if you have that every day your productivity is just destroyed.

Every meeting is a one to two hour stick into your eye, destroying all motivation with their crushing repetition and boredom (good meetings do not do this, but good meetings are rare) and it ruins you for at least a half hour before and after, because before you can't start anything useful, and after you're just completely unmotivated and need to get back into your problem solving headspace.

Just personally, my real productivity is probably about 4-5x higher on days where I have no meetings at all. And most meetings aren't getting any real work done - it could all be done via email - it's just because managers have nothing better to do.

Arm freezes hiring until Nvidia takeover, cancels everyone's 'wellbeing' allowance

oldtaku Silver badge

This is a good idea

This is probably a good idea... because NVidia doesn't give one f@#$ about your wellbeing, whether you're a customer or an employee. All Jen cares about is profits at any cost, no matter how many defective solder joints it takes. Get used to being a just a crunchy cog in the wheel of profits, you pathetic worms.

Watchdog urges Tesla to recall 158,000 Model S, X cars to fix knackered NAND flash that borks safety features

oldtaku Silver badge

Kids today

... don't understand that you need to do wear leveling. Though it sounds like they finally use it in one of the updates.

From per-processor licensing to... per-follower? Oracle said to be in talks to buy TikTok’s US operations

oldtaku Silver badge

Oh yes, PLEASE do

If there's any company that can kill TikTok faster than Microsoft with sheer boomer corporate uncoolness and evil suit stupid, it's Oracle.

(I know it'd only be the US operations, but you take what you can get).

Notepad++ website sent to China's naughty step after 'Stand with Hong Kong' software update

oldtaku Silver badge

Re: Column editing

Hello from the gutter.

oldtaku Silver badge
Thumb Up

Good for Notepad++

And since it's free, he can afford to say Eff You to the biggest market in the world when that biggest market is an oppressive dictatorship.

I just sent him $20 as a donation, from the website. I've donated before, but I've also gotten way more than $20 worth out of it.

He should probably watch out for 'anonymous' hackers, though.

US Health and Human Services targeted by DDoS scum at just the time it's needed to be up and running

oldtaku Silver badge

At Just the Time

This is exactly when you'd expect the Chinese, Russians, and Iranians to hit it for maximum chaos. No surprise there.

ExoMars team delays 2020 Red Planet road trip after failing to complete all necessary testing

oldtaku Silver badge

I admire the ESA's commitment to having this mission crashland in only the best condition.

Having trouble finding a job in your 40s? Study shows some bosses like job applicants... up until they see dates of birth

oldtaku Silver badge

Cost and Abusability

Older workers generally have better job skills, better planning skills, and better personal skills (on average, there's always that guy) than younger workers, so this comes down to two things:

- Cost: You can pay younger workers less

- Abusability: Young workers are just willing to completely exploit themselves with crazy (usually unpaid) overtime for the supposed good of the company. Older workers have learned their lessons and are less likely to put up with that.

At some point in the hiring process you're going to run into the first problem, if not the second. Though at the end it sounds like he's admitting this really only will work for low-skill fixed price positions.

$13m+ Swiss Army Knife of blenders biz collapses to fury of 20,000 unfulfilled punters

oldtaku Silver badge

Stop backing gadget products, you twits

Book projects generally work out, and physical game projects (though there have been a couple spectacular failures) because producing books and boardgames is a mostly solved problem.

On the other hand, producing an unproven gadget is incredibly risky (as are video game projects). First, making prototypes is fun and easy. Making a production ready design and production line is anything but - suddenly you have to worry about whether that hinge can open 50K times without breaking. During R&D you just swapped out motors when one burned out - you can't do that now, all motors have to keep working. Oops, that molded plastic you used scratches really easy. Finding, characterizing, and fixing each of these things takes time. There are just dozens or hundreds of slow, tedious issues for anything you want to productize. As an engineer I've done it lots of times and it's always miserable and more work than you expected.

Second, if you get enough orders to require third world production, dealing with China is a major nightmare - I haven't had to deal with others like Vietnam but it's probably not hugely different. You might naively expect you can give them the BOM (Bill of Materials), Solidworks files, and instructions. Oh no. First you have to find someone to deal with. They will all promise you to the world. Then there will be lots of flying and calling as you laboriously explain various things and realize they haven't really understood or looked at your schematics, and they will explain to you they can't get these parts, or this part can't be manufactured like that. Lots of expensive prototypes and production test runs.

Then, and this is the worst part, even when things are working perfectly they will decide to randomly swap things without telling you. We had an entire run of printers die in weeks because they quietly changed one of the motors with a cheaper one to save and pocket 5 cents per unit. *To pocket a 1 cent saving per unit, a Chinese factory owner will happily make changes that can kill people* - I've seen it happen! They will be completely lax on quality control because they can use cheaper/fewer workers and send you batches with half the units defective. They will run your production line to make no-brand Chinese knockoffs they will sell cheaper than you. They will sell your design to other Chinese companies and prioritize them so the knockoffs are out before your product. The only way to deal with all this is to keep a manufacturing expert out there all the time to babysit - and best if they speak Chinese. Do you know someone like that?

So with all that, never back a gadget product unless it's a VERY minor refinement of an existing shipping one. And even then, why not just wait for it to be sold as a real product? So you didn't save 20%, one failed project will wipe out five of those.

Is HONK nothing sacred HONK? It's 2019 and an evil save file can pwn much-loved HONK Untitled Goose Game

oldtaku Silver badge

How it might work

How the heck can a save file run arbitrary code? Well, I haven't looked at this vuln in detail, but there's a known class of exploits that affects almost any framework that allows you to deserialize arbitrary classes, like PHP, C#, Java, Ruby, etc etc.

- Find a class in the program which does something in its Dispose() method (called when the object should release its resources), say the HonkBonk class.

- If the Dispose() method includes a callback, you're wide open, but there are several things you can exploit.

- There are a lot of .NET classes too, you can abuse those as well as the program's own classes.

- In your malicious save file you put a saved object for the HonkBonk class - for the callback field, put a lambda with your arbitrary code.

- Program tries to read the SaveData class from the save file

- Instead of the SaveData class, the BinaryFormatter sees a HonkBonk object - it creates it (it's a known class!) and reads the fields into it

- When the program tries to cast HonkBonk object to SaveData class, this fails, so you get a cast exception.

- The HonkBonk object is 'lost' (there are no references to it)

- The HonkBonk object gets garbage collected

- Dispose() is called on the HonkBonk object

- Your arbitrary code is executed

- * HONK*

You can use the SerializationBinder in .NET to stop it from attempting to handle completely arbitrary data.

Q. Who's triumphantly slamming barn door shut after horse bolted at warp 9? A. NordVPN

oldtaku Silver badge

Remote Management SYstem

'Creanova said NordVPN knew the remote management system was installed and that NordVPN failed to lock it down. NordVPN claimed it had no idea this God-mode-level access was present in the box'

I know exactly how this probably happened, been there before. Someone from NordVPN wanted access to the box to debug or install something and used TeamViewer / VNC / whatever. Then they finished and didn't remove it. 'NordVPN' knew, but only that one guy knew - and he forgot. And nobody else at NordVPN had any idea. So you've got an old version of [remote access program] sitting there and someone compromised it - for instance, remember that big rash of TeamViewer hacks about two years ago?

Microsoft says .NET Framework porting project is finished: If your API's not on the list, it's not getting in

oldtaku Silver badge

Re: No WinForms?

Ah, thank you for that. That'll be good enough for us in-house then (all the linux stuff is headless servers).

oldtaku Silver badge
Paris Hilton

No WinForms?

Has WPF gotten to the point where you can just slap together a simple utility like WinForms? I know you can make stuff prettier with WPF, and there are some database-driven scenarios it makes easier, but the Java-like amount of crap needed for simple stuff, like 14+ lines of code and/or XML just to change the color of a DataGrid cell made it painful for doing simple things. Basically, it was Enterprisey. But that was years ago.

Hundreds charged in internet's biggest child-abuse swap-shop site bust: IP addy leak led cops to sys-op's home

oldtaku Silver badge

Bitcoin anonymity

If there's one little ray of sunshine in this sickness it's that they caught the other guys because they were using bitcoin. I guess it really is good for something!

Chemists bitten by Python scripts: How different OSes produced different results during test number-crunching

oldtaku Silver badge

Re: Science

That's the wrong response. You have to make sure that if there's some STRONG assumption in your code, like the ordering of files, that you enforce that.

If you only run the same hardware and OS every time then you might miss that it's completely wrong because you're making the same wrong assumptions every run.

oldtaku Silver badge

I think they're deciding which OSes 'failed' wrong.

If your algorithm really depends on random files being loaded in some specific order you had better make dang sure you sort those file names before loading.

I think this has less with what OS you're using and more with how you copied the files into the directory. If you unzipped a file you will always get the right results, because the files in a zip have a fixed order, but if you checkout the files from your repository, or checkout then copy them to a directory the order may be semi-random.

For instance they claim Windows 10 worked right here, but I know from experience that python glob on Win10 can return a different order depending on the real (non sorted) order of files in a directory. They just got lucky when they did it based on how they got those files there.

Game over: Atari VCS architect quits project, claims he hasn’t been paid for six months

oldtaku Silver badge

Anybody who backed this thing doesn't deserve to get their money back. It was completely predictable (and predicted) from day one.

oldtaku Silver badge

It's not really Atari

Yes, legally it's Atari, but this is just Infogrammes wearing the dead skin mask of Atari and continuing to crap on its name.

Also, backers have nobody but themselves to blame on this one, it was obviously a shitshow from the very start.

Father of Unix Ken Thompson checkmated: Old eight-char password is finally cracked

oldtaku Silver badge

Re: few days?

The article is pointing out that the advice is STILL to use 8 character passwords (minimum). Which is a terrible recommendation. You need a lot more than that.

As many as 100,000 IBM staff axed in recent years as Big Blue battles to reinvent itself from IT's 'old fuddy duddy'

oldtaku Silver badge

'Excited about IBM'

'so there's clear excitement about IBM's strategy and direction for the future'

There is nobody excited about IBM's strategy or its future. Maybe a handful of execs. But if you're going to IBM it's because a jerb is a jerb.

One teeensy little 13-minute power cut, and WD you look at the size of that chip supply cut!

oldtaku Silver badge

Just 13 minutes

If you're wondering how they lose $600M of stuff in just 13 minutes, I do vacuum engineering work (as one of the hats).

Generally a setup like this is miles and miles of 'robots'. Not humanoid, but hexagonal with a chamber on each side. Each chamber exposes the wafer to things to build it up (gold), things to etch it, things to cure it. You roll up some wafers, the robot in the center moves one into chamber 1, does a process, then moves it from 1 to 2 and puts a new one in 1, etc, till all of the wafers have gone through the station and are ready for another combined process at the next station.

Critically a lot of these processes are done at low vacuum (like 10 mTorr) and often with toxic gases or worse, pyrophoric gasses that explode on contact with normal air, like silane. Everything is closely timed, and you have to carefully maintain 1) the pressure of the chamber, 2) the rate of incoming substance(s). If you cure the wafers for only 3 minutes instead of 5, you lost the wafer. Now into this happy little juggling act you throw a power loss.

*Honestly, it doesn't matter whether you lost if for 13 minutes or 13 seconds, you're done.*

Your CDGs that measure pressure generally take two hours to get back to correct internal temperature, so they're reading wrong. That doesn't really matter anyhow because your valves failed and you either put not enough gas into the chamber or way too much. If you put way too much in now your chamber is contaminated. And your vacuum pumps all failed, so you lost pressure control. The turbo pumps spin at 75000 RPM and can't handle any amount of thick gas, so maybe you bombed them (shattered the fans). The computers controlling these don't like being hard powered down.

Worse, and this is low probability and means you designed something wrong, but if you got too much silane and it contacted air because your pumps are down, maybe your robot caught on fire. Probably not, but either way you have to check all your turbos, open up all your robots, remove the destroyed wafers, clean your chambers. Oh, and now you need to recover all those process computers.

Nightmare scenario.

Titan-ic disaster: Bluetooth blunder sinks Google's 2FA keys, free replacements offered

oldtaku Silver badge

What do you expect with Bluetooth?

Q: How do you make a secure device insecure?

A: Put Bluetooth on it.

Such a terrible, terrible protocol. Just because it's been accreted for 30 years rather than designed.

Idiot admits destroying scores of college PCs using USB Killer gizmo, filming himself doing it

oldtaku Silver badge

Talk about efficiency

This guy has radically streamlined the usual outcome of Indian outsourcing. Though only $60K wasted is a tad low.

'Sharing of user data is routine, yet far from transparent' is not what you want to hear about medical apps. But 2019 is gonna 2019

oldtaku Silver badge

That's the whole point

The whole point of providing a medical app is taking the user's info and selling it to giant corporate a@!#holes. Good luck changing that model.