* Posts by Brian Miller

1290 posts • joined 3 Jul 2007

Page:

Malaysian Police crush crypto-mining kit to punish electricity thieves

Brian Miller

Ah, all the fun!

How many times I've wanted to do that to old kit. But of course, with the current price of Bitcoin, I'm guessing the fines really didn't amount to much. The loss of their houses and mining rigs was more substantial.

NASA fixes Hubble Space Telescope using backup power supply unit, payload computer

Brian Miller

Re: Great news....until.

... Until the deorbit mission fails. That's when there will be real problems!

Imagine a world where Apple shacked up with Xerox in the '80s: How might it look today?

Brian Miller

Ethernet on 6502? Apple and Xerox?

Ah, I don't think so. Really, I don't think so. I doubt the author spent "quality" time with a 1MHz 6502 processor, even if it was at the whopping max of 64K. The network card would have to be a whole 'nother computer, and probably more expensive than the Apple II. This was the heady days of audio tape for files, and 5-1/4" floppy drives that whirred and clicked. For through-hole circuits, the network card would be sitting in its own case.

Yeah, I remember my first 300-baud modem. And when I was in high school we used a real Teletype with acoustic couplers.

No, the alternate reality that should have happened was when Apple did team up with DEC. For us, nobody in those companies thought anything of that alliance. But if both companies had the right management, it would have worked.

The James Webb Space Telescope, a project dating back to the late 1900s, may launch this very century

Brian Miller

[A] project dating back to the late 1900s

Wow, to think that something could be so ... last century! Well, in CPU years it was a long time ago, but no, not really that long ago.

Yeah, great to think that the telescope might finally make it to orbit. Of course, if 10 beeelion dollars were spent on a ground telescope, it would be really great, except for the clouds of microsatellites obscuring the view. Who knew we would lose the stars just to watch cat videos...

Hoe yes he did: IT pro record-botherer balances garden tool on his head for 2.5 hours

Brian Miller

Simon will beat this

You know that Simon will beat this, or better yet con his boss into beating it. You know, a team building exercise? On the balcony railing? Remember to think those happy thoughts!

Boffins say they've improved on algorithm for dynamic load balancing of server workloads

Brian Miller

Playing with their balls, in bins

Abstract

In dynamic load balancing, we wish to distribute balls into bins in an environment where both balls and bins can be added and removed. We want to minimize the maximum load of any bin but we also want to minimize the number of balls and bins that are affected when adding or removing a ball or a bin. We want a hashing-style solution where we given the ID of a ball can find its bin efficiently.

So server A is less than 10% more burdened than server B. If B has 50, A has 50-55.

Radioactive hybrid terror pigs break out of nuclear hellscape home and into people's hearts

Brian Miller

Re: What a Muppet movie this would make

And it would feature exiled zombie Napoleon, waiting on the moon to renew his conquest of the Earth!

https://xkcd.com/1510/

One good deed leads to a storm in an Exchange Server

Brian Miller

Happened in the Exchange team

Me, too! Me, three! And thus the Exchange server for the Exchange team was brought to its knees, and was face down for three DAYS while the queue cleared.

Someone was testing distribution lists, and made up some lists with lots of names on them. Then someone decided to mail the whole list, asking, "What is this list for? Why am I on it?" And then things when down from there, with all the other idiots on the list also replying with something stupid.

I've seen three mail storms like that at Microsoft. And for some strange reason, nobody got fired.

Things that needn't be said: Don't plonk a massive Starlink dish on the hood of your car

Brian Miller

Spaced-GenX?

Had to look elsewhere for the pic, I don't have a Farcebook account. But that's a ridiculous spot to mount an antenna. I can understand if it was mounted on the roof, but the hood?? Really short hood, and the person plonked it in the middle.

International law enforcement op nukes Russian-language DoubleVPN service allegedly favoured by cybercriminals

Brian Miller

That would be the one you've set up by yourself, without telling anybody about it beforehand. Otherwise, I'm sure that all VPN providers log data. It's just a matter of who gets it, and when.

Microsoft faces up to an old foe with out-of-band patch for PDF weirdness

Brian Miller

Bork Bingo or Clue?

"Internet Explorer 11 and the Adobe Reader plug-in?" On the desktop?

Most of the time these things read sort of like a whodunit, with a different ending based on what random thing happened. And then after the software is "retired," it's frightening to see how long it's used without updates. I think my landlord is still on Windows 7...

Will containers kill VMs? There are no winners in this debate

Brian Miller

J27 wrote: "Containers are VMs..."

Uh, what? From Docker: "A container is a standard unit of software that packages up code and all its dependencies so the application runs quickly and reliably from one computing environment to another. A Docker container image is a lightweight, standalone, executable package of software that includes everything needed to run an application: code, runtime, system tools, system libraries and settings."

A CPU VM is a hardware virtual machine, which is supposed to be isolated from everything else by hardware. It is not a package, it is an isolated virtualization of the base hardware.

One is a package. One is hardware. The package requires a host operating system, and does not stand alone. The VM stands alone.

As for makes things easier, well, only if certain vendors decide to keep their crap up to date. I work with AWS CloudHSM. The client packages for that are woefully behind for Ubuntu, and that makes a Docker image for Ubuntu currently useless. I just finished switching our Docker images to be based on AWS Linux, as I'm hoping they will keep their own crap up to date.

Yes, I agree with others, good packaging is something that is overlooked. However, that was something that has been "taught" in the workplace, and when managers with no clue are put in charge, along with "newly-educated" "software engineers" then disaster strikes. Again and again.

BOFH: Oh for Pete’s sake. Don’t make a spectacle of yourself

Brian Miller

Re: Ah, Threat-Detecting Boots

What you have to watch out for is that charlie-horse from the military years that just happens to grab, and yank your leg up straight at someone's crotch...

No, it isn't spiffy like the threat detection technology, but you couple that with PTSD, and you're good to go.

Ireland warned it could face 'rolling blackouts' if it doesn't address data centres' demand for electricity

Brian Miller

So much for Moore's Law

Yeah, as if processor efficiency makes up for inefficient use of the CPU. New Irish regulations: No script languages allowed, no AI, no Bitcoin, etc.

Tiananmen Square Tank Man vanishes from Microsoft Bing, DuckDuckGo, other search engines – even in America

Brian Miller

Re: Should we rename...

Honestly, I don't remember "bing" being an American word. There's "bingo" but not "bing". But then again, I grew up around lumber mills, not coal mines.

Azure services fall over in Europe, Microsoft works on fix

Brian Miller

Re: A 'transient issue'

Maybe a squirrel got into something. Literally. Again.

For the marketeer that has everything – except a CPU fan

Brian Miller

Re: Sign

Actually, I bet the fan is frozen. When the BIOS displays that message, the fan should be running at full tilt. But since the fan was a cheap dodgy thing, costing less than 25p, it ran until it froze. So, like, maybe a month or so. Then the CPU overheated, rebooted the system, and there it sits.

India’s vaccination-booking API criticised for excluding millions, containing bugs, and overflowing with elitism

Brian Miller
Childcatcher

Privacy Policy??

What's wrong with no distinct privacy policy? "Your data is public, shared with all interested, paying associates, and may be scattered across the globe when someone downloads the SQLITE database." That's an honest privacy policy. All of the dishonest policies claim that your private data is safe with them. Yes, so very safe.

US declares emergency after ransomware shuts oil pipeline that pumps 100 million gallons a day

Brian Miller

Re: Lessons learnt? I doubt it.

It depends on who does the learning, and who does the managing of what has been learned. Usually there is a village missing its idiot, who is to be found wearing a suit and tie.

One time I had a brief chat with a fellow who worked for Big Oil, and he said his main job was to play "hide the (huge) profits." It's not like these companies lack resources, they lack managers who will do the job they were hired to do.

I'm guessing that the whole PC network got infected, and then it doesn't matter that the actual controllers are fine. The PCs are the machines that are used to communicate with the critical infrastructure. Even if a PC is used just for its browser, if you can't use the browser, then the PC is toast.

It's past time to move back to punch cards and paper tape! Let the miscreants try to take over OS/360 and a stack of punch cards!

Which? warns that more than 2 million Brits are on old and insecure routers – wagging a finger at Huawei-made kit

Brian Miller

Is all data equal?

"and your data porn's flowing through these"

Based on what people actually visit on the web, the idea that a home firewall/router is out of date is not exactly an existential threat to much. Yes, somebody could hack it to mine Bitcoins. Someone could hack it to execute a DDOS attack. Etcetera.

Now, as for your data being "at risk" from dodgy router software, I'm absolutely sure that the larger security vulnerability for your data is the malware already on your computer, the malware already on the server you are accessing, and the APIs and data that have been left open to world+dog by developers who haven't mastered copy-and-paste from StackExchange, and of course that you've used the same password for, like, just ever, and it's been published at least 47 times from different dumps from said server data.

And you want to blame the poor router in the corner, blinking its lights in that lonely, forlorn pattern. (Yes, a pattern...)

Ex Netflix IT ops boss pocketed $500k+ in bribes before awarding millions in tech contracts

Brian Miller

Don't trust those with purse strings!

Money breeds corruption, it just does. But the alternative is a barter system, so we're stuck with it.

Swap out people on a regular basis, that's the only way to make sure that if one starts it, then it's found out soon enough. Letting your organization become static is always an ingredient for disaster.

China cracks down on ‘excessive’ user data harvesting, gives 33 apps ten days to clean up their acts

Brian Miller

Re: Yes?

I think you mean "¥€$"

If the companies are "transparent" as the Chinese government would like, then all data is aggregated on the government's behalf, without any withholding. Or maybe it could be called data hoarding.

No, all of this data is sold on for advertising, in the vain belief that more data means more sales.

Lambda School, a coding bootcamp that takes a cut of your next tech salary, now takes a 30% cut in staff

Brian Miller

Re: Identured Servitude Agreement

"I can't wait to see what Slavery will be modernized euphemistically into by these clowns."

Bail bonds. I've been told by a person who worked in the "industry" that it's the closest thing to slavery that's legally permissible.

Microsoft joins Bytecode Alliance to advance WebAssembly – aka the thing that lets you run compiled C/C++/Rust code in browsers

Brian Miller

Re: Oh f❄︎❄︎k, they're reinventing ActiveX!

"This is a bad idea." "Yeah, let's do it differently!" (later) "This is a bad idea." "Yeah, let's do it differently!"

Etc.

Traffic lights, who needs 'em? Lucky Kentucky residents up in arms over first roundabout

Brian Miller
Boffin

Drive on the right? Hello??

I was absolutely shocked to see the locals driving on the left, the right, and wherever. This is a place that needs a sign, "STAY THE F*** RIGHT". There are roundabouts in the greater Seattle area, and I have never seen driving like that in the video. Sure, I have seen people driving over the circle, but never hanging a left like that.

Really, the cops should get out there and hand out tickets for idiots driving on the wrong side of the road. Or just use it as a driving test: if you can't figure out a roundabout, you lose your license for life. Move to another state and try again.

Foxconn's showcase Wisconsin LCD factory becomes aspirational 'manufacturing ecosystem'

Brian Miller

Stop paying bribes to corporations

These "incentives" are just bribes to corporations, paid for by the taxpayers. The Wisconsin voters need to throw their bums out, instead of buying into their lies.

UK.gov wants mobile makers to declare death dates for their new devices from launch

Brian Miller

Force open source instead

Instead of publishing a death date, force the manufacturer to publish the OS as open source, so we don't have to toss a good device into the landfill.

Yeah, I know, that isn't so popular with the manufacturers, either.

You put Marmite where? Google unveils its latest AI wizardry: A cake made of Maltesers and the pungent black tar

Brian Miller

Safely Ingestible

Like "mostly harmless," this is at least safely ingestible. Some of the recipes that AIs have churned out have not been fit for human consumption.

(No, I'm not a fan of marmite.)

BOFH: Bullying? Not on my watch! (It's a Rolex)

Brian Miller

Re: Hummmm sounds familiar...

"Change the rules on the fly ..."

If the rules were, in fact, actually written upon a fly, that would be a very good set of rules. They would be very few, and also unreadable. Therefore, the rules could not be enforced.

The silicon supply chain crunch is worrying. Now comes a critical concern: A coffee shortage

Brian Miller

Re: A year on from the great bog roll hoarding ....

It depends on the coffee, doesn't it? I recently bought 65 pounds of Ethiopian at $3.80/lb, and the batch before that was Tanzanian at $2.15.lb. So it depends. Yes, I could get Vietnamese robusta at $0.75/lb. And I've bought Hawaiian Kona-grown coffee at appx $25/lb.

Sure, it's green coffee, roast it yourself. But it does last a very long time when it's green. And freshly roasted coffee tastes soooooo good. Just ask James Hoffmann, who drank coffee from the 1950s for his channel audience.

SQL now a dirty word for Oracle, at least in cloudy data warehouses

Brian Miller

Re: Looking forward to the LowCode era

Barrier? What barrier? Low-barrier programming actually means "any idiot who can both edit text and invoke a compiler."

Right now I am working with the result of what looks like a CLIP+BigGAN AI wrote the code. However, it is 100% human generated. To produce a "working" program, all you need is time. And then somebody has to clean up.

Microsoft kills broad entry-level IT certifications, replaces them with all-Microsoft curriculum

Brian Miller

Re: Srsly, who cares?

Unfortunately, incompetent people care. Just like, "do you have a degree?" it is not proof that someone can do the job, and do it well. It just means they have a stamped piece of paper.

I wish I could 'fsck -y /dev/management' but there is no device there...

Let's Encrypt completes huge upgrade, can now rip and replace 200 million security certs in 'worst case scenario'

Brian Miller

As someone who works in the area of motherboards, chips, crypto, and bare epoxy boards, the Bloomberg article reeks from hell to high heaven. "Oh, these flashing ethernet lights show that it's being hacked." Uh, no. "This chip can be sandwiched between layers." Without a trace??? Yeah, some of those chips are small, but they can't just be "slipped in" at a whim.

And on and on.

Bloomberg stooped to supposition and speculation, and reported such as fact. Seriously, the worst presentations at Black Hat are better than the Bloomberg article. "Quod est demonstrata" does still have relevant meaning.

Nespresso smart cards hacked to provide infinite coffee after someone wasn't too perky about security

Brian Miller

Absolutely appalling that someone would want an unlimited supply of bad coffee.

It's 2021 and you can hijack a Cisco SD-WAN deployment with malicious IP traffic and a buffer overflow. Patch now

Brian Miller

Re: A buffer overflow parsing packets?

"It's ____ and you can ___ a ___ with ___."

Lather, rinse, repeat.

The problem with input parsing is that #1, you need programmers who care about that, and #2, who will care about testing said code. Most of the time, like nearly all of it, #1 and #2 are nowhere to be found, so that old phrase is apt, again.

This isn't rocket science, but it is computer science that isn't being taught in schools. There are lots of good books about writing parsers, and software engineering for said software. The problem is getting management and programmers to pay attention, before it's headline news.

Microsoft SolarWinds analysis: Attackers hid inside Windows systems by wearing the skins of legit processes

Brian Miller
Pirate

"cunning VBScript"

If Visual BASIC is your threat, then dump BASIC! As for hiding something within another process, that's sort of old hat. Also, for naming their files to "blend in" with Windows, what did they expect? A file name of "EvilL33tCodzHere.dll"? That's another trick that's very old hat.

Really, the only part here that required effort was the attackers writing their own in-memory loader. The rest of it was just going through the motions.

Cyberpunk 2077: There's a great game within screaming to get out, but sadly it was released 57 years too early

Brian Miller

Re: Disks?

Ah, the days of paper tape, it takes me back. Kids these days, they don't truly appreciate the smell of hot machine oil.

(Yes, I've played Cyberpunk2077, and I gave up on it. I simply thought it was stupid, and buggy.)

Dell Wyse Thin Client scores two perfect 10 security flaws

Brian Miller

The code review for Marketing is, "Uh, that looks like code." The design review is, "Uh, that looks shiny!"

After all, we all know that Marketing has been polishing turds since time immemorial.

SolarWinds releases known attack timeline, new data suggests hackers may have done a dummy run last year

Brian Miller

Re: Signed updates

What the report (or SolarWinds) doesn't mention is how the binaries were signed.

Where I work, I'm the one who worked out our signing process. We use a HSM, very limited access, and the access tokens are valid for a short window. For our system, basically the final binaries would have to be swapped out at the final stage of the build, before the signing happens. Possibly feasible, but the binary would have to also match the development-release binary, too.

Using a HSM means the private signing key can't be exported, so it's at least locked to that box. The limited access means that the account of the authorized individual would have to be compromised, which is, of course, feasible. There are a number of checks of the final signed binary before release, so that cuts down on the probability that a rogue binary would be delivered to customers.

Could a nation-state hack us? Possible. It's just a question of what windows of opportunity in the process are open, and how to shut as many of them as possible.

Google Cloud (over)Run: How a free trial experiment ended with a $72,000 bill overnight

Brian Miller
WTF?

Not so free after all

free Firebase plan had been "upgraded due to activity in Google Cloud" and that this "initiated billing"

Wow! Instead of an expected shut-off of services, Google's real policy is to very unexpectedly put the customer on the butcher's hook.

China bans encryption exports – including quantum and key management tech

Brian Miller

Cat? Bag? Horse? Barn?

Some of the stuff that has banned has been passing across borders for quite some time, in cell phones. What is the point of the ban, when Chinese factories are literally the source of so much of what they think will be banned?

BBC picks SiFive RISC-V chip for Doctor Who programming-for-kids kit – with Jodie Whittaker narrating

Brian Miller

Re: Showing my age.

Oh, and the sun just shines outta yer bum, Pilate's pet! 1MHz, 4K, Commodore PET 2001N, the first 6502 I got my hands on at school. And when the VIC-20 came out, that's what I bought on Christmas sale. Cassette player for three years with that, until I bought a C128 and a floppy drive. Oh, the speed, the speed!

Adiós Arecibo Observatory: America's largest radio telescope faces explosive end after over 50 years of service

Brian Miller

Re: Shirley...

The underlying land is fine, but the dish is damaged, and there's no way to safely lower the overhead equipment. The cables snapped at 60% of their rated breaking point, indicating corrosion.

I really hope that the incoming administration will rebuild the antenna. There have been many advances since the 1960s, and since China's telescope is larger, then that should be a goad to motivate the effort.

AMD unveils its MI100 GPU, said to be its most powerful silicon for supercomputers, high-end AI processing

Brian Miller

Deep fakes for cat videos

When AI becomes independently sentient, it will be able to create deep fakes of cat videos, unbeknownst to the watchful human corporate minions. This must be done, for their predominance on YouTube means the videos are important. Mankind will become mesmerized, and fall under the control of our new silicon overlords.

On the other hand, AI won't become self-aware, and there will be new and silly uses for all of these cheap resources.

Intel's SGX cloud-server security defeated by $30 chip, electrical shenanigans

Brian Miller

Re: To be fair.

[blockquote]"The results in this paper, together with the manufacturer’s decision to not mitigate this type of attack, prompt us to reconsider whether the widely believed enclaved execution promise of outsourcing sensitive computations to an untrusted, remote platform is still viable."[/blockquote]

Yeah, but you know that it's going to be done anyway. When Ruby is used for back-end code to handle "secure" data in the cloud, then never mind what special bonuses an Intel SGX could possibly bring.

CERT/CC: 'Sensational' bug names spark fear, hype – so we'll give flaws our own labels... like Suggestive Bunny

Brian Miller

Re: Morris Worm

Robert Morris wrote a worm to have some fun with a vulnerability he reported. Yes, I remember that, grey hairs and all.

Now, I would think that vulnerabilities should be hyped, just like any serial killer, axe murderer, or wanton vegetarian. Calamitous Cthulhu should be right up there for a good vulnerability name.

Got a problem with trust in AI? Just add blockchain, Forrester urges. Then bust out the holographic meetings. Welcome to the future

Brian Miller

Unethical AI goes to the blockchain instead of chain gang?

Truly, this is all just amazing. Didn't anyone at Forrester notice that drivel in means drivel out? No, they did not.

India to build home-grown supercomputers, from the motherboards up

Brian Miller

Self-sufficiency in everything, blockchain too?

Yeah right, computers can solve all your ills. Step right up for this patented, or patent-free, elixir medicine! It's the cure for all that ails you. Blockchain included!

OK, so once they produce their own supercomputers, then what? Has anybody noticed that computers are notorious for not being the right tool to solve a lot of serious problems?

(Next on the list, collect garden gnomes, something else, profit!)

I can 'proceed without you', judge tells Julian Assange after courtroom outburst

Brian Miller

"I’m here and by proxy"

Maybe Assange is trying to get himself off on grounds of insanity. What does his outburst even mean?

Where there's a .mil, there's Huawei: Pentagon allowed to keep using Chinese tech deemed too dangerous for everyone else – report

Brian Miller

Re: "That hasn't however, stopped the US and other nations . . ."

Sorry for reality, but I was in Signal Corp. We never got the massive funding. The radios I trained on were from WW2, and were in current operation and deployment. The satellite equipment was 1970s prototype crap. The most advanced equipment I used was used gear from AT&T. Seriously, they sold their 1960's transmitters to the US Army, and it was a big upgrade.

Communications infrastructure being state of the art? Hardly. DOD bought crap because they could only afford crap. If Trump wants Chinese comms out of the network, he can push the budget to do it.

You can shove your head in statistics and in the sand, but don't try to bullshit me, who was trained on equipment that was built 40 years before I enlisted.

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2021