Posts by ecarlseen

Systemd is the windows-ification of Linux

Linux has traditionally stayed mostly true to the UNIX ethos of having lots of small, preferably interchangeable, tools do specific things extremely well as opposed to one giant blob of code that everything has to rely on. Systemd goes 180º against that ethos. In many ways it's just as bad as a BLOB - a giant tangle of garbage code that you are more or less forced to put up with if you want to deal with a commercially-suportable distribution (sorry, people, this is important for a lot of businesses even if it's just a useless security blanky for upper management).

Not always true.

I was skeptical of cloud infrastructure from day one because in my entire career I had never and have never seen anything close to the hard sell behind the cloud.

We all know what this was about: companies forcing customers into recurring revenue models even though they're no longer adding much (or any, or even negative) value to their products so that they can maintain their P/E ratios and stock prices.

That being said, there are many companies that can benefit substantially by moving their infrastructure to the cloud. These are the companies whose CIOs and Vice Presidents of IT are so thoroughly inept and run such bloated, inefficient trash fires of departments that moving literally anything further outside of there sphere of influence can save lots of money.

Synology has been transitioning to AMD embedded CPUs for their midrange NAS devices. Not surprising after the massive problems they had with defective Celerons.

Many of these protocols run in air-gapped environments which limits the utility of many of these exploits to requiring somebody to be physically on-site in environments full of deadly hazards. If necessary, all of these protocols can be wrapped in infrastructure that secures them all the way down to at the wire level. Also keep in mind that simplicity can be a physical security / safety feature. If a connection between two devices suffers an authentication failure and that failure, say, causes an explosion at a chemical plant, was the addition of authentication to a system that could only be exploited at the wire level by cutting into conduits really a smart trade-off?

I have literally seen some of this happen.

Floor heaters plugged into the red "backup power" plugs? Been there, done that.

FFS am I literally the only person who puts /tmp on a seprate volume and mounts it with noexec set?

Why not just let people flag and report spam?

Is the easy and obvious solution that difficult?

Every country does this. Every country whines about it.

What's worse than nation-states not being able to keep their cyberweapons under control?

The endess self-righteous pearl-clutching over other contries doing it (especially here in the US).

Selling the bizarre fantasy that this will ever stop being a thing.

Pretending that solutions other than better security exist.

The Cloud does not replace a mainframe.

As mentioned before, organizations use mainframes for applications that cannot ever go down, ever, for any reason. Mainframes usually deliver somewhere close to their 99.999% uptime guarantees in the real, messy world that we actually live in. It's far from unheard of for them to have zero downtime over the course a year. How many other systems offer that kind of uptime anywhere outside of their marketing materials?

I mean, there's in article in El Reg today about how many vendors lie through their teeth about their uptime metrics, and everyone with experience is nodding along as they read.

https://www.theregister.com/2022/02/24/cloud_service_status_pages_fail/

In fairness, not many applications really require five 9s of availability, but for those that do a mainframe is still a very respectable option.

Magento updates are a mess

One of the big reasons people don't update Magento as much as they should is that the update process is a complete trash fire. Since Adobe took over the updates have been of the quality we expect from the people who brought us Flash. For example, a recent security patch in the 2.3 release train cut out compatibility with PHP 7.2, and if you have critical third-party modules that don't like PHP 7.3 or 7.4 yet then tough luck. For complex sites it can take several weeks or months of re-development work to fix this, and to have it dumped on you without any notification is just sloppy.

How is this even a thing in 2021?

Meanwhile, my iPhone builds a 3D model of my face and compares it in near real time.

On the plus side, we can't buy this kit anyway.

Cisco has been problematically committed to JIT inventory for years now, leading to unnacceptable supply delays. Right now with the current supply chain messes, lead time on Firepower gear is over four months. So, in a sense, the problem has resolved itself.

This is “we don’t care” level of competence.

Like the Intel vPro remote management bug the other year that would accept a null string instead of a password, this is Dell saying “we just don’t care about security.” This never could have passed any meaningful code review or internal red teaming.

"For an Android"

No one dare speak of the other major mobile device vendor that is currently providing updates on even their low-end devices for 5-6 years past introduction and 2-3 years past end-of-sale, without anyone having to make a fuss about it. (note to butthurt downvoters: your tears are delicious).

If that name means little or nothing to you...

... just hand in your geek card now and start reading TMZ instead.

Ah, the Eastern District of Texas Federal Courts - Friends to Patent Trolls.

The courts in this district have essentially created a "business" of being extremely litigant-friendly in IP disputes. By encouraging patent trolls to file there, they need more judges, more staff, etc. It's very shady, and anything decided there should be viewed through that lens (and these are federal courts, so don't blame it on Texas - they have no say in the matter).

Wine and Crossover are nowhere near ready for prime time.

I love the idea of both, and both can be of great use to hobbyists and enthusiasts. But as a mainstream mechanism for running Windows apps in Linux? No freaking way. I know how to troubleshoot issues with these systems, and even I simply lack the patience. Someone without the background knowledge would just be frustrated beyond all belief. At the end of the day, it's easier to run Windows as a VM if there are Windows apps that you simply can't get away from (or Windows on bare metal / dual boot for gaming).

That being said, for users who simply need a consistent look-and-feel and aren't hopelessly married to apps like Outlook and Visio (for example), this looks like an interesting project. Ironically enough, Microsoft's constant monkeying with their app UX has made transitions to alternatives like LibreOffice much more palatable. But promising or even suggesting Windows compatibility will likely backfire horribly in the market they're trying to enter.

Relax already

I don’t know if the results need to be integrated into the official kernel, but reverse-engineering bleeding-edge hardware enough to make Linux even semi-functional is a cool project that builds and exercises all kinds of worthwhile skills. I’ll probably never do anything with it, but I have tons of respect to this team for their work.

As someone who lives in Vegas, you might want to be a bit more specific about what a "T&A system" is. The first guess would not be the correct guess.

No excuse for the criminal... or the company

So many companies assume that because their systems are cloud-based that they don't need separate backups. This should have been a straigthforward restore operation - still very damaging and deeply inconvenient, but not a half-a-million-dollar problem. Also left unanswered is how the criminal was able to get access to delete these accounts. With 2FA required for admins, the most likely explanation is that the client or contracting company was sloppy with access control. This is extremely common with outsourced IT work - lots of password sharing with few controls and audit trails, and passwords aren't changed even when a disgruntled employee leaves. I strongly doubt that it was some sort of "sophisticated attack."

Unmentiond in the article...

XPoint never even came remotely close to predicted speed, latency, or write endurance.

Huh. I wonder if they had ever just considered producing and licensing less crappy content. Could have saved money all over the place.

These changes are plusplusgood.

In Synology's defense, we see a whole lot of stupid in this area.

I'm not personally thrilled about this change, but I can see why it makes sense. We've sold and maintained a ton of Synology units. In the ones we don't spec or sell, people will just throw the cheapest garbage hard drive they can in them with literally no regard whatsoever for fitness of purpose. This has become more and more important as higher recording densities have pushed manufacturers into producing more and more specialized firmware to optimize performance for specific tasks (standalone, general-purpose RAID, drives that mostly do sequential writes for things like DVRs, write-once/read-rarely applications, etc). The wrong drive will run relatively poorly and will likely fail early, and who is the customer going to blame? Themselves, for choosing the wrong drive? Guess again.

We'll see how well Synology handles this. Their branded SSDs are a decent value for what they are, and if they follow the same practices with HDDs then I'm ok (not thrilled, but just ok) with this unless supply constraints start interfering with rollouts.

Can't put the toothpaste back in the tube.

Announcing LTS for CentOS was a huge commitment that influenced a lot of behavior (including ours). To back out on it creates a significant reputation hit, but one that could have been managed if done in a halfway intelligent manner. To back out without notice for organizations to change their behavior is the reputational equivalent of dropping a thermonuclear bomb on themselves. It's complete annihilation. There is no coming back from this. RHEL is dead to us, because they have rendered their commitments have been rendered meaningless.

“...and other effects”

Other effects like Intel hiring a bunch of drunk frat jocks to do their process engineering.

Not all downtime is equal.

With private cloud services, we balance the risk of maintenance operations agains the impact against business operations and schedule accordingly. The impact of a massive system failure at 2AM local time on a Sunday morning is not the same as 10AM on Monday morning. This does not mean nothing ever goes wrong, but it means that we tilt the odds as far as we can in our favor and for the most part it works out very well.

With public cloud services, every site is servicing customers in every time zone and maintenance operations are performed at any time of the day or night (relative to us) with precisely zero consideration of specific customer impact and there is precisely nothing you can do about this.