Posts by Claptrap314 2995 publicly visible posts • joined 23 Jan 2015
I remember observing more than twenty years ago, "The answer to any interesting problem in computer science is 'it depends'." Or, as the Right Pondians put it, "horses for courses".
Our entire IT org is less than 15 people. Most are the programmers that maintain the applications that our entire company runs on. It's <10qps. Our entire cloud spend last month was about $5k. For that, we get all the love that AWS & Heroku can give a small company.
We are getting a GREAT deal.
You can save a lot of money if you don't carry insurance. You'll probably lose a lot of business as well, because clients understand the importance of limiting risk. A substantial value of the cloud is in mitigating risks--which is why I'm so strongly opposed to using Azure.
I learned SRE at Google. I know what it takes to deliver 5 nines at scale. If your business is going to take a reputational hit if your miss 4 nines, you better understand as well before taking it on yourself. What would a black swan event do on that front? Can you handle it?
If you're not in three different data centers in three different parts of the US, with onsite staff, you're not 5 nines. (I pity those in a small country with PII or PHI.) That requires tripling your hardware AND maintaining failovers, by the way. Or you could be in four DCs in four different parts of the US and only double the hardware. With staff at each location.
Of course, economics change. It should be expected that AWS & the like want to go the route of Oracle. (And by the way, just how IS Oracle's cloud business doing?) A rapidly growing company should probably evaluate it's on-prem / in cloud position every year, a stable one every two.
The only proprietary code that I know of that might qualify was a BIOS. This was in the time frame that I had realized that I was a hacker, not a programmer. I definitely needed brain bleach after reading it. It was embarrassing to read. I can only imagine how I would feel reading that same code after 25 years as a programmer.
My fear is that I might learn some useful technique which is considered specific to the licensed code. My comprehension and memory is such that it might be an issue.
who has deliberately avoided looking at GPL'ed code because I did not want to risk contamination of what I create for my employer?
To me, this has been a lurking issue with GPL since it came out. (Yeah, I've got quite a bit of gray on me.)
As for SO, my personal experience (when I was required to get into .Net) was that the user selected & top four vote getters were clearly broken. Somewhere in the lower half of the top ten would be a suggestion that had the kernel of a useful idea. No worries about legal risk coming from that. Brain bleach recommended, however.
You appear to have missed the point of the episode. Reducing the costs of war to the mere elimination of people makes eternal war much more likely. The solution? "Practice an unusual form of diplomacy."
Econ 101: Price goes up, demand goes down. Corollary: to reduce the likelihood of something happen, make the outcome horrible.
Thus, MAD worked. It won't work with Iran, if they are true to their orthodoxy, but it worked great for the Soviet Union.
That only works if you don't actually need cash reserves--that means be profitable after taxes, depreciation, interest & the like & be confident that your market isn't going to dry up in a recession.
Not saying that they should not buy SOME shares back with SOME of the reserves.
Despite the suppositions of some, human beings are deeply social beings. There is NO unbiased reporting, with the possible exception of a journal of mathematics.
And I emphasize "possible exception". We have the advantage of dealing with truth in the abstract, but biases still manage to creep in.
The term "fiat" was being applied to untethered currencies long before crypto was a twinkle in the eyes of some of the nerds on the cypherpunks mailing list.
Since all major currencies have gone off the gold standard, it is entirely fair to call them "fiat". Especially since guys with guns show up if you don't show up with the right amounts of fiat from time to time.
Not that crypto, as it is currently happening, can every qualify as a proper currency. More like a corporation with no assets or employees where the board of directors play a game to issue themselves stock from time to time, according to rules that some kind of majority can change whenever they agree to.
1) Once you have worked out the tolerance before a factory reset, you have a bound on the number of flickers per minute.
2) Your transmission device broadcasts in a narrow beam pointed at a particular light. This reduces the amount of power you need, the chance of affecting devices other than the target, and makes it harder to find your transmitter during sweeps.
3) What important data can possibly be sent at the rate of bits/minute? Counts. Or even just present/not present. Critically important information can be signaled at VERY low hertz. I remember the intro to a game on the Amiga. (Warlords? One of the earliest games with per-character AI.) At one point the army is shown leaving. Two different windows in the castle blink with a bit of a delay. Spycraft was around a LONG time before computers. These guys know how to use low-bandwith channels.
Ding ding ding! I worked 30 elections in Texas. (Travis county--almost as left as San Fransisco.) Saw statistical evidence of fraud between my first & second as an election election judge. Had an attempt to vote by a non-citizen who stated, "That never stopped me in Houston."
Oh yeah, then there was that infamous precinct (101) which had 0 registered voters, but almost always managed to record a vote.
I also know when & how some of the changes in the procedure that were used over the years changed what could be done in terms of corrupting the process.
Then there's my daughter, who, in Washington state doing block walking to registered voters, came across non-citizens who were on the rolls weekly. And let's not forget the governor's race when a Seattle precinct had 101% voter turnout, and the judge refused to do anything about it.
Or, if you like something that's easy to confirm, in 2020 (yes, THAT 2020), we had a candidate for the legislature _publicly_ thank the post office workers for inserting her flyers into the mail. Yes--that's one of the few ways that election fraud violates federal law (interfering with the mail).
Not to mention, light most people with an awareness of IT security, I was screaming from the rooftops about the insanity of electronic voting as soon as I heard about the idea. I didn't change my position recently.
In truth, in most jurisdictions, there are a lot of safeguards in place to prevent election fraud. And I have found myself explaining to people that various dubious-sounding events are in fact not suggestive of fraud. But if you've worked enough elections, and you are intelligent and pay attention, you're going to come to understand that it's happening.
So all those claims about the 2016 elections being influenced by foreign actors...what about them?
Seriously, it's MUCH harder for a foreign actor to throw an election than it is to make it LOOK like it's being thrown. In 2016, the FSB provided the Clinton campaign with a ridiculous dossier on her opponent--so that her victory would be tainted. That same FSB ran a bunch of web sites attacking her--so that her loss would be tainted.
Actually stealing an election? Leave that one to the locals.
It's far from clear to me that this is a "just like we've been doing, but with software" patent. Take the phone system. Originally, you DID have to wait for the other party to stop talking. Then, they create the four-wire system, so you got full duplex. In analogue. Those analogue signals got stacked into a T1, and those T1s into a T3. It was a COMPLETELY different network than the Internet, and, "hey, why don't we do here what they do there" was not something that could be whipped up over a weekend. If it could, believe me, it would have been done.
It really depends on what the details of the claim boil down to. If its, "Hey lets put some control software across, not a TCP connection, but a PAIR of UDPs", then yes. This fails "obviousness", and should never have been granted. But there is a reason that the original systems did not support full duplex, and whatever it was, that implies that there was real IP involved in implementing it. It may well be that this one is legit.
This.
When Google bought itself out & created Alphabet, it moved all of the non-core stuff to separate divisions. You know how Sergi referred to those divisions? "Other bets". He wasn't being flippant. He was making clear that these were, by design, high-risk, (hopefully) high-reward ventures. The brass expected most to fail.
Of course, some of Google's ventures have been particularly dubious. Whether this was (at the time) properly one of those, I leave to experts.
I realize that it's the 20's, so no one is allowed to take a position that isn't 100% on one side or another, but here I am.
I still remember 15 years ago when I was experimenting with a multidrive system and having CentOS blow up because the .spec files did the "../../../whatnot" garbage. This. Is. POSIX. I can set a mount a however I deem it appropriate, and YOU DO NOT KNOW where ".." goes.
I don't care that POSIX requires tar to support '..'. On a POSIX system, '..' is not well-defined between systems. Tarballs that use '..' are at best fragile. For that reason alone, use of tar requires care.
--
But these "researchers" are being more obnoxious than tar is. Unless you carefully examine the use of the library, you cannot know if it is actually "Insecure" or not. Are there really 350,000 open source packages out there using this library that are intended to run as root? I seriously doubt it. So the security implications are no where near what this group is implying.
--
Of course, root or not, directory traversal is a problem. If the proposal were to add a "safe mode" that prevented root or .. components, that would be great. But we're unfortunately 30 years too late to change the default behavior.
FINALLY, a legislative move to limit the have-it-our-way rule of Big Social looks like it might bite. The fact that the plaintiffs are trying to claim first amendment rights to muzzle speech that they don't like as opposed to the interstate commerce clause (which should be a no-brainer) tells you just what kind of funhouse dystopia they want us to live in.
Newspapers don't get section 230--they get the 1st amendment. Choose one.
If you were one of the ones (like me) who foolishly thought that insurance might be the white knight to fix the software industry, then it is YOU who are wanting it both ways, as demonstrated by your current complaint.
Insurance has very rarely covered acts of war, and I'm surprised that cyber was covering it in the first place.
In practice, this is going to gut the cyber insurance market, but it's not the insurance company's fault. As an industry, our posture is so shoddy that ANY determined actor can acquire the capability to wreak server havoc (heh). Which means that nation-states are going to completely p0wn any target that they really want.
The problem is that our industry is simply too sloppy for insurance. The insurance companies are figuring this out, and the results are inevitable.
This is NOT a bug.
T.H.I.S. N.O.T. A. B.U.G.
A "bug" is when the published specs are violated. The specs have not been violated.
Consult the front matter for a manual of one of these parts--specifically, the page that says "This product is NOT rated for use with government information classified CONFIDENTIAL or higher."
So...someone buys a plastic shield. They take it into battle with an opponent who has a steel lance. You blame the shield maker?
That's the hell of these vulnerabilities (not "bugs"). It isn't clear (NOT a security researcher here, but with background in hardware validation) how to attack a home users with these. This looks like a much more serious threat for the cloud providers.
Nope. I was there. EVERYONE knew about the attack path. Many tried--AND FAILED--to realize the attack. And that's where things stood for 20 years.
In the front of the manual of these parts is a full-page warning that the part is not certified for use with government information classified CONFIDENTIAL or higher. If you consider your credit card information to be confidential, you might take than into account before using such a processor to handle credit card information.
Nothing curious about it. While the CCP might not have been nearly as forthright about its goals 57 years ago as it is today, it was been completely clear for the last 40+ that I've been old enough to pay attention. Given that Project 596 was completed the year before, however, it's probably just an obvious reference to the arms race.
I had not had to endure 13 1/2 years (Summer 2002-Jan 2016) of "Bush = Hitler", followed by (Feb 2016 - present) of Trump being the new Hitler, I might be willing to listen to these claims. This is not the only data point. I'm too exhausted to even really be bothered much, other than to morn the Republic, when the next one happens.
If you want to drive modern Nazi's from the public internet, I ask that you first give a definition of Nazi that doesn't boil down to "whomever I say it is".
Because I believe I have ample cause to fear that I'm on the list of people to be driven off the internet.
As an X-Googler, employees are encouraged to "bring their whole selves" to work--so long as that self is well-accepted by dominant clique. It's been a few years, but it seems pretty likely that this hard-left clique is getting increasingly demanding. Expect more "outrage" when outrageous behavior is not being tolerated.
Because, eventually, the revolution always eats its own.
Do a bit of research on the environmental record of the Soviet Union if you want to see how things went down in the great worker's paradise.
It was the same story in the Eastern Block, and, when the data comes out, China.
Capitalism is MUCH better for then environment than any other system in practice.
You broke Postgres restore functionality on 8/1 to deal with a minor security issue. TO THIS DAY, the issue is neither fixed nor acknowledged on status.heroku.com. So my choices are free, which doesn't do restores, or paid, which doesn't do restores. Except free is going away...
A third option is coming to mind...
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
