Posts by joepie91 25 publicly visible posts • joined 16 Jul 2015
"The fact that Larry Ellison is rich is irrelevant - some people seem to think he should do it for free, which strikes me as jealousy."
Do *what* for free, exactly? Because he sure isn't developing VirtualBox. Developers at Oracle are. And you can bet your ass that none of this money is ending up in *their* bank accounts.
"These types of scams, largely originating from North Korea, or at least funneling money back to Pyongyang, have cost American businesses at least $88 million over six years, the Department of Justice said last year."
That's... it? $13 million per year on average, across the entirety of a major economy? That's what we're all making such a ruckus over? Even if that were underestimated by a factor of 10, it'd still barely be worth writing a news article about.
It reminds me of the people who get up in arms about a municipal bridge costing "millions of dollars", not realizing that at society scale you need to divide everything by a thousand or so to get a number that makes intuitive sense.
I haven't missed the point at all, I've understood it perfectly well. I just do not believe it to be true.
To put it bluntly, if you are trying to start a tech company that does something with hosted services, and you cannot afford to purchase servers as you grow, then you should not be in business. Servers cost absolute peanuts compared to most everything else, even if you include maintenance and setup costs. You *should* be investing in the core infrastructure for the service you are providing.
And as for "latency stymieing your ability to scale", when does that *actually* happen? Because it sure is an argument that cloudycloud providers love to trot out, but I've just never found it to actually hold true in a real-world business setting. The scaling problems are pretty much always on the (non-maintenance) staffing side, not on the hardware side, and it doesn't actually take that long to get a bunch of hardware shipped to a datacenter with ample room to expand, if you've done even the most minimal planning ahead.
You're running a business. You're expected to have some long-term planning skills to turn it into a success. "Scaling instantly with zero planning or foresight" is a completely unrealistic expectation that *will* wreck your business on another front, if not on the technical infrastructure side.
"and you don't need to go out and spend $1.5M up-front on 18PB of storage that you may or may not end up needing."
Indeed you do not, because operating your own hardware, just like using a 'cloud' service, allows you to gradually build out your deployment as you scale up. You don't actually need Amazon to get that property.
I'm no fan of DHH, but this is one point that he is correct on - cloudycloud providers like AWS have falsely convinced everyone that 'cloud' is the only way, to the point that these providers have almost mythical properties attributed to them and people don't even really *think* anymore about what's possible by running your own infrastructure.
The tool is misdesigned, not merely 'misused'. If LLM companies truly cared about building a responsible tool, it wouldn't have a conversational interface that does its damnedest best to make it feel like you're talking to a human. But it does, and that should tell you a lot about what these tools are really meant to be used for; and it isn't anything responsible.
If you actually get to talk to the reporter, it's pretty easy to figure out whether it's an "AI" submission or not; because if it is, they will be unable to credibly answer questions about the process by which they came to their conclusion, or the technical details that led them there.
Anyone who has worked with 'developers' who let an LLM write their code for them, will probably recognize this phenomenon, and the "I don't know, that's what the AI said" answers that accompany it.
That's an excellent way to ensure that nobody will report security issues anymore - ie. the exact opposite of the purpose of the CVE program.
Some of you people really need to learn how these things actually work before making "racist uncle at Christmas" type comments.
Because certain information is missing from the C code - such as documentation/metadata about correct invocation - that is not only necessary for interoperability with Rust (or anything else that checks correctness, for that matter), but also independently something that should already be there for those developing against the APIs in C. It is an omission in the C code in and of itself, the Rust integration just made it harder to ignore the problem.
You probably should be blaming the websites in question, not the EU. The vast majority of those nag-walls aren't even GDPR-compliant, because their sole purpose is to bully you into giving 'false consent' (which does not count as consent under the GDPR).
A website that handles your data legitimately does not even need such a nag-wall, because legitimate purposes are already automatically allowed. The only reason these sites show you such a wall, is because they're trying to use your data for sketchy purposes.
There's a difference between bringing it up as a defense in and of itself, vs. bringing it up as a reason to reject extradition; it certainly *is* true that the US is extremely ill-equipped to deal with neurodiverse folks, and that prosecution there would result in an even more 'cruel and unusual' punishment than usual.
If I'm not misremembering, that's precisely what applied in McKinnon's case and various other cases. "Autism" wasn't an argument to defend the action, but rather an argument against extradition to the US specifically.
Lee is outright lying. The infrastructure for Freenode was provided by sponsors, not by him, and there were no expenses to finance.
When Lee says that he was putting money "into Freenode", what he really means is that he was putting money into Freenode Limited, a company which he *also* owns and controls, and which had no operational relationship with the IRC network - it was used for organizing a conference.
Until recently, he had - despite his claims to the contrary - no access to the infrastructure at all.
That's essentially just reinventing Certificate Transparency, except less scalable, more expensive, and less reliable.
Seriously, blockchains are totally useless solutions for 99.99% of cases. For almost everything, there are better non-blockchain solutions. Virtually the only thing that blockchains are actually *good* for are... you guessed it... trustless financial transactions.
There's a very good reason MongoDB doesn't make it secure by default. MongoDB is a clusterfuck from a technical perspective, and the only reason it's as popular as it is, is because they've succeeded at making it *look* simple (by sweeping half the concerns of database management under the carpet).
Incidentally, this is the same reason that users tend to switch to other database over time... because as it turns out, those concerns weren't optional after all, and now they have to suffer the consequences of ignoring them upfront.
But this is precisely why MongoDB can't really make it secure by default - this would make it appear less simple upfront, and thereby tarnish their only real selling point.
Except there are cases where you can inject nested JSON data into a MongoDB query (with potentially destructive consequences) just like you would inject directives into an SQL query. It doesn't "remove a whole class of vulnerabilities", it just changes the parameters.
Fundamentally "NoSQL" is a meaningless buzzword, and schemaless document stores are *not* an alternative to relational schemaful database systems. They are different toolsets that solve different problems. You can't meaningfully replace one with the other.
Yeah, that's what we tried first. Then Impero ignored the e-mail disclosure.
Perhaps your ire should be aimed at Impero, given that they have been non-responsive to disclosure, lying (or at best, being incompetently misinformed) about the degree of patched-ness of their code, and most of all, developing software to *spy on kids*.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
