* Posts by springsmarty

23 publicly visible posts • joined 21 Apr 2016

US senator claims UnitedHealth's CEO, board appointed 'unqualified' CISO

springsmarty

Re: CISO == Scapegoat (Traditionally)

The CEO and board constantly balance perceived costs against perceived benefits and risks. Perhaps the scale of the risks were not well understood at the board level, making it easier to dismiss pleas for better tooling and procedures. Unfortunately, the risks were borne by far more than UHG, but UHG was only weighing *their* costs and risks. Hopefully this will cause other organizations to place more emphasis on the risks of attackers, allowing them to spend more appropriately on security.

Apple finally pro giving Pro iPads these Pro apps

springsmarty

What does Pro mean to you?

I should probably not be surprised that online personalities who edit media constantly equate “Pro” with “media editing.” It is as if they honestly believe that media editors are the only professionals using computing hardware.

Back-to-office mandates won't work, says Salesforce's Benioff

springsmarty

I took a new position at a company in 2020. My entire team was built out during COVID. Because of COVID, we did not restrict hiring to candidates who lived near an office. Right now, 80% of the team lives more than several hours from one of our offices. A return to work mandate would be impossible without relocating most of the team.

Comcast to impose 1.2TB-a-month broadband download limits across more of America from next year

springsmarty

In Colorado, $120 / month for 1000/40 with no caps from Comcast.

The GIMP turns 25 and promises to carry on being the FOSS not-Photoshop

springsmarty

Re: I found the learning curve

I always struggled with GIMP, deciding that it’s learning curve is the graphical equivalent of vi (which I love). I am reminded of a quote about vi:

“It is a great place to live, but I would not want to visit there.”

Never mind record revenue and profit, the churn must go on: Salesforce trims workforce day after bumper results

springsmarty

Re: companies aren't monoliths

That’s a good point about cost containment. At the same time, there could be unintended consequences. In particular, Salesforce needs to be careful about what it telegraphs to future acquisition targets in terms of employment stability.

EU aviation wonks give all-electric training aeroplane the green light – but noob pilots only have 50 mins before they have to land it

springsmarty

Re: The silence of the lands

This is a classic disruptive technology per the book Innovator’s Dilemma. One application of a new technology is identified, in this case probably to reduce noise where noise is a pressing concern. The old guard immediately notes that the technology will not work in all use cases, so it is therefore pointless. Meanwhile, the technology continues to mature and find new uses until the old technology eventually becomes obsolete. I don’t know if electric aircraft will eventually take over the world, but I was equally skeptical of electric cars initially, yet now I drive one.

So many technologies went through a similar path. Just in the past 10 years we saw SSDs emerge in niche areas, while the old guard proclaimed loudly that the tech could not replace disk drives: too expensive, too unreliable, not dense enough. Yet here we are now, with SSDs displacing spindles for all but a few storage edge cases.

EU declares it'll Make USB-C Great Again™. You hear that, Apple?

springsmarty

Re: connector not the only issue

I have always been very careful with my cables, but the lightning cable in my car for CarPlay only lasts a few months before needing a replacement. I chalk it up to all of the flexing that happens when I plug it in, set the phone in the car phone holder, pick it up for some reason, set it back down, hand it to the passenger to look up something, unplug it when I step out of the car, etc.

Sleeping Tesla driver wonders why his car ploughed into 11 traffic cones on a motorway

springsmarty

I have been guilty of the same

I regularly drive a Nissan LEAF with ProPilot during a 51 mile commute on an interstate highway. My car is terrible in the edge lanes (far left or far right) because that’s where weird stuff happens. In particular, on-ramps, off-ramps, and lane closures confuse the system. The system works very well when in a middle lane (and there is no construction).

One morning I was sleepy and accidentally nodded off in the middle lane, snapping back awake five miles later. Fortunately, nothing happened.

Sitting pretty in IPv4 land? Look, you're gonna have to talk to IPv6 at some stage

springsmarty

Re: Never!

Learning from history is not a part of the IPv6 spec.

That's the most insightful sentence in this discussion.

Servers crashed and burned. So, Qualcomm's back to Ctrl-C, Ctrl-V'ing Arm cores into phones

springsmarty

Re: "and struggling to make its NXP acquisition fly"

High-tech acquisitions are the topic of my dissertation, and you are correct that they often look bad after the fact. But, how well would the individual companies have fared if the acquisition never happened? We will never know. Often, these mergers happen when one or more of the firms faces a bleak (or at least not-so-bright) future, so maybe the results would have been worse without the acquisition. In truth, no one knows.

Anyone fancy testing the 'unlimited' drive writes claim on Nimbus Data's 100TB whopper SSD?

springsmarty

If my math is right, at 500 MB/s for a 100TB drive, the fastest you can feed it is less than half a drive write per day. If the flash can handle even one drive write per day, then you will never exceed that. So it really is unlimited.

ServiceNow plans non-devs writing non-code for real enterprise apps

springsmarty

Codeless makes sense in some cases

Cherwell (a ServiceNow competitor) has been doing codeless automation since day one and there is a reason for it. Since the codeless framework is not Turing Complete (and never will be), there are strict boundaries to what can be done. At the same time, this grossly simplifies upgrades. Upgrading a system with Turing Complete (i.e. code) extensions is a nightmare.

This easy one cloud trick is in DANGER. Why?

springsmarty

Re: Maybe...

> Maybe a quicker alternative would be to turn off the system you want to move to the cloud and see who (or what) complains!

I hope that was an attempt at humor. I spent the better part of a decade leading a production support team that had to manage thousands of legacy and new apps. Invariably someone would float that suggestion, with the presumption that any critical failures would be immediately visible. This is simply not true often enough to be reliable. In one case a SOX process was archiving data to assist in yearly compliance attestation. Turning it off could be quite a problem, but not for up to a year. Don't ever shut down a process to see who complains. Ever.

Softbank tears off chunk of ARM, feeds it to hungry Saudis

springsmarty

Maybe ARM will add staff

> given that the usual consequence of a buyout tends to be staff cuts as new owners seek maximum financial returns ASAP

Not necessarily. Many of the tech acquisitions over the past 15 years are about acquiring innovative capability. Companies are buying the skills and culture, not the products. At least that's a premise of my dissertation on the topic.

Comcast is the honey badger of ISPs – injects pop-ups into browsers, doesn't give a fsck

springsmarty

I have no graceful way to moderate traffic

TCP/IP just wasn't meant to be metered and this post is just me venting. Comcast claims my home uses 1.8 TB per month and that is more than 99% of their customers. I have no easy way to verify either claim. I have a lot of tech, three teenage boys, my spouse, and me in this home.

I called them and asked how I am supposed to comply. They asked what I am doing to use the internet. Do I game? No, but my three boys do. Do I watch Netflix or YouTube? Occasionally and the rest of my family does. Where is the data going? Is it Evernote updating multiple instances? Is it because if TiVo updates? Is it because I stream audio from my server? Is it Windows updates of multiple machines? Is it WebEx I use because I work from home? Is it synchronizing corporate email?

Just dropping this new cap on my home and telling me that it's OK because they made a data meter available is complete crap.

AWS to launch Aurora service for PostgreSQL at re:Invent – report

springsmarty

I haven't used PG in production for some time, but it did have limits. One is how MVCC is handled. Oracle historically kept pre-change copies of the table data in rollback segments and freed them on commit (actually after the final active SELECT finished after commit). PG took the approach of leaving pre-change copies in place, then marking them free after commit (again, after the final SELECT).

The Oracle approach kept only one version of the table data in the table space, but was slower for changes since any change required copying the modified blocks to the rollback segments. SELECTs against data being changed were also horribly slow since the query had to traverse the rollback segments. Finally, rollbacks were slow since the data had to be copied back from the rollback segment.

Since PG kept all versions of table data in then table space, it did not suffer any of the Oracle disadvantages, but it had the effect of every change leaving holes in the table space and causing the table space to grow without bound. To "fix" the holes, an occasional VACUUM command would be run which coalesced the data.

Each approach has advantages and disadvantages.

Origin of the beasties: Mirai botnet missing link revealed as DVR player

springsmarty

Re: Does it matter?

I'm pretty sure that most if not all IPv6 implementations have a default inbound firewall. NAT really does little or nothing in terms of adding security.

Microsoft boffins: Who needs Intel CPUs when you've got FPGAs?

springsmarty

Can they context-switch?

I would imagine that the FPGA will need to perform context switches before they can be exposed to applications, else only one application at a time could use them. Do GPUs also suffer this limitation? I really don't know.

Your wget is broken and should DIE, dev tells Microsoft

springsmarty

Re: They are quick to shutter services

> No one other than testimonials will use PowerMeh! in Linux because there is no god-damn point to it in the first place!

Disagree. From time to time I need to maintain some stuff in Azure via Powershell, and up until now I had to keep a Windows VM instance just for that.

Is security keeping pace with continuous delivery?

springsmarty

Coming from a Mode 1 ITSM world, the idea of continuous delivery seems terrifying. I spent a lot of time in operations reconstructing past events for audits, and changes complicated that process. If there is no graceful way to reconstruct the state of the system in the past, then that aspect of compliance (security or otherwise), goes out the window.

When I worked for a large credit card issuer, a defect (code, disclosure, parameter, whatever) could be discovered months later (sometimes after someone complained to a regulatory agency) and my task was to answer how many cardholders were impacted when in what way, performing research across dozens of subsystems. How on earth could anyone do that in a continuous delivery environment?

Your mission, should you accept it, is to use cheap VMs before they self-destruct

springsmarty

Re: "And which Google can shut down at any moment of its choosing."

Any application that responds well to nuke-and-pave provisioning, is highly parallelizable, and has relaxed latency requirements would be a good fit here, such as a SETI-at-home type of project, or a huge Hadoop query.

SpectraLogic debuts big, bad exabyte-tastic temple of tape

springsmarty

Must be a Boulder thing

IBM had its tape operations in/near Boulder. The key engineers left to nearby Louisville to form StorageTek, which made those huge mainframe tape robots. In the meantime, Exabyte was making 8mm helical drives in Boulder. Since then, SpectraLogic has appeared in Boulder with its own robots.

Spectra is in the Gunbarrel area of Boulder, merely a few blocks from IBM's campus that started it all.

This must be a Boulder thing.