Posts by Lorribot

Would be good to know how many patches are distributed to some of the key Linux distro each year as a comparison to Windows and MacOS.

The waters are some what muddied by the haphazard release as soon as it is ready nature of Linux Distro patching so it is not the big event it is for propriety OSes that only release once a month.

From my own experience it is likely to be im the same ball park number wise as Windows, i am sure there will be much debate over severity and otherwise and arguments over what counts (If you count Edge on Windows should also count Chrome, Firefox or what ever comes installed by default on the distro?).

Unfortunately I don't see The Register actually providing this sort of public service factual information when they can keep peddling the red top Windows is the devil and Linux is godly stuff.

Intel buys McAfee....

We will bake security right in to the processors... McAfee style.... Intel sells McAfee, Intel fails miserably to make anything secure baked in or otherwise.

So many holes, so much patching.

Sorry but where is the problem?

If all those companies that include FOSS, like log4J, in their products, where suddenly held accountable for the security of said software, they would then need to provide funds to support said FOSS and get it certificated.

Yes I get complete solutions such as Gimp or Libra Office may struggle, but this would only be in the corporate space where usage is limited anyway.

Instead of thinking this is a bad thing, think of it as an opportunity to get those that have been living off the back of FOSS to actually contribute to the security and support of the product.

New Oracle licencing model....

You now have buy a licence for everyone on the planet because you could employ any one of them, so just in case.....

Have two or three of those conversation every week. Oh for handy ceiling mounted projector.

Other bug bear is the amount of PowerPoint presentations I watch where the presenter (sometimes also known as the Communications director) does not know there is a presentation mode (its the one with out the slide thumbnails listed down the left hand side of screen and does not have a toolbar), shows it in notes mode or only has one slide, which is better than 24 slide, each of which has the text of the presentation on it , which the presenter then reads at half the speed I do.......

Why do so many people that hate Microsoft use their software?

I get at work you have no option but for home use?

Please jump ship to Mac (then you can complain about Apple) or Linux so you gloat about how you made the change and never looked back/FOSS is just as good as that MS BS software etc or just do the rest of us a favour and never read any post on The Register about MS or its software. (feel free to complain about Oracle, Google, BT/Openreach etc even if you never use thier services)

Android had 50 flaws that needed patching. I assume this does not include all the unsupported versions of Android still out there on half the 5 bazillion Android devices, also may take a while for you OEM/Vendor to release said patches, creating a small window of opportunity.

Adobe has just 6 or 7 apps and still managed 29 flaws patched.

Makes MS's 96 across it's OS and much larger range of applications seem quite reasonable.

"I believe a fair bit of the blame can be laid at the feet of developers, but this sort of thing may not be part of their core competency"

never was truer word said.

Security needs to be a core competency, but interviews for high skill jobs are just a self fulfilling prophecy in that you get you developer to interview the next developer and so on, and if that skill set or you SecOps/InfoSec dude is not on the interview panel it is unlikely any security competency questions will be asked, but then how many Info sec people understand programming enough to be able to ask relevant questions? "this sort of thing may not be part of their core competency"

"entry-level engineers with up to two years of experience"

Could some explain what these mythical engineers are engineering?

No where in this piece does it say. Are they software/hardware/Data/application/OS or some other type of engineer that thinks a slide rule is for measuring slides?

This is just a clickbait story with big numbers and no real context or content.

They missed it by 30 years

BT offered to fibre up the country if they could sell services back when Cable TV became a thing (90s?), however the Thatcher Government of the time wanted the fledgling cable companies to get started to create competition, so it has taken 30 years for the country to start getting fibre and all those cable TV companies are now called Virgin and it still only cover about 10% of the country.

This is what happens when governments interfere with markets and artificially create competition.

Also are al those small companies obliged to allow other companies to resell internet on their fibre?

I have never lived anywhere where I had a choice for internet, be that LLU or different wires/cable. It has always been BT/Openreach and the speed/service is always been the same whoever was (re)selling it to me.

On some new housing estates near me they have HyperOptic because BT was taking forever to get anything other than ADSL set up. No one else is doing anything to get my money so it is OR i am with.

All the small companies had their chance to be nimble, get in to all the new housing estates being built, target areas where ADSL or FTTC is appalling poor, I had 13/0.5Mb on FTTC and latency that went as high as 3000ms regularly due distance and old cables, the first company to lay fibre to my door got my money, that was OR, so frankly those small companies have missed the boat that was docked, waiting for them for 30 years.

it was on a bus....

Now we are no longer part of the EU thanks to Brexit can some one in the UK actually sue Meta on the same basis given that GDPR rules are exactly the same here still?

Just to give their lawyers something else to think about and I am sure the treasury can find something useful to do with £350M since we seem to have lost that down the back of the sofa since Brexit.

Pie in the Sky

American based companies treating the rest of the world the same as America?

My, what wishful thinking that is, most US companies can't even get it in their heads that 95% of the world's population do not use their messed up date format and have the decency to put the month as word rather numbers. But we (RoW) are not important to US based companies, we are there just cash cows to them as we have no bite, not even the EU could get Mark Z over to explain stuff, the UK would have no hope of imposing anything on the likes of FB, Google or MS.

Flash, aaaaaa, Saviour of the universe!

Ahh.. Optane, saviour of the universe....

Intel over hyped, delayed delivery, then under delivered and over priced.

They got away with it on their CPUs for years as no competition, but in the storage space there was always more agile faster developing competitors with cheaper solutions.

Intel has done the same with GPUs, though their pricing is better, just delivered 12 months too late.

They should licence the tech and see what other can do with it as it is basically a good product, just needs a better company to develop it.

Ah the joys of Licensing.

The licensee will rarely win as they didn't right or read the EULA and these things are never favourable to commonsense. Qualcomm has gotten very rich of using ARM IP. It could always design its own chips r move to RISC-v or some other IP, but i dare say that would be a tad difficult and very expensive, more than ARM licence fees.

Whilst I agree MS is busy shooting itself in the foot and leaving the door wide open for Linux, I feel that the Linux ecosystem is not joined up enough, cohesive enough and way to splintered to actually take advantage, Debian has been a mainstay of stability upon which the likes of Ubuntu have built a good ecosystem but your still have differences of opinion about the direction even Debian should take let alone the rest of the distros that can't even decide which desktop to use, why would anyone "buy into" something that even the providers can not agree upon ro may not even be around in a year or two let alone get any security fixes?

Linux is not ever going to the future of the masses as it is built by geeks for geeks, not for their parents and grand parents.

The future in the consumer market will be fought over by Apple MacOS/IOS (if it can be bothered) and Google Chrome/Android.

In the business market there too much other stuff going on for the next 10 year (some minor security stuff, move to cloud and many outer TLAs that may o may not yet be around to worry about moving its user base wholesale over to a new desktop OS (+cost for qualified device replacement) when they need to have training because someone changed the layout of a menu. If it were to jump many woudl go for Apple and MacOS rather than Linux and we could just end up with the same situation (and Companies) we have in the phone market.

Waiting for the enevitable

Current Arc is a first Gen get it out the door model. in that light it is a good starter for 10, Intel will iterate and get better quickly.

Nivida seems to have missed a few pointers. They are competing with consoles that cost about $400 all in, why would spend $900 on just a graphics card and then all the supporting hardware? only people that can afford these things are overpaid or Youtubers who get them for free.

PC shipments are starting to tank and there is no Crypto mining to support card shipments, Nvidia also have a massive surplus stock of the last model left to shift. Nvidia's answer to raise prices even further on the new model to help support the prices of the old model, but each sale of a 3000 is someone not buying the newer model. They are also cheating/lying on model names so they can again overcharge.

This started with the 2000 models that were around 20% over priced continued with the 3000 which was supported by excess demand and is now just running out of control.

Along with the excessive power requirements (add a new $300 PSU) and the loss of FVGA highlighting their poor partner practices, it feels like Nvidia's house of cards is teetering towards collapse in a perfect storm. Just needs AMD to come in low and hard for knock out blow.

Maybe ARM will buy Nvidia.......

No surprises

C-level execs reading licencing terms, seems a tad improbable to me. Most Licencing managers don't read them as they are too impenetrable and convoluted and most have terminology that means something different to what you understand. What is even worse if you ask a software vendor if something is allowed they will say read the licence, its like they don't even understand their own licencing or at least not confident they wouldn't tell you something untrue.

Then there is those that get with decent simple licencing and then once you are locked in change the terms to be more favourable to them.

It is also support contracts for software that is Open source, Red Hat is not particularly nice.

Then there is anything owned by Oracle like Java, you have licenced this in your environment as it came bundled in with some other software you bought and some dev thought it was free.

Its a SQL server not a web server

Might just be me but "a Fargo attack starts with the SQL Server process on a compromised machine being used to download a .net file via the cmd.exe and powershell.exe consoles" would seem to indicate that the best course of action is to not allow your SQL servers access to anything on the internet.

I am sure someone will point me to a valid reason but personally I am at a loss.

Now Google will know how excited you are at receiving those adverts for those heart pills you didn't know you needed since you forgot to opt out of the NHS giving Google all its data.

The attitude of some of the posters herein is exactly the reason why Linux will never be suitable as an OS for all, as newbies are often met by this sort of attitude when trying to find information.

People range from "plain stupid" through "ambivalent" to "know enough to be dangerous" and then on up to the posters levels of skill, caring and knowledge.

Unfortunately 90% of the world falls in to the first three categories and these people need to be protected from themselves, saying stupid people get what they deserve is at best condescending and shameful and at worst sneering and smug, it helps no one.

Every compromised device has the potential to be used against you and the services you use to destroy your life or business, it is us against them why do we fight so much amongst ourselves?

Will you still say they are stupid when your lights go out, bank collapses or the hospital is closed just when you need it because you were busy being smug?

The fact that all Chromium based browsers were blocked. Likely it was calling home to Google, suggests that not even Microsoft can get all the Googleness out of Chromium, what hope the likes of Brave, Vivaldi et al?

Another reason to use Firefox.

There are other options that could make you happy, you just have to take the first step

For those that hate Windows, its updates and MS generally stop using it and move to MacOS, find a Linux Distro that works for you or even sell your soul to ChromeOS.

Then you can feel smug about your choice as you have done something positive and you can get on with your life and manually patch when ever you feel like it if you even think it is a requirement.

Be happy that at least on PCs you have several choices that can fit any pocket and any personal security requirements you may have unlike mobile phones.

Software is flakey and full of holes, get over it

While this a good thing as an aim, it will fail as it does not address the many issues with software development.

First you attest your software is developed with CIST, what about all the libraries and bits and bobs you have half inched from the FOSS world? Do you have to attest to them (Log4J anyone?).

Does this mean the project will be twice as long as we re-invent the wheel to ensure code security and can attest its security?

How long will that last when all these projects start to fail because of cost and time overruns so they stay where we are on 20 year old software code as it is too difficult to move on?

What starts as good idea.......

Whilst all FOSS is created equal, they do not evolve equally, something to bear in mind when you bet your company on it for those technical reasons the boss/bill payer will never understand but will still support because he pays you so much money you must know what you are talking about.

Having made a punt on some software only to see it stagnate and finding migration to a different product convoluted at best or impossible at worst, I know these decisions can bite you hard down the road as you struggle support an old out of date and hopeless product.

Anyone that has had to manage backups, archiving or financial software or email systems will know that your are effectively stuck once you make a choice, how many people will move away from SAP gouges its customers again? These things are never easy or simple or cheap to move away from.

i don't think the client devices (including phones and MacOS and other OSes) will be as badly affected as the servers, these may have transactional time stamps that may have legal consequences if they are incorrect.

And don't forget all those IoT devices that may end doing weird stuff on not sending their spy data off to Samsung correctly, god it could be really bad.

Personally.....

Normally when you tick a box that makes something go away it disappears, but not in MS start menu, you can turn off recommendations but you still have the word Recommendations and the some text explaining you can add it back, taking up a third of the start menu for no benefit.

They just don't get I want gone to mean gone, not hanging round like a bad smell to remind you they know better. They whole thing is a mistake like windows 8 and should be backed out.

The central position is useful if you have an Ultrawide screen but not so useful for the other 99% of Windows users.

And why is there no real customisation and removing basic functionality like having the tool bar where you like? It all feels half finished.

Feedback seems to work about as well as complaining to BT.

I wonder what SEG rate they got for the 10kWh they fed in to the Grid, Best at the moment is 7.5p unless you have a Tesla powerwall then it is 10p. Would be nice given all price increases that the energy people actually upped the SEG a bit.

"our systems can now understand the notion of consensus, which is when multiple high-quality sources on the web all agree on the same fact"

would it not be better to just give Wikipedia a large wedge of loose change and just use them for all factual questions? Would actually mean Google doing something useful for the rest of humanity (ie all non share holders or the other 7billion people in the world.

Intel are the problem

There are a number of things here.

It was developed by Intel, they have not got a clue how to talk to people, so they dumb stuff down and sell Optane as hard disk replacement (this is the first time I have seen a proper explanation of what was intended). They over promise (I remember 1000x faster that current disks). They develop stuff so slowly (discrete graphics cards anyone) they get bypassed by more mature technology by the time they get it to market (NAND just got faster and cheaper, they just had an SSD that had no USP) and the DIMM stuff just didn't turn up any time soon, was almost as expensive as RAM (which keeps dropping in price) and only ones that could afford it were enterprise and they didn't see the benefit of persistent middle tier storage that complicated things as servers are always on. They were the only ones selling it.

If they could have been at least price competitive with or at least 5x faster that NAND then they may have been able to make a case for it, or licenced it out to HP on the cheap to develop systems to support it say alongside SAP or some of those big Oak ridge super computers, no wait they screwed that relationship with Itanium another good idea looking for a problem to solve.

No one else concerned that one of the most widely used SSH tools was hosted on such an elderly beast of a system? One would worry about the security of such an installation.

It is also a good example of just because you can doesn't mean you should.

I appreciate some people get attached to things like vintage cars, but they generally don't use them as daily drivers even if they have been patched and modified, migrating to some new hardware or virtual environment and fresh install of an up to date OS would seem the most prudent way forward.

Used NFS once because I needed a target for a bit of dumb kit that would only backup its config to an NFS share. Simple to set up and do and worked. I then uninstall the feature form the server and never used it again. Anything worth using will support FTP if nothing else so we just use that and TFTP for these sorts of things.

If you don't install the feature you won't see the problem, however it is a timely reminder that you should always patch your system after installing any feature.

And just for balance, Samba has had its fair share of woes over the years and can be a real pain to implement on some Nix a like systems and for that reason we just use FTP for file transfers.

For most moving off of VMware to anything other than cloud based hosting would be very difficult due to the number of systems that integrate in such as Backups, which those of us that actually do manage this stuff have to maintain. Bear in mind that if you keep your backups for any length of time, such years, you will need to maintain a recovery environment, personally we only keep 3 months so not the end of the world but would need to find a product comparable to Veeam for any of these solutions.

Also we are using HCI with VSAN so no separate storage, we would therefore need to set up all that stuff as well, would be expensive, as you don't mention anything that is comparable in this gloss over. We also use NSX and virtual networking is also not mentioned so may be addition cost add on and complexity to move.

Hyper-v is free for most people as they probably already have per core Datacenter licences on their hosts for Windows, unless you are heavy in to Linux guests then this is probably the way most would go.

Having spent almost a year migrating 500 servers from an NSX-v platform to an NSX-t one and juggling the business requirements, other projects' needs and down time etc on what was relatively simple process, moving to another completely different platform would not be joyful or quick experience.

To me this is a case of Broadcom buying something at the peak of its value, most people in medium to large sized businesses are moving to hybrid hosting ahead of a move to cloud, solutions that offer this as a reasonable simple migration path are going to be the winners especially as hardware starts to get replaced and if Broadcom do a Broadcom and stuff it up, Microsofts Azure Stack HCI seems to offer this kind of path so would be a likely first choice for many even if like most Register readers you hate Microsoft they may just have the smoothest path when you have to deal with all those technology people that are not technology people in the business.