* Posts by cs9

44 publicly visible posts • joined 22 Dec 2017

Anatomy of OpenBSD's OpenSMTPD hijack hole: How a malicious sender address can lead to remote pwnage


OpenBSD: over 2 days without a trivially exploited remote root vulnerability

Give the developers a break they were blinded by light reflected off their tinfoil hats when they wrote that code.

BT adopts Ubuntu OpenStack as core brains for its 5G, fibre-to-the-premises rollout


OpenStack is a dumpster fire

Why on earth aren't they moving to a real cloud?

FTC fines Facebook $5bn for making users believe they actually had control over their data


Record fines aside --

It's still more profitable for FB to pay the fines and keep mining gold out of that data. Business as usual expected to continue.

Oh dear. Secret Huawei enterprise router snoop 'backdoor' was Telnet service, sighs Vodafone



MSFT ships Telnet -- ****ing morons! How dare they! Don't the realize this is 2019 and there is positively no reason to be using Telnet like it's still the 90s!

Huawei ships Telnet -- carry on, then! Let me explain in my most patronizing tone how Telnet is really no big deal and everyone should be using it in 2019.

Signed -- Reg readers.

CLOUDERA gets all SHOUTY about rebrand: SMASHES capslock, but easy on the elephants


The kicker is....

This logo update is probably the most interesting news you're going to get out of Dataworks.

Typescript, PostgreSQL and Visual Studio Code all get slathered with a little Microsoft lovin'


Re: Decepticons, move out.

Open source Skype? Must have been before my time.

The D in SystemD stands for Dammmit... Security holes found in much-adored Linux toolkit


It could be worse, we could be running Slackware.

I like systemd, makes what I do easier. It has its problems but I wouldn't go back to the past despite them. Patching is something you've got to do monthly if not more frequently anyway, the bug is in systemd or outside of, makes little difference. Adopting Devuan or Slackware or BSD or something is like cutting off your hands because you're tired of trimming your nails every so often. Not anon for this, smash that downvote button if it makes you feel better.

Come buy our kick-aaS products! Pretty please, says HPE boss man Neri


Re: Customers

"Wall Street really loves consumption models. If all customers loved consumption models then something like Reserved Instances wouldn’t exist"

A bit like responding to the statement of "consumers love shoes" with saying "No! Wall street loves shoes! If consumers loved shoes, something like gloves wouldn't exist!"

Hortonworks faces sueball over Cloudera merger


Re: Violates SEC rules

I'd say Horton is AOL to Cloudera's Google. Take the money and run, Alex.

Fed up with cloud giants ripping off its database, MongoDB forks new 'open-source license'


Re: The new license makes it much easier for them to litigate and win

The new license tactic Mongo is trying is viral to the software deploying the MongoDB code in a way the AGPL is not. The essential viral element of AGPL is that you cannot improve the product privately within the private boundaries of your service. AGPL is not triggered if you don't improve the AGPL product.

Example: Currently you can buy MongoDB on AWS (that is the product's name) which is plain vanilla unmodified MongoDB hosted and managed for you by Amazon and you pay Amazon by the hour. MongoDB the company sees not a dime of this, it all goes to Amazon. Amazon is in complete compliance with the AGPL, they are not touching the codebase so there is nothing to contribute back. This diverts quite a bit of business away from MongoDB Atlas, the cloud product developed and maintained by MongoDB the company.

Now the SSPL:

"What's different is Section 13, which says that if you offer SSPL software as a service, you have to make available not only the software source code and modifications, if any, but also the source code of the applications used to run the service."

Amazon's product is mostly driven by CloudFormation and MongoDB may attempt to make a case that if Amazon continues to offer the product "MongoDB on AWS", they must also provide the source code to CloudFormation, something Amazon certainly will not do.

Whether this is the intent or whether SSPL is enforceable in this way -- I don't know. The question about boundaries is a good one and I'm sure there are plenty of other practical challenges to enforcing this license. For practical purposes though MongoDB will attempt to enter into a licensing agreement with Amazon and the other clouds to allow them to continue offering the products as-is using the SSPL as an implicit threat.

It also seems clear that this will be a growing trend among the open source players and we can expect similar moves from companies like Elastic, Databricks, and anyone else whose work earns Amazon boatloads of money for little or no effort.

Cisco Webex meltdown caused by script that nuked its host VMs


WebEx? More like Web Ex

This is one of those times you find out if an organization is truly committed to the blameless postmortem.

Mozilla changes Firefox policy from ‘do not track’ to ‘will not track’


Your move, Roy

Remember when IE10 set DNT on by default and the Apache maintainers, led by Roy Fielding, responded by ignoring DNT altogether on IE10 whether the user explicitly set it or not? Yeah good times. The Apache team is going to need to think very creatively about how to undermine this move.

Redis has a license to kill: Open-source database maker takes some code proprietary


The AGPL is not an effective way to stop Amazon from leeching your software, MongoDB on AWS is just one example, they don't modify it they just host it and charge you for it, there's nothing to give back. And AWS is making mad money on Elasticache. It was the launch of Redis/Elasticache that put Redis Labs in such dire straits to begin with, AWS is making millions per year on Redis and Redis Labs saw its user base go up in smoke almost overnight.

This move isn't about trying to shame AWS into giving back -- that will never happen -- this is a company trying to figure out some way to keep the lights on.

It may be poor man's Photoshop, but GIMP casts a Long Shadow with latest update


I tried GIMP once. It's still stuck at the startup screen. Unfortunately there's no "joking but sort-of-not-joking" icon.

Rimini Street slapped with ban in Oracle copyright dispute


The CEO lied, but wasn't willing to lie under oath

"In that judgment, Judge Hicks notes that up until the trial, Rimini Street denied any infringement and specifically the charge of cross-use of the software. At the trial Ravin admitted that there had been occasions of cross-use"

Looks like the game here is to steal what you can while you can and disburse as much of the proceeds to yourself before the law shuts it down -- but don't risk putting yourself behind bars. Sounds like a real stand-up guy.

Oldest swinger in town, Slackware, notches up a quarter of a century


First distro here as well

I had the Walnut Creek CD-ROM distro of Slackware 3.0 and I remember doing many an install. Ah yes the good old days of needing to edit XF86Config to get X Windows running in larger than 640x480. Nostalgic? No I don't think that's quite the word. Learned an awful lot though, well worth the trouble.

Notes/Domino is alive! Second beta of version 10 is imminent


Never used Notes

Never used Notes, I'm only aware of it due to its iconic status as industry laughingstock. I'm sure it will be a hit with the Node.js hipsters though.

AAAAAAAAAA! You'll scream when you see how easy it is to pwn unpatched HPE servers



BTW you don't need to send As

Anything other than a zero byte will do."


IT Guy 1: "Management just bought more HP servers"


IBM wins five-year whole-of-government deal with Australia


The world's turned upside down

Correction to the editors: The deal was actually with IBM's .au subsidiary, ɯqᴉ.

Things that make you go hmmm: Do crypto key servers violate GDPR?


Blockchains illegal in EU

Send all your bitcoins to me or face immediate arrest

Tintri terminates 200 staff, cash set to run dry in a couple of days


Re: Soo...

They had a top notch underwriting team, making this flameout even more remarkable.

Morgan Stanley was lead underwiter with BoA, Merrill and 5 other reputable names pitching in. Amazing.


Chrome sends old Macs on permanent Safari: Browser bricks itself


Re: So we've started downvoting amfm

Maybe the guy who runs the AMFM bot enlisted an army of downvoting bots to further blur the edges of reality?

Serverless Computing London: Agenda is live



"The owner of serverlesscomputing.london has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website."

This some obscure sub-bullet of GDPR or something?

Atari accuses El Reg of professional trolling and making stuff up. Welp, here's the interview tape for you to decide...


Apology accepted

^^ Title

Low AI rollout caused by dumb, fashion-victim management – Gartner


Re: Over-hyped, over-paid and over here

"I would only buy an electric car if it had an "autopilot" capable of fully autonomous driving."

Didn't you hear? Musky promised that fully autonomous driving is going to be delivered via an over-the-air update in August of this year. No word on if the system will finally be able to detect stationary objects or not. Perhaps they found a way to send out new hardware over the air as well. More apt then ever "your mileage may vary".

First A380 flown in anger to be broken up for parts


Plenty of parts to go around

Thanks to the 4 full engines, twice as many as a modern airliner needs.

IBM's Watson Health wing left looking poorly after 'massive' layoffs


Let's not forget the Watson / MD Anderson fiasco

With the disaster known as the MD Anderson Oncology Expert Advisor, axing these clowns was a no-brainer.

Let's recap that diaster:

1. $62.1 million total cost

2. Contract extended 12 times when IBM continually failed to meet their goals

3. Can't even talk to their relevant data systems

4. 'The Oncology Expert Advisor "is not ready for human investigational or clinical use, and its use in the treatment of patients is prohibited," reads the audit report,'

Worth the read: https://www.medscape.com/viewarticle/876070

Braking news: Tesla preps firmware fling to 'fix' Model 3's inability to stop in time


More importantly though...

How's that "concrete barrier / not concrete barrier" firmware update coming along?

If you're a Fedora fanboi, this latest release might break your heart a little


Nobody cares, no film at 11

But Scott does appear to be a shoo-in to be elected head of the RMS fan club.

Facebook confesses: Buckle up, there's plenty more privacy lapses where that came from


Cambridge who now?

The fact that Cambridge Anal. is still in the discussion is a major victory for FB. In most industries, blaming your scandals on your customers just wouldn't fly.

NetHack to drop support for floppy disks, Amiga, 16-bit DOS and OS/2


Install Unity to play the browser version, which is free up to 300 feet, after that insert $10 to continue?

Even EA is not that shameless.

Do I have to pay for inventory slots too?

Who will fix our Internal Banking Mess? TSB hires IBM amid online banking woes


Echo the sentiment about Brooks's Law, but I believe this is actually Ginni's corollary:

"Adding IBM resources to a PR disaster makes it more of a PR disaster"

Watchdog growls at Tesla for spilling death crash details: 'Autopilot on, hands off wheel'


Did your Tesla kill you? You were "holding it wrong"

"Your car just drove into a crash barrier at full speed while under autopilot and killed the driver"

Tesla: "Other people have used Autopilot there and not died. So there!"

Tesla: "(leaking to the press in continued damage-control mode): The guy didn't have his hands on the wheel! His fault! Autopilot? It's not auto or a pilot, where'd you get an idea like that???"

The only thing we know with certainty about this incident is that Tesla doesn't give a shit about anything but their share price. The driver is just an idiot who was "holding it wrong". Their Autopilot is great and 99.9999% probably won't kill you and if it does you shouldn't have been using it in the first place. Exceptionally crass behavior from front to back.

Tesla crash investigation causes dip in 'leccycar firm's share price


I have the pleasure of sitting in this traffic everyday. This bit of road is unusual in that there is a left exit onto a separate freeway (bear in mind we drive on the correct side of the road here). The car drove full speed into the separator you can see here:


From this point of view it almost looks like just another lane until suddenly it's not. Either the driver foolishly tried to switch lanes at the last moment at full speed, or the autopilot got confused. Given the novelty of the left exit, the autopilot possibility cannot be discounted.

IBM claims its machine learning library is 46x faster than TensorFlow


Tensorflow has 93,399 stars on Github.

Snap ML has ... wait Snap ML is not on Github. In fact it appears to be complete vapo(u)rware, a Google search for "SnapML Download" results in a response of "Surely you mean snapmail Download dontcha?"

Snap ML -- maybe coming soon to a mainframe near you.

Too many bricks in the wall? Lego slashes inventory


Re: Do your research

Dear Lego employee,

When I search lego on Amazon the top 6 hits are:

LEGO Classic Medium Creative Brick Box 10696

LEGO Super Heroes Sanctum Sanctorum Showdown 76108 Building Kit

LEGO City Great Vehicles Heavy Cargo Transport 60183 Building Kit

LEGO City Great Vehicles Pickup & Caravan 60182 Building Kit

LEGO Super Heroes the Hulkbuster Smash-up 76104 Building Kit

"LEGO in general does not make specialty pieces for sets".

The Caravan has a single piece for the camper and the truck. Hard to see a lot of re-use.

The Super Hero kit has some sort of death ray piece. Perhaps I had bad parents but I don't remember these from my childhood.

The Heavy Cargo has a speciality.. wait there's that word again, a totally non custom and re-usable helicopter and truck.

The super hero sanctum includes everyone's favorite generic re-usable LEGO piece, the wall manacles.

"I know this is a lot of El Reg commentards, but as usual you should do a bit of reseach before mouthing off."

* ahem *

LEGO's reputation of producing overpriced sets chock full of custom, useless-out-of-context pieces, might-as-well-throw-the-whole-kit-away-if-you-lose-anything sets is very, very well deserved.

Researchfully yours,

'Quantum supremacy will soon be ours!', says Google as it reveals 72-qubit quantum chip


Is there a Moore's law for qubits?

If I'm interpreting that chart correctly you need 10^6 qubits to contemplate practical quantum applications.

Supposing "qubit density" doubles every 18 months Moore's-law-style, quantum computers will be practical in a bit over 16 years. Exhilarating.

The e-waste warrior, 28,000 copied Windows restore discs, and a fight to stay out of jail


"Lundgren and Wolff violated Microsoft’s intellectual property rights by illegally manufacturing the software in China and then importing the discs into the United States."

"Sounds perfectly legal to us!" -- Register Expert Legal Team

We sent a vulture to IBM's new developer conference to find an answer to the burning question: Why Big Blue?


IBM's new slogan: "No one ever got fired for trashing IBM offerings while refusing to be named in the press."

A print button? Mmkay. Let's explore WHY you need me to add that


Re: Why have a print button?

The trouble with this sort of fanaticism is that some impressionable people will take it literally.

While I haven't printed a piece of paper in ages I frequently use various apps' print function to export a PDF file. This has saved me quite a bit of frustration. Yes, "design gurus", you need a print button. No, "design gurus", skimming through the book Design Thinking does not make you the greatest thinker since Aristotle. Understand what your users actually do.

Say goodbye to a chunk of that sweet Aruba payout, hedgies – judge


An expert's DCF valuation isn't worth the paper it's written on.

Valuation guru Aswath Damodaran has a history of making well-researched, well-reasoned and well-argued DCF valuations which turned out to be complete nonsense in hindsight.

Here's one from 2012 where he predicted Facebook was worth less than $75b, a far cry from today's valuation of > $515b.


Shortly after Google's IPO he reasoned they were worth about $100 a share, somehow overlooking about 90% of that company's value. This isn't just some random bozo he is one of the leading influencers in the field.

30 day MA is a fact, everything else is an opinion. And you can buy any opinion you want.

If these hedge gurus knew Aruba was worth a lot more than the market was paying they should have backed up the truck and bought everything they could afford. That way the HP premium would have paid handsomely and no need for a lawsuit.

Red Hat slams into reverse on CPU fix for Spectre design blunder


Re: With any luck at all the patch broke systemd ...

Why stop with getting rid of systemd? How about getting rid of multithreading/multiprocessing altogether? That would have avoided all these spectre/meltdown type bugs and would provide a more genuine 70s-era feel than going back to init.d could ever hope to do.

If you won't use your brain our machine will use it for you, Nissan tells drivers


Re: Calendar check

Consider that this publication is based in the UK where April Fool's day lands on January 4th.

Ubuntu 17.10 pulled: Linux OS knackers laptop BIOSes, Intel kernel driver fingered


Canonical and their "ship it as soon as it compiles" mentality has burned me so many times I would never touch a vanilla Ubuntu distribution again. Canonical should step in and offer a repair tool and not leave it up to Lenovo who likely won't lift a finger.