OpenBSD: over 2 days without a trivially exploited remote root vulnerability
Give the developers a break they were blinded by light reflected off their tinfoil hats when they wrote that code.
44 publicly visible posts • joined 22 Dec 2017
MSFT ships Telnet -- ****ing morons! How dare they! Don't the realize this is 2019 and there is positively no reason to be using Telnet like it's still the 90s!
Huawei ships Telnet -- carry on, then! Let me explain in my most patronizing tone how Telnet is really no big deal and everyone should be using it in 2019.
Signed -- Reg readers.
I like systemd, makes what I do easier. It has its problems but I wouldn't go back to the past despite them. Patching is something you've got to do monthly if not more frequently anyway, the bug is in systemd or outside of, makes little difference. Adopting Devuan or Slackware or BSD or something is like cutting off your hands because you're tired of trimming your nails every so often. Not anon for this, smash that downvote button if it makes you feel better.
"Wall Street really loves consumption models. If all customers loved consumption models then something like Reserved Instances wouldn’t exist"
A bit like responding to the statement of "consumers love shoes" with saying "No! Wall street loves shoes! If consumers loved shoes, something like gloves wouldn't exist!"
The new license tactic Mongo is trying is viral to the software deploying the MongoDB code in a way the AGPL is not. The essential viral element of AGPL is that you cannot improve the product privately within the private boundaries of your service. AGPL is not triggered if you don't improve the AGPL product.
Example: Currently you can buy MongoDB on AWS (that is the product's name) which is plain vanilla unmodified MongoDB hosted and managed for you by Amazon and you pay Amazon by the hour. MongoDB the company sees not a dime of this, it all goes to Amazon. Amazon is in complete compliance with the AGPL, they are not touching the codebase so there is nothing to contribute back. This diverts quite a bit of business away from MongoDB Atlas, the cloud product developed and maintained by MongoDB the company.
Now the SSPL:
"What's different is Section 13, which says that if you offer SSPL software as a service, you have to make available not only the software source code and modifications, if any, but also the source code of the applications used to run the service."
Amazon's product is mostly driven by CloudFormation and MongoDB may attempt to make a case that if Amazon continues to offer the product "MongoDB on AWS", they must also provide the source code to CloudFormation, something Amazon certainly will not do.
Whether this is the intent or whether SSPL is enforceable in this way -- I don't know. The question about boundaries is a good one and I'm sure there are plenty of other practical challenges to enforcing this license. For practical purposes though MongoDB will attempt to enter into a licensing agreement with Amazon and the other clouds to allow them to continue offering the products as-is using the SSPL as an implicit threat.
It also seems clear that this will be a growing trend among the open source players and we can expect similar moves from companies like Elastic, Databricks, and anyone else whose work earns Amazon boatloads of money for little or no effort.
Remember when IE10 set DNT on by default and the Apache maintainers, led by Roy Fielding, responded by ignoring DNT altogether on IE10 whether the user explicitly set it or not? Yeah good times. The Apache team is going to need to think very creatively about how to undermine this move.
The AGPL is not an effective way to stop Amazon from leeching your software, MongoDB on AWS is just one example, they don't modify it they just host it and charge you for it, there's nothing to give back. And AWS is making mad money on Elasticache. It was the launch of Redis/Elasticache that put Redis Labs in such dire straits to begin with, AWS is making millions per year on Redis and Redis Labs saw its user base go up in smoke almost overnight.
This move isn't about trying to shame AWS into giving back -- that will never happen -- this is a company trying to figure out some way to keep the lights on.
"In that judgment, Judge Hicks notes that up until the trial, Rimini Street denied any infringement and specifically the charge of cross-use of the software. At the trial Ravin admitted that there had been occasions of cross-use"
Looks like the game here is to steal what you can while you can and disburse as much of the proceeds to yourself before the law shuts it down -- but don't risk putting yourself behind bars. Sounds like a real stand-up guy.
I had the Walnut Creek CD-ROM distro of Slackware 3.0 and I remember doing many an install. Ah yes the good old days of needing to edit XF86Config to get X Windows running in larger than 640x480. Nostalgic? No I don't think that's quite the word. Learned an awful lot though, well worth the trouble.
https://serverlesscomputing.london/agenda-and-speakers/list-of-speakers/
"The owner of serverlesscomputing.london has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website."
This some obscure sub-bullet of GDPR or something?
"I would only buy an electric car if it had an "autopilot" capable of fully autonomous driving."
Didn't you hear? Musky promised that fully autonomous driving is going to be delivered via an over-the-air update in August of this year. No word on if the system will finally be able to detect stationary objects or not. Perhaps they found a way to send out new hardware over the air as well. More apt then ever "your mileage may vary".
With the disaster known as the MD Anderson Oncology Expert Advisor, axing these clowns was a no-brainer.
Let's recap that diaster:
1. $62.1 million total cost
2. Contract extended 12 times when IBM continually failed to meet their goals
3. Can't even talk to their relevant data systems
4. 'The Oncology Expert Advisor "is not ready for human investigational or clinical use, and its use in the treatment of patients is prohibited," reads the audit report,'
Worth the read: https://www.medscape.com/viewarticle/876070
"Your car just drove into a crash barrier at full speed while under autopilot and killed the driver"
Tesla: "Other people have used Autopilot there and not died. So there!"
Tesla: "(leaking to the press in continued damage-control mode): The guy didn't have his hands on the wheel! His fault! Autopilot? It's not auto or a pilot, where'd you get an idea like that???"
The only thing we know with certainty about this incident is that Tesla doesn't give a shit about anything but their share price. The driver is just an idiot who was "holding it wrong". Their Autopilot is great and 99.9999% probably won't kill you and if it does you shouldn't have been using it in the first place. Exceptionally crass behavior from front to back.
I have the pleasure of sitting in this traffic everyday. This bit of road is unusual in that there is a left exit onto a separate freeway (bear in mind we drive on the correct side of the road here). The car drove full speed into the separator you can see here:
https://www.google.com/maps/@37.4105466,-122.0748139,3a,75y,133.28h,75.47t/data=!3m6!1e1!3m4!1sacKIfW6A1Znw6opJ6GXEaA!2e0!7i16384!8i8192
From this point of view it almost looks like just another lane until suddenly it's not. Either the driver foolishly tried to switch lanes at the last moment at full speed, or the autopilot got confused. Given the novelty of the left exit, the autopilot possibility cannot be discounted.
Dear Lego employee,
When I search lego on Amazon the top 6 hits are:
LEGO Classic Medium Creative Brick Box 10696
LEGO Super Heroes Sanctum Sanctorum Showdown 76108 Building Kit
LEGO City Great Vehicles Heavy Cargo Transport 60183 Building Kit
LEGO City Great Vehicles Pickup & Caravan 60182 Building Kit
LEGO Super Heroes the Hulkbuster Smash-up 76104 Building Kit
"LEGO in general does not make specialty pieces for sets".
The Caravan has a single piece for the camper and the truck. Hard to see a lot of re-use.
The Super Hero kit has some sort of death ray piece. Perhaps I had bad parents but I don't remember these from my childhood.
The Heavy Cargo has a speciality.. wait there's that word again, a totally non custom and re-usable helicopter and truck.
The super hero sanctum includes everyone's favorite generic re-usable LEGO piece, the wall manacles.
"I know this is a lot of El Reg commentards, but as usual you should do a bit of reseach before mouthing off."
* ahem *
LEGO's reputation of producing overpriced sets chock full of custom, useless-out-of-context pieces, might-as-well-throw-the-whole-kit-away-if-you-lose-anything sets is very, very well deserved.
Researchfully yours,
The trouble with this sort of fanaticism is that some impressionable people will take it literally.
While I haven't printed a piece of paper in ages I frequently use various apps' print function to export a PDF file. This has saved me quite a bit of frustration. Yes, "design gurus", you need a print button. No, "design gurus", skimming through the book Design Thinking does not make you the greatest thinker since Aristotle. Understand what your users actually do.
An expert's DCF valuation isn't worth the paper it's written on.
Valuation guru Aswath Damodaran has a history of making well-researched, well-reasoned and well-argued DCF valuations which turned out to be complete nonsense in hindsight.
Here's one from 2012 where he predicted Facebook was worth less than $75b, a far cry from today's valuation of > $515b.
http://aswathdamodaran.blogspot.com/2012/02/ipo-of-decade-my-valuation-of-facebook.html
Shortly after Google's IPO he reasoned they were worth about $100 a share, somehow overlooking about 90% of that company's value. This isn't just some random bozo he is one of the leading influencers in the field.
30 day MA is a fact, everything else is an opinion. And you can buy any opinion you want.
If these hedge gurus knew Aruba was worth a lot more than the market was paying they should have backed up the truck and bought everything they could afford. That way the HP premium would have paid handsomely and no need for a lawsuit.
Why stop with getting rid of systemd? How about getting rid of multithreading/multiprocessing altogether? That would have avoided all these spectre/meltdown type bugs and would provide a more genuine 70s-era feel than going back to init.d could ever hope to do.