* Posts by Dvon of Edzore

103 posts • joined 5 Sep 2018

Page:

Travel tech sheds legacy baggage, heads to the cloud with Google

Dvon of Edzore
Flame

Monoculture is always the best culture, right?

The fine article reported, "The Google Cloud solution is built on top of Sabre's existing data warehouses, but in the long term, the plan is to consolidate data onto one system".

I'm sure the current Atlassian and OneDrive stories reinforce the benefits of single-supplier relationships, and having all this sensitive traveler data in the hands of the biggest ad network on the planet has zero chance of being misused. It says so right above the door where "Don't be Evil" was chiseled away years ago.

Beware the big bang in the network room

Dvon of Edzore

Re: Maintenence window, gosh how quaint

Ambassador Kosh says "Yes."

In a first, FTC extracts millions of dollars from online store accused of blocking bad reviews on its website

Dvon of Edzore
Thumb Up

Next!

Hey FTC! Use that string of one success to investigate a certain company named after a river. The commingled comments for different products and vendors are a rich source of intentional customer confusion, let alone the fake reviews and tolerance of counterfeit goods. Be sure the settlement is at least 10% of annual sales corporate-wide, so you can staff a field office at each of their warehouses for continuous supervision.

Indian government warns locals not to use Starlink's internet services

Dvon of Edzore

Re: Like red bull to a rag....

Ironic, considering Sri Lanka was the longtime home of the father of commsats, Sir Arthur Charles Clarke.

Euro space boffins hatch comms satellite hijack plan to save Earth from extinction

Dvon of Edzore
Trollface

The Stainless Steel Elephant

Of course this ignores the biggest player in the launch game, with a Real Soon Now ability to launch multiple 100+ ton payloads to anywhere per day, but then Belgium wouldn't get their piece of the action. Maybe the EU could donate some old monuments for impact mass, like the Atomium or that rusty tower in Paris?

Microsoft defends intrusive dialog in Visual Studio Code that asks if you really trust the code you've been working on

Dvon of Edzore

Running lint causes the code to be executed?

Of course it does! This is the same company that happily extended email to be executable code instead of a simple messaging platform so spammers could pwn your computer, added "features" to the web browser so anonymous adverts on "trusted" websites could pwn your computer, and made it much easier to run everything as administrator (root) rather than encouraging least-privilege software to limit the damage their new standards caused.

The real question is, "Do you trust the authors of Visual Studio?"

Monitoring is simple enough – green means everything's fine. But getting to that point can be a whole other ball game

Dvon of Edzore

Re: Its a partial description of your IT farm.

"I usually joke that if I'm doing my job well enough then I've just done myself out of a job because everything important is now covered and there is nothing really for me to add."

What you add is your current experience. You better understand the relationship of the components to the business, and can modify the monitoring and reporting to be more useful for your specific business case.

You can also work on cross-department relationships so changes can be anticipated and the infrastructure ready to meet future company goals as they arrive. For example, adding a first-ever third-party sales representative in a different country can bring a nightmare of compliance issues that did not exist before. You'll really appreciate time to get understanding and documentation of requirements and costs when you're blindsided in a meeting and have to either commit to doing something you have no idea how to accomplish or be seen as obstructionist to company progress.

Dvon of Edzore

Alert communications also need to help the recipient understand the impact on the business of what's being alerted. Simplifying the alert to say "Firewall A3 is down" tells a typical C-level person nothing useful. Including "The following key systems are affected: Payment card processing halted, electronic funds transfer halted, electronic deposit processing halted" will encourage approval of better equipment or secondary services to avoid a repeat incident.

We don't know why it's there, we don't know what it does – all we know is that the button makes everything OK again

Dvon of Edzore

Re: X25 service story

Whereupon you zip-tied the two connectors to prevent their becoming unmated because the screws which normally accomplish that purpose had mysteriously gone missing, right?

Restoring the connection to a known-defective state would merely reset the time bomb for the next sod charged with "make it go, now" - a crime for which the afterlife offers ample opportunity for pain and regret.

'I put the interests of the country first': Colonial Pipeline CEO on why oil biz paid off ransomware crooks

Dvon of Edzore

Re: It isn't only the billing system

Worse, the systems were almost secure, leading to a bit of complacency. If you read the neighboring story about Identity and Access Management, you'd know how difficult it is maintaining a list of every VPN and other hole in Hadrian's Wall that let those annoying Pictsies in. Oopsie!

It's a pretty standard response to go on lockdown when a breach is suspected, so I don't blame Colonial for their first actions. I do blame them for having a network design that was easy to move about once inside. The days one can trust local systems to be clean ended with the "I Love You" email virus, and Management will just have to pay to do things a bit differently.

To other admins: I'm in the midst of a similar security upgrade, so I share your headache.

GitLab tries to address crypto-mining abuse by requiring card details for free stuff

Dvon of Edzore
Big Brother

Re: Might not even be lawful

Then the $1 "verification fee" will actually be charged, and to everyone, with the disclaimer "The EU made us do this."

Microsoft revokes MVP status of developer who tweeted complaint about request to promote SQL-on-Azure

Dvon of Edzore

Re: Influencers

Sorry, Alex, you may have been good enough to conquer what you could reach, but the Serpent was the first influencer according to Genesis chapter 3, and it influenced the entire human population right out of its home.

Nestled between donuts and gingerbread creations lurks the Windows 7 EOS fairy

Dvon of Edzore

Spread it on the rose bushes

Microsoft is spinning a fairy tale. Windows of any version is exactly as vulnerable to viruses the day or year after support ends as it was the day or year before. Software does not "wear out" with use like a pair of cheap shoes. Internet packets do not get more powerful to break through closed connections like K.I.T.T. crashing through a wall. Defects in design or production that allow malware exploits were inherent in this "professional" software from the moment it left the factory, and should be treated by regulators the same as safety defects in appliances and automobiles - by mandatory repair or refund regardless of warranty terms.

An End-Of-Support date is just an attempt to turn liability for defects into sales of new products with new defects adding to the legacy defects carried forward for compatibility. Microsoft's shifting "end-of" dates testifies to how arbitrary these paper lifetimes really are.

The cycle of "sell crap, pretend to care for a bit but disclaim all remedies in the license, sell new crap" will continue until lawmakers assign strict liability to software vendors that claim to offer support as a justification for the price. If the license limit on number or type of installation applies in perpetuity, then so must the full support period. Flaws present from Day One should be treated as if they were discovered on Day One and not allow the get-out-of-hell-free card of calling a product "too old to fix."

NASA sets the date for first helicopter flight on another planet – and the craft will carry a piece of history

Dvon of Edzore
Coat

Just asking

Is "bit of Wright Flyer" now like fragments of the True Cross that all pilgrims are expected to carry?

Global tat supply line clogged as Suez Canal authorities come to aid of wedged 18-brontosaurus container ship

Dvon of Edzore
Facepalm

Repaint the name

Should be the Never4given.

This Netgear SOHO switch has 15 – count 'em! – vulns, which means you need to upgrade the firmware... now

Dvon of Edzore

Who else is affected?

Firmware for such devices is often shared among multiple related products, including those from other vendors, because chipset makers generally provide reference designs and code libraries for the purchasers to brand with their product logos and other user interface customizations. This was seen last year when a broad swath of Netgear home routers were found vulnerable to a common set of vulnerabilities, as cited in the story.

Searching the CVE database for the similar JGS524PE, one finds four 2020 vulnerabilities shared by the JGS516PE, JGS524PE, JGS524Ev2, and GS116Ev2. Someone having any of these four sibling devices should press Netgear for answers.

Pop quiz: You've got a roomful of electrical equipment. How do you put out a fire?

Dvon of Edzore

Sprinkler myth is all wet

All the sprinkler heads going off at the same time only happens in bad movies. Each sprinkler head has a heat activated trigger that keeps the water valve in each head closed unless the air temperature at that specific head rises above the trigger value. This system was designed a long time ago when elec-trickery was understood to be unreliable in a crisis, so no common signals for false alarm disasters.

Still a dumb idea to use water, when CO2 is cheap and plentiful. Too bad the horns that announce its release are so loud the vibration can damage the equipment (hard drives mostly) it is there to protect.

New year, new rant: Linus Torvalds rails at Intel for 'killing' the ECC industry

Dvon of Edzore

The Party Line

The official talking point was that the added circuitry for ECC memory (including the extra bits of storage) would actually reduce the reliability of most systems because there would be more parts to fail. This while simultaneously claiming ECC was needed for servers with their massive memory capacities of up to 4 GB! (Windows NT for servers) Considering a typical consumer build of the last decade had as much memory as a server of the Y2K era, that argument sounds a little weak, doesn't it?

Sun, sea and sad signage: And lo, they saw a shining light in the sky... oh, it's a BIOS error

Dvon of Edzore
Holmes

Hidden Borkage

Those who click on everything might already have noticed the tag page for 12BoC (as linked at the top of this story) only shows six of the current eight episodes, including this one. How apropos.

"Be not deceived, Bork is not mocked; for whatsoever a man maketh, that shall he also fucketh up." --Murphy 6⅞

SpaceX’s Starlink finally reveals its satellite broadband pricing for rural America: At $99 a month, it’s a good deal

Dvon of Edzore

Re: Outside America

Each nation regulates radio communication (including satellite up/down-links) as they see fit. That an American company would start with the same American regulator (FCC or Federal Communications Commission) they must regularly beg for temporary permission to communicate with their rockets during launch should not be surprising. Australia and other mostly-English-speaking countries with a heritage of British Common Law have a leg up on getting in next, followed by nations who ask nicely and offer reliable local partners (as opposed to The Leader's worthless nephew.)

Local government or foundations offering beta-test incentives to equip underserved communities would appear to be welcome, so encourage your Civil Masters appropriately.

Intel celebrates security of Ice Lake Xeon processors, so far impervious to any threat due to their unavailability

Dvon of Edzore
Coat

Funniest headline in weeks!

To paraphrase The Elon, "The most secure processor is no processor." Though it still won't protect against ransomware and "This is the Finance Director. Have our bank wire 21.7 million to this account for our new branch."

Thanks, it's the one with "Mechanical Interlockings for Dummies" in the pocket.

Casting a teleport spell is out of the question? Next Falcon-powered 'naut trip to space station set for Halloween

Dvon of Edzore

But will they replace "Comm check"

with "Trick or Treat"?

Imagine working for GitHub and writing a command-line interface for the platform, then GitHub makes an 'official' one

Dvon of Edzore

Re: "start fresh without the constraints of 10 years of design decisions"

When the new team consists mainly of the old team with fresh managers:

"I have learned from my mistakes, and I'm sure that I could repeat them exactly."

(from the "Frog and Peach" sketch, Peter Cook and Dudley Moore, as recorded on "Good Evening".)

Did this airliner land in the North Sea? No. So what happened? El Reg probes flight tracker site oddity

Dvon of Edzore
Headmaster

Authenticity v. Accuracy

The Fine Article mentions: <<Open-source bod Watkins sighed: "All of these systems were developed with the idea everyone wanted everyone else to have accurate data, for safety, and there are few checks and balances in place to validate the authenticity of the data.">>

Watkins may have been addressing GPS Spoofing, but the story here seems the opposite. The flight data was authentic, i.e. coming from the aircraft in question, but not accurate, as some of the aircraft systems did not know where they were to a shockingly large degree. (And the first Redmond-trained minion who says "They were in an aeroplane" gets to repeat the feather-versus-anvil speed of gravity test from 20 kilometres AGL. Their choice of which to hold on the way down in lieu of parachute.)

No, it's not the trailer for the new Dune, it's the potential view from the 'Super Hi-Vision Camera' on Japan's 2024 mission to Mars

Dvon of Edzore

Re: It's NHK, not JBC

According to TFA:

>> the plan is to snap images at regular intervals, which are then "partially transmitted to Earth to create a smooth image."

The original image data is to be stored aboard the probe and brought back to Earth in its sample return capsule. <<

DPL: Debian project has plenty of money but not enough developers

Dvon of Edzore
Flame

Re: Oh dear

Buried in your comment is the key takeaway: Debian enables a toxic community. As Leader Carter said "Currently too many people take on too much responsibility because they feel there is no one else who can do so.” That's it exactly. Individuals who do not play nicely with others are allowed to seize control of maintenance by denigrating the contributions of others. Those who prefer to work in a cooperative environment quickly leave, and only the clique remains. The clique then self-destructs because someone has to be the weakest link each round. Eventually the survivor rage-quits for lack of adoring followers, and the WNPP list gains another orphaned package.

CenturyLink L3 outage knocks out web giants and 3.5% of all internet traffic

Dvon of Edzore
FAIL

BGP takes two to untangle

Gandi.net reported on the issue that they had dropped their BGP routes through CenturyLink/Level3 but CenturyLink was still advertising the dead Level3 routes. This meant that the mitigation built into the Internet for such dead routes wasn't working, so otherwise functional sites couldn't recover using alternate transport. The BGP storm CL unleashed may have caused enough congestion that the good updates simply couldn't get through.

In my case much of the Web traffic was still working, but email from my three main providers had stopped. Yahoo was feeling poorly, a fact that might bring some glee but it was affecting viewing several rocket launch attempts, dammit! At least the morning (USA time) launches were scrubbed, so no lasting damage beyond stress taking a few more sanity and health points.

SQLite maximum database size increased to 281TB – but will anyone need one that big?

Dvon of Edzore

Tests are not run in isolation, but compare the new output to the expected output, which comes from many years of tests from previous versions. Test code is reliable because it produces the same result over many versions and many implementations. And yes, different ways of doing the same thing are also required to match. This isn't Microsoft or Adobe where the customer is the unpaid test pilot.

Clarke's Third Law: Any sufficiently advanced techie is indistinguishable from magic

Dvon of Edzore

Re: Reminds me a bit of the "More magic" switch story

It comes from movies where rapidly jiggling the switch hook and shouting is supposed to fix the broken connection. Sometimes worked as an attention signal to a human operator, but did nothing useful once state machines took over the job.

Might help with cranky fluorescent lights where breaking & making the circuit at the correct point in the AC power cycle would give an extra voltage kick to the transformer, exactly the opposite of what is needed in a computer.

America's largest radio telescope blind after falling cable slashes 100-foot gash in reflector dish

Dvon of Edzore

Why such limited photo coverage?

Interesting that there are no photos of the warped beam-steering mechanism or receiver dome where the more important damage occurred, nor good identification of exactly what the failed cable was used for. Perhaps they fear if the extent of the damage were made public there would be more calls to abandon this relic and direct the funds into more up-to-date instruments since the 2017 hurricane damage has not been fully repaired either.

Ancestry.com: Let arbitrator decide on auto-enrolling membership lawsuit

Dvon of Edzore

Found the astroturfer.

USA decides to cleanse local networks of anything Chinese under new five-point national data security plan

Dvon of Edzore
Paris Hilton

Re: Clean Path...

Or something too technical for the soundbite-obsessed media - BGP hijacking. Why tap a physical cable when you can route data intended for Brussels through China Telecom?

https://www.ciscozine.com/bgp-route-leak-european-traffic-china/

Venerable text editor GNU Nano reaches version 5.0 and adds the modern frippery that is scrollbars

Dvon of Edzore
Alien

Brighter what?

"Brighter versions of black, ... and white"

Does it come with the disclaimer "Unavailable where contrary to the laws of physics"?

If you own one of these 45 Netgear devices, replace it: Kit maker won't patch vulnerable gear despite live proof-of-concept code

Dvon of Edzore

Re: Netgear used to have a good reputation

Yes, and it's still one of the few reasonably-priced vendors I can install in USA businesses, because Netgear is one of the very few who perform Dept. of Labor mandated safety tests, getting the UL, ETL, TuV, or other government-approved 'Listed' marking. I'd love to use any number of other vendors but they just aren't compliant with the law. If D-Link can certify a $15 dumb switch, why can't $Highly-Reviewed-Vendor do the same for a $500 smart switch?

Ubiquiti, go write on the board 100 times, 'I must validate input data before using it'... Update silently breaks IDS/IPS

Dvon of Edzore
Thumb Down

Business as Usual

Ubiquiti leaves promised and advertised features as "beta" for years. Apparently "beta" on their planet means both "broken" and "working as designed". If it filled a checkbox in a pseudo-review and got you to buy the product, it's working as designed, and by calling it "beta" they don't have to actually deliver a working component.

They also string customers along with "next update" promises until they declare the item End-of-Life and drop even pretend support. They're permanently on my Never Again list after spending resources to redo the website instead of actual feature development.

Black hole destroys corona

Dvon of Edzore
Coat

Boggle of the Day

I'm still trying to sort out "a particularly bright type of supermassive black hole."

Companies toiling away the most on LibreOffice code complain ecosystem is 'beyond utterly broken'

Dvon of Edzore

FUD or just aggressive marketing

Behrens: "If you use this as an enterprise, you will not get any updates after half a year, so there is no way any large enterprise should use the free version."

No updates after six months? That differs from the plain language on the LibreOffice site and the rules of most distros that include LibreOffice. In any case I don't recall LibreOffice for Windows ever automatically installing an update, just opening the download web page for a manual install, so whatever is Behrens talking about?

Russia returns to space tourism and offers a first citizen spacewalk

Dvon of Edzore

Re: "becoming the first private citizen in history to experience open space"

Not exactly. US Air Force Colonel and NASA Astronaut, according to the official bio.

https://www.nasa.gov/astronauts/biographies/robert-l-behnken/biography

CSI: Amazon.com coming soon to a screen near you

Dvon of Edzore

Re: whitewash

Amazon is too busy dealing with real reviews that complain of blatant counterfeiting (by cancelling them) to look at fake reviews. Maybe that's what the 8,000 fraud and abuse staff are doing -- covering up fraud and abuse.

Internet Society, remember your embarrassing .org flub? The actual internet society would like to talk about it

Dvon of Edzore

Re: Hmm

I'm pretty sure the many violations of policy we just witnessed will stamp Null and Void all over that so called agreement.

Couple wrongly arrested over Gatwick Airport drone debacle score £200k payout from cops

Dvon of Edzore

Alright, lock the lawyers up too. Everyone happy now?

Micros~1? ClippyZilla? BSOD Bob? There can be only one winner. Or maybe two

Dvon of Edzore
Devil

You don't need to call them

because the Redmonster is already there, eating your brains, your cash, your screen, your soul...

In colossal surprise, Intel says new vPro processors are quite a bit better than the old ones

Dvon of Edzore
Holmes

Does that statistic come with an asterisk?

Are those benchmarks with or without the Spectre/Meltdown et al mitigations? ISTR a wee performance hit was involved. 'Tis why my next build shall include the sound of many threads being rent asunder by bus number 4.0.

Nine in ten biz applications harbor out-of-date, unsupported, insecure open-source code, study shows

Dvon of Edzore

And this so-called study was sponsored by who, exactly? No maintenance activity for a year could also mean the code is stable and properly implements a standard function. I doubt there are a lot of new features that need to be added to the quicksort algorithm, for example.

I'd instead argue that too much churn in the product is a sign of instability such that it should not be relied upon by third parties. Consider the multiple versions of Microsoft .Net libraries found on any system in productive use for more than a week. Are all those being maintained or merely deprecated.

The point of containers is they aren't VMs, yet Microsoft licenses SQL Server in containers as if they were VMs

Dvon of Edzore
Thumb Up

Re: Yeah, smells like "embrace, extend, ..." of Oracle's bullshit VM policies...

The new Redmonster creed includes "Extort" in the triplet. Much better for performance reports, both individual and corporate, and no pesky kids government investigations because they like taxes too.

Ex-Microsoft Office chief reflects on early malware and the 'global attack on the new Windows PC infrastructure'

Dvon of Edzore
Facepalm

Corporate blind spot

The real solution, totally preventing executable content in documents, was apparently never considered. There's a reason we never heard of WordPerfect or Lotus 1-2-3 viruses - and market share isn't it. Each was king until MS dirty tricks deposed them in favor of the Office cabal.

US small biz loan system bans software robots. The lesson? Make sure IT knows about any automation projects

Dvon of Edzore

Did something similar, with same answer. Needed to query a supplier's massive order system to see if preferred product was now available to replace less-preferred items in parts order. In theory there was a built-in function to do this but it was run during off hours so items might sell out before the batch ran. Had to write a terminal emulator and screen scraper to handle odd formats built for human use, matching up available inventory with list of preferred and unacceptable choices. Fullscreen pages were often drawn somewhat randomly, not line by line, so had to maintain a virtual screen in order to read the result. (Before you ask, the only API was for their suppliers, not customers, and expected to talk mainframe to mainframe. Everyone else pretended to be, or actually was, a teletype.) Successfully simulated the fingers on the keyboard and received no complaints from big supplier. The program ground away happily until merger with biggest rival ended a lot of things.

SpaceX's Elon Musk high on success after counting '420' Starlinks in orbit and Frosty the Starship survives cryo test

Dvon of Edzore

Re: When will Starlink become operational?

Outside the US, talk to your government. Inside the US it will start testing with SpaceX and Tesla employees later this year.

NASA makes May 27 its US independence day from Russian rockets: America's back in the astronaut business after nearly nine years

Dvon of Edzore
WTF?

Retro Progress

25-May-1961 US President John F Kennedy challenges America to put a man on the Moon and return him safely to Earth before 1970.

24-July-1969 Collins, Aldrin, and Armstrong return safely to Earth after two of them land on the Moon.

Time to accomplish this feat: about 8 years and 2 months.

8-Jul-2011 NASA retires its sole means of human access to low earth orbit.

27-May-2020 NASA plans to return to low earth orbit.

Time to accomplish this feat: about 8 years and 11 months.

Truly the opposite of progress is Congress.

OK brainiacs, we've got an IT cold case for you: Fatal disk errors on an Amiga 4000 with 600MB external SCSI unless the clock app is... just so

Dvon of Edzore

Re: The real mystery is how Paula discovered the clock work around ...

A HAZMAT incident.

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2022