* Posts by spuck

129 publicly visible posts • joined 1 May 2020


One person's shortcut was another's long road to panic


Re: Oops!

But there is a difference between following symlinks and ignoring them.

CEO of chat tech plumber Twilio is leaving the building


All they need to do to get the stock back up is announce that they have exciting new plans for something with AI. Or Blockchain, but that's not as effective as it was two years ago.

PLACEHOLDER ONLY Someone please write witty headline here


Re: Please speak to George

Just read this last week:

A software tester goes into a pub and orders 9,999 pints.

Another tester goes into the pub and orders -1 pints.

A third tester goes into the pub and orders jlakjwyd pints.

A user walks in and asks to use the men's room, at which point the pub explodes.

Car dealers openly beg Biden to put brakes on electric vehicle drive


Interesting lines from the article

"More Americans are buying EVs every day—with EV sales rising faster than traditional gas-powered cars."

That's some clever wording right there. Someone at the White House must have read _How to Lie with Statistics_

"However, dealers tend to make most of their money from service, used car sales, warranties and accessories - not new car sales."

A half-truth here; car dealers make money from every angle they can. None of them are going to lose money on a new car sale hoping to make it up on service, warranties or accessories.

IBM to scrap 401(k) matching, offer something else instead


But this arrangement appears not to be particularly beneficial for employees.

If a company is making a change to retirement plans, you can count on it not being designed to give the employees more money.

Take Windows 11... please. Leaks confirm low numbers for Microsoft's latest OS


Re: W12 will be arriving soon.

It seems like Microsoft is keeping a consistent track record of doing a decent job on alternating versions of their consumer OS:

Win 95 Ok

Win ME No good

Win XP Ok

Win Vista No good

Win 7 Ok

Win 8 No good

Win 10 Ok

Win 11 ?

Win 12 ?

It's kinda like Star Trek movies...

Switch to hit the fan as BT begins prep ahead of analog phone sunset


Re: what about my fax machine?

I know you're talking tongue-in-cheek here, but it reminded me:

A few years ago my parents were asking me if they should get Internet at their home. When I asked them what they wanted to do with it, they didn't have a reason other than the neighbors were asking for their e-mail addresses. I spent 30 minutes searching if there were still any free or low-cost dial-up ISPs, with no luck.

Then I started wondering: What if I could be their ISP? I wouldn't install and pay for another land-line at my home, but what if I bought a VOIP number that dialed into a modem in a server at my home? I wondered what the performance would be like, but the whole issue became moot during the pandemic when we bought them a mobile and put it on our family plan so they could see the grandkids over FaceTime.

FreeBSD can now boot in 25 milliseconds


Re: The bubble has burst

This was along my line of thinking. Maybe bublesort was used because it's a quick and dirty way to do "good enough" cheaply, and qsort() was not implemented in the kernel code. Once the system is booted and you can link to the standard C library, then qsort(), by all means...

Budget satellite drag sail shows space junk how to gracefully exit orbit


Re: It works only if the satellite electronics still work at the end of its mission time.

So a mechanical watchdog or deadman switch?

Maybe a clockwork mechanism that counts down to releasing the sail in 60 days, that can be "bumped" or reset by energizing a solenoid or motor. The software could actively look for times to perform the reset when the solar panels are in full sun and there is an energy surplus.

Rocky Linux backer CIQ rejects lawsuit's claims it was founded on stolen IP


Which is it then: Open Source, or patented?

The suit accuses Kurtzer himself of releasing Fuzzball, a cloud native service for workflow management and orchestration in HPC clusters, as open source technology so that CIQ would afterwards be able to use it without having to pay for it.

Sylabs claims that it developed Fuzzball internally as closed-source value-added technology for managing container deployments.

Sylabs goes on to allege that CIQ "fraudulently" applied for US patents on IP in both Fuzzball and Armored Containers, the latter being technology that provides increased security for container deployments, claiming them as its own.

If Company A releases code as "open source technology", how can Company B later apply for a patent on the code?

Lesson 1: Keep your mind on the ... why aren't the servers making any noise?


I bet the lesson didn't need to be taught again!


My office whiteboard is the place I put down things I think of while the day goes on, for me to remember tomorrow morning what was important today.

+1 for your epiphany of being able to ignore a ringing phone. My dad will never let a ringing phone interrupt him. His motto is: "I got it for my convenience, not theirs."

I'm If it's important, they will leave a message or try again. I've had to learn that lesson again now that everything is instant messages and Slack...


Re: All fun and games until...

One of my lemmas: "Broken gets fixed; shoddy lasts forever"

Want to pwn a satellite? Turns out it's surprisingly easy


Re: Ground station as a service

Turns out, they do.

AWS requires you to be "onboarded" (i.e., approved) for each vehicle you want to transmit to. International frequency allocations, and whatnot. There are some satellites that they will allow to to receive from which are transmitting non-proprietary data, to prove out your workflow.

Want to live dangerously? Try running Windows XP in 2023


My dad is still running Windows XP on the hand-me-down computer we put together for him probably 10 years ago.

As long as it keeps reading the 3.5" floppy disks he saves his OpenOffice documents to and running Solitare, he likely will never see a need to change.

His computing needs really haven't changed much from the 286 with WordPerfect 5.0 that he bought in 1988.

Red Hat strikes a crushing blow against RHEL downstreams


Cross-licensing agreement?

I could see it possible that Oracle and RedHat (or rather, IBM) might have a cross-licensing agreement in place where they both agree to allow use of copywritten code or IP and not sue each other for the same.

IBM's war chest of patents might be a valuable bargaining chip for such an arrangement, but I agree that I don't see any reason why RedHat would benefit from Oracle having their own derivative distribution.

BOFH: Get me a new data file or your manager finds out exactly what you think of him


Not the BOFH way

At the end of the phone call, Simon surely requested an e-mail quote for the upgraded version, so that he could wave it in front of the boss's nose, then say "But you know, I think I may know someone who could fix it up for us for, say, 500 quid?"

Bosses love paying contractors to make their problems go away. A hex edit later, and it's pub o'clock!


Re: Oh the pain!

Rather than the repeating Muzak, I'd love to have an IVR tell me sometime: "To eavesdrop on other customers fighting with our agents while waiting for your turn, press 8 now."

Seriously, boss? You want that stupid password? OK, you get that stupid password


Re: I wouldn't call it malicous compliance, but yes, I have a story

Only half joking: Who was the admin related to?


Re: perhaps the MD knows enough about Unix to know that the password couldn't be all numbers

An excellent reason to have zero knowledge of the user's password. They have to type it themselves, I never get to know.


These days password quality (length, complexity, dictionary words, character classes) on Linux is usually managed by through the pam_pwquality module. The /etc/pwquality.conf file controls the settings. Normally root will get the same warning message as a user does but root is allowed to violate the policies, if they choose. Adding the "enforce_for_root" flag means not even root can violate the quality settings, but of course there are other ways to set bad passwords when you can edit /etc/shadow directly...

Windows XP activation algorithm cracked, keygen now works on Linux


Is it really needed?

I'm trying to dust off the memory banks to remember exactly what didn't work in Windows XP if it never was activated...

I know the newer server builds will shut themselves down after some hours, but wouldn't the desktop versions basically just display scary pop-ups explaining why it was important to activate and maybe turn the desktop wallpaper black?

FTC sues VoIP provider over 'billions of illegal robocalls'


Re: Chasing the wrong quarry...

Yes, all commercial VOIP providers can call my landline, but not all of them are big enough to do the PSTN connection themselves. Especially the lower-rung, smaller companies that are allowing and profiting off these robocalls.


Chasing the wrong quarry...

This is all well and good, but VoIP providers can't call my phone. It takes a telco with a PSTN connection to make that "last mile" connection to my number. The FTC can make a big bluster over shutting down an unknown VoIP provider, but where's the announcement of the fines on their telco accomplices?

China bans Micron products after security review finds unspecified flaws


Re: Wouldn't put it past them

Maybe they've discovered the next ROWHAMMER? That wouldn't be so much spyware as an exploitable flaw.

Assuming they actually found something concerning, I would be very surprised if they did disclose anything publicly.

If they were serious about helping Micron resolve the problems they might communicate with them directly, but it would be totally against Spy Craft 101 to tell their adversary what their flaws are.

Cheapest, oldest, slowest part fixed very modern Mac


Re: Its always the simple things

...or meters?


Sounds like everything is working in harmony now

BOFH: Ah. Company-branded merch. So much better than a bonus


Re: AHH the good old USB

When I was a Micron employee in 2007, management came around delivering our Micron-branded 128MB (Yes, MB) USB sticks. They had to do it in person, because we had to sign the roster acknowledging receipt.

The reason we were being given such princely gifts was because they were built with Micron NAND flash that didn't pass QA to be sold at retail.

BOFH takes a visit to retro computing land


Re: I'd laugh, but...

I had a sales brochure for a NeXT cube that I'd picked up in the mid 90s. Lovely life-size color photos of the motherboard, and lots of Jobs-esque marketspeak about the optical drive and whatnot.

Back around 2010 I was doing some cleaning and ran across it. Rather than toss it in the recycling, I listed it on eBay on a whim. It sold and I mailed it to a German address for $50. For a brochure I was going to throw away.

Microsoft is busy rewriting core Windows code in memory-safe Rust


Re: "Oh no, not again!" said the potted petunia

> "Although there are fewer people [with extensive Rust experience], there's a lot of engineers who are interested in trying to learn it," he said. "And the sheer difficulty of writing code which is safe, it's an order of magnitude easier in Rust."

One of the things we should all fear is "lots of engineers who are interested in trying to learn it."

In the blue corner: 5 engineers each with 15+ years of C and C++ coding experience. In the red corner: 5 engineers interested in trying to learn the language no one heard of 2 years ago.

Which team did we want to put on the OS kernel, again?


Re: How long before the embrace, extend, and extinguish model sets in?

Why? MS is already shipping Edge with a Chromium engine. What does Mozilla offer them?

How was Google boss's 2022? He got paid $226M as stock awards kicked in


Re: Nobody

Since guessing wrong on the future doesn't seem to be a problem.... I'll give it a go.

Tell you what Google: I'll do the job half-price, and if you don't like the results I will resign without a struggle after 6 months.


The reason I will never be rich

Making that kind of money in a year, there's no way I would show up the second year.

And it's exactly that kind of thinking that will keep me a wage slave. ;) I am either missing the piece of my brain that tells me money is so important I need to sacrifice whatever it takes to make more, or the part of my brain that tells me I have enough is over-developed.

BOFH: We send a user to visit Kelvin – Keeper of the Batteries


Re: Left-footed boots

In an effort to save costs, recruitment should obviously step up their efforts to find more one-legged shovel workers who could put those boots to use!


Re: Evil,..... moi?

A good friend still laughs about his days in a door and window cabinetry shop:

The first time a new worker would (inevitably) cut a piece of framing too short, they would be sent to the tool crib to checkout the "board stretcher".

The first time someone messed up a paint job, they would be handed a styrofoam cup and sent to fetch it full of solvent for clean up. Hilarity ensued as the solvent dissolved its way out of the cup on the way back to the line.


Re: Ahh, the Orifice Manager

The coloured pencil office has its uses. For example, they were department "075" while research and development where I was was department "076".

Long-distance phone calls and releasing jobs from the printer/copier required entering a department number. As no one ever questioned the marketing department's expenses, the key to reducing my department's costs was just one anonymous and plausibly-deniable slip of the finger away...

Amazon CEO says AWS staff now spending ‘much of their time’ optimizing customers’ clouds


Re: Chicken, welcome to the roost...

I'm coming around to the opinion that serverless is the best (only?) case to consider using AWS.

The lazy naïve way to "lift and shift" from on-prem to the cloud is to create a new EC2 for each existing VM. That never works out, cost-wise.

Tupperware looking less airtight than you'd think


Ob George Carlin

Leftovers make you feel good twice!


Bank rewrote ads for infosec jobs to stop scaring away women


Newsflash: Removing artificial barriers invites more applicants

So after removing "5 years experience required in Widget ABC" from the job application they found more people applied, even if they didn't have 5 years of experience? Amazing.

Ideally they will recognize that they really don't need Widget experts and this is a great move, but here is my prediction: In two years when the pendulum swings back the other way, their hiring managers will be whining again that our new hires need too much training and don't have the skills needed on day 1. It takes too long to weed through applications. Maybe we should add some minimum qualifications to the application process? What we really need is people with 10+ years experience in Widget.

Uptime guarantees don't apply when you turn a machine off, then on again, to 'fix' it


Re: When it isn't Joe-Proof

You'd think so, huh? ;)

In fairness to them, they were supposed to confirm the serial number on the label that was installed at the factory, which isn't on the edge of the drive.

If it were me being asked to do the job I would have tried to push for putting barcodes on the visible edge of all drives in the system. Beep, beep, beep... drives all scanned and then ask a computer: Does this match the list from last month or not? Computers are good at that sort of thing.

Sadly, the government doesn't always welcome the idea of being told how to do their job, and especially when their security teams get involved the best way to keep sane is to not think too much.


When it isn't Joe-Proof

I used to support a classified system that had a 5-node Isilon storage array. Each of the 5 nodes held 40 disk drives. Built-in redundancy meant that even with 2 nodes off-line the system was able to keep running, and up to 2 HDDs in each node could also fail before that node would drop from the quorum.

The redundancy was important, because being in a classified environment, the storage array was not allowed to phone home to report failed drives and getting replacement hard drives into the area involved extra-ordinary hoops to jump through. We had assured the customer that a monthly check for trouble lights would be sufficient to keep things running.

Everything worked great, until the customer's on-site engineer (Joe) was tasked with the quarterly audit. The outgoing engineer had hated this task: spending all day on his knees in front of the rack, removing all 200 drives, one at a time, and squinting against the poor server room lighting to check the serial number and asset label on each drive against a printed list.

What made it even more tedious was the need to re-insert each drive and wait for it to be marked as healthy before proceeding to the next drive.

But Joe was smarter than that. Rather than take an entire day to do the audit with the system running, he took advantage of a planned outage when the system would be powered down for other work. Then he pulled all 200 drives and load them onto a cart, which he was able to then wheel over to a more comfortable work area.

It all worked great until that afternoon. Only after wheeling the cart back to the rack did Joe realize he had no idea which slot each drive belonged in. But never one to shy away from a challenge, Joe soldiered on, taking the drive off the top of the pile and putting it in slot 1, the next drive in slot 2, and on.

The customer seemed genuinely puzzled why their data was not available once the system was turned back on.


Re: Automation needed

> Whatever this "He duly guided the customer through the correct startup sequence" is , surely it can be automated, or at least documented as a procedure the user can do fairly easily, rather than the machine " has lost all configuration and data"

The startup procedure probably is documented, right after the section called "Shutdown Procedure" which the customer also didn't read...

Microsoft uses carrot and stick with Exchange Online admins


Zero-Trust model?

> Such Exchange servers are not trusted within Microsoft's zero-trust security model.

So by blocking e-mails from outdated versions of Exchange, Microsoft is admitting that Exchange Online, which is created, maintained, and patched by Microsoft themselves is not up to the challenge of handling e-mails from "untrusted" servers?

I'm all for encouraging patching and maintenance, but deliberately breaking the underlying protocols that run the Internet is Not Cool, Microsoft.

Attackers hit Bitcoin ATMs to steal $1.5 million in crypto cash


The local shopping mall has a crypto ATM in the food court. The one time I saw someone using it, it was a 55-60 year old woman, who was obviously having a difficult time understanding what she was supposed to be doing. I was 90% sure she had been sent there by some scammer to buy Bitcoins to pay off a ransomware or mule scam.

When I've looked at these sorts of ATMs in the past, I've had a hard time understanding why anyone in the know would use them. The exchange rates have always been so outrageous that the only time I would think they get any transactions at all have to be the result of a money-laundering scam of some sort.

If you see someone using one a crypto ATM, ask them gently if they are being pressured to buy Bitcoin and encourage them to contact the police.


They may have heard of them, but you don't get those for the $5/month plan at Digital Ocean.

AWS delivers a – rather late – major release of its homebrew Linux distribution


Re: Why so hard?

In my mind the reason and place to use Amazon Linux is on AWS. It's super quick to deploy an EC2 or EKS worker without having to either roll your own image or trust the integrity of a marketplace offering from a 3rd party.

Out of the box, those EC2s launched from Amazon Linux also have things properly configured for patch updates, SSH integration, etc. A good solid foundation to get to work on actually solving a problem rather than futzing about getting the scaffolding put up before the real work can start.

If you're using AWS Lambda or AppRunner, those are running on Amazon Linux instances under the covers, so it's worth having some experience and understanding the platform there.

But for any use case outside of AWS itself, I agree; there are so many other options which are better suited.

The Shakespearian question of our age: To cloud or not to cloud


Re: The whole premise of this article is bullshit

> With cloud, you don't need these people [...] have a cloud ops team.

My experience is leading me to the realization that the "cloud ops team" is "these people".

Obviously every company is unique, but right now I'm going through fits with multiple product teams whose managers are basically doing the classic hand-wave of "all I need is a computer guy" when it comes to appropriately staffing and tasking the cloud team. Yes, we know we need a "cloud" person, but they can also manage the network devices, databases, and admin the Linux and Windows boxes, right? Instead of hiring cloud people, we're either lumping cloud work on our existing network/system admins, or expecting our admins to pick up cloud experience.

The end result is that managers aren't changing headcount at all, and the hope that all the complexities involved with building and maintaining systems which should get magically whisked away to be handled by someone else, which is the promise of The Cloud, are still necessary tasks which are done by the same people.

I'm coming around to the opinion that for most of our use cases, the idea of doing it in the cloud is a sham. A knee-jerk reaction to a keyword search done by program managers who have too much MBA and not enough MSci.

Anyone want an International Space Station? Slightly used


Are we sure we didn't already pay for this?

My understanding is getting approval to send something to orbit includes your plan on how it will be decommissioned at end of life.

Are we sure we didn't already spend a bunch of money for a decommission plan back in the 1980s for this exact purpose?

Techie wiped a server, nobody noticed, so a customer kept paying for six months


Re: Sometimes things are just forgotten

So of course, somebody in Accounts Payable and/or Property was called on the carpet for failure to audit anything, right? Oh, who am I kidding...

Wannabe space 'superpower' UK tosses £1.6M at eight research projects


Re: Afronauts

Seems like the time is right for a sequel to that novel to reflect the state of the 21st century space race. Might I suggest as a title: "The Old Grift"