155 posts • joined 21 Aug 2009
I'm somewhat convinced that losing Technet was our "reward" for bitching so much about Metro/Modern.
How about the Dems introducing this bill *knowing* that it is DOA in the House, and if it should miraculously pass will be killed in the Senate. Do remember that Hollywood and other industry groups count on Democratic support far more than the useful idiots in the Republican party. [They back old-media friendly trade deals like TTIP et al.]
Re: Cuttin Cables
Whoever did the failure analysis missed the obvious single point of failure. Don't get stuck on stupid. In this case, there should have been an offsite DR node which can actually be "cloudy" or not.
Re: Also strike against Microsoft
Remember? Just last week Lenovo bought IBM's x86 server line. Lock, stock, and engineers.
Completely and utterly bizarre. What with the top two playing footsie with the cable ISP's (anticompetively) and the only way that the next two can even get some skin in the game by completely disrupting the duopoly, just color me confused. One would think that combining #3 & #4 would lead to better differentiation, but I must have forgotten everything I learned about market competition (especially economic history). I need a drink.
We control the...
Everyone, Microsoft included, are going vertical. Well, except Microsoft who are also going horizontal!
Re: all ex CCCP countries... hmmm
Wouldn't do anything for proxies methinks but worth thinking about.
Re: El Reg now has a correspondent in Mongolia?
Don't know means don't know...
At this stage we simply do not know the PoS attack vector nor the characteristics of any communications used between the PoS terminals, in-store servers, nor from store to the 'net. I would suspect that a mirror shunt was used but that's only a suspicion. Brian Krebs didn't reveal a whole lot, so far. And that's before we even consider the other attacks and possible commonalities.
Cisco is not alone here
This is part of a broader vulnerability for TCP-32764. It is conjectured that it was put in place by one, or more, SerComm engineers to allow resetting the devices that used their devices during the testing process in case the router locked up. Again, conjecture. The researcher that identified it has a PoC at GitHub: https://github.com/elvanderb/TCP-32764 . I'd include the suspect devices list except that link blows up here when placed in this reply.
Turns out that the Arris device used by ComCast routers here has the vuln. so it just isn't business, even just SMBs. It's a very popular device.
Ain't that the sad and sorry truth. Approaching five decades in this biz and the engineering and marketing permutations look all the same: as if it were Toynbee's cycles on crack.
Unfortunately, these components aren't something that you can normally source (GaAs chips...). So it would most likely come down to picking who's going to be listening in on the data streams, IMNSHO. Frankly, I'd pick the Brits rather than 'my own' (US).
Re: Profitless Android
Agreed. There would have to be knock-on effects or we would be seeing firms exit the market. Not enter the market in ever increasing numbers. Putting on the econometrician hat, something is not being measured, but what that is, I don't know.
Re: Paranoid Android
Agree on the fail but in my case I don't have a phone. Any phone. And prefer it that way. [Then again who in Hell, aside from sales or campaign staff would even want to talk at me.]
This is like tuning racing cars which are having parts replaced/upgraded as you are tuning them for the next race. I've been there, done that, burned the t-shirt and I most certainly loved the challenge. When I was young and (somewhat?) stupid. On that note, it's over the yardarm somewhere.
Re: Additional Complexity
Essentially your making the case for applying a type of predictive analytics with high autonomy on rule determination and application. I've done that in several fields (logistics, medicine (epidemiology), even financials and the social sciences. The fun part will be determining the monitoring (wiring) harness for the workloads although... that part's going to be hard.
Now I know what's going to be occupying my thoughts for a few.
Re: Honey Trap?
Nope. All you need is recording of packets entering the system of nodes and those exiting them, then sufficient computing capability to match one to the other. You need not have all the nodes, as you might expect, just a sufficient number. MITM capabilitiy would be nice at these exact points. (Where have I heard they have that?) At best, the relays would allow you to check the coverage on the overall system, but they contribute nothing to the actual process. Toss a few million, actually close to a billion I expect, given exactly the level of retention of all traffic and you too can be the NSA.
Waving the 'Cryptographic Magic Wand' over something doesn't make it secure. Packets are still packets and entries and exits are where they have a much lower level of protection. Or as I prefer to put it, plumbing is still plumbing. I was there for the birth of ARPAnet, Unix, and a bunch of other stuff. Assuming complexity where there is no such a requirement is a failing of the modern today.
I don't believe an Honey Trap is involved. All that is required is that a significant number of the nodes within TOR, especially entrance and/or exit nodes, be monitored and you can roll up the network whenever you have sufficient suspects. One of the things that I looked at was donating an AWS node to TOR. It became clear to me exactly what would be required to break anonymity on TOR. Nothing special, just own a bunch of it.
Re: Very Nice Mozilla @Adam1
Sounds like you have a pretty thorough understanding of what's involved. I know I'm guilty of the two- or three-dozen open tabs nearly one hundred percent of the time.
Have a beer.
Re: Yeah right
A simpler explanation is that for every API layer you have to transit, and God forbid crossing a Ring boundary in x86 (x86-64), your code got a whole hell of a lot slower. Which is of concern here as I make heavy use of virtualisation in the first place, never mind all those layers going up the stack. Direct compilation to clang/gcc using bare or near-bare metal? Not so much crap in the way of getting the job done. Sometimes (sometimes?!!) I convince myself that we do this complexity to justify our existence (job insurance).
GCHQ has already demonstrated both the willingness and capability to use MITM attacks to lift user credentials from the Belgian telco system/network engineers. Those are the very people that can pull up that data which is why they would be targeted in the first place. The US and the rest of the Five Eyes got included on the take. There's the problem. In addition, any datastore that is accessible remotely, sometimes even over an airgap if you can believe that, can and will be cracked by someone with an interest (or just for the lulz) in that data.
This is your problem. My government (US) doesn't respect anyone's privacy. Period. [Not that I had any privacy with them anyway. And no, I don't wear a tinfoil hat.]
At the very start of the article, ASIC's were at the top of my mind. They supposedly found overall power savings but I'd really like to see what the criteria for the experiment was. And given that redundancy is going to be a serious requirement I would have, was that factored into the comparison? On the flip side, an awful lot more money is tossed into the R&D of general and gpu processors that aren't similarly tossed in the direction of ASICs unless you are Cisco or one of their direct competitors, I would imagine. But that's all that is, imagination. I don't "know" the resources tossed at that. And when I don't, I admit it.
Re: TL;DR me if you like, but this is important
Well worth the read. Thank you. These are going to have to be fairly autonomous if VNF's are going to bypass flows being routed to the absolute center which also requires serious orchestration. The maddening thing about orchestration is that nobody I've ever come across that has even a nub of a solution plays well with others, and in many cases, even plays well with that same vendors stuff. That's what I've been researching this week and I need a multidimensional matrix (tensor) just to sort what works with what.
I have to wonder if what they end up needing on their lines will be somewhat equivalent to FCoE or such due to packet dropping. There's a huge difference to what consumers will tolerate on their systems and systems that demand (require) near perfect delivery. Surgery using telepresence doesn't work very well with high latency and packet drops.
This will be one to watch.
And the beauty is that you can leverage the very hardware that _is_ the NFV to go after the rest of a data center. Much easier if the hardware steps aren't heterogeneous.
Guessing in re: A cloud of clouds
I'm just hazarding a guess that you neither looked at the ICStore diagram, understand the implication of KVS BLOB storage across resilient, heterogenous storage, and the other facets glossed over but addressed in the linked IBM piece and two papers.
This actually looks very usable from my point of view, especially the base encryption and total isolation of ICStore clients from one another, as well as have a total separation of concerns surrounding the... wait for it... similarly isolated cloud databases. Of course, being a toolkit, the devil will really be in the details of the implementation by IBM and any other engineering firms you might involve. [And no, I wouldn't let a 'developer' anywhere near this.] The only niggling worry I have is around the metadata leakage just might weaken the overall encryption. Any information/energy leakage does this and perhaps having information about the KVS keys might present a hazard. I have to defer to the thorough experts on that issue.
Interesting timing with internal corporate events, if nothing else. The privatisation thing has been on the burner for about the same length of time. I don't believe in coincidence.
It was ever thus for Microsoft Partners
One thing you have to be as a Microsoft Partner is very nimble on your feet. At least they don't pretend to be anything else.
This runs with the same problems as wi?th patents: what is secret from or obvious to a practitioner of the art when a practitioner isn't involved in the determination until it goes to court. And THEN it's up to a judge or a jury who are't practitioners that make the decision. Ouch! We've seen enough of this crap on my side of the pond.
I spent much of my career applying what works in one engineering discipline to what others thought totally unrelated disciplines. Electronics to epidemiology, just to give an example. To me, it's all math and logic. Everything. So doing what I do, is that obvious/discoverable? To me it is and I readily do it to the work of others. Non-obvious/discoverable thus falling into the domain of trade secrets?
Re: What's the target audience/use case?
One of the reasons I do NOT play RPG's any more is that it's damn hard to cart the books around these days. PDF's required!
Re: What's the target audience/use case?
Be downright nice for field engineering. Wouldn't have to be always looking around for a power source on the job if it has *real* battery life. That could actually get me looking at Apple for myself, rather than just recommending it to non-nerds.
The co-processor board sure looks familiar. I had that in my A2000 (1987). where I had both a 68030, with all its coprocessors, and a '386/7 processor board, when that came out. That's where I learned heterogeneous computing and all the other multi-everything.
Back to the past, yo!
Re: The most logical IPO I've seen in a while
That surprised me here. I guess that they don't have some marketing or accounting type in charge, yet, so you will be hearing from scientists and engineers, for now, about building something useful. I don't expect it to last, but ... nice!
Re: Are patents slowing this down?
Actually there has been a (literal*) ton of research on the subject including many by certain people that actually mean something. The problem around correcting the "flaws" in the patent system are political, not factual. Given that the home inventor is a rare bird, the current system supports corporations who donate funds and services to politicians, I seriously doubt you'll see any changes whatsoever.
(* If I printed out just what I've stored here, minding that it's only the statistically valid models, it would literally weigh a ton. And, yes, econometrics is something I was rather good at, so I can recognize quality.)
I'd add that this looks like an old tactic here: embrace, extend, extinguish.
Your not wrong there. As is so often the case with District Attorneys and Attorney Generals, the next step up the rung in political life needs some extra attention-getting results, so yeah, they milk it for all it's worth, and more.
Now I know...
Now I know what the universe had in mind for when I grew up! Sadly, I got RIF'ed despite everyone EXCEPT HR (equivalent) wanted to keep me. I wonder if that kept me more sane? [Am I sane. Nope. Doc says so.]
Actually, I'm recalling some of the early HeathKit's.
Good point on CloudPrint. One of the more interesting points brought out in the testimony given by the heads of MI5, MI6 and GCHQ is that they are also interested in any intelligence that may present an "Economic Threat" to the UK. I can't speak for the rest, but it wouldn't surprise me if such were the case for the other four-eyes (pun intended). So be real careful about what you leave up, or transit through, the cloud about your business practices/dealings.
Thankfully I don't have to worry about these things anymore.
Re: I expect to get a zillion downvotes but...
Actually, the Post Office has it's equivalent, in the US, to collecting the business records (meta-data) collection. Anything on the outside is fair game and can be used to justify a specific warrant. They've been doing that forever.
Re: Big boys aren't always the best solution for most businesses
Around here, in central valley California, I'm in the tranches with the SMB's/SOHO crowd and yes, pretty much everything is consumer or entry level solutions and the fee isn't much at all. Almost entirely, Systems Engineer = Will work for Food! [I'm a disabled veteran, gives me financial leeway]. I especially like keeping the mind polished even if my physical capabilities are now tarnished.
FWIW, I see almost every significant player is cutting the SMB/SOHO markets or pawning them off to a one-size-fits-all approach in that segment (e.g. Microsoft & Office 365). Pretty much any cloud operation for that matter unless you have a ton of seats. I'd like to incorporate some of the golly-gee-whiz things like VDI on any device for a small business with people out and about but keep hitting the wall on price/user or device (or both). Enough yammering. Thanks for putting pretty much my experiences as well out there.
Get used to it. Developers today can't be trusted with low-level hand-crafted code and they surely can't be trusted with high-level hand-crafted code without extensive testing and training wheels left in place at run-time. We should be at the stage where code blocks are the stock parts which we integrate to get a finished piece instead of each developer having to reinvent the square-wheel. That's the bill of goods that has been repeatedly sold since the '80's with OOP and we're still not there yet. Sooo..., to overcome the bloat, we have to shrink the distance and tweak up the compute/watts with SDN and all the other bells and whistles.
Re: Good Idea!
Actually I've never had a problem with SER: or PAR: on my VM's and that goes back to VMWare Workstation 1.03 at the very latest. [Disclosure: Very early beta tester for both VMWare and MS Virtual xxxxxx lines of software.]
Sure whetted my appetite as storage is my latest area to explore and the old is so passe ;).
Re: Uh ... computer says no.
I know I can hear up to 55 kHz as that was just under the top freq. in the audio oscillators we used to train students on in our (US Navy) Basic Electronics/Electricity school. And yes, I could hear the old TV's fly-back transformer. If I hadn't been a nuke, they would have soldered on some earphones and made me a sonar-tech. Now, not so much in display/tv-land and the ears are just fine.
I looked at the indicators and so far they aren't present here. But I don't practice promiscuous anything, even in my non-existent love life. [Sad, that] I can't call this out of the realm of the possible, I've got way too much engineering across the disciplines to EVER say that. Probable? Just perhaps. Likely, don't believe so but if it's real: Damn! I wan't a piece of that action deciphering it, even at the cost of hardware tested to destruction.
In actuality, it's far more likely that it's all a test to determine the 'openness' meme/trope in the security industry. [Let's write up an over-the-top malware description (behavioral pattern) and see exactly who and how many buy into it? Then again, Mom's an anthropologist and I was the frequently chosen victim for psychological experiments, as the known outlier, for my teen years. So, I'm kind of used to seeing experiments where others muddle-through.]
Re: Try carrying one around though
I can see a nice niche for this device here. I'm already working up remote application support here based around various 7-10" Android/iOS devices (perhaps phones) and what I consider big iron here. This would be a dead easy device to support on the hardware and software (both ends), that I'd have to be an idiot not to consider them. Not just for Windows on the infrastructure end either. Nice.
Good price point except for the cost of a device specific keyboard. Much rather go Bluetooth even at the cost of four hours estimated battery life (and I can already tackle that anyway).
Re: I bet
Well, in a sense they are monetizing their pre/post-holiday shopping season computer capacity by having others pay them rents the rest of the year. Examined in that light, any reinvestment (capex, human, &c.) is made at negative interest rates which I don't think I've ever heard of anyone accomplishing before. So, yeah, I'd be shoveling that cash flow into reinvestment as fast as I could as well. Anything that earns additional tax subsidies would only be that much more sensible.
I do wonder about the TV-series though. Too many different ways to count that to even think about whether it's financially sensible or not. Although I tend to lean on not when it comes to media properties. Too many scams over too long a period to ever consider it legitimate let alone ethical or moral ;).
The way I see it, ...
is that it's something you can incorporate into existing components or even as a brick or larger unit (power companies, DR,&c.). The top of every chip looks real good here, especially if you are building 3-D chip sandwiches. We are still at the kindergarten stage in materials engineering. No, make that 1st grade since we can at least read chemicals with all sorts of fine probes.
I wonder if we'll ever see, instead of a solid aluminum as the case material, replacing with this in quite a few layers and then a photovoltiac laptop/phone/tablet (and other times) surface that harvests completely across the bands. This is really getting fun!
Re: "We will try to help"
Pretty much. I've been doing alphas and betas, mainframes to embedded, for three decades now (wtf, where did the time go?!?!) so I'm right at home with out-of-synch with current version (??) xeroxed manuals, translated from Klingon as near as I can tell, and having to disassemble binary or IL to figure out wtf this api/program is *doing* as opposed to what's its supposed to do as per the manual, .... You get the idea. I'm used to it. Anybody else? I pity them.
Not offbeat at all matching your 'blog to the article here. I assign zero credibility to anything Gartner asserts. Economically speaking, we have massive demand for useful apps but the supply of labor is in short supply. You can witness that looking at IT employment and pay during the Great Recession and beyond. Nowhere near a bad a situation in other sectors, although still pretty damned bad for some.
Right now, I'm dragging the place I'm staying at into the 21st Century, kicking and screaming. Theoretically, any device should, with the proper interfaces built, be able to talk to any other device and you'll definitely need "An App for That." So in that sense, there is plenty of opportunity out there beyond apps for legacy silo's. And the poor souls doing just that (legacy) are in demand as well.
[Nice 'blog. Bookmarked.]
Re: AHCI has "known issues" with VSAN?
I'm similarly confused, especially after designing and building a 12 TB SAN with an extra 1 TB of Flashy-goodness for in-between. This isn't rocket science, even though I can also do that.
- Vid Hubble 'scope snaps 200,000-ton chunky crumble conundrum
- Bugger the jetpack, where's my 21st-century Psion?
- Google offers up its own Googlers in cloud channel chumship trawl
- Interview Global Warming IS REAL, argues sceptic mathematician - it just isn't THERMAGEDDON
- Windows 8.1 Update 1 spewed online a MONTH early – by Microsoft