Posts by jamesb2147

Judge, jury, and eulogy

"We require that all CAs whose certificates are distributed with our software products notify us when its policies and business practices change in regards to verification procedures for issuing certificates, when the ownership control of the CA’s certificate(s) changes, or when ownership control of the CA’s operations changes."

That's a clear violation. Mozilla claims they have evidence in the public record, confirmed by a lawyer, that WoSign 100% owns StartCom and has since November 2015. Reading through the list, Mozilla has been generous in leaving their certs intact thus far.

More importantly, the lack of audit findings are damning both for WoSign and Ernst & Young (E&Y has a lot more to lose, of course).

I used StartCom about 10 years ago on my first domain. They offered free, low security SSL certs that became trusted by most browsers, eventually, with clear instructions for creation, installation, and maintenance. Essentially, they did what Let's Encrypt is trying to do now, but on a smaller, more commercial scale.

RIP StartCom. You were kind to me in a world full of pay services.

This is a dangerous street

And apparently common testing ground for the little self-drivers.

http://www.theregister.co.uk/2016/02/29/alphabet_av_backs_into_bendybus_in_california/

Another accident Google's car had on El Camino Real. Of course, neither accident seems particularly attributable to the self-driving vehicle. And, as always, if they learn from this accident, it means every car will benefit from that "knowledge."

Really?

Who encourages this? Old tech that's still in use needs more than "an announcement from Apple" a few weeks before support is dropped! When my Cisco gear is not going to be supported anymore, I'm given literally YEARS of warning (I think 5 years is Cisco's minimum policy, but I could be wrong).

Dropping support for insecure protocols is all fine and dandy. Dropping it with weeks of notice, published on an obscure technical part of your web presence (how many clicks from Apple.com does it take to reach this notice?), with no reasonable workaround available is shameless and inappropriate.

I used to run one of these networks. We didn't specifically use PPTP on our VPN, but I could see us having made that choice at some point in the past and stuck with it to today. I sure as hell never heard anything about this, and the only thing I can say I would have done better is to have run the beta myself before its public release. I can't say for sure that I would have noticed this kind of feature breaking, however.

And that makes me think bad on Apple. Killing old tech is fine, but we plenty of time and ample warning in the IT departments that eternally understaffed.

Appropriate response

Oh, Kieren.

The appropriate response would be to strip Cruz of his position of authority within the Senate. The rider should pass or fail on its own merits.

Cruz, lacking any merit, seems fit to be removed. I'm actually curious how a freshman Senator got to his position anyway. Is it just because Texas holds so much sway..?

Apple's history of bravery

As I've seen elsewhere, I'll repeat here:

Apple removed floppy - CD drive and USB flash drives were on deck to replace this function anyway

Apple removed laptop CD drives - We all knew this was coming and USB flash drives are there when needed

Apple removed ethernet - As a network tech, I find this personally irritating, but I do (kind of) understand why they did it, as WiFi is now ubiquitous and fast enough for the vast majority of workloads

Apple removed 1/8" stereo jack - There's nothing to replace it. There's no obvious problem this solves other than Apple engineers can't figure out how to waterproof it (Samsung and others have solved this). It IS an industry standard and has been for decades.

Legitimately, this is a sign of the decline of Apple engineering. They could have avoided this, but chose not to because it's hard. This isn't bravery, it's something else.

Two concerns I've heard so far:

1) Longer processing

2) More expense

I'd say $300M for all the visitors coming to the US is high, but not so bad. I hadn't really considered all the extra man-hours, though. :X

Longer processing actually is a HUGE negative. Get more automated kiosks, CBP!

The privacy concerns are moot until CBP makes this a mandatory field or otherwise "punishes" travelers who do not fill it out.

Not much to go on here

I believe the technical phrase is "Quality of Service." Perhaps you've heard of it?

In all seriousness, the man doesn't deserve that much derision. On a clogged connection (that's a technical term; I'm a network engineer), you can effectively "speed up" certain traffic by prioritising it at the cost of other packets/streams/metaphor of choice. To the user on a clogged connection, it *will* appear as if things suddenly sped up, especially if you're talking about buffering video. And that exact scenario is exactly what network neutrality has been about since at least 2010, when "backdoor santa" dropped his steaming hot gift of network utilization graphs from the Comcrap-TATA link on NANOG's front porch and ran for it.

Perhaps that's not snarky enough for El Reg, though.

Reg's a changin'

The ads, that is. For five years or so, I've used a Flash-blocking plugin in Chrome as a poor man's ad blocker. It's served me well enough. I don't actually desire to deprive my news sites of revenue, I just hate the distracting and patently ridiculous nature of autoplay ads with fucking sound (yes, I've now noticed your product, now FUCK OFF!!! -- IBM used to be great for these).

That all changed yesterday when El Reg started having HTML5 animated ads that were super annoying. I've now joined the horde of angry AdBlock+ users. Thanks, El Reg!

I look forward to further reporting on the matter.

My bit to contribute is that fiber is vastly better for anything that requires upload capacity, whether it's Facetime or PC backups. And, if you get a fast enough connection, you should be able to run thin/zero clients at home/work with iSCSI connections over the internet, even on a rainy day.

Right now there aren't enough premises in the world for developing these platforms into consumer-facing products to be worthwhile, but if Australia had gone full FTTP perhaps things would be different. We might not know for another 10+ years.

Humor and click-bait

Get better at it. It's still annoying, Ed.

Did anyone bother reading the linked report?

It's not clear the author did more than skim it.

There's nowhere that says the car was "backing up." The car was "moving back" into the center of the lane.

Take a look at the StreetView for this intersection, heading East on El Camino Real as described in the accident report: https://goo.gl/maps/ibea7E9dMFv

That's a wide lane, enough for two cars if they're small. The Google AV moved to the right side of the lane in anticipation of the turn and possibly to get around other traffic. This is a very common move for meatbag drivers, though certainly questionable of an AV. Said AV encounters random sandbags blocking progress. AV waits for other drivers to pass, out of caution. When the area appears clear, AV begins moving toward the center of the lane (presumably forward) at 2 MPH to get around the sandbags. Meatbag bus barrels down the road at a comparatively quick 15 MPH and does not yield to the vehicle in front of it within its lane. There is a collision and the report describes it as the Google AV making contact with the bus.

The damage to the left front wheel indicates this collision may have been moderately more severe than a "fender bender."

Let's review what we've learned from this:

Richard Chirgwin needs to read his source material before posting.

El Reg needs to do a quick fact-check based on the simple, provided source material.

There were questionable decisions on the part of both the AV (2, by my count) and the bus driver meatbag (1, but rather egregious, by my count).

This was a low-speed collision with no injuries, thank God.

Google needs more time to improve its AV fleet safety before mass adoption. I, for one, am glad we have a sensible system in place for developing and testing these technologies.

~SH

EDIT: Worth thanking El Reg and Chirgwin for providing the sauce to begin with. Without sauce, I would not have been able to fact-check his statements and enjoy my delicious Righteous sandwich.

Low hopes for change

In spite of US grandstanding and some fairly strong statements of "personal" belief from Britain, it is Colombia's ambassador that's penultimately responsible.

I strongly suspect the Colombian government is *thoroughly* corrupt, based on my own, admittedly limited, dealings with consulates and stories from citizens.

So, unless the UN as a whole takes up the cause and the US, Britain, et al manage to push through a resolution, I expect nothing to change. Hell, Gurry may end up with a few sexual assault charges levied against him and dismissed, if he starts feeling cocky.

Interesting discussion of FOSS solutions

Here's my $0.02:

I wore the network and monitoring hats as part of an IT team of 15 supporting a university of 2000 students and ~500 faculty and staff. I was *the* network admin/engineer/architect.

Zabbix looked a bit strange, though I didn't invest much time in it.

Spiceworks is 80% terrible at network monitoring. Great for configuration backups on our network, though! Couldn't use it for desktops since we were mostly Macs.

Zenoss is has similar network monitoring functionality to Spiceworks but is 90% better at it. Seemed to have very limited server monitoring IIRC. We used this for a bit to monitor the network in between other solutions. Never got the trap receiver working properly.

Cacti was too limited for our needs, though good at what it did (if ugly).

MRTG was much the same as Cacti.

NAGIOS was, by all accounts, extremely powerful. Never did get it configured though as it all seemed too much of a PITA, Yes, we even tried a couple of wrappers that were supposed to address using the GUI to add monitors, etc.

Xymon was a PITA to configure and maintain though decent at what it did.

PRTG was what we eventually settled on. It was reasonably priced and did both network and server monitoring competently. There was a lot to learn but the system could be configured in a basic way with advanced configuration applied as time allowed for learning. It was not the best system available, and I wouldn't sing its praises from the hilltops, but it's probably worth checking out even if you hate proprietary solutions. It is reasonably competent, with alerts based on groups, dependency monitoring (router goes down and stop monitoring all the downstream switches and do NOT alert me again), SSL expiry monitors, frequent updates which occasionally add real features (and they fixed several SSL vulns in a matter of a few months), etc.

Couldn't get past the paywall, but this sounds a hell of a lot like a bog standard Palo Alto firewall to me.

Don't get me wrong, people should know that their admins can see literally every site they visit, but it's par for the course in academia these days. How else is an admin supposed to keep those luddite English profs from downloading that FREE $manuscript_of_preference!?

(FWIW, I'm personally highly amused by English profs and others who will very loudly insist that "paper is better" right up until they've actually used a Kindle for travel. Srsly, luddites.)

Joy

is when you see your favorite hotel on that list.

Why did Hyatt have to make it a PITA to see the list of affected hotels? *sigh* Nothing really changes... ever.

Welp, still haven't answered my question

This SIM is T-Mo only, I believe. I've not read anywhere whether it still supports the full international data network.

Clean mode?

Up up down down left right left right B A Start!

Note on Windows 8

<rant>

I do rarely see this mentioned: If you're going to make fun of Win8/8.1, do so b/c the OS is called Windows, not "a Window at a time" or maybe "two windows at a time" or "you can run as many windows as you like as long as only one's on the screen at a time."

The OS is called Windows. It had damn well better support real window management.

</rant>

I quite like Win8 on a touchscreen tablet with removable keyboard dock! It seems like the use case the OS was designed for, to the detriment of everything else.

I'd disagree with your conclusions

People should still be advised to use a VPN, but saying "there, that fixes our shitty policy ideas!" isn't really something that is worthy of broadcasting on TV.

Average Joe: "Wait, if I can do this, can't the terrorists?!"

SDS and NexentaStor

This honestly baffles me. My employer was looking into NexentaStor solutions and after spending a few hours with the then-Nexenta CTO (who also worked for a startup vendor) working out a solution and walking us through the technical details of the product, he stumbled upon a feature that didn't occur to us as being particularly useful until he said it: we could stick our existing arrays into the NexentaStor box and manage it just like any other NexentaStor storage.

I don't know why they're so bad at advertising this. Being able to swap out the back-end storage while maintaining the software is a HUGE positive for the company and they didn't seem to realize what they were onto.

VMware updates

I'm sure nobody has ever run into any bug with a VMware product, ever.

More seriously, the main improvement I see in VMware's version of Windows 98 is that the BSOD is now a PSOD, and there are actual log files worth looking at when it does crash (oh, so many files, to be honest).

"Major Airports"

That's a bit of a misnomer.

ORD, DFW, and MIA are all AA *hubs* which is actually vastly more important than just being a "major airport." In fact, they're AA's three BIGGEST hubs!! Basically, AA has a handful of less major hubs left (if they're still operational, which I'm not confident of). Those would be places like PHX, PHL, CLT, and LAX.

Always appreciative of a contrarian view

I only hope most people disagree with the author's apparent view of fair use. It's an incredibly important doctrine for the creation of synthesized content, particularly when licensing is overly expensive or onerous, and it's a rare example of legislative progress in the public interest in the field of creative rights.

With that said, again, I really appreciate a well thought out contrarian viewpoint, and this is an excellent example of that.

Small note: victim shaming is a term I specifically associate with the treatment of rape victims. I don't particularly appreciate the author co-opting the term for his own ends, particularly when it's entirely apt. 'Victim shaming' seems only even somewhat appropriate to apply to the internet lynch mobs that inappropriately target rights-holders.

Attempting to bully other companies is simply par for the course behavior from machines designed specifically to extract as much money as possible from the economy, but with the rights (and anthropomorphism) of laws written to apply to people. (It's SO BAD here in the US that I'm not even sure of the appropriate term to refer to entered-the-world-through-a-vagina people.)

I did a little research before interviewing there and it becomes really clear on Glassdoor very quickly that your experience there is "purposefully Dawinian."

It also becomes abundantly clear that your experience will be at least 50% dictated by your direct supervisor. So, a$$hole boss == crying at desk. Nice boss == competitive but interesting environment.

The guy I interviewed with turned out to be not that nice, so I ran. It was an interesting experience nonetheless and I am quite confident that a lot can be learned from working there.

Fun fact: one interviewer said he'd been there 3 yrs (he was the sole developer for one of their web products) so I joked that he must be a real veteran of the company. He immediately went to check and found he was in the 86th percentile for length of time at Amazon. Good grief, that place has turnover.