Re: In other words
"The first humans sent to Mars won't be coming back"
Who'd want to?
7021 posts • joined 31 May 2010
"The first humans sent to Mars won't be coming back"
Who'd want to?
National regulation won't do a damned thing. International regulation is required.
The problem is, political negotiations get caught up in corruption. There is a very clear goal here, with a defined problem: define security and update standards for devices, as well as labeling, punitive measures and enforcement for networked devices.
Unfortunately, if the politicians are to be relied upon, they'll end up pissing away a decade trying to fight off the Americans' attempt to extend copyright and patents as part of the treaty, the Europeans' attempts to get a bunch more common goods renamed so that only those coming from a particular region can use the common name, and $deity only knows what India and China will try to worm in. I'm pretty sure Russia would just try to torpedo the whole thing for funsies.
Sadly, standards bodies are equally ineffectual in these circumstances. It took how long to agree on 802.11n?
TL;DR: This is why we can't have nice things.
My marketing hurts. Ow.
Or a really bad case of butts disease.
Are you implying Trump is intelligent?
Trevor go to conference. Vendor throw conference party and guilt Trevor into going. Trevor try to escape. Many drinks, many shake hands. Music too loud. Talk about breaking tech. Trevor finally allowed to escape.
Parties no have coffee.
^ Pretty much like that.
If you need me to connect you to the vendor, you know where to find my e-mail. ;)
So he's somewhat uninspiring. At least he's not Trump. Or Cruz. Or any of the other sack of social and/or cultural conservatives why so desperately want power so they can oppress groups they don't like.
When the choices are "kinda meh" and "completely fucking whackadoodle", "kinda meh" starts to look okay.
There are ways to manually trigger immediate replication, yes. So what? How is that solving the problems discussed?
I am not responsible for your ailing memory nor your inability to comprehend what you read. As usual, the so-called "inaccuracies" you detect are entirely in your personally errors regarding merging of what's read with what you think you "know".
"Regardless of the rest of this article I call bullshit...The exec would have to get their vanity items working for it first, load it with all their music and then make sure they had their really important power points available before they walked into that meeting...So how did this exec know to register their device? Clearly they were told and given instructions to do so otherwise the exec would never have been able to do it..."
A) Do you know anything about Microsoft endpoint solutions? From client software to the tools built into Windows Server such as Roaming Profiles and Folder Redirection? If they had logged in, they'd have all their stuff made available with rapidity and all their customization intact. If you know what you're doing, that part works reasonably okay.
B) The "how to register" was made available through the company intranet which, if I recall, wasn't checked by the marketing exec before the device purchase. There was some kerfuffle about screeching at the local store staff to pull up the info as the marketing exec was "in a hurry", and then scrambling to follow all the steps. War stories swapped over beers revealed hilarity...
Or, hey, they could put contention sensing code into the links that would scale replication times dynamically. Hell, they probably have 95% of that code in a repository somewhere...
Where did I say "change your password"? I remember discussing a password being locked out, and new device joins taking time, but not passwords.
Edit: I ctrl-fed the article, and "password" doesn't come up at all. Also, please note: "Today, AD is (mostly) an all-or-nothing affair. When AD replicates, it all replicates. (There are some exceptions, such as lockouts.) This needs to change."
That bit about lockouts was a reference to URGENT replication. Something that only applies to specific conditions, such as passwords and lockouts. Cheers.
I don't disagree! That does, however, bring me back to the "we need different replication times for different classes of object and/or object groupings". AD needs an overhaul. The ability to replicate faster is a bandaid, not a cure.
Actually, you're quite wrong. "Sites" are more than just a useful means to mentally break up domain controllers. They are used by other applications that hang off AD to determine network topology for their replication, to determine how to break up the load on the AD servers (latency matters!) and more.
Also: putting everything in a single site doesn't solve the problem of needing different propagation times for different classes of object, which is ultimately what is required.
No they don't. You really don't know much about the medical profession, do you? Sterilizing and cleaning tools is it's own profession. Complete with it's own tools, rapidly evolving technology and techniques and more.
A Doctor might have some very basic idea of what' going on "they are removing physical detritus and trying to kill all the bacteria and viruses", but I promise you most doctors don't actually know how that's accomplished. What those doctors are taught is essentially history. "These were the ways we mostly/kind-of-sort-of killed off bacteria in the past". Things like ethanol, fire, etc.
Of course, it's 2016, not 1816, and we know little bit more about the world now. There are all sorts of nasties that can stay on instruments, even after what many would consider to be rigorous attempts at sterilization. This is especially true in hospitals, where the oogly booglies have been in a constant state of evolutionary overdrive in an attempt to survive.
So now we're in to things like pulsed sonic detritus removal, acid baths, ionizing radiation, silver and/or copper coating/recoating, plus like a thrillion layers of testing at different intervals. That's before we get into the procedures around length of reuse before replacement, order of operations, number of cycles between different events, etc.
As a general rule, no. The Doctor doesn't know that stuff. Certainly not to the level of detail you are clearly demanding IT folks "know" what is going on under the hood.
it's also a completely irrational position for you to take. Nobody - and I mean nobody, not even your own over-inflated opinion of yourself - can understand everything there is to understand about IT. No human brain is even close to big enough. The true "full stack engineer" is biologically impossible.
Real human beings in the 21st century rely on understanding the basics. We then understand specifics about things we need to understand in order to do our jobs. For everything else there's reference material. Usually a user manual and/or Google.
So climb down off your high horse, mate. You aren't fooling anyone who actually is an IT professional. Actually being a professional means a sense of humility. It's required in any profession because admitting what you don't know is absolutely critical.
The difference between the apprentice and the master is that the apprentice thinks they know everything when, in fact, they know nothing. The master thinks then know nothing when, in fact, they have forgotten more than most practitioners will ever know.
Bullshit. Of course doctors, astronauts, electric engineers and so on use the easy button. All the goddamned time, in fact.
Doctors, for example, don't clean, sharpen and sterilize their own tools. They don't mix their own drugs. They don't research those drugs. Most of the time they rely on software to assist with diagnoses by running through checklists. Medicine is also a discipline of multiple specialties. Doctors - even specialists - routinely rely on tools, techniques, technologies and more that they themselves could not reproduce in order to do their jobs. Without these tools they wouldn't have a prayer of meeting the survival rates or the patients/day goals that are set for them.
I can say very similar things about astronauts, electric engineers and even the dudes who run around the forest on minimum wage planting trees. They sure as all hell wouldn't be making their quoats without someone else growing the seedlings and more someones making their boots, packs, hole-creation gear, etc.
This notion that anyone in today's society can be self-sufficient - even within the scope of a single profession - is complete and utter bullshit. Humanity is the most interconnected and interdependent species on the plant. Ants got nothing on us.
Assuming that Samsung are releasing those updates to anything other than the very latest models every month (and given the delays in getting Marshmallow onto the S5, I don't believe that's that case), there is still the issue of those updates not getting out to actual customers.
Pointing the finger at the carriers pointless. There are squillions of carriers and ISPs in the world and they have collectively proven time and again that they can't be trusted. Whether the issue is updating their Android images or delivering IPv6 connectivity in a G7 nation (like Canada), carriers and ISPs don't care about standards, security or usability.
So why are phone manufacturers like Samsung even giving these carriers the choice? Samsung (and everyone else) should be bypassing the carrier lockdowns altogether and allowing end users to receive (at least) monthly updates.
But, like everything else about their phones, Samsung just doesn't care. Minimum effort for the minimum viable product is the name of the game. :(
Consumer rights groups in Canada have little power, less funding and shockingly few rights. I also don't see how it is on me, personally, to steer a ship like that which is run by it's own group of people. I can (and have) recommended action to some of the consumer rights groups here in Canada, but bear in mind that these organizations have their own staff, with their own power structures and their own priorities.
Incidentally, bitching online does have a purpose. It makes me feel better. Also: it causes debate and discussion which may lead to additional people choosing not to buy from Samsung. All of that is a Good Thing. The more people choose a different vendor the more financial pressure there is on Samsung to change their ways.
And make no mistake about it, the only thing that will get Sammy - or any other enterprise - to alter their behaviour is financial pressure. Customer rights groups and government pressure ultimately result in irrelevant changes decades after the issue arises.
Lastly, posting about just how much Samsung sucks annoys you, personally. Don't underestimate how much satisfaction I derive from irritating you and everyone else like you who state that wanting a phone to just fucking work (and/or be patched regularly) makes one an "entitled millennial dick".
Also: if I can offend, irritate or dismay any brand tribalists at any time, then whatever efforts I engage in to do so are not wasted. Brand tribalists are among the most evolutionarily unfit members of our species, and I greatly desire to see them selected against. Causing them to expose their own irrationality is one means by which I can help ensure this occurs.
So, in conclusion: shitposting about Samsung has value to me in layers.
If the carriers are the ones holding up patches, Samsung shouldn't be giving them the option to customize ROMs. Period.
"Mine is regularly updated too; certainly would point to the local phone provider rather than sammy being to blame for the OP's missfortune."
Mine is patch level "June 01 2016". That's quite some time ago. Even that didn't bring the phone fully up to date for June 1, 2016. Prior to that, there was more than 6 months between patches. Not okay.
None of the patches actually seem to solve any of the fundamental issues with the device either. Driver issues, touch screen issues, wakelocks, terrible connectivity...
The S5 is a piece of shit, and so are all the modern "flagship" Samsung phones. Samsung used to be good. Now they peddle neglected crap. Simple as that.
"Why all the Samsung hate?"
The poor quality of any post Galaxy S 2/Note 2 Samsung phones. Understand, I loved both the S2 and the Note 2. The drivers on the stock ROM worked. The stock ROM was stable. The modding community managed to pull all the bits out they needed to make truly amazing third-party ROMs. Truly this was the heyday of Samsung devices.
Today I have tried the S5, S6, S7 and Note 3. All have various problems that go beyond exploding batteries or bad updates. The S5, for example, has a laggy and terrible touch screen driver. Taps are recorded erratically, not always where they're supposed to be, and the delay between tap and recognition can be up to three seconds long.
All of these phones have awful Wi-Fi that drops out randomly, abysmal 3G and LTE reception and every single one of them ships with at least one application or configuration that wakelocks the phone and drains the battery astonishingly quickly.
Look, I know Android. I know how to get in there and rip out (most) of the miserable bits, configure the thing to (mostly) not suck, solve driver issues etc. What I'm saying that I shouldn't have to. The damned things should just work. The stock ROMs should come with drivers that do what they're supposed to out of the box, be tested for wake locks, not have bizzare lags or glitches etc and so forth.
Samsung used to ship a polished product. A quality device with a quality ROM that an engineer could be truly proud of and customers enjoyed using.
Now all they ship are jars of shitinase and it's high time we stopped paying them for the favour.
"Do any Android manufacturers (who aren't Google) patch regularly?"
Not that I know of. Part of the problem, but, oddly, a separate problem from the bit that really makes me hate Samsung.
Hey, buddy, howzabout you go eat a bag of mouldy dicks? Cool? Cool.
A) There is no way I have the money to take on Samsung in the courts. You're a funny guy.
B) Cyanogenmod for the S5 is a bucket of shit-covered shit in shit sauce. Don't know if you've been paying attention, but third party ROM support for Samsung mobiles has been awful ever since the S2. There is always something that doesn't work properly that makes it even worse than the stock ROM.
C) The idea that having to load a third party ROM to get security updates is somehow acceptable makes you sound like an out of touch technocrat who hasn't had a dalliance with a member of their preferred gender in years. The part where wanting my phone to just fucking work is something you believe makes me "an entitled millennial dick" makes me want to force-feed you the aforementioned bag of mouldy dicks just for being an asshat on the internet.
Cheers and beers.
Here's betting my Galaxy S5 never sees a single one of these patches. A terrible phone by an increasingly terrible company.
My wife, myself and everyone we count as friends would all go, without hesitation, even if we knew for a fact we'd last only days or months on the Red Planet.
For exploration. For humanity. For our future.
Some things are absolutely worth dying for.
Queue tantrum from IPv6 purists.
VASMIR (and other ion engines) have one critical design flaw: they need power. Lots and lots and lots of power. Solar ain't gonna get you there, so that means fission. Fission means fissionable materials. Fissionables can be used in two forms:
1) RTGs, which we can't do because we don't have any more plutonium, and hand-wringing is preventing us from making more.
2) Fission reactors, which we can't do because OMG RADIOACTIVE SPACE NUKES ARE GOING TO KILL THE CHILDREN.
Good luck with those ion engines. They're no match for the mighty NIMBY.
Er....my ISP assigns me one IPv6 address. Not a block. An address. I have to set up a sixxs tunnel and use my block from there to do anything useful with IPv6. An the other two ISPs in the area don't assign IPc6 at all!
So, yeah, that whole thing where ISPs will do whatever ivory tower intellectuals tell them to do? That's not how the real world works. People are shit. ISPs and ivory tower engineers alike.
How's that elitism working out for you and your ivory tower douchecanoes?
In the real world, NAT has benefits. I don't give a shit if developers have to suffer through importing a handful of libraries that provide all the tools they'll ever need to work with NAT. There's no good reason whatsoever that my endpoints should have globally addressable IPs.
I won't speak for anyone else on this, but I'm super interested in this, and I thank Simon from bringing it to my attention. This like "by the way, fs.com is where you find super cheap cables that will save you tens of thousands of dollars". It's "infomercial" to fs.com's competitors, vital information to actual IT practitioners.
There's nothing politically incorrect about anything you listed except "Maybe Israel is kinda fascist". Everything else is simply incorrect. Politics don't enter into it.
As for the Israel thing, well, Israel is run by horrible people who do horrible things. But "fascism" isn't the correct term. They're their own thing. And yes, I don't understand why it's politically incorrect to say "well, shit, the way Israel's government responds to pretty much everything - both internally and externally - is awful, and a lot of their problems would solvable if they weren't arrogant, xenophobic, nationalistic, control freaks."
Somehow, saying the Israeli government is peopled by monsters is immediately a condemnation of all Israelis or even all Jews (Israeli or not). I don't get how that works, but apparently it's a thing.
The rest of your issues, however, are just wrong. Way before politics gets involved.
Yeah, but if start settling for a donkey, what we'll actually get is...not very useful at all.
Apprehend and rehabilitate. Vengeance is not justice.
If I have a 20% chance of chemo curing my cancer and a 90% chance of dying from that cancer then I'm going to take the chemo. That's just rational.
Woo woo crystals, magic water and the so-called "power of prayer" have exactly a zero percent chance of curing me. The power of the human immune system varied dramatically per person, and given the death rates from cancer do you really want to roll those dice?
The alternative to chemo or radiation therapy is generally death. And not the nice kind of death.
Spoken like someone who not only hasn't done the research, but has never had to face the decision personally.
Chemo sucks balls. Horrible, horrible balls. Chemo is terrible, and awful; it's miserable and it very well might kill you. Anyone any everyone whose been through it, or had a loved one go through it will tell you this.
But for all chemo's problems, cancer is worse.
I'm with Enrico on this. Reinventing the "System Center single installer" isn't a hybrid cloud. Actually having management products that aren't a miserable bitch to install, configure, maintain and support is a really big part of it.
VMware still has a the mindset of an infrastructure supplier. They make pieces of infrastructure and they expect you to get a whole bunch of certifications and read a 400-page user manual.
Oh, and pay for the lot of it like every single bit was made out of iridium.
This strategy would work if the only players on the table were VMware, Microsoft and Amazon. It would work if Enterprise IT spend were still growing at 8% year on year. None of this is true.
Multiple players - big and small - have figured out that if you aren't selling "cloud in a can" you're already dead, and you don't even understand why. Over the next 12-18 months, they'll be cranking these out. The endgame machines are coming.
What's more important: those competitors are pricing their wares for the mass market. And - lo and behold - the SMB and midmarket space, which already make up around 60% of IT spend - are the areas where IT spend it growing near the double digits year on year.
Hyperconvergence was the future seven years ago. Today, it's just another feature. It's not even a product.
The future - tomorrow's technology - is made up of turnkey cloud-in-a-can. Not for the cost of your first born. Not requiring a room of PhDs to make go. But for commodity pricing and with an ease of use rivaling Amazon itself.
The datacenter was VMware's to lose. And, quite frankly, they haven't even shown up to be counted.
...they're not wrong. It's something people have been asking after for some time.
Clearly you're not consuming as VMware intends (upgrading everything immediately). The past year has been a clusterfuck-class comedy of errors. I can't help but feel VMware are moving more and more towards a Redmondian QA model.
If you have to ask, you're not a "relevant" customer.
Welcome to tech.
You want me to carry around a keyboard for my notebook.
The fuck, what?
But they don't have a real keyboard.
We need to have zero corporate tax and low taxes for the rich in order to attract businesses to our nation/province/muni! The governments really make their money off the taxes of the workers! That's where the real income is!
Sorry, but I don't see getting trusted root certs as being all that hard. Pretty much zero effort, when you look at just how easily that particular scam has been pulled off before.
It takes a lot - a lot - to get browsers to pull trust for a cert, and comparatively little to set up a CA and get into the list. Especially for ISPs.
Designing a network and physically putting it in place is a lot of effort. It's stupid money, requires a huge number of people and takes crazy amounts of time. Becoming a CA and then abusing it, or using already abusable certs from generally trusted CAs, or any of many other techniques (you need to install our software in order to use our internet) is basically zero effort.
You make a choice about how you want to ruin your reputation and then you do the paperwork. You will eventually be caught, but you can absolutely spoof the TLS traffic quickly and easily.
As you state: Internet security basically relies on the system. Something you seem to think actually works.
I, however, view the CA system as completely broken and pathetically easy to manipulate, especially when compared to other very tangible considerations of running something as big as an ISP.
I'm not sure I could hack my way out of a "hello world" statement. Written correctly, it shouldn't have an attack surface.
Also, how am I in a line of code? If I echo myself out of a line of code, is that me that escapes to the display device, or merely a copy of me? Oh the existential horror of it all...
Funny how it's doable in practice. It's detectable*, if you know what you're looking for - and thankfully browsers have stepped this up a little - but proxying TLS connections in this fashion is absolutely possible. The key is to control the entire negotiation process instead of trying to intervene in one that's already started.
You can not simply insert yourself mid stream to an extant session. You can, however, cause the client to negotiate the TLS connection with your MITM proxy while your proxy negotiates a TLS session with the target site.
All the client traffic goes from the client to you whereupon you decrypt, sniff the traffic and forward on down the next TLS session to the target site.
Yes, it requires that you have a certificate that the client trusts. And ideally you would be able to spoof the site in question with this cert so that if your client thinks they are contacting bob.com they don't end up with a trusted cert from proxysrus.com.
But this is really just a discussion about root certification trusts at this point, and we all know that the entire cert authority system is pretty broken.
So I'm back to: if you can insert yourself between the two endpoints you can MITM TLS connections. It takes some effort, some creativity and some illegality, but it's absolutely doable. Innumerable corporate security products rely on exactly this, as do various state-level spying initiatives.
The difference between them is merely how they go about obtaining trusted root cert status.
*A great tool for this is the add-on Cert Patrol for Firefox. It will let you see when certs for a site have changed, even if they're "valid" re: root certs. Of course, a lot of companies with large infrastructures change certs regularly, or even deploy multiple valid certs from multiple valid providers! This practice makes MITM attacks all the more viable, especially for large/popular sites, and it also makes it harder to detect in practice because you become immune to Cert Patrol warnings after a few days.
Except the services themselves. The API of those services isn't fixed or static. They can and will change as soon as viable competition offering the same APIs shows up and they see movement away.
It was ever thus.
The only "cross cloud" anything worth a damn was Ravello. And then Oracle bought them.
Now we need another Ravello.
Shot version: Pernix sold two product: FVP and Architect
FVP is server-side-caching. You buy an SSD (or multiple) and put them into the server. FVP then copies frequently read data blocks into the SSD to your apps can read them faster. It also buffers writes to the SSD so your writes happen faster and then slowly drains them back to disk. If clusters this across multiple servers so that if one server goes splork all your writes waiting to be drained are still stored elsewhere.
Architect is the thing that looks at your workload and makes sure that all your writes will fit onto the SSDs without causing a flush cascade and crippling your entire infrastructure. (I.E. your writes don't fill the SSDs up faster than they can drain over the course of an arbitrary period defined in part by the size of the SSDs and the speed of the storage you're trying to accelerate.)
To make FVP work you need to buy expensive SSDs + hella expensive software + OTHER expensive software (Architect). This is because it is way - way - easier to cause a flush cascade than Pernix people will admit.
The end result is that Pernix, while not a bad idea and actually decent software, simply cost too much. Why would you pay more to accelerate your servers' access to their storage than it cost to simply buy new storage in the first place, or to move to a hyperconveged infrastructure?
In many - but not all - cases it would have been cheaper to simply toss some SSDs into existing systems and enable VSAN (or Maxta) as an all-flash setup for demanding applications than to use Pernix. (Remembering that I could still use my slow storage for non-demanding applications in a VSAN setup.) By segmenting the workloads in such a manner I also eliminate the risk of flush cascades entirely.
And on, and on, and on, and on. The arguments can go up one wall, down another, 'round and 'round and 'round and 'round. Suffice it to say that while Pernix software works, and works well, you absolutely need to know what you're doing with it, you need to be pretty good at architecting solutions based on some pretty in depth understanding of storage and, well....
...along the way a bunch of easier solutions with lower knowledge requirements came along at the same or lower prices. Pernix as a product couldn't survive as it was positioned or priced.
But Pernix as a pair of features will be a powerful and enticing addition to Nutanix's offerings.
As I said: I realize it makes me a bad person to take enjoyment in the discomfiture of others. That said, I feel I'm in good company as the discomfiture I'm enjoying is that of bullies. Enjoying watching bullies get their comeuppance isn't something that makes one a good person. I acknowledged that and do so again.
But it is a very human reaction, and I am as flawed as any human. Perhaps even more than most. However sad, upsetting, immoral or unethical it may be, it is natural for one who is perpetually on the receiving end of bullying to take a dark and even unwelcome pleasure in seeing bullies brought low.
Am I proud of myself for feeling such schadenfreude? No. I am, in fact, more than a little disconcerted that I am capable of such depth of disquieting emotion.
That said, it says something about those who drove the organization that this is the depth of emotion they inspired. Positive and negative; I'm sure there are multiple interpretations that we could haggle over for hours.
As for my irredeemability...I don't deny that. Seems to me everyone who ever had a soapbox to stand is one form of sonofabitch or another. I'm not a great person. I'm probably not even a good person. But I take comfort in knowing that whatever my flaws, however horrible and hateful, spiteful and miserable a pathetic nobody I truly am...
...I'm not quite as irredeemable a shit as bullies from Pernix.
And unlike them, I'm willing to admit I'm an ass and slowly, awkwardly, perhaps ultimately unsuccessfully, at least try to make myself a better person. If nothing else, I like to delude myself into thinking that self awareness of my own flaws and a willingness to address them makes less awful than those who honestly believe they're beyond reproach even as they behave in a despicable fashion.
Biting the hand that feeds IT © 1998–2017