The one title that fits: "The Incident"
141 posts • joined 30 Jul 2010
Long overdue. Apple, please go back to FUNCTIONAL design. I'm typing this - more like trying to type this - on a MacBook Pro with a barely usable keyboard because Jony cared more about thin than usable. And that's just one example of his broken obsession. I hope his last design on the way out the door is the consulting deal with Apple - all appearance, zero functionality.
You had an usual way with words Andrew - and not always in way I could understand. Many times I'd have to read a paragraph or two more than once to figure out what it is you were saying, but nonetheless, it's this diversity of style that makes a place like The Reg unique. Hope whomever follows you will have the same passion you brought to your stories, and will be just as inclined to kick the hornet's nest on a regular basis (copyright anyone??). Good luck!
A rather novel solution, and where I live a lot of apartments are starting to require owners with dogs to sign up. Leave poop behind? They DNA match it to the dog/owner. Pretty much solves the "It wasn't MY dog." excuse. (pooprints.com - and no, I have no affiliation. I just think it's a good idea.)
How? Because if MS/Oracle/Google/Amazon/et al have their way pretty soon the cloud thing will be the only choice. And even before that happens, as more and more people move to shaky cloud services there's this weird reverse herd immunity thing going on, where no one can point the finger at anyone else for their crap decision to move to the cloud, because they've made the same stupid decision and they're down too! So no one is vaccinated from the stupidity and everyone is sick at once. Joy.
But how do you separate surveillance communications from app functionality? If the app makes an SSL connection "home" to function, there is likely no way to filter out the privacy data included in that stream. How many apps function without connectivity somewhere? Very few these days.
I'm glad to see the semi-annual release has finally caught up with the Patch Tuesday fiasco that's been going on for the last six months.
And don't even get me started on the cumulative update deltas that totally break CBS from month to month. What the actual fuck have these guys been smoking?
The sad part of watching this is we desperately need people like Hughes and Musk - entrepreneurs with an engineering mindset willing to THINK BIG and take HUGE risks. There simply aren't many people willing to roll the dice and suffer the humiliation if it all goes sideways, and that's a shame. I truly hope this is just a temporary setback for Musk, and once he gets some sleep things will be better. The world will be a lot duller without Musk and his dreams.
Sorry for the rant El Reg, I still love you, but I'm getting annoyed with the constant chest thumping about "breaking the news" on Meltdown and Spectre. I found out about it on Reddit a day before El Reg wrote the first story. (You too??)
Guess in your world reading about it somewhere other than a "news" site doesn't count, but in my book when someone "breaks the news", it's typically novel information they discovered, usually through investigation or research, not something being publicly discussed for a day on one of the world's most frequented websites. Just feels like you're taking credit (over and over again) where it's not due.
Maybe I have it all wrong - maybe you were hot of the trail of Meltdown weeks before you "broke" the story, but you made no mention of any investigation in your original piece and the details in the original story looked a lot like a rehash of sources being quoted on Reddit from the day before.
Feel free to correct me if I have this all wrong. I may have simply got up on the wrong side of the bed this morning.
"However, Symantec plans to release a hotfix to address the issue, and recommends that the Microsoft Windows Security Updates released on January 3rd, 2018 updates not be applied to systems until a hotfix is available for the affected versions."
Working AV or vulnerable system? Guess that's your choice.
$62M down the drain, no competitive bids, bypassing the IT department, not integrating with the Center's EMR system, and on and on. And the worst part - no improved outcomes.
Journalism played a role in all the hype too, so good on you Andrew for bringing some attention to this subject.
I'm starting to get the feeling these systems are getting too big and too complex to be managed for uptime. Not only Google and AWS, but look at O365. They just had a Sharepoint incident where file sharing stopped working (yeah, ironic) and it took them 10 days to patch all those who were affected. Think about that: If you were at the end of the queue for the fix you lost file sharing capability for 10 days! And the whole thing was caused by a bug in an "upgrade".
Perhaps they need to stop working on "upgrades" for a while and start working on rapid rollback. I still don't get how MS can upgrade (break) everything at once, and then need 10 days to unwind the changes. Something doesn't make sense.
Normally I'd agree with you, but Tom Wheeler (former FCC chair) actually tried to make things better for consumers and he's the reason Pai is now on this crusade. Who would have guessed it? Wheeler was a former high-ranking cable/telco guy and there was zero in his background that would have led you to believe he'd be anything but a shill for the cable companies. Turned about to be just the opposite, which must have infuriated his former masters.
Pai? Yeah, he knows who signs the checks.
Well, now I'm not so sure this new FF whitelist setting fully works. EFF's Panopticlick is still able to enumerate fonts (unless it's just guessing?), although the site referenced in this article now only sees what's in the whitelist. Not quite sure what Panopticlick is doing to get around the whitelisting - assuming it really is.
I agree reports are mostly useless, but requiring section 9 companies to expose their risk management policies is worth putting up with some of the less meaningful reports.
A big part of cybersecurity risk today is that no one is shining a light on crap risk management practices - you know, like trading profits on the back of someone else's risk. Make them do it publicly, so when they do get hacked and lose all of OUR data, they can't claim they were unaware of the residual risk.
More interesting would have been Amazon saying there was simply nothing to produce. Telling that they are using legal weasel words instead, clearly aimed at placating customer concerns about privacy and keeping Echo sales strong.
A microphone in every room, listening 24x7, all connected to a service you don't control. What could possibly go wrong?
"...no matter what the question asked, the response gets twisted to whatever is on that day's talking point memo"
Well, a good part of that is because the "news readers" (what used to be real journalists/reporters) constantly let them get away with it, either through lack of preparation or the fear of being blacklisted for future interviews. Where's Mike Wallace or Ted Koppel when you need them??
One of the interesting things I notice watching the O365 "Health" status is just how long it takes Microsoft to fully remediate an issue. You'll see an issue get opened and normally diagnosed quickly (within hours, sometimes a day), and then a patch developed for what's normally a regression caused by some other work that's been done. And then you wait. And I mean wait. I've seen many issues take WEEKS to get fully deployed. MS dutifully keeps you notified of progress (X% complete, day after day), but if your account happens to be at the end of that repair chain you are waiting a REALLY long time to get your service restored.
It's one of the interesting things about cloud services I don't hear many people talk about, and that's the time it takes to repair a massive amount of infrastructure even when know how and have a fix available. I expect this to only get worse as the cloud continues to grow.
I know what you're thinking. "Did he regression test six modules or only five?" Well to tell you the truth in all this excitement I kinda lost track myself. But being this is a critical patch you need to apply to fix the last set of bugs we released and could blow your entire compute environment clean off, you've gotta ask yourself one question: "Do I feel lucky?" Well, do ya, punk?
Why do they open it? Closure - that incredible human *need* to tie up loose ends.
You've just handed me a wrapped up box with my name on it that could have something REALLY IMPORTANT in it, and you're asking me to just throw it away?? But then I'll never know if it WAS something important. No closure.
That's why this behavior is so incredibly difficult, if not impossible, to stop.
In all the years I've been running VMware - not as many as Nate, but close - I've never had a real reason to look elsewhere. The releases mostly had new features relevant to my environment, and most importantly, they were stable right out of the gate.
The last 18 months have been a shitshow for VMware customers. Bug after critical bug, and it's a total crapshoot as to when show-stopping (data loss, PSODs) problems will get fixed, and fixed for good. The quality of phone support has gone way down as well - the only metric appears to be number of cases closed.
Toss in View (we're VDI for about 95% of our desktops) and the release cycle has become a little shop of horrors. Never used to be this way.
So if VMware is even slightly worried about remaining relevant and keeping long-time customers, they need to get their focus back on quality. There's simply no reason to pay premiums for crap software and support.
":Jeff Bezos' web services unit delivered not just a technology platform but way of consuming business tech: paying for what you consume..."
As Nate keeps pointing out (and rightfully so), no, you don't pay for what you consume, you pay for what you provision. Ignore that distinction at your own financial peril.
Apple claims they can't do it - technically impossible. Judge says, "Hmmm, these really smart guys (much smarter than your guys) from the NSA think you must have missed something, and they'd like to have a crack at it. Mind sending over all the source code, chip lithography, design docs, and a few of your best engineers to assist? On second thought, can you just set up an office for them there at HQ? This may take a while."
I would love to see an auditor's statement that evaluated the effectiveness of their DR plan. I swear most of these companies just write down anything to pass an audit with zero chance of the "plan" ever working. And then they pray, or when something like this does happen, decide the risk of failing over is much greater than just waiting for the power to come back on because, you know, they've never actually TESTED a full failover and fail back.
"vSphere 6.0 emerged to applause and swift adoption." Followed by a lot of regret.
vSphere 6 has arguably been the buggiest release of vSphere ever, and still had serious data corruption and stability issues nine months after release. VMware needs to get the "Q" back in QC in 2016.
Seriously, invest a couple of bucks in alternatives like Affinity, Pixelmator, Corel, etc. Even if they aren't Photoshop equals (yet), we need to encourage and support these developers so that we have options - including telling Adobe to get stuffed. Otherwise a few years from now Adobe will be all that's left, and then watch what happens to the subscription price.
We installed this on a few test machines and it's supposed to allow administrators to add a reg key to disallow Safe Mode in Outlook. What it seems to be doing instead, at least on our test machines, is forcing Outlook into Safe Mode on startup. If you add the reg key (BTW, the KB article for this only shows the location for the 64-bit version of Outlook; if you're using 32-bit Office use the WOW64 branch instead) you can get Outlook to run again in "normal" mode. So it looks like another month with yet another flaky patch. Sigh.
Biting the hand that feeds IT © 1998–2020