Re: A standard dating back to 1987 - and a bug fixed in August 2019?
Sorry - meant 2018. Really wish I could time travel.
127 posts • joined 30 Jul 2010
Sorry - meant 2018. Really wish I could time travel.
Color me confused. If the KB is right the fix for 6.5 was included in the August 2019 patch release (Build 9298722). How is this just becoming news now?
The sad part of watching this is we desperately need people like Hughes and Musk - entrepreneurs with an engineering mindset willing to THINK BIG and take HUGE risks. There simply aren't many people willing to roll the dice and suffer the humiliation if it all goes sideways, and that's a shame. I truly hope this is just a temporary setback for Musk, and once he gets some sleep things will be better. The world will be a lot duller without Musk and his dreams.
Sorry for the rant El Reg, I still love you, but I'm getting annoyed with the constant chest thumping about "breaking the news" on Meltdown and Spectre. I found out about it on Reddit a day before El Reg wrote the first story. (You too??)
Guess in your world reading about it somewhere other than a "news" site doesn't count, but in my book when someone "breaks the news", it's typically novel information they discovered, usually through investigation or research, not something being publicly discussed for a day on one of the world's most frequented websites. Just feels like you're taking credit (over and over again) where it's not due.
Maybe I have it all wrong - maybe you were hot of the trail of Meltdown weeks before you "broke" the story, but you made no mention of any investigation in your original piece and the details in the original story looked a lot like a rehash of sources being quoted on Reddit from the day before.
Feel free to correct me if I have this all wrong. I may have simply got up on the wrong side of the bed this morning.
"However, Symantec plans to release a hotfix to address the issue, and recommends that the Microsoft Windows Security Updates released on January 3rd, 2018 updates not be applied to systems until a hotfix is available for the affected versions."
Working AV or vulnerable system? Guess that's your choice.
$62M down the drain, no competitive bids, bypassing the IT department, not integrating with the Center's EMR system, and on and on. And the worst part - no improved outcomes.
Journalism played a role in all the hype too, so good on you Andrew for bringing some attention to this subject.
"Holy crap!" said every CEO in America. "Let's convene an emergency meeting of the Board and all the IT/Security department heads and find out exactly what's needed in the 2018 budget to prevent it happening here!"
And then I woke up.
I'm starting to get the feeling these systems are getting too big and too complex to be managed for uptime. Not only Google and AWS, but look at O365. They just had a Sharepoint incident where file sharing stopped working (yeah, ironic) and it took them 10 days to patch all those who were affected. Think about that: If you were at the end of the queue for the fix you lost file sharing capability for 10 days! And the whole thing was caused by a bug in an "upgrade".
Perhaps they need to stop working on "upgrades" for a while and start working on rapid rollback. I still don't get how MS can upgrade (break) everything at once, and then need 10 days to unwind the changes. Something doesn't make sense.
Normally I'd agree with you, but Tom Wheeler (former FCC chair) actually tried to make things better for consumers and he's the reason Pai is now on this crusade. Who would have guessed it? Wheeler was a former high-ranking cable/telco guy and there was zero in his background that would have led you to believe he'd be anything but a shill for the cable companies. Turned about to be just the opposite, which must have infuriated his former masters.
Pai? Yeah, he knows who signs the checks.
Well, now I'm not so sure this new FF whitelist setting fully works. EFF's Panopticlick is still able to enumerate fonts (unless it's just guessing?), although the site referenced in this article now only sees what's in the whitelist. Not quite sure what Panopticlick is doing to get around the whitelisting - assuming it really is.
Kind of an ugly solution, but it works.
I agree reports are mostly useless, but requiring section 9 companies to expose their risk management policies is worth putting up with some of the less meaningful reports.
A big part of cybersecurity risk today is that no one is shining a light on crap risk management practices - you know, like trading profits on the back of someone else's risk. Make them do it publicly, so when they do get hacked and lose all of OUR data, they can't claim they were unaware of the residual risk.
Unlike the current trend to grow by taking hostages, these guys earn their growth.
What a concept: Build a solid, reliable product with useful features, support it well and treat your customers with respect. Why do so few companies do this?
More interesting would have been Amazon saying there was simply nothing to produce. Telling that they are using legal weasel words instead, clearly aimed at placating customer concerns about privacy and keeping Echo sales strong.
A microphone in every room, listening 24x7, all connected to a service you don't control. What could possibly go wrong?
What a crap year with a lot of losses. You may not make the "celebrity" news Lester, but you were a star around here and will be missed.
"...no matter what the question asked, the response gets twisted to whatever is on that day's talking point memo"
Well, a good part of that is because the "news readers" (what used to be real journalists/reporters) constantly let them get away with it, either through lack of preparation or the fear of being blacklisted for future interviews. Where's Mike Wallace or Ted Koppel when you need them??
One of the interesting things I notice watching the O365 "Health" status is just how long it takes Microsoft to fully remediate an issue. You'll see an issue get opened and normally diagnosed quickly (within hours, sometimes a day), and then a patch developed for what's normally a regression caused by some other work that's been done. And then you wait. And I mean wait. I've seen many issues take WEEKS to get fully deployed. MS dutifully keeps you notified of progress (X% complete, day after day), but if your account happens to be at the end of that repair chain you are waiting a REALLY long time to get your service restored.
It's one of the interesting things about cloud services I don't hear many people talk about, and that's the time it takes to repair a massive amount of infrastructure even when know how and have a fix available. I expect this to only get worse as the cloud continues to grow.
Credit where it's due - I saw this on a Reddit thread and I'm glad I did. This is the closest I've ever seen someone get to describing us.
VMware, get your product quality back up. You may not be able to attract everyone to your technology but you can sure as hell drive them away with crap QC, and over the last 18 months you've been doing a fine job of it.
I know what you're thinking. "Did he regression test six modules or only five?" Well to tell you the truth in all this excitement I kinda lost track myself. But being this is a critical patch you need to apply to fix the last set of bugs we released and could blow your entire compute environment clean off, you've gotta ask yourself one question: "Do I feel lucky?" Well, do ya, punk?
Why do they open it? Closure - that incredible human *need* to tie up loose ends.
You've just handed me a wrapped up box with my name on it that could have something REALLY IMPORTANT in it, and you're asking me to just throw it away?? But then I'll never know if it WAS something important. No closure.
That's why this behavior is so incredibly difficult, if not impossible, to stop.
I really like the tone of the Datacore response. So often these arguments turn into mud-slinging affairs that quickly turn ugly. Look no further than Chuck Hollis vs. Nutanix. Not a shining moment for either party.
That link to "surveillance capitalism". Thanks very much for that.
In all the years I've been running VMware - not as many as Nate, but close - I've never had a real reason to look elsewhere. The releases mostly had new features relevant to my environment, and most importantly, they were stable right out of the gate.
The last 18 months have been a shitshow for VMware customers. Bug after critical bug, and it's a total crapshoot as to when show-stopping (data loss, PSODs) problems will get fixed, and fixed for good. The quality of phone support has gone way down as well - the only metric appears to be number of cases closed.
Toss in View (we're VDI for about 95% of our desktops) and the release cycle has become a little shop of horrors. Never used to be this way.
So if VMware is even slightly worried about remaining relevant and keeping long-time customers, they need to get their focus back on quality. There's simply no reason to pay premiums for crap software and support.
Yeah, it's pretty obvious now why MS is going to limit/license Server 2016 based on core count. Bet VMware follows along shortly with a new vCPU tax.
":Jeff Bezos' web services unit delivered not just a technology platform but way of consuming business tech: paying for what you consume..."
As Nate keeps pointing out (and rightfully so), no, you don't pay for what you consume, you pay for what you provision. Ignore that distinction at your own financial peril.
Sorry for your loss. I managed 22 years with my last feline friend before he used up all of his nine, and yeah, it sucked pretty bad to say goodbye. But new friends await, and some lucky cat will hit the lottery ending up in your lap.
Apple claims they can't do it - technically impossible. Judge says, "Hmmm, these really smart guys (much smarter than your guys) from the NSA think you must have missed something, and they'd like to have a crack at it. Mind sending over all the source code, chip lithography, design docs, and a few of your best engineers to assist? On second thought, can you just set up an office for them there at HQ? This may take a while."
Start making companies liable for the crap they produce and you will quickly find the insurance companies that cover them demanding a "UL" for their code. No UL approval, no coverage.
UL was a boon for consumer safety, and something similar is needed again.
Was that van Zanten, may I ask ?
Nope. Klaas ...
I would love to see an auditor's statement that evaluated the effectiveness of their DR plan. I swear most of these companies just write down anything to pass an audit with zero chance of the "plan" ever working. And then they pray, or when something like this does happen, decide the risk of failing over is much greater than just waiting for the power to come back on because, you know, they've never actually TESTED a full failover and fail back.
"vSphere 6.0 emerged to applause and swift adoption." Followed by a lot of regret.
vSphere 6 has arguably been the buggiest release of vSphere ever, and still had serious data corruption and stability issues nine months after release. VMware needs to get the "Q" back in QC in 2016.
Seriously, invest a couple of bucks in alternatives like Affinity, Pixelmator, Corel, etc. Even if they aren't Photoshop equals (yet), we need to encourage and support these developers so that we have options - including telling Adobe to get stuffed. Otherwise a few years from now Adobe will be all that's left, and then watch what happens to the subscription price.
Sony's AIT format supported R-MIC (Remote Memory In Cassette) way back in 2003 for exactly what's being discussed - fast cataloging. Too bad the format never really took off.
We installed this on a few test machines and it's supposed to allow administrators to add a reg key to disallow Safe Mode in Outlook. What it seems to be doing instead, at least on our test machines, is forcing Outlook into Safe Mode on startup. If you add the reg key (BTW, the KB article for this only shows the location for the 64-bit version of Outlook; if you're using 32-bit Office use the WOW64 branch instead) you can get Outlook to run again in "normal" mode. So it looks like another month with yet another flaky patch. Sigh.
"...tarring us all with the same brush and ignoring the fact that we mostly sell through the channel"
Oh, you mean the channel you've set up where deals are "protected", and if my reseller is screwing me it will take an act of God to ever see a competitive bid?
“for every $1 of initial product purchase, our top 25 customers on average spent more than $9 on new product purchases in the first 18 months following their initial purchase, up from $8 last quarter.”
Which tells you one critical thing: You'd better cut the best deal you can up front, for all the storage you can possibly afford, because you'll never see that pricing again. Instead you'll be treated to "upgrade pricing" and your negotiating position will be the one where you grab your ankles.
Not necessarily picking on Pure. Nimble and the others do it too.
It's easy to be glib and just tell people to back their stuff up, but with the increasing sophistication of these programs, quick restores may not fully address the problem. Some of the slow-encrypting variants that make a mess of your files *over time* defy the "we'll just restore from yesterday's backup" answer. If the crook is patient and careful enough to stay under the radar for some period of time, good luck figuring out your good restore points - and for what files. It's not that it can't be done, but it's going to be one hell of a research project to get your files back - assuming your backups go back far enough.
Don't underestimate the ability of these guys to make a huge mess of your tidy little IT environment. If you don't have canary files hanging around with really solid alerting, and good endpoint detection tools (and NO, AV doesn't quality) then you'd better pray you don't get targeted by a patient adversary.
"The measure of a man is what he does with power." Plato
Now all they need to offer is a service that gets past mindless first-level support and escalated to someone that actually has a clue about your (insert problem here), and then transfers the call to you. THAT would be an earner.
I'm not sure which is worse, that they did it, or that they thought they'd never get caught. $7.2B is just the down payment on the damages from this decision.
For Sale. VW. Cheap. (Must take Company.)
Looking at auto-maker stock prices it appears many people believe VW wasn't playing this game solo.
I'd wait a bit longer if I were you.
And that hasn't been the only nasty surprise in 6.0. Feels like QC is slipping a bit.
No need, until you run a remote desktop session with RDP or VMware View, and you NEED a frikkin mouse or trackpad!!!
Apple really knows how to kill a prime use case for this device.
Don't worry. It wasn't chicken.
Read the article about Google demanding Apple devs stop using HTTPS. It explains it all. No HTTPS until the ad networks support it.
I'd pay a reasonable subscription fee to the Reg for an ad-free, HTTPS version of the site. Be an interesting exercise to run as I suspect I'm far from the only one who would sign up, but you'll never know until you try.
I do find it interesting that no one (publicly) seems worried about Veeam, who just keep winning customer after customer every month with some awfully good products and a refreshingly open management style. These wins can't all be first-time buyers.
Full disclosure - happy Veeam customer for the last two years.
Why do I get the feeling the biggest problem with this technology will be making enough of it?
This is so bad from a major vendor's perspective ("What do you mean, they can just replace our stuff??) that I find it hard to believe it will get serious (deep) support. Sure, they'll offer a driver so they can check the "Supports OpenStack" box, but how can this be in their interest over the long term?
The vendor sales model is built around lock-in. The very last thing they want is to enable competition, so if you think the marketing guys are dictating engineering decisions today, just let them get one whiff of this and see what happens.
Is the "Optional" setup screen when you first install the OS - you know, the one they bury as deep as possible so you'll just install the OS with the "take all my data" defaults. Any review really needs to show the settings on that screen so you can see what Microsoft takes without really asking. How many users are ever going to see that screen?
I believe congratulations are in order amanfrommars1, for landing a new job. Well played.
Biting the hand that feeds IT © 1998–2018