* Posts by Roo

1516 posts • joined 21 Sep 2010

Twitter breaks bad news to 677,775 twits: You were duped by Russia

Roo
Silver badge
Windows

Re: "B****" --

Posted like a typical numpty who doesn't understand the words and labels that is written on their "distract the proles from the clusterfuck going on in the Whitehouse" script handed down to them by folks who really couldn't give a stuff if their shills live or die, only whether they'll get to keep a few % worth of tax which would pay for shills outgoings for a couple of million years.

10
3

Oracle says SPARCv9 has Spectre CPU bug, patches coming soon

Roo
Silver badge
Windows

Re: Confused, SPARC vulnerable or not?

"What part of Spectre being a hardware bug did you fail to understand? If a chip is vulnerable it doesn't matter what software you are running on it."

It appears to be theoretically possible to defeat those attacks with suitably crafted software, but that's a case of running new binaries - and likely some kind of hit in performance. The big.little boxes out there could run sensitive processes on an in-order processor - and the less sensitive workload on faster OOO cores.

0
0

SPEC SFS 2014 benchmark smashed by storage newbie

Roo
Silver badge
Windows

Re: Eh?

Looks handy to me.

I dreamt of this kind of throughput when waiting for a compile to complete off a Fujitsu Eagle back in the day (shared with 30 other people). Kinda fun to see it happen even if it's not quite the way I predicted... The TaihuLight boxes are hooked up with PCI-Express 3.0, so presumably they have a way to integrate NVMe drives directly into their fabric. Could be a fun OCCAM platform. :)

The PCI-Express 3.0 fabrics remind me of the some of the ideas floated for IEEE1355 back in the day, but much quicker and ubiquitous. It's fun to see (some) things get a lot better despite everything else falling apart. :)

0
0

Meltdown, Spectre bug patch slowdown gets real – and what you can do about it

Roo
Silver badge
Windows

Re: "What will it take for Amazon et al to create their own, secure CPU?"

"That would mean everyone would have to get replacements for any and all legacy apps, which is nigh on impossible for many companies.

ditching X86-32 might be a a good solution, it's not a viable option I'm afraid."

Folks were running x86-32 apps on UNIX with SoftPC in the 80s.

Folks were running x86-32 apps on DEC Alphas with FX!32 in the 90s (I found that a very low end Alpha PC166 most apps were *quicker* than they were on a PPro-200 - and the stuff that wasn't was only 5-10% off).

There is no technical barrier to emulating x86 at decent speeds in 2018, the only blockers are ignorance, politics and lawyers (licensing).

2
0
Roo
Silver badge
Windows

"That's my understanding too. X86 is basically an emulation running on the RISC core."

I think misrepresents what goes on. I'm not an authority on the topic, but here's my take on it:

The (CISC) instruction decode stage(s) breaks the commonly used instruction sequences down to "micro ops".

Breaking down a multi-cycle 'CISC' instruction into lots of little u-ops then executing it in parallel with lots of other multi-cycle 'CISC' instructions poses some problems how to convey the illusion to the kernel & user that the instructions are executed in an atomic way... That entire set of quite gnarly gotchas is simply not an issue for a true RISC style design - by intent and design.

Some operations won't fit into that nice model - and for those we have microcode... Even 'RISC' chips can have microcode to handle the stuff that just doesn't fit. The Alpha had something slightly different called PALcode to handle those cases - where essentially the CPU was using a library of routines with access to implementation specific instructions... The ISA remained clean and it gave the DEC engineers a shot at implementing the machine specific crap in a RISC friendly way while keeping the details hidden from the users...

For a giggle I recommend tracking all the volumes describing the current Intel x86-64 ISA and then compare to the equiv. DEC Alpha ISA reference manual (its' much shorter)... All available for free and locatable via Google... The page count gives you a measure of how much more 'challenging' it would be to validate an x84-64 derivative... If you actually have a crack at digesting both you'll probably give up long before you get through the x86-64 manuals so I recommend starting with the Alpha first. ;)

YMMV

3
0
Roo
Silver badge
Windows

Re: "What will it take for Amazon et al to create their own, secure CPU?"

"it's not exactly a simple and cheap task to build a high-performance high-security CPU."

Agreed, but folks following RISC design principles find it a lot cheaper and easier than building a fast x86... The design team sizes and benchmark results from the days when RISC vs x86 was a thing speak volumes for that.

3
0
Roo
Silver badge
Windows

Re: So how much will this throw Intels release schedule out by?

"Corporate IT Managers will not order silicon with a known flaw (regardless of the patch) unless they absolutely have to, because people get fired over this kind of serious shit."

Few of the folks making the purchasing decisions read the errata let alone wait long enough for the showstopper errata to be discovered. Errata such as ECC failures leading to undefined behaviour didn't stop or noticeably delay folks buying the last few gens of Xeon in for example...

3
1

PowerShell comes to MacOS and Linux. Oh and Windows too

Roo
Silver badge
Windows

"Seems unlikely - a modern hybrid microkernel has several advantages. More likely Linux when needed will run as a plugin to the Windows kernel. In fact you can already do that under Windows 10."

IMO your strengths lie in FUD and bullshitting, best to keep out of the OS design biz. :)

Microsoft have already failed to assimilate POSIX with a plugin approach repeatedly. Running the code on a real UNIX/Linux was always cheaper, faster and more reliable - and didn't require a "porting" effort... MS are best to stick with running Linux under their Hypervisor and be happy that they get an OS license for running workload under someone else's OS.

As for Windows having a "hybrid microkernel" architecture, that is just marketing shite. The point of a microkernel is that the subsystems are isolated. It is fraudulent to attribute the term 'Microkernel' to something that shipped with vulns that allowed TrueType Font rendering to pwn ring0.

I don't mind folks talking up the benefits of Windows, but I draw the line at them rendering useful terms and concepts such as "Microkernel" meaningless by association.

15
3

Intel’s Meltdown fix freaked out some Broadwells, Haswells

Roo
Silver badge
Windows

Re: Remembering Snowden...

"Why in the world do you think Meltdown is something the NSA etc. would care about? It allows reading kernel data, big deal"

I reckon the NSA should care.

Meltdown can totally compromise the vast majority of desktop/server class Intel hardware out there, it's relatively awkward to fix, it has a very big exploitation window (22 years and counting if the P6 core really is vulnerable to it), it doesn't require much code to implement and it is relatively easy to hide from virus scanners. If they weren't interested they really should consider moving out of the spook biz.

Not really sure why you bothered with the asterisk, Apple don't get a pass because they still shipped vulnerable hardware just like everyone else... :)

12
0

Butcher breaks out of own freezer using black pudding

Roo
Silver badge
Windows

Re: Ee, bah, eck etc

"They advertise gluten free black pudding and haggis. Catering to the post-modern psychosomatic illness crowd[0] is a sure way to let standards slip."

Sir, I think you are being somewhat churlish. Another way of looking at it is that the Butcher is making the joys of Black Pudding & Haggis available to all. :)

8
0
Roo
Silver badge
Windows

Re: Ee, bah, eck etc

"do not mock the smoked Grützwurst"

Quite frankly this Black Pudding enthusiast is salivating rather than contemplating mockery...

However I might be tempted indulge in a bit of mockery if I honestly believed I could convince someone to give up their Grutzwurst - allowing me to swoop in and scoff it before they realised their mistake. :)

2
0

Devs see red after not seeing Big Red on Stack Overflow database poll

Roo
Silver badge
Windows

"What the f* is "older organizations" supposed to mean? Basically +90% of the Fortune 100 use Oracle,"

The world doesn't owe Oracle a living and it is legacy gear now... The only folks who care enough are wannabe Greybeards tending the grave.

The Oracle fan boys get to know what it felt like for the VMS or OS/400 enthusiasts a couple of decades back - although in fairness at least those products were well engineered and well documented so their day jobs were more enjoyable.

3
0

Here come the lawyers! Intel slapped with three Meltdown bug lawsuits

Roo
Silver badge
Windows

Re: @SkippyBing

"but the effects would be to significantly slow development"

I suspect Intel's "Tick/Tock" development model with releases being pegged to a particular date in time years before they are even developed contributes to the problem. Intel been pushing stuff out of the door before it's been fully baked to meet a marketing deadline for a while now.

2
0
Roo
Silver badge
Windows

Re: Should Intel (and other chip makers) be held responsible for hardware flaws?

"If it can be shown that intel manglement knew about the bug and yet kept on baking/selling chips regardless then I'd suspect they wont have a leg to stand on"

There are plenty of published show-stopper errata that show Intel doing exactly that over several decades. Customers typically decide that the expense of the lawsuit combined with the publicity that shows their products/services are impacted by it would do more damage than the errata...

0
0
Roo
Silver badge
Windows

"a real lawyer with IT knowledge would have known that there is practically NO SUCH thing as a CPU on the market these days that is not affected by Meltdown and/or Spectre"

A real commentard with CPU architecture expertise would know that there are CPUs on the market that are not affected by those bugs... :)

12
0

Woo-yay, Meltdown CPU fixes are here. Now, Spectre flaws will haunt tech industry for years

Roo
Silver badge
Windows

Re: RE: need a whole new architecture

"A whole new architecture was already tried."

Indeed, many many many times over and I suspect it'll continue for a while yet as the wheel of reincarnation makes another revolution... With respect to your close relative they should be paying attention to the folks in the ocean boiling business, the #1 HPC system uses a fairly unique CPU architecture - and it has been delivering better FLOPS/W (YMMV) than it's competitors running state of the art Intel + GPU combos out there for some years now...

Sometimes folks using different tools get better results...

3
0

Meltdown, Spectre: The password theft bugs at the heart of Intel CPUs

Roo
Silver badge

Re: @Dan 55

As it turns out (and in fairness to Intel) I did actually find the Core 2 Duo errata Theo referred to back in 2007 after a bit more fiddling around with search criteria...

http://download.intel.com/design/processor/specupdt/313279.pdf

The closest issues to Meltdown that I found (maybe someone smarter can find more) were AI56, AI91 and AI99:

AI56 "Update of Read/Write (R/W) or User/Supervisor (U/S) or Present (P) Bits without TLB Shootdown May Cause Unexpected Processor Behavior"

AI91 "Update of Attribute Bits on Page Directories without Immediate TLB Shootdown May Cause Unexpected Processor Behavior"

AI99 "Updating Code Page Directory Attributes without TLB Invalidation May Result in Improper Handling of Code #PF"

2
1
Roo
Silver badge
Windows

@Dan 55

"Seems Theo was looking at this a decade ago so I guess OpenBSD is already okay."

AFAICT those OpenBSD fixes related to an unpublished change w.r.t bits of page table being cached when previously they were not. I think it would be dangerous to assume those fixes also cover Meltdown.

The points Theo made about the errata preventing people from implementing secure software remain valid.

As I've said before folks really should look at the errata before purchasing a CPU - it is shocking just how broken some of them really are. That won't always help though - case in point try tracking down all the errata that Theo talked about (eg: AI90) 10 years ago... You may well struggle - because Intel's policy is to unpublish errata after they've made a fix/spec change... If anyone does find those errata - let me know. ;)

3
0
Roo
Silver badge
Windows

Re: What I don't understand

Your bafflement is entirely justified.

Intel are very lucky that their unique to them and trivially exploitable Meltdown bugs are being conflated with Spectre, they should be getting an extra roasting for that one.

In terms of Spectre that seems to be a very generic label for a bunch of quite different vulns when you dig into what info is leaked and how you would exploit them usefully.

7
0
Roo
Silver badge
Windows

Re: Maybe we dodged a bullet?

"Lots of fundamental development process rethinking required in the semi-conductor world required...."

Broadly agreeing - but I don't see this as an industry wide problem. There are plenty of well established tools and techniques in place that would catch this kind of thinko - but they all require a precise, complete and self-consistent definition of how the chip is meant to work. The x86 doesn't have such a definition in the public domain, and given the nature of the errata over the years there is plenty of evidence that Intel doesn't have one (or make use of one) in their design process either.

3
0

We translated Intel's crap attempt to spin its way out of CPU security bug PR nightmare

Roo
Silver badge
Windows

Re: "as designed"

If that is by design then they have intentionally broken backwards compatibility with their in-order CPUs... Well played Chipzuki.

4
0
Roo
Silver badge
Windows

Re: Mixed signals on CPU's

Apparently early Atoms before they decided to bless them with OOO execution are OK.

1
0
Roo
Silver badge
Windows

Re: AMD not vulnerable

"Ps AMD never copied Intel, the had tp do a "clean room" to do the microcode themselves."

That's flat out wrong. :)

Back in the day various entities such as the "Defence" contractors and big vendors required a chip to have a 'second source' vendor. AMD entered into a licensing agreement with Intel to be the second source for x86 parts - thereby enabling Intel to tender for those contracts. At one stage AMD were literally given a set of masks by Intel, and AMD used them to punch out identical - so strictly speaking they did in fact copy the Intel parts, but quite legally as per their second sourcing agreements.

As time has gone by AMD did some tweaks (eg: faster 286s, 386s, 486s which inspired Intel to unleash the lawyers at various points). Eventually they rolled their own in house designs (K5,K6,Opteron et al) - on the back of those second source agreements. Intel & AMD have continued to spend money in court wrangling over those agreements - but I think that's been settled for a good few years now.

2
2
Roo
Silver badge
Windows

Re: AMD not vulnerable

" It's a basic need to ensure caches are kept filled."

Speculative execution keeps pipelines filled, filling caches is down to the memory controllers... ;)

2
0

Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign

Roo
Silver badge
Windows

Re: Hmmm...

"We never worried about "security" in the old days of processor design"

How old is old ? MMUs have been around a long time now.

"We never worried about "security" in the old days of processor design, we were far more worried about incorrect access causing a crash and that took priority - with the result that modern security issues were mostly nonexistent."

Seems to depend on where you worked - some vendors never embraced KISS. The protection features of the DEC Alpha were far easier to understand, use, test and verify than the equiv plumbing on the much older i386 for example.

4
0
Roo
Silver badge

"Although Intel seemed to have turned a corner since Core 2 Duo came along, they've made loads of previous muck-ups."

*cough*

https://www.theregister.co.uk/2007/06/28/core_2_duo_errata/

2
0
Roo
Silver badge
Windows

Re: Hmmm... @Roo

"I think that you should say were plenty of non-x86 processors out there."

There are still plenty out there, not all of them will be a viable alternative for your application...

"There really aren't any more, with just AMD (which is an x86 derivative, but may not be affected),"

In my view AMD share the same problem as Intel: The x86 ISA (64bits, extensions, warts and all) are simply too complex to test properly. It's a scalability limit in the design space - and this isn't a new problem - it goes back decades. We are seeing bugs span multiple steppings AND generations of product line as a matter of routine. The x86 vendors are physically unable to sell us a fully functional chip even if we pay top dollar for it.

As I see it, as customers, we have no alternative but to go to other ISAs over the long run - simply to get a working chip without the "feature-itis" imposed by 30+ years worth of workarounds.

3
2
Roo
Silver badge
Windows

Re: Hmmm...

"I think we need to return to PDP11, where you had an alternative set of memory management registers for program and supervisor (kernel) mode."

There are already plenty of non x86 derivatives out there that don't have this bug, all that's required is folks to make the move. :)

Would be nice if vendors updated their benchmark results in the light of a 30% performance hit, so we can get an apples-apples comparison against processors that don't suffer from this particular fault.

13
0

Nvidia: Using cheap GeForce, Titan GPUs in servers? Haha, nope!

Roo
Silver badge
Windows

"Now the end user can be told what he can or cannot do with the hardware he purchased?"

In effect NVidia are informing their customers that the manufacturing tolerances are pushed beyond the edge, their gear is unreliable and unfit for purpose. Take note and adjust your purchasing decisions accordingly.

I imagine that the marketing dept. have been insisting that the driver & CUDA devs implement some kind of "datacentre" detection system to help enforce the licensing constraints too, so I'd give some consideration to moving away from CUDA while you are at it. ;)

3
0

Someone tell Thorpe Lane in Suffolk their internet sucks – they're still loading the page

Roo
Silver badge
Windows

Re: Call that slow?

"So I hold my head above the parapet with confidence and state that *we* are the slowest "broadband" ... unless someone knows better ..."

A relative's rural exchange runs at 512kbit max - but delivers somewhat less than 64kbit/sec (contention). When using webmail the pages frequently fail to load (timing out due to the weight of spamvertising) - POP3 for the win... Interestingly BT did get the gov cash to upgrade the exchange (closing the door to alternative providers), but no cable has been replaced and the exchange remains as it was.

No mobile reception either - welcome to "It's grim up North" Cumbria. :)

2
0

Dirty COW redux: Linux devs patch botched patch for 2016 mess

Roo
Silver badge
Windows

Re: Huh?

INMOS used formal methods to verify their IEEE754 implementation, sure they made mistakes but they made *far* fewer than the established players in the field, and consequently made less steppings/field changes to compensate. It was a reasonably quick FPU for the day too. :)

Hardware guys are light years ahead with formal methods, but their dev iterations are considerably more time consuming and costly so they have a greater incentive to weed out thinkos and bugs early. There is already software out in the wild that has had formal methods applied (rigorously in some cases) with varying degrees of success, as time goes by economics may justify/drive more software to apply formal methods. There's no reason to apply them willy-nilly, select the areas that can benefit the most to maximise the bang for buck.

2
0

Munich council: To hell with Linux, we're going full Windows in 2020

Roo
Silver badge
Windows

Re: @ Voland's right hand

"Like it or not AutoCad and its brethren remain a resolutely Windows-Only affair so any ideas of migrating a whole city council to Linux for the time being are in the realm of science fiction. "

Little nitpick - AutoCAD users would (normally) form a very small proportion of the total number of City Council users, it would be silly to build your entire infrastructure around it IMO. Give the AutoCAD victims some boxes to RDP into and be done with it already...

4
2

Qualcomm is shipping next chip it'll perhaps get sued for: ARM server processor Centriq 2400

Roo
Silver badge
Windows

Re: A power draw of up to 120 watts

"What makes you think Qualcomm will be better than Intel with regards to buggy chips ?"

I think they have a better chance because the target ISA is so much simpler - better defined, peer-reviewed etc. Qualcomm could still screw it up of course, but the problem domain *should* be a lot smaller than verifying an x86-64 design - so they have a better chance of making a good fist of it.

I don't think it's actually possible to produce a formal model of the Intel ISA, and I feel safe throwing that out there because I very much doubt anyone will ever produce a complete formal model of it and prove me wrong. :)

"The Intel f00f bug was a bad one, as was the FDIV bug."

The current errata are somewhat worse in my view, but don't take my word for it, you should take a look yourself and make your own call - Intel do publish them.

"If Intel chips were so buggy there would be a lot of people complaining"

I'm complaining - but I clearly don't qualify as a lot of people. Few people look at the errata, when a box is a bit flakey folks tend to (naively) assume the CPU is OK, and look elsewhere at stuff like firmware, memory, PSUs, or OS bugs. They might even find problems in those areas too - but for whatever reason few people choose to look at the CPU errata - my guess is that many simply don't understand the language & concepts in the errata sheets and so ignore them outright.

I am no Qualcomm fanboy - I would rather someone else punted this gear. ;)

1
0
Roo
Silver badge
Windows

Re: A power draw of up to 120 watts

"Yes, nice technology, shame about how you licence IP."

Agreed. :(

"Icon, because I'm not sure why I'd want a 120W ARM CPU?"

I am hoping it's because it will pack more densely into racks, and deliver good enough aggregate throughput in production to allow you to squeeze more bang for buck out of your date centres. IMO Intel have dropped the ball on verifying and testing their designs - the errata sheets have been horrific for a few generations of Xeons now. There would be some advantage to having less buggy chips - firmware/hardware bugs & work-arounds get tiresome and very costly at scale... :)

2
0
Roo
Silver badge
Windows

I tend not to read as much into geometry these days, although in this case it does look like it's made a difference in the sheer amount of cache on the chip - which is a good thing. It also shaves a cycle of latency here and there in comparison to the competition in terms of cache/memory latencies and branching. The instruction issues/cycle look well balanced and they've made an interesting choice in pipeline lengths as well - superficially it looks like they've put a lot of effort into minimizing latency. Can't wait to see some SPEC & SPEC_rate results - I'm not expecting top marks but I reckon the Centriq has a fair chance of achieving respectable SPEC / cubic metre (and watt) figures - which would be exciting. :)

1
0
Roo
Silver badge

There really is no solid basis for comparison at first glance. The pin bandwidth seems to be in a different league and the "ring bus" does look quite different to what Intel were punting in Xeons, it looks a lot closer to a contemporary datacentre chip than Thunder-X & X-Gene.

2
0

Don't worry about those 40 Linux USB security holes. That's not a typo

Roo
Silver badge
Windows

Re: Physical access means you own the system

"Unless of course it runs say Secure Boot with Bitlocker."

Plenty of locally exploitable priv escalation vulns once the box is up though. ;)

16
1

Paradise Papers reveal Apple moved bits of biz offshore

Roo
Silver badge
Windows

"Cupertino also claims that it remains the world's biggest taxpayer,"

Dearest Timbo

I will gladly help Apple out - they can have my earnings and pay much less tax - and in return I'll have theirs. Everyone's a winner.

21
2

AMD, Intel hate Nvidia so much they're building a laptop chip to spite it

Roo
Silver badge
Windows

Intel's half of the memory architecture slides appear to have been drawn up by the Underpants Gnomes.

The slides assert that Intel has engineered a teleporting mechanism that magically delivers memory traffic direct to the cores. Poor old AMD not having any magic to fall back on. :)

38
0

OK, we admit it. Under the hood, the iPhone X is a feat of engineering

Roo
Silver badge

Re: "Why do you think Linux users do not spend money?"

@Hans1

I understand the sentiment of not funding scum, but in practice I have found buying an ScumTax free thin and light lappy pretty tricky. FWIW I build towers from bits or choose barebones boxes.

0
0
Roo
Silver badge
Windows

Re: "it is easier to use, more reliable and has more features out of the box."

"Again the lack of understanding what most users needs is what dooms Linux to be on less than 5% of desktops, and why desktop commercial software stays away from Linux."

Desktop users are niche, most people use mobiles and don't run a desktop or even laptop at all.

However none of that is relevant to what suits my purposes. Your argument is pointless.

0
0
Roo
Silver badge
Windows

Re: "it is easier to use, more reliable and has more features out of the box."

"Sorry, I forgot there's a third group, those who have been brainwashed (by the first group) to believe Linux is "the best" -"

Brainwashing at the scale required to keep an OS user community afloat requires the kind of resources that a big name like Microsoft, IBM, Oracle or Apple bring to bear.

There is however a significant group of FUD pedallers out there (including you in this case) who prefer to denigrate users (aka potential customers, peers and folks with enough marbles to make their own minds up) rather than accept that a different OS is actually a better solution. Folks spewing FUD is a key indicator that they feel threatened by the alternative and are unable to come up with a proper reason to use the product they favour.

I've used CP/M, MS-DOS (1.x -> 6.0), Windows 3.x -> ME, 3.51 -> Windows 10, VMS (3.x -> OpenVMS), SunOS, Solaris, Minix, FreeBSD, MacOS, OS/X, OpenBSD and Linux. I've tried a lot of stuff out - and at the end of the day OpenBSD & Linux still get my personal vote, but I don't feel the need to denigrate other folk's choices.

I am curious why would you care enough to want to piss on other people's parades, do you feel threatened by people making choices that don't fit with your world view ? You behave as if your career depends on you pissing on the Linux community - why is that ?

"Believe me, I'd really like a good alternative to macOS and Windows, but the "superiority complex" stemming from Stallman himself doesn't really help..."

I didn't like the noises coming from Olsen/Cutler/Gates/Jobs/Ballmer either, but I still had a crack at making the best of the stuff they punted. In this instance you are the problem, not te solution.

3
1
Roo
Silver badge
Windows

Re: "Why do you think Linux users do not spend money?"

"There are two groups of people using Linux. For one, it's a political assertion in the name of Stallman and the GPL. The other is made of people who just find free stuff appealing, especially since Illegal copies of Windows and its software became harder to use (and running macOS on non Apple devices not so easy)."

There is at least one move group. That group paid for a vendor OS and then installed Linux anyway (like me, many times over) because quite frankly it is easier to use, more reliable and has more features out of the box. Certain vendor OSes out there don't ship basics such as a bourne shell, C compiler, standards compliant web browser, Python interpreter and a workable email client - you actually have to go out and install that stuff yourself from third parties...

5
2

10/10 would patch again: Big Red plasters 'easily exploitable' backdoor in Oracle Identity Manager

Roo
Silver badge
Windows

Re: I don't think anyone is shocked by this

"Thankfully, we've stopped allowing any new Oracle products onto our network. Those we still have must find a new non-Oracle solution prior to their refresh date."

Lucky you... Did that extend to Java by association too ? :)

0
0
Roo
Silver badge
Windows

Oracle appear to have eliminated validation from their development process. They've mugged their customers with rank amateur wankware, they really should be litigated out of business.

1
0

HMRC boss defends shift to AWS, says they got 50% knocked off

Roo
Silver badge
Windows

Re: Of course not

"*Nix and you can't block root access to a file system like you can block admin access in Windows as *Nix doesn't have a very good ACL / security model in comparison) and the"

You fail at UNIX, OTOH you excel at talking smack and making stuff up. Just a few pointers for you:

1) root is not an "Admin Account", and it shouldn't be used as such - we've known better for several decades now.

2) chroot was available in UNIXland at least a decade before WinNT was even on the drawing board (Win 3.1, 3.11, 95, 98, ME et al didn't really have anything like that). Better and more comprehensive mechanisms have been implemented many times over since over the past *three* decades as well.

3) As for MS "redesigned their security so that remote access to local data requires local approval" - they have been doing that off and on since NT was released and quite frankly the CVE reports speak volumes for their fallibility when it comes to securing a machine running Windows.

Being cynical I doubt you'll be taking any of the above to heart given that you are probably just shilling or trolling - where the truth or rational arguments aren't actually relevant.

0
0
Roo
Silver badge
Windows

"AWS took a large loss on this"

Apparently data is worth something, AWS getting HMRC's entire dataset would be pretty valuable as far as random datasets go. Even if Amazon don't want the data themselves, I'm sure lots of organisations of varying degree of shadyness would like to buy it. Win win for everyone but the tax payer.

8
3

Oracle ZFS man calls for Big Red to let filesystem upstream into Linux

Roo
Silver badge
Windows

"And the anecdote about being told "use that broken stuff, no you can't go back despite having myriad problems"? Way to run a business?"

That strategy is painfully familiar. The evidence suggests that it doesn't cause enough damage to cause any serious hindrance to multinationals that are 'too big to fail'... Outfits like Oracle can win contracts by simply selling at a loss in to remove the opposition, and/or get a nigh-on-free-cash to buy them out if they choose to. These outfits can't piss money up the wall fast enough to outpace the rate at which pension funds and customers/victims are throwing money at them.

2
0

'Israel hacked Kaspersky and caught Russian spies using AV tool to harvest NSA exploits'

Roo
Silver badge
Windows

Re: "I actually blame a Microsoft"

"Does anyone seriously think any o/s isn't vulnerable these days? I have a/v installed on my Mac, we have a/v on Linux at work"

Installing *more* software with *more* vulnerabilities does not necessarily make your system any less vulnerable. When that extra software systematically reports back to base and downloads payloads off the interwebs you have provided a *new* remote entry point that gives direct access to a process running with elevated privs. *If* the resulting system is *more* secure for that extra entry point it would be a very much against the run of play in the real world.

Keeping a physical separation between the interweb traffic, filtering everything coming in (and out) with a secure by default firewall (eg: pf), patching frequently and watching the logs is the best option I've found yet.

YMMV.

I think OS/es are vulnerable, so I try to cut down services and keep a physically removable network cable between my boxes and any off-site traffic.

2
1

New coding language Fetlang's syntax designed to read like 'poorly written erotica'

Roo
Silver badge
Windows

Re: Idiots in the IT field.. too many in the last few years...

${DEITY} bless those crazy people.

1
0

Forums

Biting the hand that feeds IT © 1998–2018