* Posts by Brian Miller

1026 posts • joined 3 Jul 2007

Page:

Contain yourself – literally. You can't avoid Docker, K8s for long

Brian Miller
Silver badge

docker build ... Ah, crap!

Docker is wonderful until you try to build a container, and it doesn't work because of some obscure thing. Right now I'm fighting a Python pip problem. Works great outside of docker, fails miserably inside. "No compiler or bogus args" is what the message is like. No fun.

1
0

Kentucky gov: Violent video games, not guns, to blame for Florida school massacre

Brian Miller
Silver badge

(X|Y|Z) (is|are) the cause of (A|B|C)

(Simplistic cause) is to blame for (tragedy) so (simplistc solution) should be enacted.

Fill in the blanks with what you'd like. Group A has one set, group B has another set, etc. It's the same template, again and again.

What is the prevention for violence? Global mind control. Everyone is a citizen of the new state. The injection is serum and nanochips will just take a moment.

7
7

Apple tells GitHub to fork off: iGiant steps outside DMCA law in quest to halt iBoot leaks

Brian Miller
Silver badge

s/Apple/Pear/g

"But that's not @pp1e code! None of the variables are the same, the comments are different, and the structures are dissimilar."

What sed and some vi wizardry can do in short order. Never mind that it compiles to identical code.

13
0

NASA budget shock: Climate studies? GTFO. We're making the Moon great again, says Trump

Brian Miller
Silver badge

Privatize the whole thing

Look, NASA was great once, but we've just launched a car into space, like Heavy Metal just became real life. Just regulate private companies, and let them do their jobs. Funding then defunding then funding the same program again is just waste.

Let the private companies go for it.

7
25

You've got a yottabyte on your hands: How analytics is changing storage

Brian Miller
Silver badge

Re: stored safely and legally

What was the latest thing I read? Oh yes, data left in full public view of world + dog. Or data on HDD inside safe that was stolen. And so on.

Now there's a yottabyte of sensitive garbage for the taking by some miscreant. How about not slurping it up in the first place?

3
0

Web analytics outfit Mixpanel slurped surfers' passwords

Brian Miller
Silver badge

Rust author terrified by current state of software development

But who needs to be terrified of C/C++ when you have knuckleheads with JavaScript?

I wonder what he'll be saying when these things are being done with Rust...

6
0

Can't wait to get to Mars on a SpaceX ship? It's a cold, dead rock – boffins

Brian Miller
Silver badge

The soil is toxic

What is the point in setting up a colony when the soil is toxic and its dust will surely kill you? It may be possible for robots to operate on the surface, but the place is a death trap for people.

We may all be stuck on this planet until our species has run its course.

4
4

OpenWall unveils kernel protection project

Brian Miller
Silver badge

I remember when McAfee did this with one of their products.

They also have a "pro" version. If you don't want to bother with compiling it yourself, they'll do it for you.

From reading their wiki, I wonder if this can be effectively integrated as they claim. How many kernel modules does this break?

0
0

GOLD! Always believe in your role. You've got the power to know you're indestructible...

Brian Miller
Silver badge

"Limb"?

Limb and Disk? NASA doesn't give any explanation about their acronym! I went to their site, and while they went on about it, "limb" puzzles me.

0
0

FYI: Processor bugs are everywhere – just ask Intel and AMD

Brian Miller
Silver badge

the plebs don't have any choice in the matter of terrible, terrible chips

"The plebs" never have any choice in chips because there aren't any convenient chip foundries to pop out just a few on a wafer. Seriously it's a big undertaking, closed or open design.

The closest to any of that are the ARM designs, but then of course the licensing has to be paid, etc. And some of the designs are still vulnerable to Specter.

9
1

Stop us if you've heard this one before: Tokyo crypto-cash exchange 'hacked' for half a billion bucks

Brian Miller
Silver badge

HSM, anyone?

The private key to remotely accessible wallet was accessed. OK, why is it that these are set up such that the keys are stored outside of a HSM? For the value of digitally-stored objects, one would think that a relatively small investment should be made in better security. PKCS-11 isn't all that difficult.

2
0

No parcel drones. No robo-trucks – Teamsters driver union delivers its demands to UPS

Brian Miller
Silver badge

Go fetch

Didn't anybody mention to the Teamsters that drones gang aft agley? Those will be expensive, and must be fetched forthwith, mind ye.

So a truck pulls up with X packages in the neighborhood, and Y of the drone-borne parcels must be fetched back manually. I don't see how the human factor will not be involved with this, or how more people won't be needed.

As for country deliveries, the weather doesn't cooperate with small flying machines around here too often. It seems like wishful thinking from UPS.

0
0

Here we go again... UK Prime Minister urges nerds to come up with magic crypto backdoors

Brian Miller
Silver badge

M of N Secret Sharing

It sounds like they want a modified M of N scheme. The individual would only need one secret to access the plain text, while law enforcement would need N secrets to access the plaintext. Thus, the number of secrets would have to be gathered from a number of bodies via warrant, protecting the individual.

But of course that wouldn't prevent other solid encryption algorithms from being used.

5
0

Trebles all round! Intel celebrates record sales of insecure processors

Brian Miller
Silver badge

Re: But surely...

But only if world+dog remember anything.

Hopefully the fixes and benchmark numbers will stabilize and then we'll be able to see how the flaws and fixes affect things.

7
0

SHL just got real-mode: US lawmakers demand answers on Meltdown, Spectre handling from Intel, Microsoft and pals

Brian Miller
Silver badge

No Home for Insecurity

The House of Representatives earlier this month approved the "Cyber Vulnerability Disclosure Reporting Act," to ensure that the Department of Homeland Security tells elected officials about its policies and procedures for bug reporting.

OK, Homeland (in)Security will tell us about its reporting practices, which means nothing. Headline: Government's Most Useless Agency Takes Lead Reporting Nothing.

No, what's needed is not more hand-wringing and angsty looks, but to simply throw out this embargo business altogether. You got a security leak? It hits the news. You got a database hack? It hits the news. You got bug X? Same deal, news.

In theory, hackers will exploit everything. Well, aren't they doing that now?

5
5

It's 2018 and… wow, you're still using Firefox? All right then, patch these horrid bugs

Brian Miller
Silver badge

Where's the Rust?

I thought that Firefox had gone whole-hog with a Rust engine. Guess not everything has been rewritten yet.

3
0

Sueball smacks AMD over processor chip security flaw silence

Brian Miller
Silver badge

Re: Is this a twisted PR stunt?

This is a case where someone is making an investment risk in lawyers and the stock market.

0
0

Meltdown/Spectre fixes made AWS CPUs cry, says SolarWinds

Brian Miller
Silver badge

Re: I trust

The bacon delivers itself, by flying to your desk. You'll have to excuse the grease splattering from all of its flapping, though. Bit like a hummingbird or humble bee, but bacon!

0
0

Hawaiian fake nukes alert caused by fat-fingered fumble of garbage GUI

Brian Miller
Silver badge

Duck and cover revisited

Oh, come on now, just because the alert sent the populace running for futile shelter doesn't mean that it wasn't really a good time for all! This is the perfect thing for a BOFH to spring on a boss.

Seriously, by the time an alert like this goes out, the people will only have a few minutes to find shelter. It only takes 12 minutes from North Korea to Hawaii. You can bet that most shelter won't be adequate.

4
1

Intel’s Meltdown fix freaked out some Broadwells, Haswells

Brian Miller
Silver badge

It's also testing the fixes a while that's important. A fix gets implemented, runs under load for 24hrs, and gets approval. Unfortunately the problems arise on the customer machines running for 48hrs...

Back in the day, I remember load testing Exchange server and finding bugs in NTFS. "How do you find so many bugs?" "Um, just using it a lot, nothing special."

9
0

Good lord, Kodak's stock is up 120 per cent. How? New film? Oh. It launched a crypto-coin

Brian Miller
Silver badge

Small bumps make big news

Oh, come on, the stock was nearly at the penny level. Now it's jumped up, but it's still not significant.

No, Kodak sold off everything that made money because it wasn't film. Fujitsu realized that they had all sorts of neat IP and technology, and capitalized on that. Bad management vs good management.

A new cryptocurrency isn't turning anything around.

7
0

Take notebooks: About those new Thinkpads...

Brian Miller
Silver badge

Next time, Dell

The last time I bought a Lenovo, they left out the caps lock LED. And the model before that was so full of crapware that I couldn't load a development environment. The last time I used Dell, they included the Windows disk, and then I could load Windows without the crapware.

10
1

Here come the lawyers! Intel slapped with three Meltdown bug lawsuits

Brian Miller
Silver badge

Re: We have only ourselves to blame

No, we didn't cause Intel to "fuck up." Intel did not take any lessons learned from its experiences with other chip architectures and apply them to the x86_64. Intel has a lot of experience with RISC and non-86 architectures. Choosing to ignore design deficiencies is their action.

25
2

Microsoft patches Windows to cool off Intel's Meltdown – wait, antivirus? Slow your roll

Brian Miller
Silver badge

Check Twitter for info??

Check Twitter for updated info?? Might as well use Wikipedia as an authoritative reference.

Oh wait...

2
0

Now that's sticker shock: Sticky labels make image-recog AI go bananas for toasters

Brian Miller
Silver badge

Re: Great

You just need your bog standard psychedelic t-shirt and you're sorted. Machines don't have good trips when they're confronted with LSD.

2
0

Security catch-up: Nigerian prince email ring cops collar ... Louisiana OAP?

Brian Miller
Silver badge

Re: No prince, just a mule...

Yeah, the 419ers are always looking for someone stateside to recruit. I am so glad this guy got stopped. I'm guessing he got involved "to make ends meet" but crime only pays until the boys in blue come for you.

3
0

Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign

Brian Miller
Silver badge

Seriously the only suggestion is to jump to ARM. The Qualcomm 44-core will be coming out this year. As for realistic alternatives, there's only AMD and Intel. We'll have to wait and see what the real impact is, based on benchmarks.

9
0
Brian Miller
Silver badge

Re: Genetic Diversity?

Of course Bill Gates would have gotten in on the IBM PC if it had used the 68000. The problem was with Digital Research not signing an NDA. So Gates would have still made a DOS for IBM.

6
0

We've heard of data gravity – we're just not sure how to defy it yet

Brian Miller
Silver badge

Re: Perhaps the analogy is appropriate

Garden gnomes!

1. Collect garden gnomes. 2. Magic happens. 3. Profit!

Data != profit. It just means that there is a bunch of bits in the system. From the original blog post, magically lots of data translates into customers for Sales Force. Up to a point, Lord Copper.

Yes, we have lots of data. Maybe that data is worth something, and, more likely, it isn't.

0
0

Hyperledger 3 years later: That's the sound of the devs... working on the chain ga-a-ang

Brian Miller
Silver badge

Re: no real use case ?

The use case is for forming a chain of authenticity and verifiability, i.e., trust. Take Iota, which uses a Winternitz signature. The data is validated by peers, so instead of a monolithic chain of trust, the chain is distributed throughout the cluster.

The question is how does a document go from mortgage papers to being digitally verified. No, the hash is not the document. The document has to be stored some other place, and its hash is put in the system.

2
0

Merry Xmas, fellow code nerds: Avast open-sources decompiler

Brian Miller
Silver badge

Re: This is game-changing stuff

This isn't changing any games. I've been using decompilers recently, and they all fall down, and fast. While they can offer insights as to what is happening in the code, they get lost very easily and the result is garbage. Thus disassembly is the real reference.

I am glad that they released the source. Most if the decompilers need extension and tuning.

2
0

Fujitsu's server jujitsu: FPGA gives networking capacity fourfold boost

Brian Miller
Silver badge

Compression hardware, about time

So much of the traffic is compressible it's not funny. At some point they'll implement this in an ASIC for some real speed.

0
0

Why is Wikipedia man Jimbo Wales keynoting a fake news conference?

Brian Miller
Silver badge

Re: Wikipedia infaillible ? No!

That was the "study" that included blogs as well as the main articles, right?

Perhaps neither studies nor Wikipedia are reliable.

12
2

UK government bans all Russian anti-virus software from Secret-rated systems

Brian Miller
Silver badge

Re: No great loss.

I wish it was snake oil. I've been nailed before at work because a coworker wouldn't run AV, and walked a virus into the company. And still he couldn't get it into his head that he should have AV running on his machine.

I have Windows on just one computer now, and I don't use it for anything critical. Everything else is Linux or OpenBSD, and that's fine by me.

13
3

Night before Xmas and all through American Airlines, not a pilot was flying, thanks to this bug

Brian Miller
Silver badge

Software bug

If (TRUE)

Or some complex variation thereof.

Testing. You know you should have done some.

1
0

As Apple fixes macOS root password hole, here's what went wrong

Brian Miller
Silver badge

Oh good, auditing the process

Testing code as it's built is a very old concept. They should have had a wakeup call after the SSL bug. There's a number of good C testing frameworks now. Maybe they'll use one instead of just yelling at the developers.

10
0

Hewlett-Packard history lost to Santa Rosa fires

Brian Miller
Silver badge

Re: How ironic

I'm sure they made copies, but an original is still an original. When an original goes, it's gone.

How to protect against fire: don't store stuff in fire-prone areas in the first place.

1
10

It's 2017... And Windows PCs can be pwned via DNS, webpages, Office docs, fonts – and some TPM keys are fscked too

Brian Miller
Silver badge
Linux

Re: The NeverEnding Story Continues...

Yeah, but they're eating Windows users.

17
3

Hackers nick $60m from Taiwanese bank in tailored SWIFT attack

Brian Miller
Silver badge
WTF?

Re: SWIFT nasty software malware cyber-heist ..

It's frightful that so many companies use Windows systems for financial transactions. I worked at one place where they had a Windows computer specifically for bank transactions sitting outside of the firewall. They trusted it to do the transactions, but didn't trust it to be inside the corporate firewall. I have no idea why people keep writing high-end financial software for Windows.

2
0

'Israel hacked Kaspersky and caught Russian spies using AV tool to harvest NSA exploits'

Brian Miller
Silver badge

Re: in 2015, Kaspersky [...] was infected by the [American] Duqu 2.0 spyware

The problem is that our operating systems are such big targets, necessitating scanners of some sort. The open source scanners basically suck, Long ago, McAfee offered a "scanner" that would basically checksum the binaries, and let you know if something changed. But that doesn't work for viruses that hide in dynamic data.

Yeah, I use Kaspersky, because it's been the least problematic scanner. I've used and dumped McAfee and Symantec. Would any of Kaspersky's real problems not be seen at other vendors? I doubt it. If nation states want in, they have ways of getting in.

28
0

'There has never been a right to absolute privacy' – US Deputy AG slams 'warrant-proof' crypto

Brian Miller
Silver badge

CIA wants better encryption

There was some article years back about the CIA extolling the virtues of better encryption for corporate data. I would hope that the CIA would pipe up again, but I doubt they'd do it under this administration.

Oh, yeah: anybody remember the Clipper chip? I still have one of those t-shirts...

18
0

Senators call for '9/11-style' commission on computer voting security

Brian Miller
Silver badge

Re: Machines are the problem

Actually, my state did go back to paper ballots. We used to have the touch screen machines, and the realized it was cheaper for everyone to just mail in a ballot instead. In a recent analysis, the fraud rate on the part of voters was very low.

Now, there have been instances where the officials simply didn't count scores of ballots, but that wasn't the voter's fault.

9
0

Hubble Space Telescope spies possibility of liquid water in TRAPPIST-1

Brian Miller
Silver badge

Re: Nice Impression - do red skies have blue rivers?

If you were standing on the river bank and observing the sky reflected in the river, then yes. On Earth we have the occasional red skies, but the river retains its own color.

4
0

US government: We can jail you indefinitely for not decrypting your data

Brian Miller
Silver badge

I also would be in trouble...

My passwords are written down. If I lose the paper, I would have to do a recovery. But what would I tell the judge? "It was written down on one of the stickies. Didn't you pick it up?" They wouldn't believe me, would they?

58
0

Hash of the Titan: How Google bakes security all the way into silicon

Brian Miller
Silver badge

Secure boot good idea...

Until the bug is in the ROM code. The i.MX7 does this, but a bug in the ROM means that any firmware can be booted if the firmware image has a malicious cert.

But otherwise, it's a great idea. The chip can have certificate hashes burned into it, and then to boot the firmware, it has to have a signed cert. Once the firmware is booted, the Linux kernel is checked to make sure it is signed. Once that's done, it all boots normally.

Mind you, none of this prevents evil behaviour on Google's, or any other company's, part. It just means that a rootkit will be harder to plant on the machines.

0
2

Lottery-hacking sysadmin's unlucky number comes up: 25 years in the slammer

Brian Miller
Silver badge

No code review??

Let's see: somebody decided that a computer, instead of an observable physical device, should be used to issue random numbers governing the issuance of millions of dollars. And apparently there was no code review done.

When lotteries became a thing in the late 1980's, they used ping pong balls blown around in a chamber. Completely random, completely observable, and quite simple.

28
2

Don't throw away those eclipse glasses! Send 'em to South America

Brian Miller
Silver badge

Re: GLASSES ... GLASSES ... We Don't Need No Steenking __GLASSES__!

That's what a number of us did this time around. I built mine out of a long shipping tube, and it worked quite well. Others used cereal boxes, and one person had a contraption made from cardboard and plywood.

Even at 92% occlusion, the sun was still amazingly bright. Tell the children that cardboard and pins works wonders!

1
0

Can North Korean nukes hit US mainland? Maybe. But EMP blast threat is 'highly credible'

Brian Miller
Silver badge

Re: Mother Nature?

Even a limited strike would be bad. Remember the L.A. riots? Remember how people acted when New Orleans was hit by a hurricane? There are way too many people who will "behave badly" given the slightest opportunity. Popping something over southern California or the north east would be catastrophic for those areas. Yes, Kim would be blasted back into the stone age, but the U.S. would be significantly hurt.

11
2

FYI: Web ad fraud looks really bad. Like, really, really bad. Bigly bad

Brian Miller
Silver badge

Re: Pants

Toss your cookies, and then the ads will go away.

As for me, I purchased a major item last weekend by going to an independent retailer and physically carrying it out the door. That retailer relies on word of mouth, not web ads.

13
0

What code is running on Apple's Secure Enclave security chip? Now we have a decryption key...

Brian Miller
Silver badge

And then that one guy discovers what's been obfuscated and the gig is up.

Better to have a real encryption system. Not that that can be a perfect solution, but I'd rather have that than something that just pretends to be a good solution.

2
16

Page:

Forums

Biting the hand that feeds IT © 1998–2018