* Posts by Bob Ajob

39 posts • joined 14 May 2015

Captain, we've detected a disturbance in space-time. It's coming from Earth. Someone audited the Kubernetes source

Bob Ajob

Re: Pretty bloody good if you ask me

Claptrap! Any deviation from expected or intended function is a potential vulnerability (or opportunity from an attackers viewpoint). The key message is that you only need a single critical exploitable bug in ANY system, no matter how simple or complex. The fact is that more complexity invites more opportunities for bugs and 17 per million lines of code seems very high quality to me. Software defects are almost always security defects it's just a case of how exploitable they are over time.

Want to train a dragon? You'll need 500 million files, 730TB of data, 54,000 CPU cores...

Bob Ajob

Key messages

The key messages here are very encouraging from a DevOps perspective. They had the balls to experiment at a scale that affected their whole pipeline. Creating a dummy show probably cost less than the cloud hosting and time spent learning the new tech. Bravo to whoever had the vision to do this.

DigitalOcean drowned my startup! 'We lost everything, our servers, and one year of database backups' says biz boss

Bob Ajob

Re: Why were they locked out?

Digital Ocean have third party infrastructure providers? Read that again, that's not what I expected but as with ALL hosting providers, you're only as strong as their weakest link.

Can I get a RHEL yeah? Version 8 arrives at last as IBM given go-ahead to wolf down Red Hat

Bob Ajob

Centos 8

Got the latest kernel 5 running and seems stable will definitely be considering this as my daily driver. Best part of a decade of enterprise level support should be worth every penny, especially when everything else on top changes so bloody often. Staying on BSD based systems for more static servers though, instability seems closely correlated with complexity.

Linux kernel's 'seat warmer' drops 4.19-rc5 with – wow – little drama

Bob Ajob

GPL v2 versus GPL v3

Regarding GPL for future versions - I think the challenge is exactly that though i.e. removing major parts of future kernel releases by claiming copyright of your previous contributions and rescinding use of your code without permission so it is NO LONGER covered by GPL version 2. They cannot use code that is rescinded in future so that basically halts a lot of development until completely alternative code is redeveloped to cover the missing bits. Maybe a good time to move the Linux kernel to GPL v3 which explicitly removes the option to rescind contributions but unsure that is possible to apply retrospectively.

No, eight characters, some capital letters and numbers is not a good password policy

Bob Ajob

Obligatory xkcd link

https://www.xkcd.com/936/

As the author wrote -

"To anyone who understands information theory and security and is in an infuriating argument with someone who does not (possibly involving mixed case), I sincerely apologize."

Drug cops stopped techie's upgrade to question him for hours. About everything

Bob Ajob
Pint

Re: Mary Jane (the brew)

I'm fortunate enough to live close to the brewery and can thoroughly recommend this particular brew. Tonight :)

Oracle Linux now supported on 64-bit Armv8 processors

Bob Ajob

Not just repackaged?

Unsure if that is a fair assessment or not but is the UEK open source and can you see how many lines of code differ from the RHEL default? I've run perfectly legal dummy kernel packages for Red Hat (to fool it into thinking its running Oracle Linux) and they allow the (arguably EULA breaking) preinstall packages for Oracles products that automatically fix all the prerequisites for you but the UEK is a different beast altogether and allows hot patching of the kernel which I think the default RHEL one doesn't. Support for Oracle Linux is an interesting argument, especially depending on which hypervisor it might be sat on. RHEL support is only around $2k so pales into insignificance against most Oracle product (not OS) licensing and support costs.

Qualcomm still serious about Windows 10 on Arm: Engineers work on '12W' Snapdragon 1000

Bob Ajob

Linux/BSD only with an e-ink screen?

It may too niche a product but what I really want is a laptop sized machine with a real keyboard and the best e-ink screen technology. This is 'mostly' for serious command line usage only, SSH connections to manage other remote machines. Basically a 'super Kindle' but with a much larger screen and capable of running a proper Linux or BSD distro with much better battery life and the best wireless connectivity. This should also be hot-dockable to a mains powered base station that allows use of proper HDMI full colour monitors, gigabit ethernet and larger disks, etc. A good Android tablet with a keyboard cover is a close second but serious admins will probably appreciate a few days maybe a whole week of extra battery life and not really need a touchscreen feature - so swapping for e-ink makes sense to me - anyone fancy testing the water with a crowd-funded suggestion?

OpenBSD disables Intel’s hyper-threading over CPU data leak fears

Bob Ajob

Re: Multiple threads??

Love a good textile based analogy, the history of computing by threads can probably be traced all the way back to the abacus.

Bob Ajob

Re: Probably heard a rumor

Rumour and speculation? I'll get my coat.

Great news, cask beer fans: UK shortage of CO2 menaces fizzy crap taking up tap space

Bob Ajob

Bravo madam!

That is single-handedly the most trollish comment I've read in ages. Well done!

PC nerds: Can't get no SATA-isfaction? Toshiba flaunts NVMe SSD action

Bob Ajob

Not bad stats

Still mostly happy with my Samsung 960 NVMe after a few hundred drive writes but damn these things get hot when busy, definitely want a decent heatsink on them if not an active cooler.

VPNFilter router malware is a lot worse than everyone thought

Bob Ajob

Re: It's interesting how using more or less the same software for many different devices...

"...one software to rule them all. The effect would be a catastrophic event will impact everything."

You mean like the microcode running inside most modern processors?

Imagine if one of the TLAs decided to test a worm that pushed a microcode patch which bricks CPUs by implanting a self-destruct sequence on next reboot. That might have rather more interesting consequences on the global business markets than Trumps trade war :)

Cloud is a six-horse race, and three of those have been lapped

Bob Ajob

Thanks

Thanks for sharing the link to the non paywalled MS funded document. Having worked with both top (AWS) and bottom (IBM) of these providers, I can safely say that there are some useful warnings in there worth reading. The most insightful may be the statement at the end regarding the lock-in that isn't meant to be associated with cloud services.

Warren Buffett says cryptocurrency attracts charlatans, AI won’t change investing

Bob Ajob

Capital allocation

I'm not sure if I even understand what that means but real, general and strong AI could introduce far more important concerns, such as the rapid replacement of humanity with whatever comes next. It may never happen but if it does it could accelerate much faster than anticipated. Machine learning is only a small part of AI and is only enjoying a mini boom due to clever folks designing software tools to exploit the parallelism of GPUs. My expectation is that real, general AI is more likely to start out of the labs doing nanotech research on self-assembling structures (or artificial life by another name).

Admin needed server fast, skipped factory config … then bricked it

Bob Ajob

Re: It's a quick way to get a new works PC...

Also was the perfect revenge for one disgruntled casual employee where I worked. They stayed late one night and switched every machine in the whole office, then arrived early on their last day to find around half their colleagues scratching their heads at not being able to start DOS while the distinct aroma of electrical burning wafted through the air conditioning. Glorious.

Exclusive to all press: Atari launches world's best ever games console

Bob Ajob

such classics at Asteroids!

Come on Reggie, get better proof readers. I know it's only a little typo but you're usually more readable than this.

Oracle Access Manager is a terrible doorman: Get patching this bug

Bob Ajob

Padding Oracle attack

Nice, hoping my clients don't use this anywhere public, they're likely still busy dealing with the fallout from the last set of critical security fixes that didn't...

Ozzie Ozzie Ozzie, oi oi oi! Tech zillionaire Ray's backdoor crypto for the Feds is Clipper chip v2

Bob Ajob

Lotus Notes? Twat!

This guy needs a severe punishment for inflicting Lotus Notes on the world. That is all.

Microsoft Lean's in: Slimmed-down Windows 10 OS option spotted

Bob Ajob

Beast mode

There once was a pirate version of Windows XP that had a 666MB install ISO and used only 44MB RAM with only essential processes required to run most games. There have been tools such as NLite for stripping out components from the Windows installer for years but compared to Linux still an order of magnitude more bloated. What we need is the ability to install and run the absolute bare minimum trusted operating system software with all non essential services and applications optional. It'll never happen on Windows.

Bumper crop of Oracle vulnerabilities landing tomorrow

Bob Ajob
FAIL

Bumper crop of Oracle vulnerabilities landing tomorrow

Oracle are about to release their usual quarterly critical patch update (17th April) and apparently it includes some with very high CVSS risk scores in stuff like Java, where vulnerabilities can be anonymously exploited remotely over a network. Sounds like any unlucky folks with internet facing Oracle servers might want to consider testing and deploying these patches sooner rather than later. Link for more info -

https://www.oracle.com/technetwork/topics/security/alerts-086861.html#CriticalPatchUpdates

Torvalds schedules Linux kernel 5.0, then maybe delays 'meaningless' release

Bob Ajob

Re: why use version numbers at all?

As a software tester who sometimes struggles with the concept of automated testing for multiple version trees that should (in theory!) regularly merge back into a single trunk, I was initially inclined to agree with you. My problem is that sometimes the master trunk code must be rolled back a few versions but with new timestamps (where files are unchanged but still touched), perhaps due to a nasty defect that somehow an automated regression pack didn't include as it was not updated in time itself or just mistakenly switched off. These are often due to a new feature in the (more regularly updated) alpha/beta test code combined with simple human error. I think a much better approach for tracking is a balance of using timestamps inside an archive plus another unique identifier for an overall archive of all code, such as a secure hash checksum of all source files when archived up into a single file. As long as your continuous testing system does a sense check of all the (individual and combined) hashes then it should be able to keep track of any particular version change/merge or other activity, including whether a rolled back change puts the hashes back as required, regardless of timestamps. I think this may be how some of the better version management solutions function internally but I've not yet been tasked with testing any of them :)

Aw, all grown up: Mozilla moves WebAssembly into sparsely furnished Studio apartment

Bob Ajob

Hypervisor?

What are the major functional differences between running native assembly code in a browser and running it on any other application, say something like Virtualbox? Any application that lets you run binary executables on a virtual machine inside your current OS is just another hypervisor. If the VM guest ever has any access to the host hypervisor then it may be possible to exploit that and escape the sandbox. A bit like the hidden OS that runs in microcode on your CPU with privilege levels below zero...

Are meta, self-referential or recursive science-fiction films doomed?

Bob Ajob

Re: Ready Player One

Same here, read the book and really enjoyed it so I had reservations that even Spielberg could do it justice. The plot changes for the challenges were annoying but I guess that Hollywood needs it's big action sequences. On the whole still really enjoyed it, so did my young nephew who raved about it all the way home, he is now reading the book.

BT to slash landline rentals by 37%... for the broadbandless

Bob Ajob

Re: Seriously

You remind me of my father, only he is considerably older than you. I was taught to be ashamed whenever I use incorrect spelling or grammar. It happens all the time, hopefully as I get older I'll stop automatically correcting my mistakes. The thing that surprises me most is the abysmal spelling of some senior management types, demonstrates that a good education is not necessarily required to achieve a position of power.

CEO of smartmobe outfit Phantom Secure cuffed after cocaine sting, boast of murder-by-GPS

Bob Ajob

Re: I can see Governments using this as an argument to ban Encryption outright

Indeed. With this issue when a small subset of dodgy users of a specific obscure encryption algorithm or hardware device are the enemy, its fair to call it an encryption witch hunt. In reality there are far more legitimate users of encryption so we should ALL be protected from backdoors. The overwhelming majority of users are good guys. Even considering the dark onion markets and shadier parts of the internet those are still vastly outnumbered by perfectly legal and essential secure communications, modern business depends on keeping electronic transactions secure and trusted. When back doors or even unintentional vulnerabilities are introduced, they can and eventually will be discovered and exploited by the enemy, maybe the trick is to design an algorithm that booby traps any big brothers back door keys so that they can only be used once and in a very loud manner that forces keys to the front door to be changed, unsure if that is even technically possible but it's the closest analogy I can think of for the authorities brute forcing entry to physical property regardless of a warrant certificate. As long as the use of any secondary back door key is forced to be public (loud) and permanently breaks the primary key then at least the trust is still held with the digital locksmiths (root CAs?) and nobody else. I still don't like introducing any weaknesses into encryption at all but if back doors are forced in then I'd rather they were publicly approved not snuck in without broad review by experts and code released as open source.

Defra to MPs: There's no way Brexit IT can be as crap as rural payments

Bob Ajob

Re: IACS

https://ec.europa.eu/agriculture/direct-support/iacs_en

Integrated Administration and Control System. That's it. Wonder how much of the 90 billion euros they've spent on IT systems since they came up with the orginal requirements.

Bob Ajob

Re: quite the contrary

Not sure if you're joking but that is actually a bloody good idea. Many years ago when I worked at DEFRA there was a joke that it would be cheaper to just sack all of us and pass the subsidy direct to farmers without any 'administration' which was often very limited in its effectiveness. The only thing stopping that at the time was something called IACS which was an EU directive I think...

Death notice: Moore's Law. 19 April 1965 – 2 January 2018

Bob Ajob

Re: went to the moon ... imagine how tight the code was running on that!

Thanks for sharing, provides some fascinating insights into the history. I found an interesting description of the code section named PINBALL GAME here -

http://bit.ly/2Dw7svs

and here is a link on a NASA site about a real pinball machine -

https://er.jsc.nasa.gov/seh/pinspace.html

Bob Ajob

Re: Woe betide us! Moore's Law is dead! Leaving...

Not just in homes, there are also billions of battery powered mobile personal computing devices. These drive a desire for ever lower power usage as well as die shrinkage. Performance optimization seems a lower priority and I think should remain the job of software not hardware but just think about what was achieved decades ago with so little computing power. Phones are now running multiple concurrent threads at multi-gigahertz frequencies with gigabytes of RAM and hundreds times more solid state storage. Around fifty years ago NASA went to the moon with the help of a guidance computer that had around a thousands times less resources, imagine how tight the code was running on that!

GIMPS crack whip on plucky processor to find largest prime number

Bob Ajob

Re: My favourite part...

I'd be interested to know what the actual odds are of any specific ten consecutive digit number occurring in a truly random long digit sequence like this monster prime, I would hope its around 10^10 or one in ten billion? I searched for the same string sequence (9999999999) in the decimal digits of pi and couldn't find it in the first 200 million or so, perhaps finding it so much sooner in this sequence has a very low probability?

Cost-hurling IBM seeks more volunteers for employment bonfire

Bob Ajob

Re: Whatever happened to the critical IT skills shortage holding back the economy?

"...really envisage hordes of code monkeys being required, but no Infrastructure Technicians..."

That'll be the DevOps movement to replace all infrastructure with code then? Just kidding, anyone want to bet a pint that a GBS 'resource action' will be announced shortly too, probably January?

Basically, there are so many monster outsourcing deals set to finish at year end and some customers may be choosing to break up and even 'in source' IT back in-house again, after realizing over the last decade that IT is actually a critical dependency for most modern businesses and therefore they should never completely trust all their business systems and applications in the hands of external service providers.

Sad for all those families out there wondering if the statutory minimum will keep them going until a suitable new job becomes available.

OnePlus 5T is like the little sister you always feared was the favourite

Bob Ajob

That Amazon link for the Nokia 8 nearly got me!

Switched from iPhone to Android a few years ago and never looked back. My wife loves her OnePlus2, I got the original and have been looking forward to an upgrade for a while but the significant jump in prices over time baffles me, original was around £220 and OP2 was just under £300 but this beast is way more.

I recently got my dad a much cheaper Motorola G5 plus and he's quite happy with that, I had a play and was surprised how snappy and responsive it was for most tasks. To be honest the Nokia 8 you mentioned also seems like a lot of phone for the dosh, I will have to think more carefully before dropping better part of a weeks wages on a gadget I only want I don't really need an upgrade yet!

Fresh bit o' Linux to spruce up that ancient Windows Vista box? Why not, we say...

Bob Ajob
Linux

Re: Begs the usual question...Crysis on Linux

It may be technically possible to use a virtual machine on Linux running Windows with 'PCIe pass-thru' mode where the host Linux system uses an on-board Intel GPU but a hypervisor provides real GPU access to a VM running Windows then it can use the native Windows graphics drivers.

Here is a link with more technical implementation details but using another distro called archlinux and the QEMU hypervisor -

https://wiki.archlinux.org/index.php/PCI_passthrough_via_OVMF

'OK, everyone. Stop typing, this software is DONE,' said no one ever

Bob Ajob

Very rarely is software 100% defect free though. This is true for anything more complex than a few thousand lines of code if developed by the average human. Even very basic modern operating systems are probably well into the tens of thousands of lines of source code?

Bob Ajob

Mission critical stuff should legally never be done?

I think that any mission critical software that carries a real risk to human safety should never legally be allowed to be done as long as the original vendor continues to trade. Support for Windows XP finished ages ago but MS recently released some critical security patches for it knowing that some crazy folk use it in hospitals.

Don't install our buggy Windows 10 Creators Update, begs Microsoft

Bob Ajob

Just need to get the NSA tools updated

Due to the recent publication from shadow brokers and patches to close all the old holes they'll need to ensure a large enough bunch of new holes are added to replace them. Seriously anyone not using fairly strict firewall rules should review what binaries have open ports connected to what endpoints, especially for encrypted sessions carrying packets that can't easily be sniffed. I go low tech and just look at whether the led lights blink on that dumb switch...

Business or pleasure? Crucial MX200 and BX100 1TB SSDs

Bob Ajob
FAIL

What about reliability - failure rates versus warranty?

Up until the last couple of years my biggest issue with SSDs for business and personal use has been trust in the various manufacturers in terms of the reliability of the drives and firmwares and the graceful/total failure rates. I have now used at least a handful of different SSD manufacturers with varying experiences in terms of device reliability, the only two failures I have had were performance dropping through the floor requiring a low level wipe (my fault for not leaving enough slack space in a bad RAID 0 setup) and a total device death where the BIOS on two machines could see the disk but flatly refused to start it or so any data (seemed it just locked up completely not just going read-only mode as designed).

Most people accept that SATA3 SSDs perform way better than spinning rust (especially 5400rpm drives common in laptops which often have UPS in the form of battery back up) and can transfer large files at quite acceptable archive/backup rates of over 100MB/sec to cheap spinning rust. The most common every day business use case improvement for me is the reduction in boot times from a few minutes down to a few seconds. A few minutes saved at the start of each work day adds up to a lot of additional productivity (or longer snooze in bed!) but the other reason I just put a nice £100 SSD (250GB Sandisk) in my works laptop even at my own expense is the massive 10 year manufacturers warranty. There is no way I'll average anything like 40GB/day of writes, maybe a week but that should guarantee that by the time I get a new laptop (usually once every 5 years or so) then decrypting, backing up, cloning and restoring the whole 250GB disk image should take a few hours instead of all weekend.

Key question - how often do you back up your SSD data to spinning rust and do the restore times improve so much that reliability becomes less relevant anyway, as effectively the SSD makes for an expensive but still disposable/consumable commodity item? As long as your recovery time objectives are met does it matter if you have to swap the disks out more or less often?

Biting the hand that feeds IT © 1998–2019