* Posts by Bronek Kozicki

2464 posts • joined 6 Sep 2007

Some credential-stuffing botnets don't care about being noticed any more

Bronek Kozicki
Silver badge

Re: Maybe just

The growing popularity of 0Auth gives me with a glimmer of hope.

0
0
Bronek Kozicki
Silver badge

Re: Maybe just

"... at least it puts a shelf life against stolen credentials"

if passwords are not reused that should not be a problem. In case of a genuine password leak the correct way to enforce password security is via monitoring of user logins. That gives you much shorter reaction time and also view on the damage incurred.

0
1
Bronek Kozicki
Silver badge

I use fail2ban with a tweak to ban whole network segment, as per IP ownership lookup. It is really obligatory tweak on sites which support IPv6 (and mine does).

5
0

HP Ink should cough up $1.5m for bricking printers using unofficial cartridges – lawsuit

Bronek Kozicki
Silver badge

Re: The 'Trust' Factor: Toxic Patches / Firmware Updates

Yes, after I switched to Ubuntu the scripts from Brother started working just fine. It was hit-and-miss with Manjaro, though.

0
0
Bronek Kozicki
Silver badge

Re: The 'Trust' Factor: Toxic Patches / Firmware Updates

I have a six years old Brother laser, color with duplex and network port. Would like to replace it with a newer model, but it just does not fail, and I have no heart to throw away a functioning machine. I did replace its toner few times (not too often), reset the page count on tenor cartridges few more times (not too difficult, and thankfully well documented now) and cleaned its insides once (after apparent black toner leak). It does not look like much, and installing working drivers in Linux is more hassle than I would like it to be (still doable, though), but it works, and tenor is cheap per page count (if reset, as it should be).

1
0

Barclays and RBS on naughty step: Banks told to explain service meltdown to UK politicos

Bronek Kozicki
Silver badge
Happy

Re: Who's interviewing?

I am available.

3
0

I want to buy a coffee with an app – how hard can it be?

Bronek Kozicki
Silver badge
Unhappy

Re: Try travelling with First Bus and their (cr)app

I am currently reading a great book, titled "Designing data intensive applications". There are many things in it that I "kind of knew", but never was aware of the details of. The point is, systems like the ones "discussed" here are typically designed by guys (invariably - a woman would have learned first) who "kind of know" how to do it but in actuality, not quite. They learn on the job, like most of us did. So, the server side services are unresponsive, lose data on occasion, do not offer a clear upgrade path for the client side app etc. Things "kind of work", if you squint enough - just not when you need them to. The answer is to learn, but when do you learn if the project budget has been eaten up already by five project managers and ten consultants, and you are half year behind the schedule?

11
3

Sealed with an XSS: IT pros urge Lloyds Group to avoid web cross talk

Bronek Kozicki
Silver badge

Good luck to her.

2
0
Bronek Kozicki
Silver badge

"We employ multi-layered security controls across our systems"

That's what you get when you employ PR-bots who are the only people allowed to talk to the press. There is only one official line, which must be religiously followed in all communication (until it is replaced, that is).

16
0

30-up: You know what? Those really weren't the days

Bronek Kozicki
Silver badge

Re: "you were seriously stuck up a gum tree"

There was also IRC ...

2
0

'Men only' job ad posts land Facebook in boiling hot water with ACLU

Bronek Kozicki
Silver badge

Re: Is it discrimination

@Bernard M. Orwell I believe you are right (cannot access that www.hattonjameslegal.co.uk link now), but that does not make "men only" job ads any less wrong.

6
0
Bronek Kozicki
Silver badge

Re: Is it discrimination

It is not illegal to limit the job ad reach according to locality. It is illegal to limit the job ad reach according to gender (or race, age, religion, sexual preferences etc). I know, to a hyper-logical brain of a talented software engineer (with a slight deficiency on empathy side) that does not make sense, but nevertheless that's how it is. And if you think about the reasons why this is (something to do with personal identity) it might just start making sense.

11
1
Bronek Kozicki
Silver badge

Re: Is it discrimination

It is still discrimination. The fact that it is financially motivated does not make it less discriminatory. Also, from the point of view of someone who has worked with women programmers in the past (and is hoping to work with them in the future), more diversity at positions traditionally dominated by men is a good thing. I do not mean "eye candy", but diversity of opinions and approaches to problem solving. Hiring managers who place such discriminatory ads are doing themselves and their employers a disservice.

17
1

Click your heels, um, mouse thrice and you've quickly got Ubuntu on Hyper-V in Win 10 Pro

Bronek Kozicki
Silver badge

Re: any chance I wonder...

I actually meant Microsoft throwing their oar in to help

Given that most of the help in this area comes from RedHat (e.g. virtio drivers) who knows, perhaps Microsoft is actually involved, just indirectly and without the branding.

1
1
Bronek Kozicki
Silver badge

I found that the best way for "seamless mode" is to run a vcxsrv under Windows and configure both PuTTY and sshd for X11 forwarding. Your Linux machine can run anywhere on the network (including your own box - Hyper-V can run your virtual machine in the background). GUI for your Linux hosted programs will show up on Windows screen almost as if it was native application. I rather like running CLion this way (so I have native gcc / clang build despite running Windows, in a virtual machine, on top of headless Linux)

4
0
Bronek Kozicki
Silver badge

Re: any chance I wonder...

I've been doing that for years and its been working flawlessly for a long time, also for some heavy gaming (e.g. Witcher 3). Granted, my Linux box (and hypervisor) is beefed up and headless. The GPU is exclusively assigned to Windows guest with vfio, so that might not be what you are looking for. Having the ability to just roll back Windows to an old snapshot of "drive C" via ssh to hypervisor is very nice, though.

7
0

Lenovo Thinkpad X280: Choosing a light luggable isn't so easy

Bronek Kozicki
Silver badge
Linux

Re: The best part about ThinkPad X280?

Not much trouble at all - just boot from appropriately prepared USB device and continue installation according to the directions of the setup script.

7
0
Bronek Kozicki
Silver badge

The best part about ThinkPad X280?

... model X270 will be available at a discount early next year. I've been waiting for this moment too long.

10
0

Do not adjust your set, er, browser: This is our new page-one design

Bronek Kozicki
Silver badge

Next change in line

Please, please give me the ability to select "dark design". Black background, white(-ish) letters, with some colour here and there.

12
3

AI beats astroboffins at sniffing out fast radio bursts amid the universe's clutter

Bronek Kozicki
Silver badge

Re: Interpretation

Yay, Charles Stross - really like his books, have not seen this story yet!

1
0

Gits exposed, kinky app devs spanked, Feds spy on spyware buyers, etc

Bronek Kozicki
Silver badge

Re: It is worth noting

@amanfromMars1 glad to see you here, but these dried frog pills won't eat themselves you know. It would be nice to see you in a slightly more lucid state, in other words.

0
1
Bronek Kozicki
Silver badge

It is worth noting

Andrei Tyurin is extradited from Georgia (country, not US state obviously). Russia does not extradite its own citizens, no matter the crime. I think they have it in constitution.

4
0

What's AI good for? Industrial or consumer tech? Meh. Airliners? AHA, says UK.gov

Bronek Kozicki
Silver badge

Re: Small point

Ice can form inside the fuel tanks and accumulate at the fuel intake part of the engine, as for example happened to a certain 777 in 2008

Although I agree fan blades sounds more likely, in the context :)

1
0

NASA's Kepler probe rouses from its slumber, up and running again

Bronek Kozicki
Silver badge

Given how expensive it is

.... I wonder if the James Webb Telescope will get more fuel to stay active longer than originally planned. It would appear that the launch vehicle chosen for the mission might have spare capacity.

Sorry for the slight OT, it just annoys me a lot that a multi-billion worth of hardware (and actually priceless in terms of scientific research and discovery) is only usable for short few years "because planning", and if it stays in somehow working shape for few years longer, everyone acts surprised. This should be planned for longer spans, in the first place.

6
3

Neutron star crash in a galaxy far, far... far away spews 'faster than light' radio signal jets at Earth

Bronek Kozicki
Silver badge

Superluminal motion is explained in few sources - basically this is about the jet of matter moving at a speed close to the speed of light towards the observer, and emitting photons at the same time. This means that some photons are emitted from the jet when it is much closer to the observer, but (because of the speed at which the matter emitting the photons moves) they arrive only a short time after the photons emitted at the start the event arrived to the observer.

12
0

Microsoft Azure: It's getting hot in here, so shut down all your cores

Bronek Kozicki
Silver badge

Ouch

feeling hot here ...

1
0

Go Pester someone else: TSB ditches CEO over bank's IT meltdown

Bronek Kozicki
Silver badge

Re: Agree? AGREE?!

Well, that spares everyone the humiliation of haggling over the bonus in public.

2
0

Hello 'WOS': Windows on Arm now has a price

Bronek Kozicki
Silver badge

Re: I Wish You Luck

... actually, I need to correct myself. The only reason for Intel architecture to stay at the position it is right now is its instruction set

Intel (firm) knows it very well, which is why it is investing in alternatives - for example (also The Next Platform).

5
0
Bronek Kozicki
Silver badge

Re: I Wish You Luck

I am more enthusiastic for ARM. The reason Intel is a power hog is because the chip, internally, is a RISC. It emulates the IA instruction set in software, i.e. microcode. That is clearly not as efficient as simply running RISC instruction set. This emulation is why all the low-power Intel attempts have failed, and the native RISC instruction set is why ARM is so doing well at the low-power end. But this does not mean that ARM needs to be barred entry to the high power computing - quite the opposite, actually, because it turns out that at the high end, the power efficiency is also very important. For an example, see The Next Platform. The only reason for Intel to stay at the position it is right now is its instruction set, which the exact same thing killing its (energy) performance.

22
2

How to (slowly) steal secrets over the network from chip security holes: NetSpectre summoned

Bronek Kozicki
Silver badge

There is also

... an article on the subject on Ars Technica.

2
0

Official: AMD now stands for All the Money, Dudes!

Bronek Kozicki
Silver badge

Re: Great news for AMD, but where's the profit?

The other way to look at margin is "how much is the given company ripping its customers". The large figure you see on the Intel side is the reason why AMD has increased, and will keep increasing, its revenue. It is also the reason why Intel needs to make some hard decisions, soon. The relation between both sides is what we call "competition".

18
0

East Midlands network-sniffer wails: Openreach, fix my outage-ridden line

Bronek Kozicki
Silver badge

Re: AAISP

... and here is the relevant link

There is a catch though, which I guess might apply in this case "DSL requires a working PSTN line, if the PSTN line has a fault then this will need to be resolved first."

0
0

Fitness app Polar even better at revealing secrets than Strava

Bronek Kozicki
Silver badge

Duh

I do have a Polar Flow account and was never under the impression that my routes are private. I wonder where did the military men get that impression from? Or perhaps they just made certain assumptions without checking?

2
0

SD cards add PCIe and NVMe, hit 985 MB/sec and 128TB

Bronek Kozicki
Silver badge

Re: 128TiB in an SD card?

... not to mention bitrot. Which is real thing if you store large enough set of data.

4
0

Who dares wins, they say, so Toshiba's SAS drive plans another hit on SATA

Bronek Kozicki
Silver badge

I will have eight such disks, please

free samples for test purposes, of course.

1
0

Linux literally loses its Lustre – HPC filesystem ditched in new kernel

Bronek Kozicki
Silver badge

Re: a Thinner Linux Kernel

I build my own kernel for every minor release - it's pretty easy actually, but not because of my (rather embarrassing level of) knowledge of how to do it, but simply thanks to the distribution making it easy to customise and build own packages.

2
0
Bronek Kozicki
Silver badge

Re: Uh-oh...

Other great filesystems aside, I think that you do not need to have Lustre in the upstream kernel in order to be able to use it - just build your own modules from out-of-tree Lustre sources. Not entirely sure about this and happy to be corrected.

6
0

What's all the C Plus Fuss? Bjarne Stroustrup warns of dangerous future plans for his C++

Bronek Kozicki
Silver badge

why std::shared_ptr<T> or std::vector<T>::iterator did not provide some additional checking whether memory gets destroyed whilst within the member function itself

My response to this category of problems is: fix your design.

9
0
Bronek Kozicki
Silver badge

Re: Design by committee

if on the other hand the committee is seen as a vehicle to push each member's pet projects and goals...

It is not - because it is possible for any member of the committee to stop dead a pet project of another member if they deem it an "unworkable time hog". Sometimes that saddens me, sometimes I glad because of that. There are many proposals and also some interesting research which deserve closer attention than they receive.

However, "design by committee" does show up, in the very very long "bikeshedding" discussions where most participants agree in principle on a feature or change, but cannot agree on how it should be designed.

4
0

What can you do when the pup of programming becomes the black dog of burnout? Dude, leave

Bronek Kozicki
Silver badge

I will not get into your examples (graphics is not my area) but you are touching two issues here:

1) motivation at work - this is indeed doing what you have passion for and being recognized for your work

2) lack of motivation as a result of three points you have listed above.

But there is also another thing: burnout as a result of doing what you love, but too much. This may happen, too. Sadly most employers do not recognize when this happens and have no policies for helping employees who work more than e.g. 60 hours per week.

13
0

Boffins offer to make speculative execution great again with Spectre-Meltdown CPU fix

Bronek Kozicki
Silver badge

Re: I have a simple plan...

"3. Make much faster memory" to be honest, we already have much faster memory, it is called SRAM - sadly required power makes it not practical for anything beyond small amount inside the CPU for caches. I agree that we should invest in research (and productisation) of new types of memory, optimised for very low latency.

0
0
Bronek Kozicki
Silver badge

Re: Hard as I try... (@ GrumpyOldBloke)

"Does this make sense? Honest question." - nope. The compilers are not at fault, although they may help alleviate the pain. It is multistage pipelines in the CPU and the associated high cost of branch misprediction which pushed the CPU designers to speculatively execute branches before we know whether or not we need it. Couple this with the high cost of cache misses and that's your side channel attach right there.

One way to fix it would be to push the "speculative" part from the CPU to the compiler like Mill architecture does, but it is a very different beast to what we have now, with a very different instruction set to match.

5
0
Bronek Kozicki
Silver badge

Re: Hard as I try...

I'd like to believe that 1) SafeSpec is actually viable (in terms of die space and performance cost) and that 2) CPU vendors will actually spend money implementing it. But I try not to be too optimistic ...

7
2

Wires, chips, and LEDs: US trade bigwigs detail Chinese kit that's going to cost a lot more

Bronek Kozicki
Silver badge
Devil

Treasury notes

Here is the thing - China is, by far, the largest buyer of American debt. The interest of which is tightly coupled to price, which can be manipulated by someone with a sufficiently large long position - like China for example. If things go much further, Chinese could imaginably ruin American economy by flooding the interest rates market with Treasury notes, which would push the yields up. It would cost them an arm and leg, but who knows - for a centrally managed economy it might be just doable, especially if aimed only at the weeks where the impact would be the biggest i.e. re-issuance of more Treasury debt. With the interest rates adjusted to match the inflated yields.

17
0

Citation needed: Europe claims Kaspersky wares 'confirmed as malicious'

Bronek Kozicki
Silver badge

Re: You do not need evidence against Russians

@DiViDeD - while you are correct that indeed, the initial accusation was based on little evidence, the investigation recently concluded by the Dutch government is more conclusive

12
3

Trademark holders must pay for UK web blocking orders – Supreme Court

Bronek Kozicki
Silver badge
Pint

Re: Good decision

I especially like this clause, which is hard to argue against: "The protection of intellectual property rights is ordinarily and naturally a cost of the business which owns those rights and has the relevant interest in asserting them."

Good sense wins!

39
0

BlackBerry Key2: Clickier, nippier, but how many people still want a QWERTY?

Bronek Kozicki
Silver badge

Re: Battery

Sadly I think not - otherwise, it would be a talking point.

1
0
Bronek Kozicki
Silver badge

Re: QWERTY Yes

BlackBerry is not stock Android - its software is pretty good actually (especially Hub and DTEK). They learned to do it right, well before Google did. Luckily BlackBerry is still doing the software and it appears that, on the hardware side, TCL is not too bad either.

2
0

US websites block netizens in Europe: Why are they ghosting EU? It's not you, it's GDPR

Bronek Kozicki
Silver badge

Another one ...

... is wisconsingazette.com

I think it is good that these names should be listed in public. If they are unavailable to EU because of GDPR that means that either 1) they are collecting PII data they have no business knowing or 2) they have no idea what GDPR is, and act out of fear. Either way, it is good that these sites should be publicly known.

44
1

Forums

Biting the hand that feeds IT © 1998–2018