* Posts by Bronek Kozicki

2506 posts • joined 6 Sep 2007

The D in SystemD stands for Dammmit... Security holes found in much-adored Linux toolkit

Bronek Kozicki Silver badge

I guess it's a good time

... to remind of Devuan

You can blame laziness as much as greed for Apple's New Year shock

Bronek Kozicki Silver badge

Re: "Given that a credit card in Germany is just a "delayed-action" debit card"

You can't decide that you won't pay off the full balance at the end of the month we call that "charge card" over here, one example is American Express. The card issuer profit is obviously not from the interest but from the annual fee paid by the client.

Happy new year, readers. Yes, we have threaded comments, an image-lite mode, and more...

Bronek Kozicki Silver badge

Lite mode ...

.... is glorious! Thank you!

Millennium Buggery: When things that shouldn't be shut down, shut down

Bronek Kozicki Silver badge

Where the updates are initiated by IT because they're needed to patch some risk or move off some component that's reached maintenance EOL if you can't get agreement then go to the top team yourself and point out the risk and that you can't accept responsibility for any consequences of postponement.

... and when you do so, do make sure to include a printout to Equifax hack postmortem. Not a link - hard copy so they have no excuse for not knowing the dangers of delayed patching.

LastPass? More like lost pass. Or where the fsck has it gone pass. Five-hour outage drives netizens bonkers

Bronek Kozicki Silver badge



Linux kernel Spectre V2 defense fingered for massively slowing down unlucky apps on Intel Hyper-Thread CPUs

Bronek Kozicki Silver badge

Re: That's multiprocessing, not multithreading

Many applications don't use multiple threads very heavily. Yes, because you need either 1) embarrassingly parallelizable algorithm (fitting within existing imperative programming paradigms) or 2) a new programming paradigm which limits data sharing between threads. Without either of these, the horizontal scalability of your application is severely limited by the Amdahl's law. New languages like Go or Elixir, or frameworks like Akka go some way towards 2), but few programmers can be bothered.

Microsoft sysadmin hired for fake NetWare skills keeps job despite twitchy trigger finger

Bronek Kozicki Silver badge

Re: Memories ...

Ah, printed manuals. Nothing beats them, which is why I continue buying so many books.

Stay classy: Amazon's Jassy gets sassy with Larry

Bronek Kozicki Silver badge

Unique capabilities of Oracle databases, hahaha. Like performance at the cost of data consistency, without support for fully serializable model.

How one programmer's efforts to stop checking in buggy code changed the DevOps world

Bronek Kozicki Silver badge

Re: Jenkins?

Bah! Some people do not need FOSS projects or such fads as CI/CD, as every single line of their own code is perfectly correct. Here is an example of such entirely correct code:

int main() {}

Can your rival fix it as fast? turns out to be ten-million-dollar question for plucky support guy

Bronek Kozicki Silver badge

Re: I'm just going to say...

Are you familiar with the term "tech-illiterate"? That's what most directors at established banks are. And they are the only people with the authority to make architectural decisions. That might not apply to one of the upstart banks like Monzo or Starling, but I am yet to learn more about how they work.

Bill Gates joined on stage by jar of poop as he confesses deep love for talking about toilets

Bronek Kozicki Silver badge

Good thing, actually

One of my favourite charities "Water Aid" also takes a keen interest in sanitation. Having learned a little about how the world works outside of my immediate surroundings, I can understand why.

Astroboffins spot one of the oldest, coolest stars in the universe lurking in the Milky Way

Bronek Kozicki Silver badge

"could we visit it?"

Very unlikely. The distance to the star is ~ 1950ly, so assuming that no space warp becomes accessible to us, the travel would probably take too long.

'Blockchain SAVED my Quango'

Bronek Kozicki Silver badge

Re: "Do you need a blockchain?"

This is a really good flowchart.

It's wall-to-wall Huawei: Chinese behemoth hogs five of six top spots in SPC-1 array benchmark

Bronek Kozicki Silver badge

And so it begins

American vendors abandoning the field for other nations to take over. Next in line: SoftBank with ARM server chips. Not this year, not next ... but it will happen if Americans do not change their attitude.

Swedes grumbling about Apple Store in their park are lucky – in Toronto, Google eats all your data

Bronek Kozicki Silver badge

... a nicer restaurant, perhaps?

Mourning Apple's war against sockets? The 2018 Mac mini should be your first port of call

Bronek Kozicki Silver badge

Re: Mac OS X Server isn't what it used to be

I guess you can use it also as a build server, if you write software for macOS.

Welcome back, 'ping of death', it has been... a few months. Now it's Apple's turn to do the patching

Bronek Kozicki Silver badge

"it may be possible to exploit the buffer overflow to execute arbitrary code in the kernel"

This is very serious, I wonder when we will see "may" change to "is".

Facebook sets Linux kernel tools free

Bronek Kozicki Silver badge

Re: Hmm, usually when a company does that...

It's not a bad thing, though. If I were a CTO at a technology company, approach "let's give it to the community so we have more potential maintainers and external input" would be my default.

Bomb squad descends on suspicious package to find something much more dangerous – a Journey cassette

Bronek Kozicki Silver badge

That's not what DAT looks like

I know, I have few old DATs at home (used them for actual backups). Icon corresponding to age.

Shift-work: Keyboards heaped in a field push North Yorks council's fly-tipping buttons

Bronek Kozicki Silver badge

Some white ones visible on the pictures

I wonder if there is an original IBM keyboard somewhere among this scrap.

Google Project Zero zeroes in on Google project: Security hole spotted in gVisor sandbox fence

Bronek Kozicki Silver badge

This is good bug hunting


GitHub lost a network link for 43 seconds, went TITSUP for a day

Bronek Kozicki Silver badge

Agreed, distributed databases is a hard problem. The fact that they used MySQL does not make it any bettter. The solution you mention requires a totally asynchronous client, which may not work for the database users. The other solution is to use Convergent Replicated Data Types, and yet another is to simply fail one side due to the lack of quorum.

Official: IBM to gobble Red Hat for $34bn – yes, the enterprise Linux biz

Bronek Kozicki Silver badge

But this time it's different. Redhat is opensource ... which means that the biggest asset that RH could possibly bring to the table is the knowledge in the heads of its employees. If they are gone, nothing is stopping them from joining CentOS team or perhaps setting up a new distribution based entirely on RH (also with commercial support, because they know how to do it).

But I think this deal is about something else. The winner here is Power CPU architecture, which will receive "virtually unlimited" support from the favourite distribution of banks and other large (and medium-sized) institutions.

Congrats from 123-Reg! You can now pay us an extra £6 or £12 a year for basically nothing

Bronek Kozicki Silver badge

Speaking of domain hosting

... how is the experience with Mythic Beasts, anyone?

It only took Oz govt transformation bods 6 months and $700k to report that blockchain ain't worth the effort

Bronek Kozicki Silver badge

For a government project, you probably don’t want distributed consensus.

Yes and no. Yes, because centralised solution (i.e. non-distributed) for most problems is what any government would naturally gravitate towards. No, because DARPA was a government project, with the explicit goal of creating distributed, highly available system.

If a government wanted to build a distributed, highly available database for its citizens or for international community, then perhaps blockchain could be a part of the solution. Admittedly, that goes strongly against typical governmental thinking, so there you go.

Bronek Kozicki Silver badge

Actually there is a use of blockchain. It is a distributed consensus algorithm (or, in other words, totally ordered broadcast protocol) which happens to be also resilient against Byzantine failures, unlike other consensus algorithms like Paxos, Raft etc. Of course, being a distributed consensus algorithm does not make it intrinsically valuable (as some "investors" would like you to believe), but it could be potentially useful to store and update a distributed database across a large number of untrusted devices (say, privately owned computers or mobile phones). Or it could be used to track a path of a physical thing in the supply chain (where individual suppliers cannot be trusted). It would be also rather inefficient and very laggy. Oh, and the whole "proof-of-work" is a total non-starter, unless you are into speculation with "instruments" which they are not.

Grumbling about wobbly Windows 10? Microsoft can't hear you over the clanging cash register

Bronek Kozicki Silver badge

Re: Conditioning.

If there comes concrete evidence that a Windows Update broke something (like a a life-support machine)

... then the lawyers would have nothing to do with Microsoft, but with the vendor choosing clearly inappropriate OS to run critical machinery.

'The inmates have taken over the asylum': DNS godfather blasts DNS over HTTPS adoption

Bronek Kozicki Silver badge

Re: Who needs DNS anyway?

... or if you have some kind of CDN, which is most of the large sites (including El Reg) because that relies on DNS directing the user to the nearest datacentre.

Violin Systems gnaws off X-IO Technologies' storage arm

Bronek Kozicki Silver badge

The "world's smallest violin" picture would be a better fit for another story

US may have by far the world's biggest military budget but it's not showing in security

Bronek Kozicki Silver badge

Large systems are difficult

The engineering approach is to start from the assumption that at any given time, some part of the systems will be in "bad" state. If you start from that, then bugfix releases or configuration updates are just variables in the complex equation of "how much more broken could it become if we (do not) do that". Of course, the military cannot have that - hence there is no functioning monitoring, no canary releases, no fault tolerance, no regular disaster recovery exercises, no nothing. Just put it all together and hope it holds shape. Because in military, apparently "hope" is a strategy. Who would have thought?

It's October 2018, and Microsoft Exchange can be pwned by a plucky eight-year-old... bug

Bronek Kozicki Silver badge

Re: As a developer...

It is impossible to ship bug-free software, but it is NOT impossible to ship software hardened, and tested, against bad inputs.

Super Micro China super spy chip super scandal: US Homeland Security, UK spies back Amazon, Apple denials

Bronek Kozicki Silver badge

I wonder

.... if we are ever going to see the internal programming of the "bug chip". It must have been reverse-engineered already, right? Seeing what that thing was actually programmed to do would remove much (although not all) doubt from this case.

On the seventh anniversary of Steve Jobs' death, we give you 7 times he served humanity and acted as an example to others

Bronek Kozicki Silver badge

Re: Rude

Agree on the first part. As for the second, that's what downvotes are for.

AI engines, Arm brains, DSP brawn... Versal is Xilinx's Kitchen Sink Edition FPGA

Bronek Kozicki Silver badge
Paris Hilton


Judging by the numbers supplied I guess the internal architecture is a departure from the more typical concurrent model based on either vector processing or von Neumann model. Is there an upcoming article on The Next Platform , by any chance ?

Haven't updated your Adobe PDF software lately? Here's 85 new reasons to do it now

Bronek Kozicki Silver badge

Re: Update your Adobe PDF software...

FWIW, I use Foxit PhantomPDF and rather like it. They also give away a nice PDF reader.

Volkswagen links arms with Microsoft for data-slurping cloud on Azure

Bronek Kozicki Silver badge

Speaking of Volkswagen

I just found its namesake at GitHub

Fortnite 'fesses up: New female character's jiggly bits 'unintended' and 'embarrassing'

Bronek Kozicki Silver badge
Paris Hilton

I think the apology is badly worded

They surely meant the apologise for forgetting to stiffen the parts of the upper torso with a sports bra?

WLinux brings a custom Windows Subsystem for Linux experience to the Microsoft Store

Bronek Kozicki Silver badge

Re: I know why

Oh I see you failed to get what the "real thing" is to be compared against. Of course I meant systemd (aka "pretend Windows").

Bronek Kozicki Silver badge

I know why

This is useful if you want to run Linux without "pretend Windows" (i.e. systemd), because you have the real thing instead.

Bronek Kozicki Silver badge

As for file sharing under WLinux (not sure if this is inherent to all WSL distributions), it is available in crude but effective form. All disks are mounted, for example:

$ mount | grep /mnt/c

C: on /mnt/c type drvfs (rw,noatime,uid=1000,gid=1000,umask=22,fmask=11,metadata,case=off)

Bronek Kozicki Silver badge

Re: The Other Way Round

I think you are right, been running it like this for years. But experimentation is good.

Bronek Kozicki Silver badge

Indeed you are expected to pay

... which is controversial for any Linux distro. Luckily the price is small enough to put it under "support a developer with pizza and few beers" label, so no big deal. During installation you are expected to create a user with "sudo" rights. The installer will add WLinux icon to "Universal Applications", which is standard Windows console. You are automatically logged into the user you have created when you launch this console. I had some difficulty figuring out the selection of available packages until I checked the content of /etc/apt/sources.list - there is mostly Debian stable, with the addition of apt.patrickwu.ml . The fact that this domain is owned by "Mali Dili B.V. " with only a postbox in Netherlands, who apparently owns 227 more domains under .ml is potentially a security issue. Yet need to check this in GitHub WLinux wiki.

As for X11, I tried sublime text 3 with vcxsrv and it "just worked" although I had to add "export DISPLAY=:5" to ~/.profile (my display is not the default :0).

Some credential-stuffing botnets don't care about being noticed any more

Bronek Kozicki Silver badge

Re: Maybe just

"... at least it puts a shelf life against stolen credentials"

if passwords are not reused that should not be a problem. In case of a genuine password leak the correct way to enforce password security is via monitoring of user logins. That gives you much shorter reaction time and also view on the damage incurred.

Bronek Kozicki Silver badge

I use fail2ban with a tweak to ban whole network segment, as per IP ownership lookup. It is really obligatory tweak on sites which support IPv6 (and mine does).

HP Ink should cough up $1.5m for bricking printers using unofficial cartridges – lawsuit

Bronek Kozicki Silver badge

Re: The 'Trust' Factor: Toxic Patches / Firmware Updates

Yes, after I switched to Ubuntu the scripts from Brother started working just fine. It was hit-and-miss with Manjaro, though.

Bronek Kozicki Silver badge

Re: The 'Trust' Factor: Toxic Patches / Firmware Updates

I have a six years old Brother laser, color with duplex and network port. Would like to replace it with a newer model, but it just does not fail, and I have no heart to throw away a functioning machine. I did replace its toner few times (not too often), reset the page count on tenor cartridges few more times (not too difficult, and thankfully well documented now) and cleaned its insides once (after apparent black toner leak). It does not look like much, and installing working drivers in Linux is more hassle than I would like it to be (still doable, though), but it works, and tenor is cheap per page count (if reset, as it should be).

Barclays and RBS on naughty step: Banks told to explain service meltdown to UK politicos

Bronek Kozicki Silver badge

Re: Who's interviewing?

I am available.

I want to buy a coffee with an app – how hard can it be?

Bronek Kozicki Silver badge

Re: Try travelling with First Bus and their (cr)app

I am currently reading a great book, titled "Designing data intensive applications". There are many things in it that I "kind of knew", but never was aware of the details of. The point is, systems like the ones "discussed" here are typically designed by guys (invariably - a woman would have learned first) who "kind of know" how to do it but in actuality, not quite. They learn on the job, like most of us did. So, the server side services are unresponsive, lose data on occasion, do not offer a clear upgrade path for the client side app etc. Things "kind of work", if you squint enough - just not when you need them to. The answer is to learn, but when do you learn if the project budget has been eaten up already by five project managers and ten consultants, and you are half year behind the schedule?

Sealed with an XSS: IT pros urge Lloyds Group to avoid web cross talk

Bronek Kozicki Silver badge

Good luck to her.

Biting the hand that feeds IT © 1998–2019