Posts by Kevin McMurtrie
3557 publicly visible posts • joined 15 Jun 2007
Page:
Native Americans urge Apache Software Foundation to ditch name
Cisco warns it won't fix critical flaw in small business routers despite known exploit
Hardly the first problem
I had one of those (RV042G I think) and it was hopeless to secure. If I reported a vulnerability, Cisco would send me a patched firmware file with a worse vulnerability. I crushed and disposed of it when the WAN ports had admin telnet permanently open with the default password. Giving it away for free would have been an act of cruelty.
Linksys WiFi APs followed shortly for the same reason.
Fat EVs may cause 'more death on our roads' – watchdog
Old people want "safe" cars
Older people want heavier and heavier cars for their perceived protection in crashes. Mandating a weight limit is probably the only way to go. These same people are future "wrong pedal" drivers that are going to launch their 700HP electric mammoths into others. You can't line every sidewalk in a city with bollards.
Another problem is all the people buying Teslas believing that a future software update will turn them into limos before they kill themselves with poor driving skills. A white Tesla 3 is the new Prius - the car that you watch carefully because there's a higher probability of a confused driver. (Or worse - Autopilot is on)
Haiku beta 4: BeOS rebuild / almost ready for release / A thing of beauty
Re: I wish them well
I saw the BeOS demo too. I recall that it was heavily dependent on the Metrowerks CodeWarrior development environment, which was my favorite IDE at the time. Metrowerks started releasing inoperative updates and that was pretty much the end of the BeOS demos. I never saw one again.
This was about the same time that MacOS and Windows were highly unstable, both in APIs and reliability. I ended up switching from C++ to Java for primary development.
AI-generated phishing emails just got much more convincing
BMW updates 90% of EVs sold in the US over power software bug
Modern drivers are lucky
My 1988 Toyota Tercel died every morning while driving. Carburator air/fuel ratio was managed by a computer made of vacuum driven components and an equally crude electronic computer. Working together? No. The vacuum computer's changes corrupted the parameter mapping that the electronic computer learned from prior feedback. That was not so bad as long as the feedback loop was active.
The feedback loop needed a few seconds to work when coming off idle. Any change in conditions caused the car to stall in the middle of intersections, usually when a truck is coming.
A very complex hack was applied by Toyota to give the vacuum computer more gradual, finer grained adjustments. It didn't really work. To top it off, the atmospheric vents for this vast system of vacuum circuits was right next to the crankcase vent - the thing that coughs up a fine mist of oily soot.
Fixing car bugs with a software patch is modern magic.
US schools sue Meta, Google and friends over 'youth mental health crisis'
US pressures Asian allies to join crusade against Chinese chipmakers
Oh, no: The electric cars at CES are getting all emotional
Microsoft said to be thinking of sinking $10m into self-driving truck startup
JP Morgan must face suit from Ray-Ban maker after crooks drained $272m from accounts
Big banks
That's what you get for using a big bank and not having a team of accountants watching it. You have to dispute every fee, protest every change of terms, and NEVER let your account balance decline enough that you become the bank's prey.
I'm sure they can hire a JP Morgan fraud investigator for... it's a lot and it's not targeted towards "smaller" customers. So sorry. Also, the balance went negative after the last fee for not maintaining the minimum balance. Your account is closed and the last 12 outbound checks are being reversed to recover past due fees to the bank.
OneDrive back on its feet, but ongoing Skype credit problem hasn't gone away
It was going into the crapper before that. I tried to make a call from a foreign country because that's exactly what people used Skype for. Skype locked my account "for security" and wouldn't unlock it until I gave them my original credit card number. That was an old card I no longer had. I said if Skype wanted to keep my money so !@#$ safe, they need to close the account and send a check to the address in the account.
I think Microsoft unlocked the account but the Skype client was hopeless at that point.
Citizen Coder? Happiness Concierge? Here come 2023's business cards
Techies try to bypass damaged UPS, send 380V into air traffic system
Re: Critical
There's a big gap between the working voltage and the point where surge suppressors are fully active. 380V into a 220V system is in that gap. Everything should tolerate it just fine for several seconds. Then capacitors pop, MOVs protectors smoke, and the fuses finally trip from something permanently shorting.
600V to 4kV would have been simple blown fuses.
Here in 'Merica, elevated power lines are ordered from lowest voltage on the bottom to highest voltage on top. It makes tree trimming and comms repairs safe. If that top line falls into the lower lines, everything is toast. There will be a plasma fire in a large void where your protection components once lived.
Miniature nuclear reactors could be the answer to sustainable datacenter growth
Southwest Airlines blames IT breakdown for stranding holiday travelers
Stolen info on 400m+ Twitter accounts seemingly up for sale
The hacker's first sales attempt
The sample data provided from the leak is the same junk that every criminal telemarketer on Earth is already sharing from hundreds of other breaches. Most of them are running various web services (form pre-fill, tracker-to-tracker handoff, etc.) that are themselves trivially exploitable. No value.
This twerp is taunting Musk thinking it's going to bring in retirement money. Usually it's best to start small, like selling your used car, to see how the game works.
Too big to live, too loved to die: Big Tech's billion dollar curse of the free
Don't forget Android
Android phones were another Trojan Horse to breach privacy. With regulations getting tighter, it's easy to imagine their value quickly drying up.
It looks like Google is trying desperately squeeze money out of Android by selling Cloud storage. They crippled microSd performance and usability to the point where apps needed to drop out of Play Store. You'll also notice that G-apps phones have declining storage capacity. Models for Google markets are usually 128 or 256 GB maximum with no microSd, regardless of price.
Luckily, there's a way out. Plenty of phones run fine without the G-apps and libraries. I wouldn't mind "Material You" being ripped from the codebase either.
Alphabet reshuffles to meet ChatGPT threat
FCC calls for mega $300 million fine for massive US robocall campaign
Didn't notice
I'm still getting plenty of scam voicemails. I just checked that the SMS phishing gangs with their complex and well established infrastructure on Amazon/Salesforce/HighSpeedWeb/OVH/Cloudflare/Google/Namecheap are doing fine too.
As even the FCC has said, they can invent any fine they like but they have no power to collect the money.
Back to work, Linux admins: You may have a CVSS 10 kernel bug to address
Re: This does not belong in the Kernel
I could see ksmbd being useful for office LANs where fast file access over 10 Gbps Ethernet is needed. Samba usually has odd performance problems that come with being an ancient Apache project. NFS with user-level permissions is something nobody wants to figure out.
As long as ksmbd is opt-in and documented as experimental during development, what's to complain about?
Zerobot malware now shooting for Apache systems
Re: Built-in obsolescence
It's much worse. Several cloud hosting providers are completely OK with persistent botnet infections. DigitalOcean and OVH are not only enormous botnet hosts right now, but they've disconnected their abuse contact so they don't have to hear about it.
How can they do that? Backbones NTT, ReTN, Telia/Twelve99, and Tata don't seem to mind.
The Internet of Sh!t is expanding to include almost everything.
Paperwork decision scraps Google's $600m Minnesota datacenter project
Digital Ocean dumps Mailchimp after attack leaked customer email addresses
"Digital Ocean has vowed to learn from the experience"
It's December 2022 and I'm still waiting for that to happen. DigitalOcean now appears to be the largest botnet host on Earth. They still don't read abuse complaints, don't subscribe to public blacklists, or appear to be doing anything at all except watching their service burn to the ground.
Elon Musk to step down as Twitter CEO: Help us pick his replacement
Carmack quits Meta, brands it inefficient and unprepared for competition
Re: (Senior) Managemant
Career stage matters. At first it's all about creating a career-defining product that's better than anything else out there. As time wears on they want out and have too much stock granted. Fuel the tech debt and burnout the staff. Fire half your team if it will bump up the stock price for a moment or pay for a bonus.
BBC is still struggling with the digital switch, says watchdog
Click here to watch a message saying you can't watch
At least www.bbc.com stopped advertising programs to the world, showing a streaming player, and then telling the world it can't watch. Na na na na...na.
I just tried it now and the US variant of BBC links to BBC local channel guides. Still not helpful. Maybe I should have left a network TV tuner in the hotel on the last visit?
Google debuts OSV-Scanner – a Go tool for finding security holes in open source
I just want to do some pruning
A hassle in the Java world is that some third party library will eventually reference an Apache library for API compatibility. Now 20 years of Internet garbage is going into the build. How many millions of critical vulnerabilities that imported isn't relevant. I want to know the best points to insert a manual dependency exclusion. Doing it manually is trial and error by checking for runtime failures.
NIST says you better dump weak SHA-1 ... by 2030
Trusted for deduplication too
Some will say that the odds of a SHA-1 collision for file deduplication are an impossible 1 in 2^160. On the flip side, math says that if you are hashing files with 100 million bits, there could be up to 2^99999840 collisions. I once saw a colliding cryptographic-strength UUID glitch a financial system. My trust is that large computer systems can brute-force their way through impossible odds.
Ah, I remember the good old days when computers were slow and a "1 in a million" bug was something you had a day or two to fix.
Musk bans private-plane-tracking @Elonjet on Twitter, threatens legal action
Rivian abandons electric van partnership with Mercedes-Benz
Patch Tuesday updates spark errors when creating Hyper-V VMs
AWS strains to make Simple Storage Service not so simple to screw up
Cursed IAM
Bidirectional grants in IAM, assumed roles, inherited roles, instance roles, deployment/tools roles, global bucket rules, and temporary access tokens. Multiply that by a ton of internal operation codes that no longer match APIs. You can see why an outsourcing company with a tight deadline is simply going to flip the switch to make it public.
Between that and needing to use a multi-part API for streaming uploads, I think the word "simple" might be misused.
US Air Force tests its first fully functional hypersonic missile
Researchers smell a cryptomining Chaos RAT targeting Linux systems
Scientists shed light on oddball gamma rays from deep space
Re: Nuff not said
Hopefully it's not a whole lot faster than light at first. You wouldn't want to place a wormhole based on Earth-bound observations that are thousands to billions of years old. At some timescale, predicting where things are in the universe when you arrive is going to be like predicting were clouds will be tomorrow.
San Francisco investigates Hotel Twitter, Musk might pack up and leave
Look like Bane, spend like Batman with Dyson's $949 headphones
Legit Android apps poisoned by sticky 'Zombinder' malware
To hell with Google
Google Play Store prohibits apps from using APIs as a way to manipulate competition. I have apps that need fast microSD access but Google hasn't allowed that in over a year. They require apps to use APIs with severely throttled performance.
Download apps from F-Droid or the developer and they work perfectly.
I honestly don't think Google has a plan. They want to sell cloud services and siphon data but they're dumbing Android down so much that there's no advantage left over iOS. It's like a boring iPhone, but buggier.
Musk's Hotel California erected at Twitter HQ, as some offices converted into bedrooms
Did someone say, "free housing?"
I know a lot of people who'd ditch their $2000-$5000 a month urban living costs for a bedroom in the office. The intersection of hardcore Musk fans, people who can write code, and people who'd live in the office is probably in the tens of thousands. It would be another step towards failure for the business but Musk would have the hardcode fanatics he personally needs.
You get the internet you deserve
There's a local newspaper that still exists. Their website has so many ads and trackers, at least 100 per article, that there's a nearly zero chance of successful rendering without an ad blocker. The site demands money but paying won't turn off their ads and trackers. In fact, you can make the site stop demanding money with an ad blocker because it's an outsourced test running client-side. I could be a nice guy and give them a subscription but their articles aren't any better than Tweets and bots. I just saw their science columnist describe a new energy harvesting system using the mystery unit of "megawatts per day." It was disappointing even after typos in the article's sub-header set expectations.