You're late!
Amelia Pond! You're the little girl!
I'm Amelia, and you're late.
Sunday, December 12
RCE On Mars Edition
Top Story
- A massive vulnerability in a Java logging library widely used in enterprise software caused utter panic at pretty much every major company in the world. One commenter mentioned being in a Slack channel with three thousand other engineers all working frantically to patch systems.
How much was the team of developers working to maintain this library being paid?
If you guessed absolutely nothing you'd be very close. (Christine.website)
This is obviously unsustainable. Trillion-dollar companies depend on this software and don't even think about contributing towards its upkeep.
Open source software is supposed to be open. It's not supposed to be free, because nothing is free. If you're not paying for it up front, you'll be paying for it later on by diverting every engineer in your entire organisation two days while other critical issues go ignored.
- We're from the government. We're here to help. (CISA)
The statement from CISA Director Jen Easterly on the Log4j vulnerability readsblah blah blah blah blah you should probably patch that blah blah blah.
Thanks Jen.
The director of the US Cybersecurity and Infrastructure Security Agency has an MA in politics, philosophy, and economics from Oxford, which qualifies her for the job almost as much as you might think.
Tech News
- What went wrong?
Some idiots demanded that a logging library perform magic for them. (Crawshaw)
And once the magic was put in place, it couldn't be removed because that would break critical software.
And there wasn't anyone to take the necessary time to push back, deprecate the feature, and eventually remove it, because they weren't getting paid.
- Cloudflare reports on the vulnerability and their response. (Cloudflare)
One important point is that they firewall all their servers for both inbound and outbound access. If a server gets compromised but is blocked by default from accessing anything else, the damage is contained.
With this particular exploit the payload was installed by dialling out to a malicious server, and if that connection was blocked, nothing happened. The server got handed a bottle of poison pills but couldn't get the damn child-proof cap off.
- Future AMD GPUs could use stacked dies for cache memory and AI accelerators. (WCCFTech)
Maybe not the 2022 lineup, but this is likely to happen soon, for reasons.
- The reasons being that Moore's Law is ending - again - in 2028. (LessWrong)
At the 1.5nm node (which doesn't measure 1.5nm in any dimension but never mind that) planar scaling will likely stop.
What will happen instead - and the linked article goes into all the details you could possibly want - is that chips will go 3D. Flash storage already has, and it was a revolution. Cell phone chips stack storage and memory on top of the CPU. AMD is stacking cache on top of server CPUs, and Intel is wedging stacks of RAM into their supercomputer CPUs.
One of the side effects of this is that chips will get cheaper. Fabs - chip factories - are massively expensive, and only remain at the leading edge of technology for a couple of years. If they lasted for twenty years instead of two - and the machines to make the machines for the fabs also lasted twenty years instead of two - prices would come down drastically.
- I want to see default RED. (Reddit)
While Amazon's systems were down all over the place - not just at US-East-1 but where the one critical Amazon-based service I look after runs in US-West-2 - their public monitoring systems were reporting everything was fine because the outage prevented the monitoring page from updating.
Monitoring systems should autonomously go red if they can't update.
- Intel's new X710-T4L is a massive upgrade. (Serve the Home)
It's a quad 10Gbase-T card that uses a maximum of 14.2W with all ports running at full speed. The previous model peaked at 28.9W.
In fact, this model running at 10Gb uses less power than the previous model running at 1Gb. That's a huge improvement because a core delaying factor in the rollout of 10Gb Ethernet has been the power requirements for running it over cheap twisted-pair cable. (It uses less power over specialised cables or fiber, but the pricing is absurd.)
The new version of the card is also $100 cheaper than the old one at $500.
It's also out of stock everywhere because everything is.
- Except the QSW-M2108-2C which does seem to be available albeit in short supply. (QNAP)
I wanted a 2.5Gb / 10Gb managed switch for my lab buildout, but had planned to settle for an unmanaged model because I could find one that wasn't insanely expensive. This is just what I wanted - 8 x 2.5Gb ports, 2 x 10Gb ports with both RJ45 and SFP+ connectors, and fairly solid management features including link aggregation and VLANs.
Part of the function of the software lab I'm building is to simulate real-world faults, and being able to mess with the network under software control is a key part of that.
They also have a 16-port model, but that's more than I need, twice as expensive, and out of stock.
- Managed 1Gb switches are a dime a dozen. Well, not quite, but you can get them starting at around $35, a tenth the price of the cheapest managed 2.5Gb switches.
- A new FDA-approved eye drop causes red eyes and headaches. (CBS News)
Well, what the hell does it treat then?
It treats reading glasses.
If you're between 40 and 65 years old and need reading glasses (but not specifically prescription glasses) these eye drops can alleviate that need for six to ten hours.
Since I do need prescription glasses (I have three pairs for distance, computers, and reading, plus a couple of spares) these won't do anything for me, but if you just need plain cheap reading glasses they could do the trick.
- Apple found a benchmark where the 2021 M1 Max MacBook Pro is faster than the 2019 Intel Mac. (WCCFTech)
Linus Tech Tips tested the M1 Max and found that while it did excel on one test, most of the time it was slower than an Intel-based notebook with an RTX 3050 - at about one third the price.
That might change as they improve the drivers and software optimisation but right now it's a very expensive toy.
I'll likely be getting a MacBook Air or an iMac to do Mac and iOS software testing for work, but I'll be getting the cheapest model I can get away with.
Party Like It's 1979 Video of the Day
Posted by: Pixy Misa at
05:27 PM
| Comments (6)
| Add Comment
| Trackbacks (Suck)
Post contains 1109 words, total size 9 kb.
Saturday, December 11
Jelly Bean Event Horizon Edition
Top Story
- Hackers breached the payroll system for the South Australian government and got all of everyone's data. (Bleeping Computer)
Name, date of birth, tax file number, address, bank account details, employment, payment and tax data, everything, for up to 80,000 people."Having the bank account details doesn't give you access to the bank account, but it's the first step in trying to crack a code in terms of passwords."
In theory, sure. In practice, not so much. One YouTuber - I don't remember who it was - showed his bank account details on screen because you need the password to actually do anything.
His account got cleaned out.
The breach was at a commercial payroll provider, not the government itself, which means that the other 1700 organisations using the same payroll provider suddenly have a major headache.
- A security breach at Volvo resulted in the loss of their R&D data. (Bleeping Computer)
It's boxy, but good.
- Hackers also hit multiple government systems in Brazil, including those tracking vaccination programs. (Reuters)
The systems are currently offline, and it's not clear yet how extensive the breach was, or whether any data was stolen or deleted.
Tech News
- I've been looking for some compact shelves for my new lab, which is made up of laptops and possibly some NUCs but probably not (see below). I haven't been able to find quite what I want: Bookshelves are too bulky and most desk storage systems are for paper and will fit a 14" laptop but not a 16" one.
Browsing around storage on Amazon I saw something that looked like what I needed and was cheap and shipped free in 48 hours, so I clicked through to it and then realised what it actually was: A shoe rack.
Well, fine. By Monday I'll have storage for 40 pairs of shoes or four laptops and the associated power supplies, external drives, switches, routers, USB hubs, audio mixers, speakers, and so on, whichever comes first.
And, uh, another six bags of gluten free jelly beans, because I forgot I had those in my cart. They have a shelf life of a year; there's no way they won't get eaten.
- Intel just EOLed Panther Canyon. (Tom's Hardware)
Panther Canyon is the regular range of Tiger Lake NUCs. Tiger Lake is Intel's 1th generation, and there aren't any low power 12th generation chips yet, so that's the entire current lineup.
I was originally looking to get three of the slim-line i5 NUCs, but then those disappeared. Now the entire lineup has been cancelled.
Asus makes an alternative with AMD CPUs, but I expect that will become hard to find once retail stock of the Intel model sells out. So I'm looking at getting a third Inspiron 16 Plus. It's twice as fast as the Intel NUC - eight cores rather than four - but since it also comes with an RTX 3060 and a 16" 3k screen it's more than twice as expensive.
- What happened at AWS US-East-1. (Amazon)
The control network used behind the scenes to manage all the other AWS services got overloaded. Since the control network is used to manage the control network, that not only caused problems all over the place, it prevented engineers immediately fixing the problem.
They had to find a way to redirect some of the traffic when the usual mechanisms for redirecting traffic weren't working, so that they could redirect more of the traffic using the usual mechanisms, so that they could fix the management network, so that they could fix AWS itself.
That's why it took six hours. There's a button to fix all this, but the button broke.
- Imagor is an image processing server written in Go. (GitHub)
I've written these things half a dozen times at this point, but it's nice to have one that I can just take off the shelf and deploy.
It takes an image from somewhere (not sure yet if it only reads from upstream HTTP servers or can also read from the filesystem), and can resize, reformat, crop, rotate, blur, sharpen, adjust hue, brightness, and contrast, and overlay other images.
The system we built at my day job does even more - it has its own scripting language to run arbitrary sequences of operations over tens of thousands of files - but for many applications Imagor will provide everything you need.
- An unfortunate alignment of bugs in Android and Microsoft Teams meant one user couldn't dial 911. (Medium)
They were calling on behalf of their grandmother and the grandmother had a landline phone so immediate crisis averted, but there's a fundamental problem with burying a very simple function in a ever-growing nightmare of complexity.
- An exploit of the Log4j Java library is an enterprise nightmare. (Bleeping Computer)
The library is developed by Apache an used by many Java-based Apache applications like Struts2, Solr, Druid, Flink - yes, these are all real - none of which I use, though Solr is interesting. They are commonly used by small companies like Apple, Amazon, Cloudflare, Twitter, and Steam, so there are many, many sysadmins having a bad day yet again, because the bug is being actively exploited right now.
- And Minecraft. (Bleeping Computer)
If you run a public Minecraft server, update it right now. The Java edition of the Minecraft client has also been updated but it's not clear if it's directly vulnerable.
- Elasticsearch, for once, is not vulnerable. (Elastic)
They use the Java Security Manager which prevents this attack.
- Here's the Apache announcement of the vulnerability. (Apache)
Note that I do not refer to this a bug. It's not a bug. It's a feature. The Apache Log4j library is DESIGNED to allow the execution of arbitrary code.
Good work there, guys. Top notch.
- A new bill in the US Senate would force social networks to open their data to researchers. (The Verge)
Whereupon it would get hacked, but that's not the key point here.
The key point is the penalty involved: If networks fail to provide this access, the bill would revoke their CDMA 230 protections.
And once the idea is out there that those protections are contingent rather than fundamental, all the social networks are screwed. I don't think the Democrats understand what they are doing; the social networks are their best - possibly their only - friends, but the they treat them as enemies.
Party Like It's 1979 Video of the Day
Disclaimer: This is the point known as the shoe event horizon. The whole economy overbalances. Shoe shops outnumber every other kind of shop, and it becomes economically impossible to build anything other than shoe shops. Every shop in the world ends up a shoe shop full of shoes no one can wear, resulting in famine, collapse and ruin. Any survivors eventually evolve into birds and never put their feet on the ground again.
Posted by: Pixy Misa at
04:44 PM
| Comments (4)
| Add Comment
| Trackbacks (Suck)
Post contains 1152 words, total size 10 kb.
Friday, December 10
The Best Defence Is A Tactical Superluminal Neutron Star Edition
Top Story
- Dell has a new range of XPS desktop systems, using DDR5. For some reason. You can't buy DDR5 RAM anywhere, but you can configure a system on Dell's website with up to 128GB for an extra $1300. And it doesn't change the delivery date, which is this time next month. Whether that's realistic or not is an open question, but my latest Dell order left the factory a day ahead of schedule, so they seem to have some idea of the extent of the delays in their pipeline.
But there's the question of how much faster memory actually helps and the answer is not much. (Tom's Hardware)
On a range of synthetic and real-world benchmarks, upgrading from DDR4-2666 to DDR4-4600 improved performance by about 5%.
-
Gluten free nuggies and Special K are out of stock again. But I do have eight pounds of gluten free jelly beans and jelly babies, since that order arrived unimpeded, along with that little mixer I mentioned and some audio cables for it.
What hasn't arrived yet is my new keyboard, and the . key on the current one just required percussive maintenance again.
Tech News
- AMD just released an update to their Linux drivers for Radeon 9500, 9700, and 9800 cards. (Phoronix)
Which came out in 2002.
- Speaking of Linux and AMD, the company just confirmed that their 4th generation "Genoa" server CPUs will support 12 channel DDR5 RAM. (Tom's Hardware)
Not by press release. It's in their Linux kernel patches, the number one source for confirmed leaks these days.
- Australia's stupid federal government is debating new regulations for stupid social networks. (ZDNet)
The article makes my head hurt. Everyone involved is both lying and stupid.
- Now they know how many holes it takes to fill the Albert Hall. (Quanta)
The first major advance on the Arnold conjecture took place decades later, in the 1980s, when a young mathematician named Andreas Floer developed a radical new way of counting holes. Floer’s theory quickly became one of the central tools in symplectic geometry. Yet even as mathematicians used Floer’s ideas, they imagined it should be possible to transcend his theory itself — to develop other theories in light of the new perspective that Floer opened up.
Nope, no idea.
Party Like It's 1979 Video of the Day
Party Like It's 1988 Video of the Day
I looked up the Art of Noise's Dragnet on YouTube and got something that I'd seen before but not what I wanted. So the one from my CD must be a different mix.
I found a different mix. Not it.
I found a different mix. Also not it.
I found a different mix. Video is not available in your location.
I found a different mix. Thank God it's Friday.
Posted by: Pixy Misa at
05:52 PM
| Comments (2)
| Add Comment
| Trackbacks (Suck)
Post contains 497 words, total size 4 kb.
Thursday, December 09
Hunting Pokemon To Extinction Edition
Top Story
- Welcome to my world: Everyone is burned out. That's becoming a security nightmare. (ZDNet)
I started working from home back in 2010, when long hours and frequent illness made it impossible for me to keep up with the demands of my job if I had to commute every day. (Later that year I was diagnosed with celiac disease and the illness mostly went away, to be replaced with being very annoying in restaurants.)
Anyway, the first thing that happens when you start working from home is that you don't have to go in to the office.
The second thing that happens is that you realise you can now never leave the office.The research suggests that 84% of security professionals are feeling burned out, compared with 80% of other workers.
That's not a big difference, but if only one in six IT security specialists are actually functional - less than that, because a lot of the ones who aren't burned out will be idiots - we're basically doomed.
All of us, not just QNAP and Ubiquiti.
Tech News
- Chinese companies are recycling old laptop and server CPUs as gaming systems. (Tom's Hardware)
The example shown is a 16 core AMD Opteron. AMD's current 16 core systems are great. This one is not current, though; it's from 2010, and its single-core performance is worse than a cheap Atom-based laptop, despite using 20 times the power.
- Speaking of AMD server CPUs, there are new benchmarks of the new Milan-X chips, (WCCFTecj)
It is, um, slightly slower in these tests than regular Milan.
The only difference here is that the X parts have three times as much cache, so the performance gain will be very much application-dependent, but it shouldn't make them slower.
- Details of Intel's new laptop chips continue to trickle out. (WCCFTech)
A maximum of 6 full-sized cores, down from 8 in the previous generation, plus up to 8 low-power cores. Overall they will be faster in most tasks, but I'm avoiding these for a while because I'm worried about how well the operating systems will handle the different core speeds.
That was the issue that broke DRM on more than 50 games, and I don't think that's all it broke. Certainly not eager to combine Intel's new CPUs with Microsoft's new Windows. I'll let millions of other people do that.
Meanwhile, my second Inspiron 16 Plus has shipped from the factory and is due to arrive before Christmas. They might need to deliver by submarine though.
- Writing a simple VM in less than 125 lines of C. (Andre Inc)
Every serious programmer should write a virtual machine, and a simple compiler for it.
- Russia is busy banning TOR. (Bleeping Computer)
- Which is weird because I was under the impression that they were busy hacking it. (Gizmodo)
Pick one, guys, and stick with it.
- Upgraded to Windows 11 already? Disk running up to seven times slower? There's a fix on the way, at some point, probably. (The Register)
Microsoft got back to us to say that a fix for this issue is in a preview build of Windows 11 issued on November 22nd.
NTFS USN journal? I didn't enable that.
This preview includes a fix which states: "Addresses an issue that affects the performance of all disks (NVMe, SSD, hardisk) on Windows 11 by performing unnecessary actions each time a write operation occurs. This issue occurs only when the NTFS USN journal is enabled.Note, the USN journal is always enabled on the C: disk.
Gee, thanks.
Party Like it's 1979 Video of the Day
Disclaimer: What is the point of black jelly beans? Bane of my existence.
Posted by: Pixy Misa at
05:49 PM
| Comments (4)
| Add Comment
| Trackbacks (Suck)
Post contains 614 words, total size 5 kb.
Wednesday, December 08
So That Happened Edition
Top Story
- Twitter has bought chat platform Quill. (Quill)
If you use Quill, you have three days to download your history before they turn the servers off. I'm not being snarky, they are literally doing that.Can I export my team’s Direct Messages (DMs)?
Well, thanks.No, we do not allow the export of Direct Messages.
If I don’t export, will you delete my data?
Yes. On
1pm PST, Saturday, December 11th 2021
we will delete all user data, whether or not you’ve exported it.
- So, that happened.
Tech News
- Amazon's US-East-1 datacenter suffered increased error rates today. (CRN)
This is in the same sense as "Jeffrey Epstein didn't increase his own error rates". AWS US-East-1 burned down, fell over, and sank into the swamp.
With it went a few little sites like Netflix and Disney+ and, oh, Amazon itself. Tens of thousands of Adele fans waiting in virtual line for pre-release tickets were not impressed when the whole thing was rescheduled, and they weren't notified by email because email services relying on AWS were also down. (Fortune)
Coinbase, Binance, dYdX (which is a cool name for a derivatives trading platform I must admit) and blockchain gateway Infura all suffered outages, which makes you wonder just how decentralized this decentralized finance thingy really is. (Be In Crypto)
Alexa wouldn't talk to you, Kindles couldn't kindle, Roombas couldn't roomb, and Ring video doorbells couldn't burn down your house. (The Verge)
Within Amazon, not a creature was stirring, not even a wireless mouse. (Business Insider)
AWS is not just a product, it's Amazon's own computer system. With that down, the storefront went down, and all the inventory and logistics services went with it. Delivery drivers were paid and sent home because there was nothing they could do - there's no paper trail for this, not at Amazon's scale.
Instacart, Venmo, CashApp, Roku, McDonald's app and automated kiosks, Tinder, and Delta Air Lines all went off the air. (USA Today)
We only have one direct AWS dependency at work, and that's at US-West-2 a thousand miles away, but it went down for six hours anyway.
We have quite a few indirect dependencies, though, so my day was spent cleaning up after all of those services failed.
There is no cloud, there's just someone else's computer, and it's down.
- Oh, QNAP. Not again. (Tom's Hardware)
Do not under any circumstances attach your network-attached storage to a network.
- Western Digital's Blue SN570 is pretty good and pretty cheap. (Tom's Hardware)
It's a DRAMless TLC drive, which is a viable option if you're on a budget and not running Oracle databases. But if you look around you'll likely find the Samsung 970 EVO for only about 10% more, and it's worth the 10%.
- Leaked benchmarks of AMD's new laptop chips puts the graphics performance just short of a GTX 1650. (WCCFTech)
Which is to day, pretty darn good for integrated graphics, more than double the performance of the current generation.
- Notepad now has a dark mode. (Thurrott.com)
Its mother insists it's just a phase.
- DARPA-funded researchers did not accidentally create the world's first warp bubble. (The Debrief)
The article is horseshit."To be clear, our finding is not a warp bubble analog, it is a real, albeit humble and tiny, warp bubble,†White toldThe Debrief, quickly dispensing with the notion that this is anything other than the creation of an actual, real-world warp bubble. "Hence the significance.â€
Yeah. Funnily enough, the actual published research paper - of which White himself is the lead author - says nothing of the sort. It's full of words like "intriguing" and "correlation" and starkly short on "actual real-world warp bubbles".
Party Like It's 1979 Video of the Day
Posted by: Pixy Misa at
05:51 PM
| Comments (8)
| Add Comment
| Trackbacks (Suck)
Post contains 654 words, total size 7 kb.
Woke up to customer panic and my keyboard not working.
The first was due to AWS which is really good because we have a nice big target to blame and we have already advised that customer that work is under way to decouple our system from AWS. (We're not using AWS for core services, but we rely on other companies that do, so this is kind of complicated.)
Now I get to spend the rest of the day cleaning up the mess. Though after a couple of incidents where AWS was having trouble but we had to report to our customers that no, we had a bug in our platform, it sure is nice to be able to drop all the blame on someone else for a day.
The second problem was that the . key on my keyboard wasn't working. I fixed the immediate problem via percussive maintenance, but this particular keyboard isn't made any more.
I found a retailer here in Australia that still had three gathering dust in their warehouse and ordered two of them. This one has already lasted four years and a couple of drink spills so I'm hoping by the time both of those wear out someone will be making something that I like again.
Posted by: Pixy Misa at
08:22 AM
| No Comments
| Add Comment
| Trackbacks (Suck)
Post contains 274 words, total size 2 kb.
Tuesday, December 07
Control Surface Edition
Top Story
- With the new software lab buildout I'm going to end up with eight computers on my desk - half laptops and half NUCs, so they don't take up much room. And it's a big desk. Huge actually, it's made from the oak floorboards of an old wool warehouse and weighs about three thousand pounds.
Anyway, with three or possibly four monitors each with four inputs, there'll be no problem plugging everything in to a display. But then there's sound. What I want is all of those systems wired up to a single good speaker system, so it doesn't matter what the sound source is, it comes through loud and clear.
I could use a Behringer mixer; they're easy to find and reasonably priced. But they are mono, and designed for XLR or at best 1/4" phone jacks, so for each 1/8" stereo input I'd need a cable to convert to it two 1/4" mono plugs, which again, easy to get, but having eight of those plugged into a 16 channel mixer seems like overkill.
If only there were something small, cheap, and purposed-designed to take five 1/8" stereo inputs, provide suitable fader, gain, and balance controls, and deliver three 1/8" outputs at line, speaker, and headphone levels respectively and maybe - stop me if I'm dreaming - have a special cable to loop multiple units together like the Maker Hart Loop Mixer (Amazon) oh wait that's just what I need hang on (clicking noises) right that should arrive next week.
- Included in my lab shopping list is regrettably a MacBook Air because I will need to test some things on a Mac. Plan is - with all four notebooks - that they will sit on a shelf while plugged in to two 27" monitors each, and rarely actually move. They're laptops in potentia.
That's fine with Windows. Do it all the time. Scaling support isn't perfect but it works.
On an M1 Mac though if you venture outside standard 4k resolution the results are likely to be poop which is odd because Apple doesn't make a computer with a 4k screen. (The Register)
MacBook Air is 2560x1600; MacBook Pro 14" and 16" are 3024x1964 and 3456x2234 respectively; the 24" iMac is 4480x2420 and the 27" 5120x2880; and the Pro Display You Can't Afford It Edition is 6016x3384.
So it's kind of curious why M1 Macs only give reliable results on third-party monitors if they run natively at 4k.
But credit to Apple for creating new opportunities for independent software developers fixing their shitty operating system.
- The jelly beans arrived too. Amazon still won't let me order more, even though they're in stock.
Were they really worth the wait?
...
Yeah, actually. These are pretty good.
Tech News
- Imagination has announced its Catapult range of RISC-V cores. (AnandTech)
Are they any good?
No.
- AMD is following up its weird 4700S desktop kit thing with the new 4800S. (Tom's Hardware)
These use recycled PlayStation 5 chips, which are AMD CPUs with AMD graphics built in. If the graphics component doesn't work - there's some built in redundancy, but if there are too many microscopic defects on that particular sliver of silicon - Sony can't use it, but it is still a perfectly functional 8 core CPU.
The 4700S gave these damaged chips new purpose in life. Unfortunately it kind of sucked. The integrated graphics were disabled, and it only had a PCIe 2.0 x4 interface for a graphics card, which severely restricted performance. This new board upgrades that to PCIe 4.0 x4, which is four times as fast and faster than the interface on external Thunderbolt graphics cards.
Still seems slightly pointless but we'll see how it goes when it arrives.
- AMD, Intel, and Nvidia will be giving their CES keynotes on January 4. (WCCFTech)
I expect my brand new laptops to be immediately obsoleted. Hell, one of them was dropped from Dell's product line the day it arrived.
But I wanted that specific configuration; having see the leaks of Intel's new laptop CPUs I don't think they're going to work better for my use case, which as I said is more of a shelftop.
- Fastly (a CDN) says Cloudflare (another CDN) is lying about its relative performance in edge computing. (Fastly)
Some of their points are quibbles, but some of them seem valid, like the fact that Cloudflare compared their own platform against a beta product using a free trial and a compute workload that involved no computation.
- YouTube's ContentID system has an abuse rate 40 times higher than other copyright claim mechanisms, according to a study performed by, uh, YouTube. (ZDNet)
So, YouTube, maybe you could, I don't know, stop doing that?
- The Australian federal government is building a "data tool" for tracking labour market needs. (ZDNet)
By which they mean job roles going unfilled because there ain't no-one to fill them.The demand for digital skills is widespread, but computing skills are what will become a major need, according to the government.
Thank you and welcome to 1968.
-
Decentralised finance platform Badger lost $120 million. (ZDNet)
Oops.
I mean, thanks for so thoroughly validating my concerns with smart contracts, but you can stop now.
- Nuh-uh says MongoDB. (The Register)
Amazon has a MongoDB-compatible database called DocumentDB. Rather than taking the sane approach and building on the last open-source release of MongoDB, they added an interface layer to PostgreSQL which, um, should at least be entertaining."It is not MongoDB compatible," Porter said. "That is an untruth… it is 34 per cent compatible, through our tests. Most importantly, for our users and our customers, it is not compatible in all the ways that make MongoDB magical.
On the other hand, it doesn't create duplicate keys in unique indexes and irrecoverably lose your data the way MongoDB releases 5.0.0, 5.0.1, and 5.0.2 all did."There's no aggregation, there's no change streams, there's not as many languages; it is a 'Frankenbase', there is no other word for it.
Hold Me Closer Tiny Mixer Video of the Day
That's the mixer I just ordered. Apparently it's halfway decent, which is all I ask. If I end up doing audio engineering that isn't 100% digital I'll buy something else.
Party Like It's 1979 Video of the Day
Disclaimer: Oi, the name's Sharon ya berk.
Posted by: Pixy Misa at
06:29 PM
| Comments (2)
| Add Comment
| Trackbacks (Suck)
Post contains 1066 words, total size 9 kb.
Monday, December 06
Hark The Herald Tribune Sings Edition
Top Story
- Tech companies should pay their engineers more. (Medium)
Yes.
...
After a few lean years the small company where I work found itself in the right place at the right time and customers have been pounding on the doors and shoving money through the mailbox. Which resulted in some crazy work hours but also a couple of substantial pay rises, which you might have noted when I went from discussing the latest new laptops to discussing the latest new laptops which I have personally bought. (Actually not that exciting because they're all Dell.)
It's a good analysis. Finding or training the right people for high-level engineering roles is hard and expensive. Losing good people is even more expensive. Paying your best staff more doesn't solve all the problems, but it's simple, obvious, and works better than not doing so.
Tech News
- Control your NPM dependencies. (Medium)
Rule One of NPM Dependency Club is Don't use NPM.
NPM is a shitstorm in a dumpster fire in a toxic waste factory that is also on fire.
PHP is justly criticised, but the entire programming language with all its built-in functionality uses just 79 external libraries.
Creating a single, empty React app using NPM installs close to 2000.is-even has 160k weekly downloads and itself depends on is-odd, which has 430k weekly downloads. Both of these packages are single line functions. At one point, babel was using the is-odd package.
Don't use NPM. Don't let anyone else use it. Don't use software that uses it. If you see it installed on a server, shut that server down, set it on fire, and sow the rack with salt so that nothing can be provisioned there ever again.
- Don't share NFTs on the blockchain. Share function pointers. (Stephen Diehl)
No on second thought, let's not go to the blockchain. It is a silly place.
- You wouldn't download a Mac would you? (Tom's Hardware)
If you're planning to download a Mac, the article recommends downloading it with Catalina, since that's the most compatible with the emulator.
- How to opt out of sharing your WhatsApp data with Facebook. (WhatsApp)
Oh.
- Hackers are sending phishing emails to Twitter bluechecks telling them to log in and update their accounts or risk losing their sacred azure splots. (Bleeping Computer)
Which is not at all believable because why would Twitter go around removing the blue splots from accounts they had already-
Play stupid games, get stupid prizes taken away.
- May the fleas of a thousand camels infest your armpits. (ZDNet)
Voting in Australia is compulsory.
New South Wales (where I live) instituted optional on-line voting for local council elections that everyone ignores anyway.
It didn't work.However NSWEC said any eligible voter who "applied to use iVote" but was unable to cast their ballot would be excused from paying the AU$55 penalty.
So generous. You stole my vote - well, not mine, because I'm not going to use an i-anything - and now in your glorious munificence you will excuse me from paying for your failure? And that's the least of it:"Every serious investigation of iVote found serious problems," Teague tweeted on Saturday. That even includes a review [PDF] commissioned by NSWEC itself as recently as July.
Experts are not impressed:
"What happened today should surprise nobody," Teague said.
"[NSWEC] apologises to voters not able to vote as a result of the outage; no apology to candidates who may or may not have failed to get elected as a consequence of their supporters being excluded."Justin Warren, chief analyst at PivotNine, continues to be amused by this resistance -- not only in electoral matters but right across government.
Sometimes when dealing with government the best you can hope for is that they will occupy themselves shoving beans up their nose, because they could very easily be shoving something else up somewhere else."We keep trying to help governments to be good at computers, but they are remarkably resistant to being helped," Warren told ZDNet.
"One thing I've learned from consulting is that sometimes people insist on shoving beans up their nose and there's nothing you can do to stop them. You have to wait patiently until they ask for help getting them out."
-
Apple's solution to developers being able to move payments off-platform appears to involve a combination of extortion and burglary. (9to5Mac)
Tim Apple appears to have grown bored with antitrust suits and is now inviting RICO charges.
Party Like It's Hololololive Video of the Day
I didn't know Fifth Gen - all of Fifth Gen - had done this song. EN, your time is now.
Party Like It's 1979 Video of the Day
I'm not used to Chris Rea looking that young.
That's more like it.
Disclaimer: Not that there's anything wrong with - get off my lawn, Chris!
Posted by: Pixy Misa at
06:24 PM
| Comments (6)
| Add Comment
| Trackbacks (Suck)
Post contains 807 words, total size 7 kb.
Sunday, December 05
Notched Quanta Edition
Top Story
- "I'm going to need your smallest violin."
"This is the Stradicaster 50000. Each one is hand-crafted by an ancient order of Bolivian nuns from a single neutrino. Only three of its kind exist, and nobody knows where the other two are. The price is-"
"I'll take it."
Right-wing activists are openly 'weaponizing' Twitter's new private media policy. (CNN Business)
You'd have to have a heart of basalt not to collapse in a fit of giggles. Twitter's latest attempt to curtail unapproved speech has backfired because it turns out - as everybody except apparently the room-temperature IQ goldfish running Twitter immediately realised - that the new policy banning the sharing of photos, even those taken at public events, without the explicit consent of everyone depicted therein directly targets the most popular pastime of Twitter's own core audience of rabid Maoist lunatics, which is to say, doxxing and destroying the lives of everyone with whom they disagree.
Twitter thought they were targeting conservative pushback against violent left-wing nutcases, but what the rule actually says is that nobody can post photos of people without their consent.
So everyone to the right of Kropotkin has started reporting the offenders en masse and they're getting them banned.In January, Samuel Braslow was covering an anti-mask protest at a Los Angeles mall for the Beverly Hills Courier, the 56-year-old local newspaper where he is a staff reporter. During the public event, Braslow tweeted a video of a standoff between anti-maskers and a mall official — a common practice in the age of digital reporting.
Ahahahahahaha.
Braslow couldn't have known that, this week, someone would file a report about that same photojournalism and cause Twitter to lock down his account. The complaint led to Braslow being unable to tweet until he either successfully appealed the report or deleted the old tweets. He was stuck."The videos in [my] post clearly represent newsworthy content, as they subsequently were picked up for broadcast by multiple affiliate stations and national outlets," said Braslow, who has previously appeared on CNN discussing his coverage of anti-vaccine rallies.
Let me see where Twitter's policy has an exemption for newsworthiness....
Oh wait, it doesn't, because the entire point of this policy is to shut down free speech.The rapidly unfolding campaign highlights how a tool intended to help protect vulnerable individuals has quickly evolved to help shield others from the scrutiny that might stem from their public actions.
Funny how nobody predicted that this is exactly what would happen. Oh wait."It's really important to view the current mass-reporting actions by the far right as just the latest salvo in an ongoing, concerted effort to memory-hole evidence of their crimes," said Chad Loder, an anti-fascist activist* who said they use their Twitter account to document examples of far-right extremism and police misconduct.
Translator's note: "Anti-fascist activist" means fascist.On Thursday, Loder said they were trapped in an "endless cycle" of reports, account locks and appeals as one of their tweets was reported under the policy, restored by Twitter following an appeal, and then reported again on the same day, resulting in another temporary suspension linked to the same tweet.
I am so upset by this that I have the hiccups.The speed, scale and enthusiasm with which some groups have invoked the policy — along with numerous enforcement errors — have prompted some experts to conclude that Twitter's policy is backfiring.
Where would we be without experts?
Probably Alpha Centauri.
Even that idiot Popehat is weighing in:It's impossible they didn't know this would happen, and it's inexplicable they didn't plan for it.
No, Ken, that's easy to explain. They're morons.
Tech News
- Apple's M1 Max CPU has a secret interconnect bus. (Tom's Hardware)
And when I say secret, not only did Apple fail to mention it, they edited the published die photos to hide it.
Not until someone sacrificed an expensive MacBook Pro and took their own die photos was this discovered.
There are rumours that Apple is working on 20 core and 40 core Arm CPUs to replace Intel in their high-end systems, and now we know exactly how they plan to do that. The M1 Max is a 10 core chip, so two or four of those connected together will produce the rumoured high-end parts.
AMD has been doing this for years - the 32 core Epyc server processors released in 2017 were simply four 8 core desktop chips wired together using the built-in interconnect.
AMD has also done the secret feature trick more recently - apparently all Zen 3 chips shipped in the past year have the circuitry needed for the expanded cache in the recently announced high-end Milan-X server chips.
It costs a lot of money to design a new chip and prepare it for production, so if you can bundle in a feature that you're not going to need for a year without delaying anything else, that can make commercial sense.
It's likely that the interconnect, while present, isn't 100% functional yet, and there will be either a respin or a whole new version before the high-end multi-die processors can ship. But in the meantime Apple has an unlimited supply of test units.
- ActiLizzard management are not nice people. (WCCFTech)
"I am shocked, shocked, to find bad behaviour going on in the gaming industry."
"Your underaged Belorussian sex slave sir."
"Oh, thank you very much."
- Windows 11 now lets you set a default browser. (Bleeping Computer)
In earlier releases you had to track down at least four separate settings."Through the Windows Insider Program you will continue to see us try new things based on customer feedback and testing. Most of them will be complete shit because ninety percent of our UX team is on meth, but what are you gonna do? No, seriously, what are we gonna do? These idiots are killing me."
- A hermaphroditic cannibal has washed up dead on a beach near San Diego. (MSN)
Hrm.
Oh, fish. A hermaphroditic cannibal fish has washed up dead on a beach near San Diego.
That's normal.
- Python library of the day is LocalStack, which provides a local test version of AWS. (GitHub)
Without the Amazon part. Install it on your own hardware or hosted server and spin up whichever services you need.
The free version doesn't support every single AWS feature, but it goes a long way:
- ACM
- API Gateway
- CloudFormation
- CloudWatch
- CloudWatch Logs
- DynamoDB
- DynamoDB Streams
- EC2
- Elasticsearch Service
- EventBridge (CloudWatch Events)
- Firehose
- IAM
- Kinesis
- KMS
- Lambda
- Redshift
- Route53
- S3
- SecretsManager
- SES
- SNS
- SQS
- SSM
- StepFunctions
- STS
There's a paid version for €20 per month per developer that has even more features, but that's kind of a problem. What happens to the software running on my own server if I stop paying the monthly license fee?
The answer seems to be, don't do that. Inviting as it might be, this is for testing not for persistent data. Even the paid version has only a very basic persistence mechanism. The free version uses a replay log to restore the state - if you reboot it starts with a blank slate and just runs every API call you've send since you last explicitly reset the data.
What If Everything Were Spiders?
No people. No language. No war. Only spiders.
We communicate through sensation alone, touch, smell, taste. Feeling with our eight long legs. Beady black eyes look out, only to see a swarm of our brothers and sisters. They look back. We click. We scamper.
No air. No sea. No land. Only spiders.
We crawl over the bodies of one another. Suffocate against one another. A dark, writhing mass. We eat one another for sustenance. We lay our eggs in the carcasses of the deceased. Life and death cycle as it can, the living spring from the dead to have their turn. We breed. We rot.
No heat. No time. No space. Only spiders.
Were a wayward, miraculous human scientist to somehow observe us, it could be speculated that our atoms and molecules resemble the mass of our whole selves. Were a wayward, miraculous human scientist to somehow speculate on our universe, the shape of it could be thought to have a large abdomen, and eight scampering legs. We are, everything is spiders.
A Long Walk Down a Windy Beach Video of the Day
Old and Busted / New Hotness Video of the Day
She has a point.
Party Like It's 1979 Video of the Day
I think this is the stage of the party where it's getting late and the couples are slow dancing and I'm in the corner talking to the cat.
Disclaimer: You're the only intelligent person here, Miss Fluffyboots.
Posted by: Pixy Misa at
03:02 PM
| Comments (17)
| Add Comment
| Trackbacks (Suck)
Post contains 1440 words, total size 12 kb.
Saturday, December 04
Aargh Edition
Top Story
- This server is beginning to annoy me. I disabled the audible monitoring alert while I was fixing it from the last crash and forgot to turn it back on, so all I got this time was an email, which is not always sufficient to wake me up despite my hypertrophied site outage senses honed to a microtome edge by nearly two decades of pain.
Server move imminent. Got three weeks off starting the 18th. I know I'm going the get interrupted by work stuff and three weeks will turn into two, but that's better than my usual Christmas break which is one week turning into zero.
- I found another source for the perennially out of stock gluten free jelly beans I'm currently waiting on from Amazon. They're a little more expensive, but only by about 10% if you buy in bulk, and you can buy in bulk, which Amazon won't let me. They also have jelly babies from the same brand, which I didn't know were sold separately; I've only had them before in their "party mix" which has too much stuff I don't like to be worth the trouble.
Their site tracks expiry dates of the products and they're all late next year. So I'm considering buying 12 pounds of candy a month after Halloween.
- We're number one. Again. (The Guardian)
Frequency of being drunk – top 10 countries
Also of note, Russia is suffering crippling alcohol shortages and New Zealand is lying.
1 Australia
2 Denmark
3 Finland
4 US
5 UK
6 Canada
7 Ireland
8 France
9 Sweden
10 Netherlands
- Apple has started test production on the M3 chip using TSMC's 3nm process. (WCCFTech)
While that's a rumour and Apple hasn't said anything about it, Apple was TSMC's first customer on 5nm and 7nm, so it's implausible that Apple hasn't already started testing on the new production node.
The details of the rumour are that there will be M2 chips in between on either 5nm or 4nm. That's also plausible since it's not expected that 3nm will deliver in volume until early 2023, with a few more months beyond that before products using the chips can reach customers.
Tech News
- The new Lego AT-AT model - which is huge and looks just like the ones in The Empire Strikes Back and costs a small fortune - can't be taken apart once assembled. (Brickset)
Well, it's not entirely impossible; there's a tiny slot in one of the components where if you slip in the point of an X-Acto knife and lever it verrrrry carefuly you can unlock it and tease it all apart again.
Looks like it's inadvertent; it's just that things slide too neatly into place and leave no affordances for disassembly.
- Microsoft has confirmed that it won't leave the mess that is Windows 11 unpatched for the next year. (Thurrott.com)
Also, if you order Dell's business-grade notebooks, including higher-end Inspirons, they are still perfectly happy to give you Windows 10 Pro.
- Two men have been indicted over a $20 million YouTube Content ID scam. (TorrentFreak)
The scam is pretty simple: Assert copyright over content you don't own, post claims against YouTube channels you don't run, and steal all the advertising money.
This goes on all the time and YouTube doesn't care. This particular scam was big enough that it caught the attention of law enforcement, which is also rare.
False DMCA takedown claims can be perjury, but Content ID doesn't require a DMCA takedown claim. The charges in this case relate to wire fraud and money laundering.
- Alder Lake laptops are on their way. (Tom's Hardware)
Something worth noting is that these new chips go backwards in terms of full-size cores. The low-power parts only have two P-cores; the full-size parts have six. Current 11th-gen laptops have four or eight full-size cores.
- Test results of an early sample of next year's Raptor Lake have popped up on the net. (Tom's Hardware)
These results - if real - confirm the configuration of 8 P-cores and 16 E-cores.
Party Like It's 1979 Video of the Day
I don't think I've heard the extended album version of this song before, and I certainly haven't seen this video. Everything about it is great.
Disclaimer: Well I'm cold-blooded; I'm a lizard you see. If there's a cold snap I'll fall out of a tree.
Posted by: Pixy Misa at
06:40 PM
| No Comments
| Add Comment
| Trackbacks (Suck)
Post contains 732 words, total size 6 kb.
58 queries taking 0.1855 seconds, 403 records returned.
Powered by Minx 1.1.6c-pink.