Saturday, December 11


Daily News Stuff 11 December 2021

Jelly Bean Event Horizon Edition

Top Story

Tech News

  • I've been looking for some compact shelves for my new lab, which is made up of laptops and possibly some NUCs but probably not (see below).  I haven't been able to find quite what I want: Bookshelves are too bulky and most desk storage systems are for paper and will fit a 14" laptop but not a 16" one.

    Browsing around storage on Amazon I saw something that looked like what I needed and was cheap and shipped free in 48 hours, so I clicked through to it and then realised what it actually was: A shoe rack.

    Well, fine.  By Monday I'll have storage for 40 pairs of shoes or four laptops and the associated power supplies, external drives, switches, routers, USB hubs, audio mixers, speakers, and so on, whichever comes first.

    And, uh, another six bags of gluten free jelly beans, because I forgot I had those in my cart.  They have a shelf life of a year; there's no way they won't get eaten.

  • Intel just EOLed Panther Canyon.  (Tom's Hardware)

    Panther Canyon is the regular range of Tiger Lake NUCs.  Tiger Lake is Intel's 1th generation, and there aren't any low power 12th generation chips yet, so that's the entire current lineup.

    I was originally looking to get three of the slim-line i5 NUCs, but then those disappeared.  Now the entire lineup has been cancelled.

    Asus makes an alternative with AMD CPUs, but I expect that will become hard to find once retail stock of the Intel model sells out.  So I'm looking at getting a third Inspiron 16 Plus.  It's twice as fast as the Intel NUC - eight cores rather than four - but since it also comes with an RTX 3060 and a 16" 3k screen it's more than twice as expensive.

  • What happened at AWS US-East-1.  (Amazon)

    The control network used behind the scenes to manage all the other AWS services got overloaded.  Since the control network is used to manage the control network, that not only caused problems all over the place, it prevented engineers immediately fixing the problem.

    They had to find a way to redirect some of the traffic when the usual mechanisms for redirecting traffic weren't working, so that they could redirect more of the traffic using the usual mechanisms, so that they could fix the management network, so that they could fix AWS itself.

    That's why it took six hours.  There's a button to fix all this, but the button broke.

  • Imagor is an image processing server written in Go.  (GitHub)

    I've written these things half a dozen times at this point, but it's nice to have one that I can just take off the shelf and deploy.

    It takes an image from somewhere (not sure yet if it only reads from upstream HTTP servers or can also read from the filesystem), and can resize, reformat, crop, rotate, blur, sharpen, adjust hue, brightness, and contrast, and overlay other images.

    The system we built at my day job does even more - it has its own scripting language to run arbitrary sequences of operations over tens of thousands of files - but for many applications Imagor will provide everything you need.

  • An unfortunate alignment of bugs in Android and Microsoft Teams meant one user couldn't dial 911.  (Medium)

    They were calling on behalf of their grandmother and the grandmother had a landline phone so immediate crisis averted, but there's a fundamental problem with burying a very simple function in a ever-growing nightmare of complexity.

  • An exploit of the Log4j Java library is an enterprise nightmare.  (Bleeping Computer)

    The library is developed by Apache an used by many Java-based Apache applications like Struts2, Solr, Druid, Flink - yes, these are all real - none of which I use, though Solr is interesting.  They are commonly used by small companies like Apple, Amazon, Cloudflare, Twitter, and Steam, so there are many, many sysadmins having a bad day yet again, because the bug is being actively exploited right now.

  • And Minecraft.  (Bleeping Computer)

    If you run a public Minecraft server, update it right now.  The Java edition of the Minecraft client has also been updated but it's not clear if it's directly vulnerable.

  • Elasticsearch, for once, is not vulnerable.  (Elastic)

    They use the Java Security Manager which prevents this attack.

  • Here's the Apache announcement of the vulnerability.  (Apache)

    Note that I do not refer to this a bug.  It's not a bug.  It's a feature.  The Apache Log4j library is DESIGNED to allow the execution of arbitrary code.

    Good work there, guys.  Top notch.

  • A new bill in the US Senate would force social networks to open their data to researchers.  (The Verge)

    Whereupon it would get hacked, but that's not the key point here.

    The key point is the penalty involved: If networks fail to provide this access, the bill would revoke their CDMA 230 protections.

    And once the idea is out there that those protections are contingent rather than fundamental, all the social networks are screwed.  I don't think the Democrats understand what they are doing; the social networks are their best - possibly their only - friends, but the they treat them as enemies.

Party Like It's 1979 Video of the Day

Disclaimer: This is the point known as the shoe event horizon.  The whole economy overbalances.  Shoe shops outnumber every other kind of shop, and it becomes economically impossible to build anything other than shoe shops.  Every shop in the world ends up a shoe shop full of shoes no one can wear, resulting in famine, collapse and ruin.  Any survivors eventually evolve into birds and never put their feet on the ground again.

Posted by: Pixy Misa at 04:44 PM | Comments (4) | Add Comment | Trackbacks (Suck)
Post contains 1152 words, total size 10 kb.

1 The Democratic politicians are blind, additionally viciously power hungry, and lashing out in tantrums over their nutty power grabs not working the way that they want.

The thing here, researchers and universities are in many cases willing and knowing proxies for the Democrats.  So, some Democrat had an information manipulation scheme they were running through a university, and a social network refused to play ball.  Normally, the debate and deal making process would be a way adjust these things, but the Dems have tried a power grab because they find that stuff unduly limiting.

This is potentially an example of totalitarian nutjobbery ruining the cause of totalitarian nutjobbery.

Evil oft will evil mar.

Posted by: PatBuckman at Sunday, December 12 2021 01:03 AM (r9O5h)

2 Evergrande formally defaulted recently.  Xi's official position seems to be 'suck it'.

Hypothetically, the PRC is the type of organization that would wage information warfare blindly and stupidly in conjunction with managing other issues.

That exploit was discovered by an Alibaba researcher.

Posted by: PatBuckman at Sunday, December 12 2021 01:07 AM (r9O5h)

3 Between the AWS outage and this, sysadmins are having a really bad week.

I've just been combing through our systems making sure were not vulnerable.  Looks like the only thing I need to patch is Minecraft.

Posted by: Pixy Misa at Sunday, December 12 2021 01:51 AM (PiXy!)

4 I'm not convinced that the social media access bill will prove to be a good thing.  It's specifically limited to Universities with the 'safeguard' of a government organization, the National Science Foundation.  In other words, the chances of anybody not aligned with the Deep State or the Democrats getting access is nill.  On the other hand, if the Deep State wants access that a Social Media company doesn't want to give (e.g. access to your private messages without need for a  pesky warrant, "blinded" of course), than a research grant will be issued and the data handed over.

Posted by: StargazerA5 at Sunday, December 12 2021 03:01 AM (gJ4RY)

Hide Comments | Add Comment

Apple pies are delicious. But never mind apple pies. What colour is a green orange?

58kb generated in CPU 0.1707, elapsed 1.6281 seconds.
58 queries taking 1.6147 seconds, 344 records returned.
Powered by Minx 1.1.6c-pink.