Does it have the intro "Imagine Bash, but object oriented and with function call names so long they would drive a Java developer to madness. Brought to you by the author of Microsoft Bob and Clippy, psychopaths that infect your computer with their dead-eyed smiles comes Powershell."

The ghost writers have gone along with it and I think really shot themselves in the foot.

We are still getting new Tom Clancy novels. Sure you can look below the line any see who actually wrote it but that isn't the big bold letters on the cover. This is true for a lot of the popular "air port series", I guess Lee Child is actually still writing his own books.

How are new authors supposed to make a name for themselves when marketing all goes to guys already in the ground. The authors actually writing those books have more or less allowed themselves to be comoditized and just wait for the LLMs to come for them...

As an owner of the complete History of Middle Earth series, these books are not for the casual fan, or probably even the average fan. They really are more designed for Tolkien scholars, and anyone picking up The Nature of Middle Earth expecting ripping yarns filled with Hobbits and wizards is going to be very disappointed.

Fiction:

12 books from the Deverry series
The Three Body Problem trilogy
Monkey
Treacle Walker
Various books on Powershell

Non-Fiction:
Linux Administrator's Guide
Linux Network Administrator's Guide
Both OpenZFS books
Ansible
Terraform
Various books on Oracle, MySQL, PostgreSQL optimisation
C++ manuals
Various Cisco manuals
OpenPF manual

I don't fundamentally disagree. The thing is Azure is to big and complex with to many cooks in the kitchen for there being really any hope of getting it right.

Microsoft absolutely needs to have a hard, delete after-N policy, and then start writing very specific exceptions around certain critical components of Azure infrastructure. The Federal government should be 'beta-testing' the could with the rest of Industry. Azure / Office 365 are good examples of to much to fast at to high a value.

No its 100x worse than that. Its probably coming from the coal plant in another state like the story about all the Data Centers near DC.

They need to Coal power (because coal keeps the lights on) because the renables don't cut it; they suck for super dense constant base loads. However since the green morons decided to make it impossible to burn coal near by the grid operators and generation people are tearing up more of the WV mountains and cutting up the valleys on Northen VA to run more transmission lines.

Study after study has shown the importance of large UNBROKEN areas of habitat for wildlife. Slicing up what little we have left on the Eastern half the US to run more high voltage lines is terribly short sighted and stupid. Wind and Solar might be low carbon but as gird solutions they aint green!

So much this. The Intel lobby practically just burnt down congress, (it sure as-f**k looks like they blackmailed the speaker of the House) to defeat having to even get a warrant for spying from their special FISA court, when the 'F' (foreign) part is deeply in question.

That does suggest to me its time to 'trust them' more and just hand over the keys to all communications privacy. They basically finished throwing a tantrum and screaming about how they can't do their jobs AND respect the Constitutional rights of the public.

Yes I realize this is the EU but come on right after spooks ram rod the privacy shredding 702 thru congress suddenly the issue comes to the fore other side the Atlantic... right like the 5-eyes cool kids are not coordinating their abuse of democracy..

Actually they were extremely careful and slowly wormed their way into a maintainer ship position via sock-puppets and astroturfing where they could insert code with perhaps less scrutiny than say trying to trojan some pull request. Then they put most of the payload in some binary material that ships with the software rather than source codes someone would likely feed to some SAST tool or otherwise audit effectively as part of due diligence. They did this over a long span of time and did legitimate maintenance work as well.

  All and all its worrying that it happened but it also suggest the overall pipeline and checks and balances as far as what makes it to a general release in the major Linux distributions is 'really pretty solid'. Someone put a good deal of analysis and long term effort into backdooring the big distros and it still failed. As you say perhaps one of the reasons it failed was because they saw their window of opportunity closing and had to do move quicker leading to the performance issue the Microsoft engineer noticed.

There again this is case where 'many eyes' really should be credited, and of course Freund who actually found it; more so than anything Microsoft the organization was/is doing. He wasn't doing security specific work, and he's just a good engineer that happened to be in the right place to spot a problem!

Logs are often a huge liability. I am not saying this is right, but in my experience very very few IT shops treat them like tier one confidentiality required data that they are.

developers rarely think critically about what can end up in a log, operating under the assumption that whatever logging framework is responsible for sinking them somewhere safe and if anyone has access all bets are already off; of course in the era of centralized logging, SEIM analysis, and data lakes etc, that is nonsense. I have seen a lot applications that have a ton code and thought dedicated to handling various types of secrets only to have it all wrapped and in
try { ... } catch ... {} catch ... {} .. catch Exception => ex { Logger.log("Unhandled " + ex.name + " exception - " + ex.message + "Sacktrace:\n" + ex.stacktrace);} and equivalent that under the write conditions will result in these secrets getting into the logs. That is the most innocent case, the far more common pattern in logs is:

Login failed for user P@$$word!1
Login success for user gweihir

and is almost the norm...

Right now the only things saving corporate and probably government IT from total disaster due to negligent log handling are:

1) The data volume is large so its difficult to exfil or search in situ without being notices
2) Searing logs you are not familiar with is hard and regex augmented with traditional correlation rules will only get you so far,

However attackers will start using ML and similar tools to start slogging thru it and pulling useful data out soon enough and all these data lakes, cloud trails, security workspaces, etc - are going to get some big organizations well and thoroughly pwnd.

At the very least actual APTs (not some ransomware gangs) will get hold of some Fortune 50s and large government logs and do some next gen-analysis to make sure their trade craft and tools leave exactly NO detectable IOCs. Which frankly I think boads quite badly for having a large WFH work force; nobody is going to be able to separate malicious remote access from legitimate. That is drifting off the topic however.

In the short term I would suggest to most operators, you don't know what is in your logs, you don't what signals someone might be able to extract from those logs even if you do have all the content identified. You probably should NOT be retaining logs for longer than either a few months or whatever regulatory requirements demand, whichever is greater.

In this specific instance its unfortunate, but I don't think MS actually got it wrong in terms of policy here.

They already added exceptions to allow MS to continue to be a monopoly.

Mostly windows XP continuation due to government usage, keeping special versions of MS for government use that dont include all the shit everyone gets that spies on them, and much more.

I dont care what party people are in, those that allowed it in the 90s fucked us over.

The conservation laws are statistical, at least to a degree. Local apparent violations can be OK, provided the system as a whole absolutely complies.

There's no question that if the claim was as appears that the conservation laws would be violated system-wide, which is a big no-no.

So we need to look for alternative explanations.

The most obvious one is that the results aren't being honestly presented, that there's so much wishful thinking that the researchers are forcing the facts to fit their theory. (A tendency so well known, that it's even been used as the basis for fictional detectives.)

Never trust results that are issued in a PR statement before a paper. But these days, it's increasingly concerning that you can't trust the journals.

The next possibility is an unconsidered source of propulsion. At the top of the atmosphere, there are a few candidates, but whether they'd impart enough energy is unclear to me.

The third possibility is that the rocket imparted more energy than considered, so the initial velocity was incorrectly given.

The fourth possibility is that Earth's gravity (which is non-uniform) is lower than given in the calculations, so the acceleration calculations are off.

When dealing with tiny quantities that can be swamped by experimental error, then you need to determine if it has been. At least, after you've determined there's a quantity to examine.

Do these chemicals pose an actual, realized risk? Or do they only present risk on models or in lab environments, and they're extrapolating?

How many annual deaths can be directly attributed to these chemicals - as in, these chemicals were the root cause of death?

Anytime you are doing "science" you need to know what you are measuring.

Cygwin inst emulation its a compatibility library. I highly doubt its use impacts network performance at all for certain parts of the scale.

CPUs are fast network cards mostly are not. You 14th i5 is going to outrun that 2.5GbE adapter cygwin or not. So if what you are bench-marking is the peer, say some router or IoT thing etc; I don't see the issue.

On the other hand if you are bench-marking the host with PCI-E 10GbE card or something; well this might be a relevant concern.

Still more caveats though it might be exactly the right approach if you are say deciding if you should host your POSIX network service (that will use cygwin on Windows) or Linux. That is of course the thing; you should measure as much as possible using the parts of the stack you can't or won't be willing to change, if your benchmark tool inst doing that its probably the wrong tool. So right don't test cygwin network performance if the application is going to be winsock2.

This has been a problem since the dawn of the PC tech press and its probably worse today than ever. In the late 80s and early 90s we reading about how such and such's 386-clone was 16% and sure enough on some synthetic benchmark it was because less memory wait state or something; but low an behold that turned out the be doing some sota softfloat thing for the test, and when you compared a real world app to intel-386 + 387 pair suddenly the performance advantage vanished or even flipped.

Thanks but I felt perfectly 'connected' to my apps when they were files on my Harddisk and click away on my Start Menu; I don't need any more help being connected thanks, and importantly I don't need you trying to convince me my copy of $APP-2013 isnt good enough every-time I open it.

By which you mean add to them be constantly subject to pressure to move up to some higher tier? Because I don't know help managing in any other sense and neither does anyone else unless you've gone out of your way to make things hard.

Why can't you just send me a e-mail to remind me I am about to auto-renew for another month/year whatever and inlcude a link to the 'my account page'? Toss another line on there to warn me if I need to update my pay-card onfile?

By this of course you mean extra steps to make sure other people are not locked out of my account don't you? Because bitlocker recovery password and the subsequent ability to overwrite the SAM are the only things any consumer should reasonably want in terms of account recovery. All other cases are really just abuse cases.