Thank you!

I read a few of those long long ago but don't remember many plot details except maybe for some anti-Force sloths. Were Han, Luke and Leia in those novels and if so, how old were they? That may be part of the problem in adapting them.

Really? Apple nearly went out of business in the late 90's because of that business model. You can only go for big margins when your products offer major value over the competition.

Code fixes are all fine and well but where the real thought needs to be going is how to verify these protocols. The basic problem with security is that "working" doesn't mean "secure". Most people focus on testing for "working" and given the bugs that have shown up in OpenSSL and its cousin in the last month or so, the problem is not that they don't work (that is, interoperate and transmit data) but that they have corner cases and API holes that are major security concerns. Some real thought needs to be put into the testing of secure systems and how to verify that they not only "work" but are actually secure.

This is a good point. There are times and places where adversarial relationships are good. Just bringing different viewpoints in is good.

A colleague said to me once, "You're the only VP I've ever known who installs equipment." I'm always amazed at how out of touch "senior" people can get. And besides, when we get new toys I want to see them working NOW.

There's definitely truth to what he's saying but it cuts the other direction as well. Having your lead guru developer swapping disk drives on a machine isn't the best use of his time. However, I've also seen environments where the developers can't/won't/aren't allow to do the system admin tasks and wind up waiting around or being frustrated when their development systems have a problem. Likewise, with QA - I've seen developers that will just toss any old crap over the wall and expect QA to catch all of their bugs. And, developing tests is often software engineering, often complex software engineering that needs an experienced developer to establish at least the outline of how everything works.

Personally, I expect any developers I'm working with to have at least basic sys admin abilities and know how to setup/fix any other part of the stack they might touch. Those skills should be used when working with the dev systems and in establishing the base line for production. I would then expect that someone who is more specialized in those other roles to actually setup and run production and also be available when the developers get in over their heads on system admin, hardware troubleshooting, etc. In the same way I would expect a systems admin to at least be able to write a script to automate something and not go running to the developers for everything.

For test development, I always like to set groups against each other and develop the test suite for each other's code. Most people are a lot more comfortable and eager to break someone else's code than they are their own.

The article focused on how Amazon cuts hardware costs. The first step there is a big one - once you let go of buying name brand hardware, especially for storage, the price drop dramatically. So dramatically, in fact, that hosting (largely electricity, cooling and network connectivity) becomes the major cost in the equation. Amazon is pushing for extremely high density, however, that has a ripple effect throughout your whole datacenter design. If you're not in a high cost area, you might ask why focus on density because floor space is relatively cheap.

How about this https://www.globalsign.com/cer...?

I haven't tried setting up a large PKI infrastructure so I'm curious if you know more. Technically it's possible but I could see why a CA wouldn't do it. The info for this GlobalSign "Trusted Root" seems to imply that you get to sign keys with your own existing root CA but that GlobalSign will sign it as well so you don't need to distribute your own root cert. Am I reading it wrong?

It depends on where you are in the chain.

If you're a CA, then yes, the intermediate key would be used for automated signing. It STILL shouldn't be on hosts that are directly connected to the Internet.

If you're a company that is not a CA, then the intermediate key signed by the CA is pretty much your root key. It shouldn't be on your web servers, you should keep it offline if possible and you should be generating another layer of keys that are used to sign actual server certificates.

If your intermediate certificate's signing keys are on the internet facing web servers you're doing it wrong. That intermediate signing key should be treated with the same level of security you would treat a root key with.

Yah, like all that oh-so-secure code that used to float around back in the 70's and 80's? I remember when systems used to get hacked by dial-up modem on a regular basis. There were and have been security holes in things forever. It just used to be harder to exploit most of them remotely and there were fewer people trying to exploit them.

Actually, I don't see anything wrong with systemd using the same flag to turn on debugging. However, it shouldn't crash the system by outputting too much stuff in debug mode! That's unacceptable no matter what you call the debug flag.

That and the fact that each car model has a different type of battery pack with different geometry and capacity. Sounds like more trouble than it is worth.

You'll note that the reason they're losing money is not because the water is more expensive but because people's voluntary conservation efforts have reduced the amount of water being purchased.