Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Comment Re:Dream on (Score 2) 366

Replacing the CPU on on one host often puts every system in the rack at risk. Most household systems can stand a loss of a few % of performance with a patched kernel. Server rooms filled with racks and blades, such as a major data center hosts, can mean unscrambling rats' nests of cabling to extract a host, opening it up, edging blocking components out of the way, releasing the heat sinks, replacing the CPU, _replacing the thermal paste_, and re-attaching the heat sink, closing the system up, and testing it. Much like taking your car in for an oil change, this creates a real risk of making mistakes and requiring additional effort or replacement parts. It also creates a risk of failures in the weeks after the CPU replacement, especially if the installer mishandles the thermal paste.

The risk is compounded in environments with poorly configured cabling, such as those shone here: https://www.cepro.com/photo/th...

Completely halting and then cold booting servers is not a zero risk operation. Hosts, or arrays, that have been stable for years will fail to reboot and may even be unrecoverable in an environment where systems are not rebooted regularly and discovered earlier. Mechanical parts, such as fans, and spinning hard drives, are most likely to fail during such a restart. Old clock batteries can expire and fail to set time properly on reboot, old power supplies can fall out of spec and fail to handle start-up voltage requirements, the list of potential problems is extensive.

Replacing CPU's in a production environment can be as great a risk as the security issues of these Intel bugs.

Comment Re:"I bet they were instructed to ignore the risk" (Score 2) 366

If I may, I'd have to call this an anecdote rather than a quote. The description is from years after the Intel meeting, and doesn't have direct quotes of speech or writing of the personnel involved in the policy change.

With that understood about the anecdote's provenance, it is _completely_ believable. It is precisely the sort of mandate that can save a company in the short term, preserving the jobs and careers and technological development the company is doing, at the risk of a deadly failure down the road. It's the sort of business risk assessment that occurs on an annual basis when testing standards and guidelines are set. It also occurs on a daily basis when security practices are created: do we accept the risk of a breach today, while this is unpatched, versus the risk of service failure or loss of business during system updates?

Comment Bringing back fond memories (Score 2) 252

I well remember testing out operating systems on 486 based hardware. I actually did tests with Windows, with early Linux releases, and with HURD on the same host. HURD was unusable. Linux became a critical part of the environment very quickly, since genuine UNIX systems were much more expensive than our limited development budget could support.

Comment Re:Look at the introduction date for CPUs (Score 1) 358

For medication, and for software, the old version is no longer produced. The "tuning" is heralded as a new feature, if necessary, and sold on that basis, to replace the old version for new users. The relevant new patent is invalid at its core. But proving a patent invalid in court is a difficult and expensive proposition. The new, fundamentally fraudulent patent is used as an anti-competitive measure.

I'm not suggesting that this is the major software patent portfolio of, for example, Intel. But I am suggesting that it's a common practice to review older in-house technologies for patentable features and manipulate the patent system to get new patents for existing or new product lines.

Comment Re:Look at the introduction date for CPUs (Score 1) 358

Sadly, thee is a trick to work around the 20 year patent limit. Patent a subtle feature of the old design, and if necessary tune the new patent to be more applicable to modern tools. This is an old practice with software patents, still in use by companies that create defensive and competition stifling suites of patents. A review of existing tools for patentable material is standard practice for a skilled patent attorney.

Comment Re:I'd like to interject for a moment... (Score 3, Interesting) 77

While the joke may sound funny at first, it is most definitely not true. Quoting Richard Stallman, the founder of the Free Software Foundaton, about the licensing of Linspire:

> No other GNU/Linux distribution has backslided so far away from freedom

If Linspire's "pay for play" model included access to the relevant source code, under a "free" development license with access to source code, it could be considered compatible with most Linux software and business models. It does not: its support for prprietary projects and vendor lock-in is precisely what the GNU project and the FSF reject.

Comment Re:This Will Go Nowhere (Score 1) 220

Thank you for the more thoughtful analysis. This wasn't a subtlety that would be apparent to an analyst focused on a particular task: it took a broader view of the flow of data, one that would not show up for a developer or tester focused on one specific task or feature. It's part of a class of flaws that can occur when developers and designers focus on one very particular task without being encouraged, or permitted, to examine related behavior.

It's also a firm reminder of various principles. One is that security costs. In this case, it costs performance: the checks or flushes to avoid sharing the results of pre-execution themselves cost cycles and resources. Another is that parallel execution also adds costs, because now this "pre-execution" is shown to require "post-execution" steps to protect data that was in the pre-execution, and that the typical programmer has no reason to suspect was ever stored elsewhere. It's invisible to their code.

Comment Re:Very good idea (Score 1) 277

> The internet was going along quite well WAY over six years before network neutrality regulation passed.

“Eternal vigilance is the price of liberty." (From John Philpot Curran, often misattributed to Thomas Jefferson,)

The difficulty with the loss of network neutrality is not an immediate collapse of infrastructure. It's the economic and social bars to new speech and new endeavors. We can expect throttling of content on a massive scale, and preferential treatment of "preferred partners" to favor their content. _By itself_, I would not see that as so dangerous. But the infrastructure used to improve quality-of-service for that protected content is precisely the same infrastructure that can _filter_ and _monitor_ traffic. The relevant routers to violate network neutrality with are ideal locations for illicit monitoring. ISP's can, and have, violated civil rights with law enforcement installed monitoring. Room 641A (https://en.wikipedia.org/wiki/Room_641A) existed.

Comment Re: "Lacks Spine" (Score 1) 277

I suggest you wait 6 years. It's going to take a few years for the current backbone infrastructure to adjust to the new regulatory status. Then expect to see far more siloed services., and far more pernicious monitoring built into the systems that are doing throttling, as part of the package. I'd estimate 3 years as the half life oof the most powerful backbone routers to really see traffic alter.

Comment Re: Why would you do that? (Score 2, Interesting) 192

> Abusive employers are the unprofessional ones.

I agree with you that they are a problem, and a dangerous one. Exposing them can be a public service. The idea that moral or ethical behavior is "unprofessional" is a confusing one. There is a great deal of behavior in the workplace that is very "professional" in the sense of lowering expenses or improving profit, benefiting that "profit" root word in "professional", but are nonetheless unethical or illegal. This includes refusal to hire the disabled, refusal to hire young women who many become pregnant, hiring hundreds of 36-hour workweek part-time employees to avoid providing full-time benefits, firing employees just before retirement to avoid pensions, etc.

If I may, I'd like to encourage separation of the idea of "ethical" from "professional". I'm afraid it's been a common theory among my younger, libertarian leaning acquaintances that the "silent hand" of market forces will correct moral or ethical issues automatically. I've had some difficulty walking them through examples of market forces _encouraging_ abuse. The idea that abuse is built into the fabric of certain markets has been difficult to convey.

Comment Re:Why would you do that? (Score 1) 192

I would be very reluctant to publicly defame a former employer. This is especially because I have various non-disclosure agreements signed with current employers and former partners. But such comments have been invaluable when reviewing a new business partner or writing a contract, to understand how a partner's management and work ethic might affect our work with them. Being overworked, poorly organized, or being a wonderful place to work can affect whether we need to hand them an early release and collaborate to get the full deployment together, or whether we know they're very reliant on H1B personnel who don't actually know the material. In such a case, we need to allocate resources for training and more reference documentation.

Slashdot Top Deals

Research is what I'm doing when I don't know what I'm doing. -- Wernher von Braun

Working...