• 0 Posts
  • 25 Comments
Joined 1 year ago
cake
Cake day: August 7th, 2023

help-circle
  • …until the CrowdStrike agent updated, and you wind up dead in the water again.

    The whole point of CrowdStrike is to be able to detect and prevent security vulnerabilities, including zero-days. As such, they can release updates multiple times per day. Rebooting in a known-safe state is great, but unless you follow that up with disabling the agent from redownloading the sensor configuration update again, you’re just going to wing up in a BSOD loop.

    A better architectural solution like would have been to have Windows drivers run in Ring 1, giving the kernel the ability to isolate those that are misbehaving. But that risks a small decrease in performance, and Microsoft didn’t want that, so we’re stuck with a Ring 0/Ring 3 only architecture in Windows that can cause issues like this.


  • That company had the power to destroy our businesses, cripple travel and medicine and our courts, and delay daily work that could include some timely and critical tasks.

    Unless you have the ability and capacity to develop your own ISA/CPU architecture, firmware, OS, and every tool you use from the ground up, you will always be, at some point, “relying on others stuff” which can break on you at a moments notice.

    That could be Intel, or Microsoft, or OpenSSH, or CrowdStrike^0. Very, very, very few organizations can exist in the modern computing world without relying on others code/hardware (with the main two that could that come to mind outside smaller embedded systems being IBM and Apple).

    I do wish that consumers had held Microsoft more to account over the last few decades to properly use the Intel Protection Rings (if the CrowdStrike driver were able to run in Ring 1, then it’s possible the OS could have isolated it and prevented a BSOD, but instead it runs in Ring 0 with the kernel and has access to damage anything and everything) — but that horse appears to be long out of the gate (enough so that X86S proposes only having Ring 0 and Ring 3 for future processors).

    But back to my basic thesis: saying “it’s your fault for relying on other peoples code” is unhelpful and overly reductive, as in the modern day it’s virtually impossible to do so. Even fully auditing your stacks is prohibitive. There is a good argument to be made about not living in a compute monoculture^1; and lots of good arguments against ever using Windows^2 (especially in the cloud) — but those aren’t the arguments you’re making. Saying “this is your fault for relying on other peoples stuff” is unhelpful — and I somehow doubt you designed your own ISA, CPU architecture, firmware, OS, network stack, and application code to post your comment.

    ——- ^0 — Indeed, all four of these organizations/projects have let us down like this; Intel with Spectre/Meltdown, Microsoft with the 28 day 32-bit Windows reboot bug, and OpenSSH just announced regreSSHion.
    ^1 — My organization was hit by the Falcon Sensor outage — our app tier layers running on Linux and developer machines running on macOS were unaffected, but our DBMS is still a legacy MS SQL box, so the outage hammered our stack pretty badly. We’ve fortunately been well funded to remove our dependency on MS SQL (and Windows in general), but that’s a multi-year effort that won’t pay off for some time yet.
    ^2 — my Windows hate is well documented elsewhere.





  • To put things into context, IBM didn’t get ripped off in any way (at least not from DOS - the whole IBM/Microsoft OS/2 debacle is a different story). The earliest PCs (IBM PC, IBM PC XT, IBM PC Jr., and associated clones) didn’t really have the hardware capabilities needed to permit a more advanced operating system. There was no flat memory model, no protection rings, and no Translation Look-aside Buffer (TLB). The low maximum unpaged memory addressing limit (1MB) made it difficult to run more than one process at a time, and really limits how much OS you can have active on the machine (modern Windows by way of example reserves 1GB of virtual RAM per process just for kernel memory mapping).

    These things did exist on mainframe and mini computers of the day — so the ideas and techniques weren’t unknown — but the cheaper IBM PCs had so many limitations that those techniques were mostly detrimental (there were some pre-emptive OSs for 8086/8088 based PCs, but they had a lot of limitations, particularly around memory management and protection), if not outright impossible. Hence the popularity of DOS in its day — it was simple, cheap, didn’t require a lot of resources, and mostly stayed out of the way of application development. It worked reasonably well given the limitations of the platforms it ran on, and the expectations of users.

    So IBM did just fine from that deal — it was when they went in with Microsoft to replace DOS with a new OS that did feature pre-emptive multitasking, memory protection, and other modern techniques that they got royally screwed over by Microsoft (vis: the history of OS/2 development).


  • As someone who has done some OS dev, it’s not likely to be of much help. DOS didn’t have much of any of the defining features of most modern OS’s — it barely had a kernel, there was no multitasking, no memory management, no memory protection, no networking, and everything ran at the same privilege level. What little bit of an API was there was purely through a handful of software interrupts — otherwise, it was up to your code to communicate with nearly all the hardware directly (or to communicate with whatever bespoke device driver your hardware required).

    This is great for anyone that wants to provide old-school DOS compatibility, and could be useful in the far future to aid in “digital archaeology” (i.e.: being able to run old 80’s and early 90’s software for research and archival purposes on “real DOS”) — but that’s about it. DOS wasn’t even all that modern for its time — we have much better tools to use and learn from for designing OS’s today.

    As a sort of historical perspective this is useful, but not likely for anything else.


  • AWS already had to effectively do this. AWS only exists in two regions in China because they licensed much of the AWS software to be run by a pair of Chinese-government affiliated ISPs inside China (that is, Amazon doesn’t run AWS in either of its China zones — it’s run by a pair of Chinese companies who license AWS’s software).

    This is why the China AWS regions are often quite far behind in terms of functionality from every other region (they either haven’t licensed all the functionality, they don’t keep up-to-date at the same cadence as Amazon, or Amazon is holding certain functions back), and why you can’t really access them from the standard AWS console.

    So in effect, Amazon did have to give their software to Chinese-government affiliated companies in order to continue operating in China.



  • EV charging doesn’t require you to stand around for 5 minutes holding a handle to fuel up. The charging times are longer, but once plugged in your need to stay anywhere near the vehicle is zero. And plugging in usually takes less than 5s.

    So even if someone came up with a system whereby they expected you to watch an ad before the power would flow, you could always just plug in and walk away. How are they going to know you’re physically there?

    As an EV driver I haven’t been to a gas station since I started driving it, but AFAIK this advertising hasn’t come to Canada — and hopefully it never does.



  • Crazy and sad. Reading his letter, I couldn’t help but get the impression that he has no idea a) about the current state-of-the-art in drive media and filesystems, and b) that Reiser 5 seems like it’s never going to happen.

    It’s almost like he’s been frozen in time for nearly 20 years. Reading his letter was like pulling out and reading an old copy of Dr. Dobb’s journal. He is where he deserves to be — he is the architect of his own situation — it’s just wild to think of how much he’s missed out on due to his evil actions. It’s quite literally pitiful.


  • It’s been 25 years for me, so fortunately the patents have all expired (technically it was more than 2 because of publication in a few different countries, but it was for two inventions). However, during the time when they were all still valid I always had to tread a fine line with other employers — one the one hand, of course they’re on my resume (and LinkedIn profile). But on the other, if they knew about the contents of the inventions and someone in our organization ran afoul of them, they at least needed some plausible deniability that they didn’t know about the contents of the inventions. And for at least one of them, I always feared if they knew about it they might be tempted to try to use it, and be driven insane by the knowledge that if they did, IBM could sue them into the ground 🤣.

    I did have a pre-existing Open Source project from prior to working at IBM which I ensured was adequately documented prior to my employment. It was eventually forked and became an IBM alphaWorks project — I never got any money for it (they offered, but it was a pathetic amount for losing all rights to my own pre-existing code that took years of effort), and after leaving IBM had to go back to working on the original pre-IBM codebase.

    Overall, my experience at IBM as an inventor/innovator wasn’t great, but was better than most other organizations I’ve worked for since. Honestly, I wish we could just remove software patents altogether, making IBM’s move here moot.


  • When I was at IBM I won three such awards — one for publication, and two for patents.

    At the time at least, they had an online form you had to fill in if you thought something you had developed was potentially patentable; that would go to some small committee for analysis and a decision as to whether or not it was worth pursuing — if it was, it went off to the patent lawyers. You then spent a good deal of time describing your invention to them so they could write up all of the patent documents in a manner that would cover as many bases as possible.

    The awards weren’t huge. I don’t remember getting a monetary award for the publication — just a framed certificate. The patents paid $1500 CAN each.

    At least one of the patented inventions would have happened anyway, because it was just a solution I came up with during the course of my work. I didn’t even consider submitting it as a patentable idea until a few team members encouraged me to do so. But if there wasn’t a monetary award I would have been less likely to fill out the form for the patent in the first place. All IBM is likely going to find by removing the award is that a lot fewer people (outside IBM Research) are going to have incentive to self-declare their potentially patentable ideas.



  • While I still think that Hyundai engineering and design did some real magic with the IONIQ 5, I just can’t help but feel like the rest of the company is just screwing the pooch on this car. They’ve flooded the US market with models people there don’t seem to want to buy, and dealership lots often have a dozen or more waiting to be sold.

    Meanwhile, here in Canada buying one is damn near impossible. That doesn’t seem to stop them from sending out mass marketing materials and ads trying to sell them (or the IONIQ 6), mind you — I just wish they had focussed first on ensuring their biggest boosters globally were getting the cars they want, as opposed to putting lots of cars nobody seems to want on US dealership lots.

    (FWIW, my dealership told me they weren’t being allowed by Hyundai to order any 2023 IONIQ 5s. This seems to be a fairly common occurrence across all dealerships here in Canada, with just a few cars trickling in each month).





  • I suggested to a friend years ago that he keep all of hit used butts in a jar beside his bed. He came up with this idea that he should add some water to the jar.

    The reminder every time he got up or went to bed that the black goop shit was the same stuff he was putting into his lungs every day eventually got him to stop. He couldn’t even look at the jar anymore — and certainly didn’t want to add to it. That thing was nasty.