Profile

Cover photo
Rick Troth
175 followers|47,704 views
AboutPostsPhotosVideos

Stream

Rick Troth

Shared publicly  - 
 
The story is told of a young man who strove to live down the faults of his father. The father smoked, drank, cursed, was unfaithful, did not support his family. The son was diligent, provided well for his kids and wife, was faithful and loving to her, never smoked or drank.

Someone who knew them both said, "You're so much like your father.". The stunned young man retorted harshly, "How can you say that?!?". Turns out he was deeply bitter and angry, just like his dad.

 
If you try to be the opposite of some group that you oppose, you'll become their opposite in everything, even ways in which they're good. The negative of an ugly photo is still an ugly photo. 
3 comments on original post
1

Rick Troth

Shared publicly  - 
 
 
2010 CBO had a report that previous decade tax revenue was cut $6T and spending increased by $6T (compared to baseline budget, which would have had all federal debt gone in 2010), for $12T budget gap (by 2010). Congress had let the fiscal responsibility act expire (required that spending couldn't exceed revenue) in 2002. The first major legislation afterwards was part-d drug act ... the comptroller general described as a long-term $40T item that comes to swamp all other budget item. It has been described as enormous gift to the drug industry ... cbs 60mins did segment on the 18 republican staffers and members of congress responsible for getting it thru ... after it passes, all 18 have resigned and are on drug industry payroll. Just before the final vote, the 18 add a one liner that prevents competitive bidding. 60mins show identical drugs under VA (that has competitive bidding) that are 1/3rd the cost of same drug from part-d. Congress savaging of the budget was getting so bad by the middle of the last decade, the comptroller general was including in speeches that nobody in congress was capable of middle school arithmetic.
The new Republican budget advertises $1.1 trillion in savings that are difficult to account for.
View original post
1

Rick Troth

Shared publicly  - 
 
Twice already this year a friend has tipped me about Linux Format (the magazine; different friend each time). I have Christmas 2014 and now I guess I gotta get February 2015.

James Trumbull reaps good press this go-round, pushing his book like an author on Letterman. (Matt Hanson starring as DL in this episode.) Containers are cool. I'm a purist, so I'm slow to use them. But I have used them. Most of the interview is good info. A few objections worth noting:

 + dismissing Unix is wrong (tho GKH, Mayer, MacMillan, Poettering, Walsh, Smalley, and even Sievers are doing that full throttle)
 + AS/400 is not a mainframe, neither is a VAX
 + virtual machines can be spun up as fast as containers

I also have to question the numbers cited from IBM. Insertion loss for my favorite hypervisor is way less than 20 or 10%. It's easily under 5% and has been shown to improve guest performance above unity for some cases. We're talking about different kinds of hardware, and Trumbull wasn't clear which hardware IBM's numbers relate to.

Don't get me wrong. Zones, jails, and containers are all great for a lot of workloads. And James makes it clear that they're not virtual machines.

The Docker playing field is slanted steeply in favor of one company. You don't hear that in the buzz. It's not illegal, not even unethical or imoral, but it does go against the grain of "community aspect". The rest of the containers world is not so unbalanced.

-- R; <><
1
Jon Miller's profile photo
 
I would have guessed you'd be all over containers. I'm seeing some interesting work with containers in regards to RO root partitions. Sounds familiar, doesn't it? 

IMO, the best part about Docker is the ability to grant access to development teams to build / iterate their own images on their own. Traditional IT / Admin teams would then merely need to care about the infrastructure to support running the containers and there are other cool projects for that. (E.g. kubernetes)

Reminds me of a Dev team that was insistent upon sticking with a particular, early release of RHEL4 and the friction that caused with the admin team. With containers, the admin team would still care but they'd be able to isolate that app and push off much of the care & feeding of the "image" back to the dev team. 

Rick Troth

Shared publicly  - 
 
Interesting ovservation by Bob Beck about incentive (or lack) one group has w/r/t code quality ...

"Developers only interested in adding features, not fixing/maintaining"

Of course, I have to agree that fixing/maintaining sucks, especially for secondary authors.

http://www.openbsd.org/papers/bsdcan14-libressl/mgp00001.html

Somehow it seems tightly coupled with this ...

http://bitbashing.io/2015/02/16/shipping-culture.html
[index] [text page] [<] [last>>] Page 1: LibreSSL - An OpenSSL replacement. Page 1. Generated by MagicPoint.
1
Rick Troth's profile photoAlex Lustenberg's profile photo
2 comments
 
making the assumption that people a) know what they are doing, and b) care, is a not a very sound foundation when dealing with security related code.

Rick Troth

Shared publicly  - 
 
I wish I could get that doctorate in computer security that I keep dreaming of. Some of this is just common sense. Oh ... yeah ... common sense isn't really common, I commonly forget.

http://queue.acm.org/detail.cfm?id=2721993

Static versus dynamic is worth careful consideration in other sectors. But for the web, it's especially true: you're inviting the trojan horse inside.
ACM's new Applicative conference runs from February 25th through the 27th in New York. Keynotes from Jafar Husain at Netflix and Ben Maurer at Facebook. Other speakers include Maged Michael, Theo Schlossnagle, Alexandra Federova, Ulrich Drepper, and Queue's Kode Vicious, George Neville-Neil ...
1
Jon Miller's profile photoRick Troth's profile photo
2 comments
 
Exactly, Jon, which is the veiled point of my second paragraph.

NORD leans toward static libraries. There's no silver bullet when it comes to static/shared linkage. NORD favors static libs for the sake of portability of things built with it, but it doesn't exclude shared libs.

Different risks than Vixie cites for "web static", but some common themes.



Rick Troth

Shared publicly  - 
 
This is just downright offensive.
The title and focus are on open source as a vector for risk, while the article itself cites a lower percentage of documented vulnerabilities from open source software than the rest.

Never the less, there are some important points:
A sharp one, that companies frequently set themselves up for risk by not vetting third party software. Ironically, they have better means for vetting open source software than closed source. (Regardless of licensing or IP issues, if you have the source then give it a glance.) People gotta do due diligence.

http://www.darkreading.com/growing-open-source-use-heightens-enterprise-security-risks-/d/d-id/1318767?_mc=NL_DR_EDT_DR_daily_20150126&cid=NL_DR_EDT_DR_daily_20150126&elq=318d9034078f44bd90771cc3540ef20e&elqCampaignId=12223

And as always, an offensive headline is likely to get read. Worked with me.
Companies often have little clue about the extent of third-party code in the enterprise or the risks it poses, security experts say
1
Have him in circles
175 people
Ron Tipton, III's profile photo
Leland Lucius's profile photo
Deric Abel's profile photo
Cassie Pennington's profile photo
Jeffrey Tunison's profile photo
Jeff Savit's profile photo
Ingolf Salm's profile photo
Betty Miller's profile photo
Andrew Troth's profile photo

Rick Troth

Shared publicly  - 
 
From a couple months ago by Paul Vixie, and in my "open tabs" for a re-read or two. Good stuff.

http://queue.acm.org/detail.cfm?id=2721993

"In the end, dynamic systems are simply less secure."

My own public-facing website, while inconsequential, is completely static, for all the reasons Dr. Vixie mentions.
Web Security · Download PDF version of this article. January 14, 2015. Volume 13, issue 2. Go Static or Go Home. In the end, dynamic systems are simply less secure. Paul Vixie. Most current and historic problems in computer and network security boil down to a single observation: letting other ...
1

Rick Troth

Shared publicly  - 
 
Proverbs 6, v 16 through 19, found today on a note-to-self in my pile. Could not help but think of several current "situations", even some in FOSS land.
4
1
David L. Craig's profile photo
 
Woe to us when any of that stuff gets reclassified "business as usual" in any area of our environment...

Rick Troth

Shared publicly  - 
 
Am missing the SHARE conference this week. Wish I was there.

One of my good friends will be pitching SystemD. Lots of opinion and emotion surrounding SystemD. But his audience will be "safe". Other audiences might see it this way ...

http://devopsreactions.tumblr.com/post/112502661235/watching-systemd-evolve

Credit to RPHIII for the URL. Thanks to "Hazzim" for the post. Thanks to the actors, especially the GKH look-alike.
3

Rick Troth

Shared publicly  - 
 
Goes for software too. (Which John does say.)

http://www.johndcook.com/blog/2015/02/11/what-to-abandon/

I am pained by the disparity: we cling to crappy code, but we discard reliable stuff with re-writes. What do you suppose drives this insanity?
Sometimes it's rational to walk away from something you've invested a great deal in. It's hard imagine how investors could abandon something as large and
1
Mark K Post's profile photoDavid L. Craig's profile photoAlex Lustenberg's profile photo
5 comments
 
+David L. Craig that would require investigation and planning;  if you had both of those, you likely would not be reinventing the wheel for no good reason. 

Rick Troth

Shared publicly  - 
 
Tesla P85D Insane Mode Launch Reactions Compilation - Explicit Version: http://youtu.be/LpaLgF1uLB8
1
Mats Wichmann's profile photoDavid L. Craig's profile photo
2 comments
 
No wasted energy at the contact patches--impressive.

Rick Troth

Shared publicly  - 
 
+Robert Schweikert sharing his thoughts on sharing ...

http://rjsbraindump.blogspot.com/2014/12/to-share-or-not-to-share.html

It's a great overview of the issues in the light of one particular solution.
1
People
Have him in circles
175 people
Ron Tipton, III's profile photo
Leland Lucius's profile photo
Deric Abel's profile photo
Cassie Pennington's profile photo
Jeffrey Tunison's profile photo
Jeff Savit's profile photo
Ingolf Salm's profile photo
Betty Miller's profile photo
Andrew Troth's profile photo
Work
Occupation
follower of a Jewish carpenter, husband, father, hacker, and wire monkey
Links
YouTube
Contributor to
Story
Tagline
... try to take over the world!
Introduction
I hand-entered Simson Garfinkel's PGP key from the book, sent him an encrypted message, and he replied having successfully decrypted it.


Bragging rights
"Sir Santa" to those who know me well, and only polar after the fact
Basic Information
Gender
Male
Other names
VM Cowboy, Sir Santa