The XMLRPC Search endpoint remains disabled due to ongoing request volume. As of this update, there has been no reduction in inbound traffic to the endpoint from abusive IPs and we are unable to re-enable the endpoint, as it would immediately cause PyPI service to degrade again.
This is an ongoing attack on PyPi's search backends since around December 14 from the status logs. For context, this has entirely disabled 'pip search'.
Washington State has a single-subject rule that affects both bills in legislature and ballot measures[1]. We've regularly had poorly crafted voter initiatives tossed out by the WA State Supreme Court on this basis.
AnandTech speculates on a 128-bit DRAM bus[1], but AFAIK Apple hasn't revealed rich details about the memory architecture. It'll be interesting to see what the overall memory bandwidth story looks like as hardware trickles out.
Apple being Apple, we won't know much before someone grinds down a couple chips to reveal what the interconnections are, but if you are feeding GPUs along with CPUs, a wider memory bus between DRAM and the SoC cache makes a lot of sense.
This article leaves more questions than it answers. Room-elephant number one: access being available after an employee has left is bad. That access remaining five months later is beyond the pale, unless the real story is that the employee created a backdoor. Barring a backdoor, there are further serious questions about the employee retaining this access, presumably without any employer-provided and controlled hardware (e.g. laptop, yubikey, or what-have-you).
Room-elephant number two: motive. The reported facts naively summarize as "oops, ex-employee blew up some stuff in prod, caused problems". <meme>But whyyyyy??</meme> There's no indication of specifics, and seeming denials of some obvious guesses: attempts at hacking (e.g. data exfiltration for profit, which are denied), ransomware, revenge, or anything else that would explain this behavior.
Further confounding everything is the bit where the new employer's response to these revelations is apparently "shrug".
I worked in consulting up until Covid. When I got laid off, my employer locked me out of every corporate system within 15 minutes. But every client who gave me VPN, AWS or other credentials didn't get notified.
Do me it reads as if he was fast and loose with something, and didn't really care whether it affected other systems, but didn't intentionally seek to damage systems. That sounds like it would be a hard situation to have happen, but there's so little real info it's hard to tell.
Was it a script on a personal machine he had that was connecting to an old account he didn't thing would work? They say "deployed code", and that can be frightening easy to do in a cloud centric workflow (and if it's old code, who knows what would happen).
Something like that would also explain is current employers reticence to fire him. A mistake where you run something you don't imagine will even work, much less cause major problems that then does so because your prior employer forgot to remove credentials is something that might be looked on with a bit more understanding (and a lot of schadenfreude about he other company's lax controls causing them major problems).
I've had to juggle personal and professional AWS accounts for a while, I could see someone being confused about which account they were on and accidentally wiping out some stuff. Who knows though.
Timing aside, I myself would have to have Malicious Hate in my heart, or some ethical//moral equivalent in my brain, to do active big-cost "fire in the hole" damage on to a former employer.
Regarding 1, Cisco will definitely have some explaining to do to their customers and industry compliance bodies, but legally they are in the clear. The precedent has been set time and again that knowingly accessing a system that you know you shouldn't is enough to be considered a criminal act, regardless of how (in)secure it was.
> Cisco will definitely have some explaining to do to their customers and industry compliance bodies, but legally they are in the clear.
Violating numerous compliance regulations by leaving the accounts of a terminated employee active for months doesn’t put Cisco “legally in the clear.” Depending on the regulator they could be in for a good sized fine.
This rant feels a bit banal, like it's going up against a straw-man just to be ... a rant. On one hand, I can't think of the last time a developer in an org I've worked with hasn't conspicuously and regularly used text windows wider than 80 columns. On the other, well-written code (and prose!) also exploits limiting line length for clarity and readability. There's clearly a balance, helpful rules of thumb paired with useful times to break those rules.
To be honest, the worst regular example I encounter, in either direction, is Markdown source with no hard line breaks. Markdown fully supports them, and trying to read paragraphs in whatever-hundred character lines is a painful exercise. Such irony, since part of the beauty of Markdown is dual readability in both source and rendered forms.
Back in the early 90s, my grad AI class referred to AI as the "incredible shrinking field". The class kicked off with a black-and-white newsreel style interview from the 1950's with an MIT professor[1] who says, to eternal breathless infamy, something along the lines of "we'll have machines that can think within five years!"
Part of the challenge is/was the line of thinking "surely if we can solve Hard Problem X, we'll have intelligence!" This turned out to be entirely wrongheaded, since a vast litany of Hard Problems X turned out to have plain old algorithmic solutions.
[1] I keep hoping this shows up online somewhere. It was shot using a machine room as the set, where mid-century modern furniture had been brought in for guest and host!
Maybe in a few years we'll have bridged the gap between computer and machine capabilities. Not by deciding computers think, but by realizing that what humans do is computing.
That indeed looks like it, thanks. It also looks like old memory mixed up bits and pieces of it; the interview wasn't in fact set in the machine room shots.
I'd like to offer a recommendation for Zoom Tab Close[1]. It's an extremely simple extension that closes out the leftover tab when a zoom link received by the browser redirects to the desktop app. Just one bit of friction in my day ... gone.
> Maybe ten years ago I would have believed this, but with each macOS release the litany of unforced errors just continues to grow.
Apple, of all companies, is not a monolith. There are parts of the company who've been just killing it from a software perspective (Swift, SwiftUI, XCode preview for SwiftUI, etc.) Where they've had severe issues has effectively been quality management across the broader OS.
Also, I'll be very interested to watch what happens over the next couple of major release cycles. I think Apple got a major wake-up call with the shitstorm that was the iOS 13 / Catalina release cycle. I'm hoping that they'll be putting in place an outright culture shift to fix that long-term, vs. a one-off "Snow Leopard" tech debt paydown release.
>(Swift, SwiftUI, XCode preview for SwiftUI, etc.)
Time will tell, but right now I think Swift isn't the languages that I once hoped for. And objective-C, despite all of its problem, is still doing well.
An example of PAPR application: I know of a professional woodturner who uses one, a 3M system IIRC. Beyond potential issues with long-term exposure to wood dust, turners tend to use material with unusual provenance compared to commercial timber. That in turn often means "spalted" – i.e. it's got fungal growth in it. It produces some lovely patterning and coloration in the wood, but which you definitely do not want to be breathing. The PAPR effectively combines breathing protection with a common turner's face shield; it's a compelling combination for that kind of work.
True; rent should be suspended due to the crisis. The mechanics are tricky, and much worse, I have no hope of the actual policy leadership required to see this through here in the US. We're like an off-road vehicle with a suspension system built of cheap glass.
It will be a cascade. Rents is often backing a mortgage, so mortgages need to be suspended, mortgages backed by bonds and deposits, so interest repayments in people's retirement accounts need to be suspended and so on.
The XMLRPC Search endpoint remains disabled due to ongoing request volume. As of this update, there has been no reduction in inbound traffic to the endpoint from abusive IPs and we are unable to re-enable the endpoint, as it would immediately cause PyPI service to degrade again.
This is an ongoing attack on PyPi's search backends since around December 14 from the status logs. For context, this has entirely disabled 'pip search'.