21 degree C. Can’t stop spring…
21 degree C. Can’t stop spring…
Here we go…
How do you erase an entire data center in 60 seconds?
If you happen to be in Berlin: I am in the city from tonight until Thursday afternoon.
I will be in Mitte, because Openshift Commons and Kubecon are happening in the BCC. I will probably be quite busy, though.
The Register reports on CVE-2017-7240, Web Server Directory Traversal in the Miele Professional PG 8528 Dishwasher (which is used in medical establishments to clean and properly disinfect laboratory and surgical instruments).
Yes, Dishwashers (and many microwaves and ovens) now come with touch screens, and network ports. Of course, as El Reg puts it
Appliance makers: stop trying to connect to the Internet, you’re no good at it. ®
but in this case the webserver even makes sense. The PG 8528 is a commercial washer and desinfector for hospitals and probably comes with remote service and diagnostics.
That makes it even worse that Miele has no security process for these devices at all:
And because Miele is an appliance company and not a pure-play IT company, it doesn’t have a process for reporting or fixing bugs.
Miele did not respond to the bug report they received in November 2016, ever.
Where I work we have regular round tables, in which you can talk and ask questions to middle management from other departments than your own. I had the opportunity to talk to a person who manages development priorities and staffs teams, and who of course has some insight into hiring and the interview process. That was very enlightening.
For example, finding people to hire in a large organisation is a hard job. Hiring rates are quite fixed, so in order to find people to hire you need to go through a relatively fixed, larger number of resume reviews, phone screens and face to face interviews. Assume that for each three people you would want to hire you need to sift through 100 resumes – that’s 10.000 resumes to look at for 300 people to hire. And it can not be automated.
Daniel Suarez is planning a Reddit AMA on Monday, 24th of April. He’s in PST, and is asking for a preferred time on Twitter. Vote now.
The Guardian had in 2010 an article about road casualties in London:
There you will find that the fall of 299 brought the annual total down from 3,526 killed or seriously injured on London’s roads in 2008 to 3,227 in 2009.
That’s an eight percent fall, which is pretty significant statistically. However, in human terms, the fact that well over 3,000 people were killed or seriously injured in both 2008 and 2009 seems rather more significant. That’s nine or ten a day, including 204 people killed in 2008 and 184 in 2009.
We still consider such numbers normal loss of live.
Since January 19, the Google Chrome team has been investigating a series of failures by Symantec Corporation to properly validate certificates. Over the course of this investigation, the explanations provided by Symantec have revealed a continually increasing scope of misissuance with each set of questions from members of the Google Chrome team; an initial set of reportedly 127 certificates has expanded to include at least 30,000 certificates, issued over a period spanning several years. […]
To balance the compatibility risks versus the security risks, we propose a gradual distrust of all existing Symantec-issued certificates, requiring that they be replaced over time with new, fully revalidated certificates, compliant with the current Baseline Requirements. […]
Given the nature of these issues, and the multiple failures of Symantec to ensure that the level of assurance provided by their certificates meets the requirements of the Baseline Requirements or Extended Validation Guidelines, we no longer have the confidence necessary in order to grant Symantec-issued certificates the “Extended Validation” status.