This is a sobering post that revisits the notion that given a project, how many developers have to be hit by a bus before it stalls.

According to the methodology explained in the article, in 2015 it took 57 developers for the Linux kernel to fail, now it appears that it takes 8.

That's not good.

Anyone here have any experience with a Datto Backup Appliance?

I have just been told that they've never run a full restoration in the six years that it's been in service, deployed for the backup of four mission critical virtual Windows Servers, four Windows Workstation and a (physical?) Linux PABX server.

The actual appliance is apparently a "Datto S3-2000 BCDR"

Edit: The anal retentive in me is going WTF in a tight loop. The industry professional with 40 years experience in the field is going, different day, same old...

I realised that I didn't actually ask the pertinent question, the hamster wheel was running full tilt, but is this normal, or is this WTF, or somewhere in-between?

Starting yesterday, Connect hard crashes when you attempt to click on the Inbox and the same happens if you click on the notification bell showing that there are messages.

As of this morning, the Inbox sidebar label is coloured Red instead of Blue.

Connect Version 1.0.190 Android v13 with latest security patches

A cookie notice that seeks permission to share your details with "848 of our partners" and "actively scan device details for identification".

How are you storing passwords and 2FA keys that proliferate across every conceivable online service these days?

What made you choose that solution and have you considered what would happen in life altering situations like, hardware failure, theft, fire, divorce, death?

If you're using an online solution, has it been hacked and how did that impact you?

My search has been without results.

My "new" model remote with a Siri button keeps needing to be reset to control my infrared amplifier. Press and hold the Volume Down and TV button works, but it's annoying when you want to change the volume whilst watching something and it doesn't respond.

Firmware version is 0x83.

Anyone got any ideas what might be causing this?

I've been using VMware for about two decades. I'm moving elsewhere. KVM appears to be the solution for me.

I cannot discover how a guest display is supposed to work.

On VMware workstation/Fusion the application provides the display interface and puts it into a window on the host. This can be resized to full screen. It's how I've been running my Debian desktop and probably hundreds of other virtual machines (mostly Linux) inside a guest on my MacOS iMac.

If I install Linux or BSD onto the bare metal iMac, how do KVM guests show their screen?

I really don't want to run VNC or RDP inside the guest.

I've been looking for documentation on this but Google search is now so bad that technical documents are completely hidden behind marketing blurbs or LLM generated rubbish.

Anyone?

There is a growing trend where organisations are strictly limiting the amount of information that they disclose in relation to a data breach. Linked is an ongoing example of such a drip feed of PR friendly motherhood statements.

As an ICT professional with 40 years experience, I'm aware that there's a massive gap between disclosing how something was compromised, versus what data was exfiltrated.

For example, the fact that the linked organisation disclosed that their VoIP phone system was affected points to a significant breach, but there is no disclosure in relation to what personal information was affected.

For example, that particular organisation also has the global headquarters of a different organisation in their building, and has, at least in the past, had common office bearers. Was any data in that organisation affected?

My question is this:

What should be disclosed and what might come as a post mortem after systems have been secured restored?

Anyone know of any scriptable asynchronous communication tools?

The closest so-far appears to be Kermit. It's been around since CP/M, but apparently there's still no centralised language reference and the syntax predates Perl.

U2F keys can be purchased online for the price of a cup of coffee. They're being touted as the next best thing in online security authentication.

How do you know that the key that arrives at your doorstep is unique and doesn't produce predictable or known output?

There's plenty of opportunities for this to occur with online repositories with source code and build instructions.

Price of manufacturing is so low that anyone can make a key for a couple of dollars. Sending out the same key to everyone seems like a viable attack vector for anyone who wants to spend some effort into getting access to places protected by a U2F key.

Why, or how, do you trust such a key?

The recent XZ experience shows us that the long game is clearly not an issue for some of this activity.

Genie: There are 3 rules... no wishing for death, no falling in love, no bringing back dead people.

Me: I wish envelopes would moan when you lick them.

Genie: There are 4 rules...