Show threadJdeBPMar 1

@vmstan

From the current status page (https://health.aws.amazon.com/health/status):

'At around 4:30 AM PST, one of our Availability Zones (mec1-az2) was impacted by objects that struck the data center, creating sparks and fire. The fire department shut off power to the facility and generators as they worked to put out the fire. We are still awaiting permission to turn the power back on, […]'

As Hans Gruber would say: You asked for miracles, Theo. I give you the #UnitedArabEmirates fire department.

#AWS #Amazon #CloudComputing #DataCentres #DieHard #HansGruber #RisksDigest

Show threadJdeBPJun 11, 2025

@lattera

Avoiding monoculture in computing is a fairly long-lived strategy that goes back decades. I'm sure that there are old #RISKSDigest posts. It's history that every new generation has to learn from, or be doomed to repeat.

Years ago, one avoided monoculture risks by being (for example) the people who were *not* running BSD Sendmail. (-:

https://mastodonapp.uk/@JdeBP/114654474666330011

#RTMWorm

JdeBP (@[email protected])

@[email protected] Avoidance of monoculture. Whilst everyone else is being hit by the latest script kiddie fad, some malicious script writer is still scratching xyr head at the subset of target machines that reject the Bashisms, don't have lsof, put some stuff in /usr/local or /usr/pkg, have ftp or fetch rather than wget, and need this weird ifconfig command. The malevolent have relied upon monoculture for efficient scaling for over 4 decades. Ironically, when BSD was mainstream, the shoe was on the other foot. Example: In my HTTP servers's logs today, bad actors are assuming that a server accepts its own IP address as a virtual host, and has a /cgi-bin directory or a /.well-known directory. And they're sending HTTP/1.1 GET requests to GOPHER ports. Because they assume a monoculture of HTTP service, even on non-HTTP ports. There are some very obvious *other* attacks, outwith the monoculture, that they could try. But they don't. #FreeBSD #NetBSD

Mastodon App UK
Doc Edward Morbius ⭕​Sep 20, 2023

Does anyone know the status or continuation plans of #CompRisks / #RisksDigest, moderated by #PeterGNeumann?

The topic came up at HN, where the first suggestion was in the past tense. RISKS Digest, begun in August 1985, is still going strong, however, with Volume 33#85, released yesterday:

https://catless.ncl.ac.uk/Risks/33/85

That said, Peter G. Neumann is now at least 90 years old, and I've seen a few too many projects and initiatives fail for want of a continuity plan.

I don't see any results from toot.cat for the hashtags I'm using here. I'm hoping some other readers might have information.

#risk #ComputerRisks #TechnologicalRisk

The RISKS Digest, Volume 33 Issue 85

The Risks Digest