Re: Pot meet kettle
Yes, National Security Letters - and then the companies involved can't even report that they had to hand over the data, without their execs landing in prison.
6778 publicly visible posts • joined 27 Nov 2009
This wasn't me, I remember reading it when I was a young whipper-snapper. I think it was in either Practical Computing or PCW in the UK.
The journo had a friend (apocryphal?) who had worked on a large system in the 70s. It was fairly advanced and used an early teletype terminal. He would have to wait for the users to finish for the day, then he could start the reconciliation jobs. He would have to let them run, before powering down the computer and going home...
Only the jobs took hours to complete, which meant missing Corrie or valuable drinking time.
Being a primitive teletype with a roller and moving carriage, the BOFH candidate became creative. A line feed would execute a command, while CR/LF would execute the command and return the carriage to the start of the line... Being sneaky, he batched up all of the commands in the input buffer, then attached one end of a piece of string to the carriage and the other to the power switch of the computer (a throw switch, not a push button).
Thus the jobs would all run sequentially, the carriage would gradually move to its full extent and once the final job had run, it did a shutdown and when that sent the session termination string, the teletype would throw a carriage return, yanking the power switch of the computer to the off position in the process. Obviously, there were a few flaws with this, a spelling mistake in the type-ahead buffer would leave jobs un-run and failed jobs would be ignored...
But, hey, extra beer time whilst being paid overtime for running the jobs - the log showed when "he " shut down the machine, so they "knew" when he had left the building...
I had a case of "but its elegant and readable". Yes, it was elegant and human readable. Unfortunately it was a complete pigs-ear, when it came to actually being executable.
Under moderate server load (250 guests over 4 load-balanced front end servers), the script to get the menu structure for the site would keel over and timeout at 2 minutes!
Re-structuring the query to be (still) human readable, but actually optimized for what the computer had to do, the query time was reduced to < 500ms when all 4 load balancers were handling 250 sessions each.
It isn't just a "millenial" problem, it has affected poor programmers ever since I have worked in IT, going back to the early 80s. There are programmers who understand how the underlying hardware, operating system and application stack work and those that can just churn out "pretty" code. Oh, and those that just shouldn't be let near a computer in the first place!
Sort of Ribeiro didn't want money, it is alleged, or rather his main motivation wasn't money. But his bugs were rejected out of hand, because it was a product only for paying customers...
privately disclosed by security researcher Pedro Ribeiro at no charge.
I'm guessing a process snafu, where he is not a paying customer, therefore he doesn't get support on those products, so he can't report a bug on those products. A pretty silly chain of failure, but I would guess typical in many companies.
Researcher: "I have found a bug in xyz."
Helldesk: "What is your customer ID?"
Researcher: "I'm an independent researcher, I don't have a customer ID."
Helldesk: "Without a customer ID, I can't process your request."
Researcher: "It isn't a request, I'm trying to inform you that you have a serious problem with your product!"
Helldesk: "But without a customer ID, I can't log a call for you. Are you using a pirated version of our program? Shall I put you through to legal?"
>click<
Start up Age of Empires... By the time you get a reply, you'll have already taken over the world with water powered nuclear generators.
They'll probably reply just as you are about to go for a leak, so make sure the PFY's briefcase is within easy reach...
Yes, I'm going through the BOFH chronicles. That was 2003 episode 23.
And not just UK and US. Most countries suffer.
Here in Germany there are many communities that still have no broadband at all or are limited to 1mbps.
At work, we have a reasonable internet connection, but mobile coverage sucks. And average speedtest here get around 0.05mbps down and 0.02 up - most of the time, the Vodafone speedtest app states that there is no internet connection at all (it times out), although Signal and Telegram still deliver messages (if with several minutes or hours delay as the data trickles in).
Yes, it isn't like you need just a computer and access to the source repository...
Google has been trying to sell us products for years to make home working easier, because you don't need to be on premises to use it, because it is all in the cloud. And collaboration software, like all those products they keep cancelling.
Seriously though, there are possibly some parts of the process that had to happen "on-site" for security reasons until now and they possibly need to organize a way of keeping that security, whilst giving the leads the ability to release (as opposed to just work) from home.
Not every country has free speech.
And in the case of the USA, it only says that the Government can't curtail free speech. It says nothing about platforms banning complete nutters from posting dangerous nonsense; they are allowed to do that, they aren't the government and it is their private platform, they don't have to put up with it. they could ban it, but then they'd lose ad revenue on the posts.
I don't have an alligator with me, but I definitely want to stand at the tail end, not the head end, when I'm queueing up!
I don't think the Kangaroo would be much better, have you seen the damage they can cause with their feet if they are forced to stand in line?
Mine's the one with an Osman piece of string in the pocket.
At least there is someone to talk to, even if they are asleep for most of your working day.
With Google, on the other hand, calling them results in 10 minutes of being pushed around an automated phone system, before a message saying check out the relevant part of the Google website and being spat out.
Writing an email results in an auto-reply, saying that they receive so many messages, that they are auto-deleted and never read, please see the relevant part of the Google website.
In my case, there was no part of the website I could find that dealt with being DOSed by a Google server in California...
Yes, that was my thought. Not so much that they can't generate the PDFs, more that they will probably need to have an agreed upon electronic indexing and cross-referencing system (which will need to be implemented and tested) and you need some form of secure transmission (which will need to be implemented and tested), before you can actually start sending out live electronic bundles.
Yes, oh and the typo, should be "unless the code was properly documented." :-D
Where I worked, we had development teams and support teams. The development teams were usually large and went from customer project to customer project, whereas the support teams for the customers were smaller and looked after dozens of supported systems. Therefore good documentation was critical to being able to support the system.
E.g. a project team with a project manager, consultants, analysts, designers, infrastructure specialists, programmers, testers etc. could easily run to 100 persons and the support staff were a manager and half a dozen programmers, who looked after everything the customer had in production.
one even went through and actively deleted all comments, the stupid comment made by the so called architect was that comments got out of date, you should just read the code.
And I was taught, you always change the comments first, to reflect the changes you are about to make to the code, otherwise nobody can maintain it. Once the project was complete, the development team handed it over to support and support would refuse to accept the project as finished and supportable if the code was properly documented.
There were severe demerits for the development team, if they tried to hand over "unfinished" code, and unfinished also meant undocumented.
Likewise, all documentation was stored in a document management system and the final project documentation also printed and signed off, before being archived.
I knocked up a product tracking system for a photo studio (I worked at an advertising and ecommerce agency that had their own studio), which photographed thousands of products a week.
I wrote the system in PHP with Zen, with HTML & CSS front end and a total of around 20 lines of JavaScript, in 2010, it used scanners to scan the barcodes of the products, in the 3 months of my notice period. Last year, I received a thank you on LinkedIn from the project manager that took over the project for the documentation I left behind - the PHPDoc ran to around 800 pages. But I kept everything simple, each class covered one business object, each method did one job and where it had to work on complicated data structures, they were broken out into individual private functions that did simple tasks of the whole.
The same when I left the next job, the administrator that took over from me contacted me to thank me for the documentation I left behind.
Back in the 80s, we were still company men and women, we still believed we'd be working for the same company when we retired. I managed around 15 years with the company I started work with, until they did a big downsizing in 2002 (5 figures) and I took the opportunity to start over in a new country.
Agreed. And the software back then was a hell of an investment, probably costing hundreds of thousands, if not millions to implement.
The problem is, re-implementing that in something "more modern" would need a similar investment, at rates inflated for today's economy. These systems are usually unique and have been regularly extended over the decades. Doing a complete analysis of what it actually does, an analysis of what it actually needs to do and implementing a new system based on the findings would be prohibitively expensive.
That is one of the problems that these public sector organisations have, as well as private companies. How do you tell your electorate that 10-15% of their taxes for the next five plus years will go towards replacing a system that already works?
That is why many of these systems are still around, they are still "good enough" to carry on and nobody has the budget to even think about replacing them.
Yes, I worked on several Y2K projects, including some COBOL projects (E.g. CFS, PROTOS) during the late 80s and early 90s. I'm still at least a decade and a half away from retirement... Although at the current rate, I'll probably still be a decade and a half away from retirement in a decade and a half!
German TV can be very good.
A lot of what is shown on the commercial channels is absolute tripe (licensed versions of US reality TV tripe), but there are a lot of good programs as well, especially on the BBC equivalents (ARD, ZDF etc.).
I probably watch more original German programming than I do imported US or UK shows.
Exactly, I feel sorry for the employees, but I have to agree with the Court in this case. They did everything they reasonably could - the data was put on an encrypted USB stick for the transfer to KPMG, it wasn't spaffed over an unencrypted FTP link or per email, they took "all reasonable precaution", with the possible exception of not realising Skelton held a grudge.
That he held a grudge for his own stupidity and decided to take revenge by publishing the information entrusted to him in no way falls under what his expected duties were. If he had lost the stick when taking it to KPMG and it wasn't encrypted, that would be part of his expected duties, but extra-curricular activities outside of his job role (he was not expected, as part of his role to publish the information anywhere online) cannot reasonably be covered by Morrison's liability.
Yes, sending corporate information to Microsoft servers? No, not never.
As an aside, I just gave it the Complete Bastard - a document I've been creating over the years with all BOFH episodes in it (1,651 pages or 647,195 words)... It is taking its own sweet time. I'm expecting smoke to start coming out of my laptop in a minute.
The Bavarian government was caught with their WebEx down as well.
Heise's c't magazine found the links to the Bavarian meeting rooms were all open, predictable (a path + a room number, which was sequential) and none of the meeting rooms were password protected.
Last week, they managed to sit in on a crisis meeting between the Minister-president of Bavaria, the police and the health ministry. After confirming that it was a private meeting, not meant for the public, they quietly left the meeting and informed the Ministry for IT Security (BIS) straight away. In the meantime, the meeting rooms have been password protected.