It's time to start holding senior management, from the CEO down, personally (and financially) responsible for cockups like this.
1042 posts • joined 23 Apr 2007
It's time to start holding senior management, from the CEO down, personally (and financially) responsible for cockups like this.
Sure, they didn't mean to put it online, but where there's a connection to Ye Olde Internette, there are hackers, and they are smarter than you are.
Information that should never be leaked should never be digitized. To do so is asking for trouble.
I draw your attention to Peter Fryer's "Mrs Grundy: Studies in English Prudery".
The common factor is failure to recognize what any ordinary person could have told them: the customers will reject your bright idea. Didn't Keurig have even a glimmer of awareness that shutting out off-brand coffees from their machines would not be popular? That coffee makers are available in an infinity of models and there's lots of competition?
As for Target-in-Canada, their stores came across as designed by someone who thought Canucks are a bunch of stupid goobers and didn't realize that Target's popularity among cross-border shoppers is due to the selection and the prices; the mere name "Target" is by itself of no significance.
Design mistakes: no change room by the men's clothing; they expected you to walk down (or up) to another floor to use the women's change rooms. No checkouts by some doors. Only self-serve checkouts at some (and they crashed with shocking regularity). And subtle ways of trying to disconnect their stores from the rest of the malls they were located in. Never mind the empty shelves because Target-in-Canada hadn't bothered to organize its supply chain before opening.
The overall lesson from both pratfalls is this: don't pay too much attention to bean counters and marketers who come up with a new and novel way of abusing your customers. They don't know the business.
Target has all the symptoms of a corporation entirely under control of bean counters who don't know the business and who are addicted to cutting corners and making false economies,e.g. inadequate security of their IT systems.
But also this: everyone has probably heard by now of Target's failed entry into the Canadian market. After just two years, they've completely shut down and gone back to the US tail between legs. From personal experience I can testify that whoever was in charge of the Canadian stores didn't know the business, cut corners, and chased false economies. For the first time, Target had two-level stores. The dimbulb(s) who designed them put the men's clothing on one floor, the women's on the other, but only put change rooms for trying clothes on the floor with the women's wear. Perhaps it saved some money on construction, but I'm sure I wasn't the only man to simply walk away when I found out I had to trek to another floor to try on the items I was thinking of buying. The Target-in-Canada stores I visited seemed to be laid out entirely for the benefit of the company, not the customers. (The change room fiasco is merely an example.)
Given the boneheadedness implied by the Canadian store designs, it comes as absolutely no surprise that Target would have also skimped on IT.
"the new kids ignore the old guard"
Target, the American department store chain, is completely withdrawing from the Canadian market after only two years. One analysis of this multi-billion dollar fiasco pointed out that when they bought the Zellers chain, they completely disregarded Zellers management. Sure, Zellers was a failing business, but I'm pretty sure management nonetheless had a pretty good grasp on what Canadians bought.
The result was like a very bad joke: empty shelves; no checkouts at many exits, and of those they did have, many were non-functional self-checkout stations. Nice way to persuade customers to simply abandon their shopping carts.
My own observations included a long aisle supposedly devoted to kitchen gadgetry with many, many hooks protruding from pegboard - with half the hooks empty and the other hooks each holding one spatula, all exactly the same. And their food department sold nothing you couldn't buy cheaper at even the smallest corner store.
All due, one suspects, to hubris and a total disregard for the market they were entering. Just like GDS.
Marketers are de facto professional liars. They lie to potential customers about the goods and services they advertise, they lie to the people who hire them, and they lie to themselves about the effectiveness of their antics.
I use Adblock+ so I see few ads, but in my twenty year history on the web, I can't recall making a single purchase as a result of an ad, even during the many years before AB+ .Amazon manages to make a few hits via their internal system of recommendations. Quite astonishing that so many people would work so hard to snoop on so many others without anything significant eventuating in consequence.
A reminder that the "International Algorithmic Language" referred to is Algol, but whether Algol-60 or Algol-59 I do not know.
When I worked for Burroughs back in the day, I was once shown the two file drawers containing the punch card source of a Jovial compiler for Burroughs' "large systems". It was never finished. (Burroughs had significant aeronautic expertise.)
Can that system handle Unicode text? It's old enough that Unicode may be implemented either not at all or only in a rudimentary fashion. Have a pilot submit a flight plan with notes in any language written with characters outside the usual 256-character font set up, and kaboom? And there are a lot of such languages, among them Russian, Polish, Greek, Turkish, Georgian, Chinese, Japanese, Hindi, Thai, and a host of others.
Just to test El Reg's own system: ΣЩՊਊฒႪおナ两
Yes, they are idiots, but that's because Target and other large corporations won't pay for good programmers. The bean counters object, viewing "programmer" as a class of fully fungible entities.
Programming in a network environment (and everything is in a network environment these days) is not easy. To be able to do it right requires (a) plenty of raw brainpower (b) good education and (c) lots and lots of experience. No, you can't ask your secretary to set up a web page. No, you can't ask a junior staff member to look after server security. These are difficult jobs demanding a high level of expertise to do right.
I omit the minor problem that truly competent programmers are not thick on the ground.
If they're both (parent and child) that incompetent, why weren't they forced out of offering financial services? And their senior managers and directors blacklisted from ever again holding any position of responsiblity for, or in respect of, financial IT?
Until the sociopaths who run all large corporations are identified by name and permanently blacklisted, we're going to see this kind of malfeasance over and over and over again.
You've all seen these too. "Your email box is full, please go to such-and-such site and re-enter your handle and password" being a stripped down version.
The solution is obvious: always, always respond but fill in false information. If the scammers get thousands of replies full of nonsense, they will be hard pressed to figure out which ones are legitimate. Maybe!
They spam us, we reverse-spam them.
It wan't "the prison service" that lacked the necessary attentiveness. It was some one or few individuals within that service who didn't, yet were responsible for just such matters.
It might very well be that some upper level management wonk had cancelled the position(s) supposed to handle those responsibilities. But always there is individual failure to do the job correctly that lies behind organizational failures.
"researchers from the University of Cornell in San Francisco"
Clearly, Kelly Fiveash, the author of the Register article, did not read the actual article and has gaps in his knowledge of American institutions of higher education.
First of all, "Cornell" is Cornell University, not "the University of Cornell". This can be easily ascertained by simply looking in the gazetteer at the back of the better American dictionaries or even by using that new-fangled Google thingie. I admit that the nomenclature of American universities is not consistent; some are "University of X", others are "X University", but the proper response to this inconsistency is to look things up and get them right instead of winging it and getting the facts wrong.
Moreover, Cornell University located in Ithaca, New York, not San Francisco. How Mr. Fiveash managed to make such a hash out of the name of a very well known American university is beyond me.
Further: Facebook's "Core Data Science Team" works out of Menlo Park, California (as the PNAS article clearly states), not San Francisco. Important note for Mr. Fiveash: "San Francisco" and "the (San Francisco) Bay area" are not synonymous. I suggest he take a gander at Google maps.
Given the Register's generally high standard of writing, these errors come as an unpleasant surprise.
It's a map of the March 2013 tsunami, quite a different thing. As can be verified by simply moving your cursor over it.
"The main argument seems to be that 'you shouldn't _have to_ defend yourself"
An elderly medieval historian I know once remarked regarding the feminist slogan "take back the night" that it was a quixotic quest; that historically only during a few decades in the twentieth century had it ever been reasonably safe for unaccompanied women to walk about at night — and even then only in some cities.
One possible response to "but I shouldn't have to defend myself" is "sez who?" aka "where does it say that?" People using that excuse for foolish behavior are indulging in wishful thinking at the possible cost of their health and life.
"6 alphabetic characters"
Which alphabet? Roman? Cyrillic? Georgian? Armenian? Greek?
Does the word "alphabet" include abjads, abugidas, syllabaries, and logographic writing systems?
If passwords are restricted to the Roman alphabet, can you use letters from the extended forms of it? Like this: ƷǔƲƜƈŷűÈäẪṃ
More generally, can you use Unicode characters in a password?
Given the comments on BT's incompetence in such matters, the answers are probably "Roman only", "no", "no", and "no". Never mind that Unicode has been implemented quite widely for at least ten years now.
This is just another example of what happens when no one pays attention.
Some other examples from personal experience, not entirely IT related, of the results of no one paying attention:
1. A weekly e-flyer for a pharmacy chain, in PDF format, but really just a string of jpegs with such low resolution you couldn't read the text. No way to tell just what this week's specials were! No one bothered to actually look at the end result to be sure it was legible. Strangely enough, an email to the president's email address actually got to him, and they cleaned up their act promptly. I imagine somebody got their fingers slapped over such stupidity.
2. A big illuminated sign by the highway saying "For latest road condition information, check http://....." With all the hoopla about the adverse effects on driving of using cell phones, you'd think that a sign that was an open invitation to fire up your browser would be dismissed off hand as counterproductive.
3. An emergency response program that has designated routes for emergency vehicle use only. Problem: all the routes between different parts of the metroplex are so designated: you simply cannot get from part A where people work to part B where they live without using one of these highways. If we have a big earthquake (certain to happen sooner or later), everybody's going to want to rush home to make sure things are okay, that their kids in school are okay, etc. There aren't enough cops to block the resultant flood of traffic; and besides, the cops will have other things to do after a big shake. [The city I live in has very few road links between some sections.] This particular stupidity also involves failure to take into account human nature which, as the old adage teaches us, never changes. Plus the common bureaucratic position that making a rule against something actually stops people from doing it.
In the present case, somebody didn't bother to look at the email address they'd keyed to be sure it was correct, to say nothing of the other criticisms of this fiasco.
It could be from a Dilbert cartoon! "Leverage" as a verb, my eye!
The thing that really worries me is that the writers of this bilge are (apparently) unaware how uncommunicative it is, how silly it sounds, how empty of real meaning.
Yet another reason not to use FB.
The Asics company makes certain athletic garments in the US. These are readily available in the US from a number of online retailers, but every last one of those retailers' websites states that they will not ship to Canada (among many other countries). Presumably Asics has given exclusive distribution rights to some Canadian company and has done the same elsewhere.
The fly in the ointment is that there is NO online source for these garments in Canada. And they are low demand items, so it's futile to look for them in local brick'n'mortar places. Perhaps they're available retail in the larger cities, but not in the burg I call home, where we are isolated on an island. This is par for the course in Canada; prices are significantly higher and selection is significantly smaller even when you do find a Canadian source for such goods.
Result: Asics does not sell as many of these garments as it might, and its competitive position regarding them in Canada is non-existent. And would-be buyers like myself are forced to use complex, costly workarounds to import them from the US.
I wonder how it responds to other scripts with lots of hard-to-distinguish-by-the-uninitiated characters? E. G. Chinese characters (and the versions used in Japanese and Korean); nearly any South Asian script; Georgian, with it curlicues; the many extra characters added to the Roman alphabet for African languages. (Just browse through Character Map and look at all the wonderful scripts supported by Unicode.)
Sounds to me like Xerox is now rather like MS: too many people running around, nobody actually in charge, obvious design and engineering errors not having the whistle blown on them before they're inflicted on the hapless public. Surely someone should have said "our business is making copies of documents, not free variations on them.".
But computers today are fundamentally devices with a visual-tactile interface. If you are blind and fingerless, you really need to find some other hobby than responding to comments on El-Reg (for example).
In some circles, it's generally believed that Fox "commentators" are only in the game for the money, and they'll say whatever they think will improve their cash flow. Facts, logic, and other meritorious aspects of "the news" play no role in this. It's direct appeal to gut emotions that works.
Pretty much the same thing can be said about the American anti-gay industry, which features such bozos as Maggie Gallagher, Brian Brown, Eugene Delgaudio, and a host of other grifters.
> Any business unit that doesn't make money is seen as a "drain on resources" .
The situation is analogous, perhaps very closely so, with the problem of deteriorating infrastructure in the US. The people who control the purse strings don't acknowledge the importance of the highway network, for example, in keeping business running throughout the country. Hence highways, bridges, and all else are allowed to gradually deteriorate to the point of uselessness. [Actually, this isn't entirely true, but it approximates the situation usefully.] Maybe the IT systems of a bank don't make money that's visible as a separate line item, but if you take them away by virtue of flood, earthquake, tsunami, fire, riot, revolution, or even simple human error, the entire bank will suddenly stop making money.
A better motto for the world at large is "if you build it, you have to maintain it, and you will have to replace it entirely by a certain age, even if it's still usable." This applies to web pages as well as physical infrastructure, and it certainly applies to software systems.
Title says it all.
Not the researchers of tomorrow, but those of today.
Out of personal interest, I've been cataloging YouTube videos of the March 11, 2011 Tohoku tsunami. The extremes are (a) those videos that have been watched by hundreds of thousands of people and reposted to YouTube by a good many of them; and (b) those that have been watched by very few and exist on YouTube only in one version. The object is to identify the best version of each significant video, best meaning most complete, preferably with a good deshaker applied.
Of course this is a hopeless task, as there are something on the order of 100,000 tsunami videos, far too large a number to catalog by hand. But even disregarding that minor issue, trying to figure out which version is original and complete is like trying to find a needle in a haystack. Today.
At the end of the day, it seems that the only way to truly secure any piece of networked gear boils down to physical security, e.g. no connection to the internet at all, a backdoor-enable switch as suggested by "Ru" above, or some similar measure that no amount of hacking can overcome. There's still the problem of social engineering, so maybe making that switch one operated by a lock and key is necessary. Otherwise, a stupid secretary gets an email "go flip switch J on box A" and does it.
You win the prize. All other so-called random number generators are only pseudo-RNGs.
This is a well-known fact that is unfortunately not as well known as it should be.
That phrase actually means "I just guessed."
One of my co-workers, before I retired, regularly messed up his programming. When asked "why did you do that?" while looking at some egregiously bad code, his reply was often "I assumed (such and such)."
Of course, his assumptions were usually wrong.
In fact, whenever he hit a tough bit of code to write, he'd often take the lazy way out and "assume" that nobody ever made a mistake, that you didn't need to be wary of user input errors, and other variations on avoiding hard thinking or, horror of horrors, going and asking somebody who knew what they were doing.
Whenever software attempts to read users' minds, anticipate what they will do next, save them effort (sometimes), or divine the intentions behind user errors, it's all guesswork and it's often wrong.
Give me good old Windows 3.1 software like Lotus 1-2-3 R5 that did what you told it to do, nothing else. If you made a mistake, it simply told you so and made no effort to diagnose the your intentions.
Because pictograms don't require translation when building software versions for other languages.
Sheer laziness, in other words.
Or maybe consideration and foresight in anticipation that today's monolingual speaker of English will be using Haida or Georgian tomorrow.
Loyal Commenter: "I'm not going to buy whatever they're touting, so why force them on me if I make the choice that I don't want them?"
I think you just said "the Emperor has no clothes." Selling something on the internet? Forget about ads: they don't work, just as Loyal Commenter says. Instead of trying to lure visitors to your site selling crap, try setting up your site so that Google searches for the goods/services you offer return your pages. And make sure people can navigate to the item they might buy. Example: I buy a fair amount of body jewelry and have noted that some sites have very poor search facilities, while others have excellent ones. The distinction is simple: can a visitor to such a site tell within seconds if (say) you have circular barbells, made of stainless steel, internally threaded, with a 10mm thickness? Sometimes the answer is yes, it's easy to tell, but other times you can't be sure and keep wondering if you overlooked the item you are contemplating purchase of.
Meanwhile a pox on search aggregators that do nothing but clutter up Google results.
The Eckert-Mauchly Computer Corporation did not "later become Unisys". It first became Univac, which underwent various changes in name and ownership, finally merging with Burroughs in 1986 to form Unisys.
A good cup of tea is hot, aromatic, and free from the bitterness of tannins from over-steeped leaves. You can get this nectar even from quite cheap tea if you use the right technique, to wit, put the tea in a small conical sieve over the mouth of the tea pot and pour the boiling water through that. Tea is ready immediately; no need to steep. End of discussion.
It was neither deliberate nor a "technical" error. It was a management error, pure and simple. You would think that MS, with the threat of a large fine hanging over it should they commit a specific misdeed, would make very sure that that misdeed did not occur by accident. But no, someone deep in the technical hierarchy in Bellvue was given the authority to okay an update without the point being made "make absolutely certain browser choice is still there for European customers."
My impression of MS is that its management is utterly chaotic, with nobody in particular actually in charge. MS isn't "too big to fail". It's "too big to succeed".
Joe Jervis regularly features the latest insanity from OMM on his gay-oriented blog, Joe. My. God. (findable via Google). I forget the exact figure, but someone checked Facebook and found that OMM had about forty thousand "likes". The suspicion is often voiced that OMM is just one person with a very dirty mind who sees filth everywhere.
Regular readers of El Reg are likely to get a kick out of Joe. My. God.'s regular features of homophobic nuts, if only for the comedy value. Particularly recommended is a dude who styles himself "Third Eagle of the Apocalypse and Co-prophet of the End Times."
I can see a number of neologisms in the hatching: bioboffins, theoboffins, physioboffins, technoboffins, psychoboffins, socioboffins, anthropoboffins, ecoboffins, archaeoboffins.
When will the madness stop?
Naming and shaming will have no effect. Corporations and those who control them have no shame.
Those cleanup instructions from the EPA tacitly assume a hard surface floor. Wall-to-wall carpeting is very common; just try to scrape up spilled mercury from it!
They'd probably be safer running DOS.
Canada Post online tracking "works" that way but with the wrinkle that the headers for a plain text version are present but no plain text.
Thus if your email client is set up not to render HTML, you are s.o.l.
OTOH, given the extraordinary slowness of Canada Post and their unreliability (small parcels go missing with no trace), you couldn't really expect anything else.
Does that work on Unicodized email addresses such as
The issue isn't so much dropping a USB stick on the bus as it is the sheer foolishness of putting unencrypted data on the thing in the first place. A close runner-up is the foolishness of anybody from the CEO down taking protected data outside the workplace in any form.
To some extent, the latter is caused by the managers who don't understand that the work day is only eight hours long.
Amazon has a nasty little habit of announcing "this product cannot be shipped to your default address." I've seen this with athletic gear from Asics and even with CDs made by Sony. Just like Hollywood installing that infernal region code on DVD's and then discovering that if anything, it impedes sales and encourages piracy.
When you live in a country where online commerce is not particularly well developed (e.g Canada), whether Asics or Sony like it or not, all such restrictions do is lead to creative ordering. As for Asics, I simply had what I wanted sent to a friend in Seattle, who then forwarded them to me. And Sony's silly restriction was easily circumvented by finding a Canadian listing for a used copy of my heart's desire.;
it appears that large corporations have not yet learned that the first two W's in "WWW" mean "world-wide." Time to kiss off geographically restricted distribution contracts.
PS: Canada is not a dead loss when it comes to online sales. I was easily able to find an online source for Blooker cocoa in Ontario.
MS could have prevented this brouhaha by simply including setting DNT during installation, requiring the user to respond one way or the other. Yahoo would then have no gripe because the setting would always be derived from the explicit action of the users.
But, no. Dear Microsoft followed through on their usual bad habit of trying to guess what people want instead of simply asking them. Spare me operating systems that do things for you that way.
The thing that makes me laugh is that the ads aren't very effective, not at all. I use AdBlockPlus, so I don't see many ads, but the ones I do see never entice me to actually visit the web site advertised, much less spend money at it.
I spend a fair amount of money on online purchases, but not because of advertising. I've used Google to find sites that sell the kind of thing I usually look for and simply bookmark those. Looking for a specific item, say 1/2" diameter eyelets for my earlobes made of white jade, always requires investigating one such site after another, by hand. (Some sites make the search very easy, others a pain in the ass.)
Google is hopeless when it comes to exhaustively searching for such a specific item because (a) websites are inconsistent about how they present the information and (b) Google works word by word and isn't very good at finding loose groupings of descriptive words.
The root problem is that when they depart their homes to go to work, managers leave their humanity behind on the dresser. All they have to do is ask, would I treat my dearly beloved grandmother like this?
Of course the sociopaths would treat their grandmothers badly, which leads to the point that sociopaths are not fit to hold positions of any responsibility. Unfortunately, from all appearances, the upper levels of management in all corporate bodies are primarily sociopaths.
We are doomed.
The incompetent lawyers might very well be holdovers from the Bush administration, hired because they declared personal loyalty to Bush. Many of them have law degrees from "Liberty University", the late Jerry Falwell's piss-poor excuse for an institution of higher education.
Until the higher ups responsible lose their jobs, nothing will happen. The higher ups earn the big bucks; let them shoulder big responsibilities, even if they themselves didn't make the key mistake.
@ Dave the Cat:
Just say to your students "Now pay attention because if you don't, you WILL lost your job when you mess this up." Make sure all employees have been put on notice that certain types of email mistakes WILL result in immediate firing.