* Posts by yoganmahew

584 publicly visible posts • joined 1 Apr 2014

Page:

It's that most wonderful time of the year when tech cannot handle the date

yoganmahew

Re: Don't people test edge cases any more? [Time Libraries: The Next Problem]

I agree with you. A case I hit this year (not in my code) was using a library to do 5 digit date validation. The library allowed for 29FEB, but only if a year was included. As the year had not been determined at that point (it could be future, today, or past), validation failed.

Ostensibly the code was 29FEB safe and the library validated it, it still failed.

Cloudflare sheds more light on Thanksgiving security breach in which tokens, source code accessed by suspected spies

yoganmahew

Re: Am I reading this correctly?

Okta also appears to be economical with the truth in the number of customers affected. It turns out it was all customers...

A security organisation that follows a legal/marketing FUD campaign disclosure method is not to be trusted.

https://techcrunch.com/2023/11/29/okta-admits-hackers-accessed-data-on-all-customers-during-recent-breach/?guccounter=1

Top-tier IT talent doesn't stick around in 'mid-market' organizations

yoganmahew

They won't be responsible for your called usage SaaS database usage as part of 'stealing', hacking, ransomware. Backup solutions are provided, it's up to you to schedule and run them and secure the backups.

A SaaS DB provides you APIs, scalabe resources, multi-region (if you pay for it), security upgrades to the DB and APIs, the operation of the DB in normal circumstances.

If you lose control of access, that's your bag.

Here's who thinks AI chatbots will eventually be smart enough to be your coworker

yoganmahew

Re: Pay

"If AI is going to increase productivity, surely this means workers should get more pay?"

So all the mindless tasks will be automated, I'll have to think all day, more than doubling my workload. The mindless tasks let me recover and context switch. Without them I'm doing a lot more work!

Artificial intelligence is a liability

yoganmahew

Re: Much of customer service is just people blindly following a script anyway.

"we might be able to use AI itself to suggest how to redeploy labor displaced by it!"

Cycle to generate power until they lose efficiency, then burn them... also to generate power.

Something nasty injected login-stealing JavaScript into 50K online banking sessions

yoganmahew

The article is a little coy about the "other methods". Danabot attacks can use malvertising too - https://securityaffairs.com/155184/cyber-crime/danabot-spread-cactus-ransomware.html

Uh-oh, update Google Chrome – exploit already out there for one of these 6 security holes

yoganmahew

Re: Chrome?

I'll see your janky corporate Chrome and raise you Bing in IE emulation mode...

Windows 11 23H2 is a Teams effort but Microsoft already spoiled the best bits

yoganmahew

Re: Skype etc

MS Communicator was perfect. Copy/paste formatting? Check. Local storage? Check. Crystal clear audio? Check.

Everything since has been worse, sometimes worser (that awful Cisco yoke for example).

Teams is Corporate Policy gone mad :(

Infosys co-founder calls for youth to work 70-hour weeks

yoganmahew

Re: Ok, let's abuse the children!

Bear it in mind when next you're asked for feedback on the outsourcers. The teams I had were routinely exhausted, training and time off not planned in to sprints, all working US hours. Unsustainable madness that resulted in poor engagement and poor quality work.

Sorry kids, Infosys and Wipro have cancelled graduate recruitment

yoganmahew

Manglement

"pyramid optimization to onshore offshore rationalization"

You really do learn something new every day...

Infosys launches aviation cloud it claims can halve lost luggage

yoganmahew

Re: 5%???

Generally it means the box (empty) is not in the place the ULD tracking system says it is. Like another poster says, wetware has to follow the process. If they don't scan the ULD as arrived or loaded on a plane (a problem when they ad-hoc change them due to knackerage or size limits), they end up wrong and hard to correct.

Airport chaos as eGates down for the count across UK

yoganmahew

23x6x364

WTF?! A system in a 24 hour operating environment that never stops that has to have everything down for maintenance at the same time? I've worked in the airline industry for mumble years; we've spent our lives removing downtime, working for 99.999% uptime and largely achieved it. Now all this new crapware comes along and it's not even designed for basic uptime?!

Scared of flying? Good news! Software glitches keep aircraft on the ground

yoganmahew

Re: NATS crashed.

For that route, the probability of error was 1/1...

yoganmahew

Re: Hmmm...

So it's a known issue? A known issue that wasn't tested?!

Every admission is a new scandal :)

IIRC a dodgy flight plan caused the last outage. How did they not learn the last time that the first rule of resilience is to get back operational? Find the error data, poke it out, restart quickly. They're not saying a restart takes 4 hours are they?

IBM says GenAI can convert that old COBOL code to Java for you

yoganmahew

Re: Meh

I heard a story, almost certainly apocryphal, that a UK bank had converted COBOL to C++. The resulting mess was so bad, the developers would fix bugs by eyeballing the original COBOL, updating it and then reconverting to C++. It ran, but it was untouchable ever after.

IBM shows off its sense of humor in not-so-funny letter leak

yoganmahew

Re: Most established companies have variations on this.

Write only memory, the bitbucket, a random IPL setting to save the ops the work of restarting the wrong machine (that one may have been internal though).

Bad software destroyed my doctor's memory

yoganmahew

When I started, I was in Marketing Automation or Agency Automation (in the airline/travel industry). The idea was the existing paper processes were good and existed for a reason, and the IT challenge was to automate them. That was it. Not to reinvent them, not to put a one-size-fits-all solution in.

ChatGPT study suggests its LLMs are getting dumber at some tasks

yoganmahew

Re: ChatGPT getting dumber at programming

I'll have you know I'm suing for copyright infringement. Anything that bad must have been looking at my code.

Ex-Twitter employees owed half a billion in severance, says lawsuit

yoganmahew

Right, employees are unsecured creditors, and there's a lot of senior debt that is going to take a shave.

Red Hat strikes a crushing blow against RHEL downstreams

yoganmahew

Re: I am surprised that IBM took this long

Do you smell that? That IBM smell. Nothing in the world smells like that. It smells like 'closed'...

Users accuse Intuit of 'heavy-handed' support changes on QuickBooks for Desktop

yoganmahew

Re: I'm still on 2007

I'm still using Quicken98... I don't even have pants that old.

Airline puts international passengers on the scales pre-flight

yoganmahew

I've only ever seen the full body scanners in the US. The rest of the world makes do with walk through metal detectors.

Europe’s biggest city council faces £100M bill in Oracle ERP project disaster

yoganmahew

Well it is project FAP...

What's your Mean Time To Innocence – the time needed to prove that mess is not your problem

yoganmahew

Not waving, but drowning

in observability. The side cars are running full steam, the metrics are flowing. They all break at the same time in slightly different ways. Which is chicken and which is egg? SNOWbody knows...

Fed up with Python setup and packaging? Try a shot of Rye

yoganmahew

No man is an island, except a python user

20 some posts, and nary an upvote.

Not only do the 20 people not agree with each other, everyone else reading the thread doesn't either. Not disagree enough to downvote, that would be rude...

Payments firm accused of aiding 'contact Microsoft about a virus' scammers must cough $650k

yoganmahew

Mainframe

I pretended my only computer was a dumb terminal connected to an IBM mainframe. Then I suggested using my teletype console printer and sending a printout of the response.

Another time, I acted like he was a double-glazing salesman and whenever he mentioned windows, I would say I already bought new ones and describe them.

Mostly I ask them to hold on a minute and put the phone down by the radio/stereo and walk away.

Amazon CEO says AWS staff now spending ‘much of their time’ optimizing customers’ clouds

yoganmahew

Re: Chicken, welcome to the roost...

"The lazy naïve way to "lift and shift" from on-prem to the cloud is to create a new EC2 for each existing VM. That never works out, cost-wise."

It depends. I was going to put a complex answer to back that up, but I'm already into pages of ifs and buts. Some short bits - if you are already in a managed DC (even if it is one you own), the cloud is probably cheaper than your current vendor. If you have strong DR requirements, the cloud is probably cheaper. If you are already clustering your workflows using Openshift or K8s, the cloud is probably cheaper).

The implementation details really, really matter though. As you say, life and shift is only step 1...

Uber driver info stolen yet again: This time from law firm

yoganmahew

Re: Legal stuff

Yeah, it sounded like union busting activities to me.

Microsoft to stop accepting checks from partners

yoganmahew

The cheque marque.

Free-Teams-gate: Docker apologizes for shooting itself in the foot

yoganmahew

Re: IBM Forced Us Into It

Podman to the rescue!

At work, this is where we are heading as the Docker license fee for Docker desktop becomes substantial.

You can use a Dockerfile to build a Podman image, or you should be able to just run the Docker image with the Podman daemon.

https://developers.redhat.com/blog/2020/11/19/transitioning-from-docker-to-podman

https://www.redhat.com/sysadmin/run-podman-windows

On windows, WSL2 is used which is not without foibles, so if you're running a production workload, I'm not sure I'd recommend it.

The UK's bad encryption law can't withstand global contempt

yoganmahew

Re: One rule for them, another for the rest of us.

" Its just a Public School classics education doesn't give you the technical smarts to understand this sort of thing."

Well, a Public School education doesn't equip you for accepting you are wrong and cannot be right about a subject with a wrong/right answer. It's not about understanding, it's about the willingness to understand when it could change your view on the subject. The whole denigration of expertise is based on this "don't tell me what will change my mind".

For password protection, dump LastPass for open source Bitwarden

yoganmahew

Thank you Roland!

There are a couple of good episodes on Security Now about the Lastpass fiasco (is it a fiasco yet?). https://twit.tv/shows/security-now

Included in the show notes are links to how to download your vault and see what is encrypted/what was exposed.

yoganmahew

Lastpass only encrypts username and passwords, all other data in your vault is in clear text (base64 encoded). That means they've lost all the information necessary to phish you, all the notes (e.g. your second factor pin that you stored in a note). Everything else is gone, almost certainly. They would be telling us if it was limited and they aren't.

FAA grounds all US departures after NOTAM goes down

yoganmahew

Re: Just after Patch Tuesday? Hmmm.

They still are (can be) distributed by Teletype...

yoganmahew

Re: Just after Patch Tuesday? Hmmm.

They're probably running at least z15s. Program design of 1960s assembler bears a sharp resemblance to current vogue of microservices architecture and is possible to build error free and understandable to future generations - you don't have to endlessly refactor it to understand it. The documentation has not kept pace, but I currently work on java systems that are built with no documentation (not even comments in the code) other than a story.

yoganmahew

Re: "but which aren't known about enough in advance to publicize by other means"

There are separate Airplane Movement systems that perform different functions (tracking the airplane). FLIFO - Flight Following.

Python Package Index found stuffed with AWS keys and malware

yoganmahew

Re: Free money

OMG same, but with GCP! Wild!

Seriously, though, my company runs its own repos and everything is supposed to be committed only to those private repos. Even there, we're not supposed to commit keys.

Developers! Professional yourselves!

Southwest Airlines sued for failing to give prompt refunds after IT meltdown

yoganmahew

Disintermediate the GDS?

This is what you get. You have to have all the customer facing systems yourself. The major GDS at the time of Covid had huge negative cashflow as they processed refunds for passengers booked through them (on behalf of the agencies they booked through). It is a normal, automated process using BSP (bank clearing between GDS and airlines) to debit the airlines. Southwest have started to use GDS ticketing, but only for limited fares. Prior to this, even GDS bookings were paid directly to the airline with refunds and exchanges directly to the airline.

The best customer service my aunt fanny...

Crooks copy source code from Okta’s GitHub repository

yoganmahew

Re: App used by USA Defense

Lastpass too started as source code breach. Like the article says, hard-coded credentials in code and scripts... infrastructure as service hsa it's downsides...

LastPass admits attackers have a copy of customers’ password vaults

yoganmahew

The problem is not so much with the password manager, but with the rest of the crap around the cloud storage. Bitwarden has their manager code opensourced, but in Lastpass's case, shoddy code left hard-coded credentials to cloud storage bucket (it's really egregious, since all the major cloud providers have secret managers that you can build to only access at runtime, assuming you can be arsed to code it that way). A breach of the development environment (poorly secured in many companies it seems) left free access everywhere :(

yoganmahew

Re: Drip drip drip

Oh, and how long have they know this for? And they release it while everyone is on holiday?

This is pretty much "don't trust me" breach disclosure playbook. I expect the next release will be New Year's Eve...

yoganmahew

Drip drip drip

I'm a bit pissed off with the drips of increasing badness coming from Lastpass. What next? Login emails also compromised, but don't worry, they can't be associated with vaults? Well, they can be associated with vaults, but not with the list of passwords, what, didn't we tell you all the master passwords got released too? Yeah, I know we weren't supposed to have them stored, but some random error captured them to diagnostic logs. Those were captured too.

Eurozone plans to formalize passenger data, improve security

yoganmahew

API in this case is Advanced Passenger Information.

Mind you, PNR is Passenger Name Record...

Windows 10 – a 7-year-old OS – is still having problems with the desktop and taskbar

yoganmahew

Re: "The latest fix comes after a number of other problems were resolved this week"

Not only "yes, yes it is affected by most of those bugs", but long is not very long, and the longer you stay on LTS, the worse the experience using other products becomes. It seems all the other MS products are only tested well on the latest release, so bugfixes to other products break because of your LTS in unexpected ways. Locking everyone who rises early out of AD is my favourite.

Australian exchange pauses project to move stocks to blockchain

yoganmahew

Hahahahahaha

Hahahahahahaha, excuse me, I'm short of breath, hahahahahaha.

As someone who spent many hours arguing against blockchain and the usefulness of a distributed ledger, let me just say

hahahahaashasjdasoidhasdasdkjald

Oh no, it's started again...

Microsoft feels the need, the need for speed in Teams

yoganmahew

Re: Well, every little bit helps

It's soooooooooooo slow. It's unusable on a phone or tablet, the start up and synch time is measured in quarter hours. And the same for Outlook. They used to work, but now they're all broken. No off hours support chats from me then, oh well...

No, I will not pay the bill. Why? Because we pay you to fix things, not break them

yoganmahew

Diwali, Hannukah, Samhain.

Bias toward office staff will cost you: Your WFH crew could walk, say execs

yoganmahew

Re: A possible factor?

The intermediate bluffers are part of the problem too. When I started as a junior programmer in 1990, there were 5 levels above me to the CEO. Now I am senior technical, Director equivalent level, and there are still 5 levels above me to CEO... for all the talk of agile, there's more admin work, more unproductive time grooming increasingly inane stories "as a developer, I just want to get some fucking work done, so I can get out of this fucking meeting".

Google wants to copy-paste your mainframe applications into its cloud

yoganmahew
Devil

Re: If it ain't broke

Yeah, but agile

Airline 'in talks' with Kyndryl after failed network card grounds flights

yoganmahew

Re: Some thoughts...

Yeah, "working on half load, but not as sole link" is my guess too. And the Kyndryl DC is probably locked so tight it takes 10 hours of approvals to get an engineer on site, having flown him from somewhere first. Mad if it was quicker to fix the fibre.

Page: