* Posts by Nick Ryan

2838 posts • joined 10 Apr 2007

We don't need maintenance this often, surely? Pull it. Oh dear, the system's down

Nick Ryan Silver badge

How? The usual route appears to be to pretend that databases don't really exist and to instead use an abstraction toolkit to access the data. While these are passable for simple applications, unless used by a knowledgable developer it's very easy for dumb defaults to be used and for the database to be created by such a system. Utterly unmaintainable of course, and inefficient as hell.

This allows the "design" of a real-world "relational" database where the only indexes are primary keys and not all tables even have primary keys (oh hell was that fun to discover) and where foreign key constraints are managed solely at the application level and not at the database level. As in it's a database, but there's bugger all relational about it.

In one specific example a toolkit called CodeSmith was used, and for extra shits and giggles many queries were created as text rather than parameterised. It's not that CodeSmith couldn't be used sensibly, it just wasn't.

Nick Ryan Silver badge

I've seen plenty of similar issues where supposed "database experts" had no clue about various "vendor specific edge cases that they had no need to be involved in", such as:

  • Indexes
  • Foreign keys (referential integrity)
  • Varchar(max) vs varchar(n) data storage
  • Transactions
  • Set based processing compared to iterative cursors (MS-SQL)
  • Use of "magic" values
  • Triggers affecting more than one row at a time (MS-SQL)
  • and one of the worst of all: string stuffing hierarchical data into a single column rather than storing it in a way that it's queryable

We're not getting back with Galileo, UK govt tells The Reg, as question marks sprout above its BS*

Nick Ryan Silver badge

Re: Hammer used as a screwdriver?

I believe there are equivalent translations for most places in the world...

Dying software forces changes to VMware’s vSphere Clients

Nick Ryan Silver badge

Re: It is *not* an "HTML5-powered client"...

Oh noes, have Microsoft started bribing the standards body for this one too? :)

Nick Ryan Silver badge

It is *not* an "HTML5-powered client"...

It is *not* an "HTML5-powered client" and never has been. It's always been yet another horror of a Single Page JavaScript Application. Always destined to fail in multiple ways, whether then immediate reliability, accessibility, usability and later in this case relying on yet another "flavour of the month" JavaScript library which largely attempts to (badly) replicate standard browser HTML and CSS functionality.

Want a vaguely reliable web application? Want one that has a hope of accessibility and reliability, particularly cross browsers and devices? Then develop HTML first (with CSS added for presentation). Then, if still desired or even necessary, add the minimum amount of JavaScript to enhance the HTML and CSS, never to generate or control the HTML and CSS.

Ever found yourself praying to whatever deity runs Microsoft Teams? You're not alone

Nick Ryan Silver badge

Re: Teams on Linux

One of the organisations is the professional body for her line of work and at a board meeting a few months ago, they spent so long trying to get everyone on line at the same time that they gave up and went with Zoom instead.
This is far from an uncommon occurence...

0ops. 1,OOO-plus parking fine refunds ordered after drivers typed 'O' instead of '0'

Nick Ryan Silver badge

Re: good grief

I thought that Q was for kit cars and that military plates are distinguishable as they are black with silver/white text and a completely different registration scheme?

You won't need .NET Standard... except when you do need it: Microsoft sets out latest in ever-changing story

Nick Ryan Silver badge

Yeah.... yet another abstraction layer....

One wouldn't want a CPU that's considerably faster than a CPU of five years ago to be able to execute an application without it feeling more sluggish and slow than the equivalent application five years ago.

Typical '80s IT: Good idea leads to additional duties, without extra training or pay, and a nuked payroll system

Nick Ryan Silver badge

Re: whoops - wrong disk

That's the best answer for the USB port issue I've heard :)

Nick Ryan Silver badge

Re: Fast forward...

There is a lot of COBOL code around. Why? Because it works, it does what is required of it and (usually) doesn't come encumbered with multiple gig of trendy "most recent flavour of the month" external libraries just to do some iterative, procedural processing.

Nick Ryan Silver badge

Re: Oh good grief....

That reminds me of one of the original BOFH articles that noted the customer success in redirecting the backups to NUL:

Nick Ryan Silver badge

Re: whoops - wrong disk

Very similar to the design of USB ports that somehow mandates that when not able to see the orientation of the port it requires three attempts to get the correct orientation.

Nick Ryan Silver badge

Re: whoops - wrong disk

Oh hell, I remember doing that with floppy disks just to be sure. Especially when cloning a disk, it was very important to clone the correct direction.

NASA is sending two small hand-luggage suitcase-sized spacecraft into the void to study binary asteroids

Nick Ryan Silver badge

Re: If we can make them this cheap

Pretty much. Any probe randomly going though the (main) asteroid belt is likely to come across a whole lot of nothing. One is considerably (70x) more likely to win the UK national lottery than to come across anything in the asteroid belt without specifically aiming for it.

The total mass hanging around the asteroid belt is approximately 524,707,142,857,142,900,000 KiloJubs and roughly 50% of this total mass is to be found in the four largest asteroids: Ceres (6.7 million Linguine in diameter), Vesta, Pallas and Hygiea (each with a diameter of less than 30,000 Osmans). As half of the mass is found in these four this leaves considerably more nothing to aim for.

An important consideration when planning a probe excursion through the asteroid belt is to time this so it doesn't happen on a Friday afternoon. All odds change significantly then.

Nick Ryan Silver badge

Re: Small hand luggage = 180 Kg?

Depleted? Amateurs...

Microsoft to charge $200 for 32 GPU cores, sliver of CPU clockspeed, 6GB RAM, 512GB SSD... and a Blu-Ray player

Nick Ryan Silver badge

Lower Common Denominator development.

I guess we need to expect yet more PC "ports" which don't use the keyboard or mouse and restrict the user to tortuous arrow key style navigation.

Nick Ryan Silver badge

Oh this will be fun... previously one of the core advantages of consoles was that they were all the same. Will games be released for the cut down version only, two different versions or will the developers have to have one extensible version that either takes advantage of the improved performance of the full system or can degrade it's configuration to match the reduced performance of the cut down version?

Something to look forward to: Being told your child or parent was radicalized by an AI bot into believing a bonkers antisemitic conspiracy theory

Nick Ryan Silver badge

Creating rambling rampant and diversive bullshit is easy, just look at the BoJo and Trump and their hordes of sycophants.

What I'd like to see again was the application that took what a politician or others wrote, a paper, or similar and reduced it down to what was actually said. I stumbled across this years ago and it seemed like a useful use for Machine Learning and clever algorithms but haven't been able to find it since.

Classy move: C++ 20 wins final approval in ISO technical ballot, formal publication expected by end of year

Nick Ryan Silver badge

Re: C++ seems to generate a lot of hate among the people who failed to lean it properly

The same is true of PHP. PHP is a very flawed language, with lots of ridiculous language constructs that appear to have been borne out of the designer hearing about a feature in another language but not understanding enough to implement it properly. On the other hand, its flexibility is why it's so useful at times and the same goes for C and C++.

The more capable, and often the more flexible, a language is the more unintelligible the code can be made. Generally, code should never be written this way and should always be as clear as possible even disregarding "clever" language constructs. In the end, clarity wins.

Nick Ryan Silver badge

I'm glad that I'm not the only one who looks at the code (new paradigms) and just sees unintelligable extended character set spaghetti. It's not necessary. Seriously. Code should be legible, clear and not obscured in as many arcane ways as possible.

I am more than capable of writing assember code, and have done for many years, but seeing unintelligible code in any language just makes me sigh. Code reuse is good, compiler hinting is good, but obfuscation even if it's excused as "you should know every arcane illogical and backwards obvious operator for the last 30 years" is not good at all.

Rocket Lab boss Peter Beck talks to The Reg about crap weather, reusing boosters, and taking a trip to Venus

Nick Ryan Silver badge

Re: Climate change

From what I remember there are a couple of other factors to take into account:

  • The sun's gravity is slowly reducing due to enthusiatically ejecting matter into the solar system which is reducing it's mass by 0.4 trillionths of a percent per year.
  • Earth is slowly moving away from the sun at a rate of about 15cm a year.

Quite how these compare in 500m years time...

In the frame with the Great MS Bakeoff: Microsoft sets out plans for Windows windows

Nick Ryan Silver badge

Re: Two different windows are a problem ... so add a third!

The correct solution would have been to have one API call the other, so it always boils down to the same code path.
This. Every time. There are many places even in Microsoft systems where the UI executes underlying scripts allowing the same functionality to be there whether using scripts or the provided UI. Doing this also means that most processes can be tested more thoroughly and even in an automated manner.

Nick Ryan Silver badge

Re: Crazy Train, now boarding

It's not the first attempt either. There are probably four or five now?

Someone's getting a free trip to the US – well, not quite free. Brit bloke extradited to face $2m+ cyber-scam charges

Nick Ryan Silver badge

Re: Really ?

Banks make a lot of noise but are often the weakest link themselves.

I once has a new business banking account plundered. The only transcation that I made was to pay in the opening balance, the cheque book, bank card and linked credit/debit card were delivered and filed away in the folder than the bank provided. None of these ever used, but still somehow somebody knew all the details of the account and emptied it. Most definitely an inside job and very crap procedures/security checks.

Another occasion an ex-girlfriend had her bank account emptied the day after pay day. By her brother. Somehow he had walked into the branch and convinced them that he was allowed to do this. That made for a tight month for me while I paid for her entire month as well as mine, while she didn't want to bring this up with her parents or involve the police and the bank? They just said it was all OK and nothing to do with them... She changed bank.

Nick Ryan Silver badge

Re: I'm sure he'll get bail in the US

Alas, this money is stuck with US customs requiring the assistance of a good, christian soul who would help transfer this money over, US$15,000,000 and for helping you can get 5% of this money.

Please help our christian brother in distress in this time of need

god bless you

Mark Wonga 419

You Musk be joking: A mind-reading Neuralink chip in a pig's brain? Downloadable memories? Telepathy? Watch and judge for yourself

Nick Ryan Silver badge

Re: Elon-gated kit

I meant that it is quite possible using current technology to block cosmic rays and therefore keep astronauts safer.

Nick Ryan Silver badge

Re: Elon-gated kit

Any astronaut sent to Mars with today's technology would arrive sickly, weak-boned, cognitively impaired and at great risk of cancer.This is not true at all... except possibly for the cognitively impaired due to the boredom and psychological problems involved in such a long journey.

"Artifial" gravity is easy to produce - a rotating element of a space vehicle will do this and is easily within the possibility of todays technology. Having gravity reduces the weak-bones and other health issues experienced by astronauts.

There are plenty of easy ways of protecting astronauts in flight from solar radiation using todays technology. Unfortunately these do tend to add a lot of mass to a space vehicle which will slow the flight down somewhat. Upon landing on Mars living in caves, whether artificial or not, would protect from most solar radiation.

Nick Ryan Silver badge

Re: Elon-gated kit

What so many people forget is that it is a petrochemical industry - using petroleum, and to a lesser extent coal, based chemicals as fuel is only a very small part of the entire industry. Our industry relies on the entire petrochemical chain therefore thinking only about solar panels, which usually require extensive petrochemical derivatives to manufucture, is only thinking about a tiny part of the problem.

A key thing to remember about petrochemicals is that they are condensed (often rather literally) natural resources and there is nothing inherently unnatural about them just that we are using these plant originated concentrates inconceivably faster than they are created. They can be replaced by lower (energy) density plant based products however this creates additional problems involving land use efficiency. A smarter way to proceed involves both somehow creating processes that are considerably more efficient than the plant based processes (tailored bacteria, chemical processes and so on) but also to change the dependency on some chemicals in the petrochemical industry to more renewable alternatives. Neither of these are without risk or downsides and neither are likely to be common until they are economically more viable than just extracting the concentrated petrochemicals from the Earth and using tried and established processing methods.

Hidden Windows Terminal goodies to check out: Retro mode that emulates blurry CRT display – and more

Nick Ryan Silver badge

Re: I've used a lot of terminals...

Yep, far too much "modern" software is cobbled together in a manner too well reflected in this onligatory XKCD: https://xkcd.com/2054/ (Data Pipelines)

Nick Ryan Silver badge

Re: I've used a lot of terminals...

What happened to progress?

An entire sub-industry grew where it promoted form over function, user interfaces become less useful and omit many of the key and most important factors in good user interfaces. Not that there were that many good user interface designers in the first place, but with the vast growth in developers (of very varying competences) there has not been a similar growth in user interface designers. Nor database designers/developers either. This largely explains much of the mess the software industry is in.

As for vinyl over digital - the perceived snobbery of this is where it comes from. That and mainstream digital services which genuinely output worse quality products for technical reasons. For example, digital TV picture quality often being usually somewhat worse than analogue equivalent broadcasts due to bandwidth restrictions and the commercial need to cram more channels into the same limited bandwidth, thus reducing the quality of most of them.

'My wife tried to order some clothes tonight. When she logged in, she was in someone else's account ... Now someone's charged her card'

Nick Ryan Silver badge

Re: Credit card? What credit card?

The use of the CVV number is optional. Supplying the CVV number shifts responsibility towards the cardholder, not using the CVV number shifts the responsibility towards the retailer. If you entered the CVV number once for Asda then they can reasonably assume that you have the physical card in your posession therefore don't need to ask for it again.

Nick Ryan Silver badge

Re: Compromise of personal details

The fine is up to €20m or 4% of global group turnover. There is no expectation of this being applied at the maximum except in the most serious of cases and/or flagrant malpractice - for example refusing to comply with audits, refusing to follow the investigation processes, and so on. Generally, repeat offenders.

Nick Ryan Silver badge

Re: Credit card? What credit card?

The situation is not like this. Sensitive Authentication Data (SAD) includes the magnetic track data off a card, the PIN block/details and the printed CVV (whatever) number on the rear of the card - this number is not recorded in the chip, strip or embossed form. A compliant retailer is prohibited from storing or recording any of this data except for the shortest time possible to perform the transaction.

If a retailer processes regular or repeat orders they may do this using the non SAD stored data and the CVV number is not necessarily required however by doing so this changes the balance of responsibility for fraudulent transactions very much in favour of the card holder compared to the retailer. Often a retailer will require than the CVV number is presented on the first usage of a card but not for following usage of the card. This provides a fair degree of accountability but does not require that the card holder type in the CVV for every purchase and is a reasonable enough compromise where the retailer, such as Amazon, has delivery and cardholder addresses and an ongoing relationship.

Southern Water customers could view others' personal data by tweaking URL parameters

Nick Ryan Silver badge

Unfortunately the water company monopolies are more about shareholder return than providing value for money or a good, efficient service.

For example, there are documented and recorded discussions about the value in investing money in fixing water leaks compared to the money lost through the lost water. At no point was the impact on the end user's water not the environment nor anything longer term considered.

The same goes for software development and testing comparing the investment in software development and testing to the financial risk and liabilities with a failure. One would hope that the specter of GDPR fines would up the financial risk but for many organisations this isn't considered.

Um, almost the entire Scots Wikipedia was written by someone with no idea of the language – 10,000s of articles

Nick Ryan Silver badge

Re: Interesting

The naming gets complicated when tributaries are involved. In the case of the Thames, there are multiple sources of it

Nick Ryan Silver badge

Re: Local 'languages'

Is that Scottish Gaelic, Irish Gaelic or the other varieties of Gaelic?

Does this mean that Scottish and Irish Gaelic are just dialects of Gaelic?

Nick Ryan Silver badge

Re: Local 'languages'

But we are either too stupid or lazy to cope with their complicated grammar, and so have dumped most of it.

I'm not sure that's true as we appear to have retained as much of the complicated grammar as possible... particularly where it is contradictory. Learning English is often largely about learning exceptions.

Adobe yanks freebie Creative Cloud offer – now universities and colleges have to put up or shut up

Nick Ryan Silver badge

Re: Just perhaps

Apprenticeships are there for skills, degrees are there for education.

There is never a clean dividing line though, add in a generation of snobbery around degrees vs apprenticeships and a drive to make statistics look good (lots of degrees, academic qualifications) and it's no wonder we are in the mess we are in now.

Nick Ryan Silver badge

Re: "...based on the US universities who are largely for profit and have big bank balances,""

Many universities while non-profit also own for-profit subsidiaries which perform commercial work and funding for the university. This does not mean that anything bad is going on, just that it's a way around the not-for-profit restrictions and there are very many genuine reasons that a university will want to spin off for-profit activities. Most of these subsidiaries should have a charter requiring the profit to be routed back to the university and this non-tied income is incredibly important to many universities and is often the only reason they are still viable.

IT blunder permanently erases 145,000 users' personal chats in KPMG's Microsoft Teams deployment – memo

Nick Ryan Silver badge

Re: What the . . . ?

Ah yes, the unfeasible academic dream of PKI data backups.

Take a relatively trivial relational database with 500,000 records of individuals in it.

Each record identifies an individual therefore we must have a system that manages 500,000 encryption keys. Each key must be related to a single specific individual and wholly identifiable to this individual and no other, therefore these keys are now also considered personally identifiable data. These keys must also be backed up because, if these keys are lost, any backups using these keys may as well be random noise in a data file. These key database backups must be retained, kept offline and managed just like mainstream data. Choosing to delete a key means that this key must be deleted from the live dataset and every single backup made of it. Effectively, we now have 500,000 individual backups to manage, which also require a database to manage these backups... which must also be backed up, because losing this will lose the database that manages the keys which means the core backups are worthless. This kind of scheme is possible, within ridiculous margins of possible course, but most snake-oil salesmen conveniently forget this side of it. In essense, all that's happened is that the pain point has been moved.

That's the key management side of it. We also have to deal with the data itself. There are a couple of broad options here:

1) Every single row of data relating to an individual is encrypted in the database, with the key being recorded in the separate key database (backed up separately, see above). Needless to say database performance at this point is something that happens to other people, as no useful indexes are possible and therefore the data may as well not be in a database. This includes searches therefore we have a database relating to 500,000 individuals which to many intents is unsearchable. This means no corporate statistics nor "big data" nor anything like this. Basic business processes will also be glacial against this database. This is usually the option touted as "data at rest".

2) The database is operated normally, but never, ever backed up. Ever. At all. Instead we have a nightly (or whatever) export of the database which converts the relational structure into a file or set of files for every discrete individual in the database where all data relating to each individual is exported into an export structure and encrypted using the key in the key database. This also requires that a re-import process exists which is thoroughly and regularly tested, particularly with version management of the using application and database structures taken into account. This is the closest that a key system can get to encrypting "data at rest" but it does not work around the issue of key management, it's just moving the issue from one place to another. The advantage of this technique is that ancillary files, such as documents, can also be thrown into the same key encrypted repository as long as the export process is smart enough.

A further problem with this is where data relates to more than one individual. For example, Project X references Individual A and Individual B, which key should be used to encrypt this data? A solution would be to have an additional encryption key used for wherever Individual A and Individual B are associated in the same data. Our key database has now become suddenly much more complicated and harder to backup in itself. Removing all keys relating to Individual B should not remove any shared records relating to Individual A as well. While deleting the reference Individual B out of the database would remove the reference it would not remove the data therefore this is not compliant with data protection removal. Deleting all references to Individual B regardless of whether or not any other individuals are associated with the data is not compliant with data protection management because this also mandates the correct management of data. Management policies can be created to help manage this kind of complication.

The point here is that in the real world things rapidly much more complicated than academic dreams of PKI backups or snake oil salesmen will ever admit. In any organisation of any appreciable size there are usually multiple databases and applications, each of which must be managed separately but in the same way. There is no perfect solution.

‘IT professionals increasingly define themselves by capabilities they excel at managing’ says Atlassian chap

Nick Ryan Silver badge

The point is, what you build using them requires patching, upgrading and maintenance. Often as a result of the patches, upgrading and maintenance performed by someone else, on their schedule, to the services that are used.

Nick Ryan Silver badge

The post offers the observation “Simply put, moving to cloud releases IT teams from time-intensive maintenance of on-prem technology infrastructure. No more downtime to install updates, and no need to worry about expensive technology falling out of date.”

This "observation" in itself makes it clear that this guy has absolutely no clue whatsoever and should bugger right off. Probably go work for Gartner or somewhere suitably useless and just more blatantly paid-for "research" that coincidendally backs up the claims of whoever paid for it.

Chromium devs want the browser to talk to devices, computers directly via TCP, UDP. Obviously, nothing can go wrong

Nick Ryan Silver badge

Re: won't somebody think of the developers?

The large part of the problem is that many developers just do not understand that a web page, as in a web application is very different to a modal client/desktop application. Therefore they attempt to develop a web application as if it is... not helped that for years useless shit coming out of Microsoft/Visual Studio that tries to convince developers that a web page is just the same. It's not.

It's scary the inconceivably stupid things that I've seen developers try to do to force a web page to behave more like a modal desktop application. These always fail.

Nick Ryan Silver badge

Re: Yet

This is straight out of the school of moron developers who just cannot understand that a web page is not a fucking modal client application. When they find that a web page does not operate as if it was one they just to try to bodge, lever, hack and generally very badly kludge things until they can pretend that it is.... then vomit out a barely usable bug ridden mess of a "web application" and proceed on their merry way to break something else because some other new shiny JavaScript library has been dropped out somewhere and therefore must be used.

See also Java, ActiveX, Flash or Silverlight in the browser.

Physical locks are less hackable than digital locks, right? Maybe not: Boffins break in with a microphone

Nick Ryan Silver badge

Re: So todays lesson is...

In a previous life we had somebody break into our office buildinf using a garden fork through the window. The office the broken into had locked doors so they couldn't get any further - it was part of the closing the office every night procedure to lock all the internal doors. If they had broken into one of the windows around the back, or even the neighbouring window they would have had free access to the warehourse where vaguely valuable stuff was kept.

Quite often some of our engineers didn't bother shutting the vehicular access door asuming that somebody else would do this. On occasion I only noticed this when driving away from the car park.

Nick Ryan Silver badge

Re: Door Locks....Bah!.....much easier ways of getting in.....

Many old doors/locks can be opened using a suitable piece of plastic, sometimes something as simple as a credit card or some other similar tool that would fit into the door frame to push the latch bolt open.

Nominet promises .uk owners it'll listen to feedback on plan to award itself millions... as long as it agrees with it

Nick Ryan Silver badge

Re: Tax?

Forget tax, it will just wind up being passed out into the usual pork barrel. How about everything beyond the £4 fee goes direct to an independent charity?

50%+ of our office seats are going remote, say majority of surveyed Register readers. Hi security, bye on-prem

Nick Ryan Silver badge

Re: Can't I just stay...

UK engineering is utterly knackered at the moment, come October, expect redundancies to ramp up across the UK.

Tell me about it... :( 18% of the UK's workforce work in engineering. This has almost certainly already changed, along with the number in the UK's workforce, but will almost certainly change considerably more in the coming months.

Nick Ryan Silver badge

Re: Loss of human contact

It's these issues that are slowly beginning to bite.

Aside from the anti-social few who shun all human contact, those few who are content to just sit at home with their loved one(s), the vast majority of humans need human contact and interactivity.

We have very much evolved to be social animals. At one point in time I thought that I could change career to be a hermit, since covid-19 I have proved that this is very much not the right career choice for me.

While productivity is up in some ways, in many others it is very much down - the longer term things such as cross team communication, informal communication, relationship building... all slowly dropping away. OK for a short time, but the impact slowly builds. Even meetings where relationships are built, side ideas are discussed, just don't happen - a video call is usually little more than a glorified presentation with none of the interaction between attendees either on side, during breaks, or anything else happening at all.

Linux kernel maintainers tear Paragon a new one after firm submits read-write NTFS driver in 27,000 lines of code

Nick Ryan Silver badge

"We have X, what's the proper path to get that into the kernel?"

This. This is the step that should have been addressed first. If the organisation was closing in a matter of hours and they were in an extreme rush to ensure that the source would not be lost then dump and run would be acceptable, with an explanation, but not otherwise.


Biting the hand that feeds IT © 1998–2020