I had a developer account with them for years, but recently closed it because AWS and Azure had made it irrelevant. The bewildering changes to their customer portal(s) in the past few years didn't help either.
23 posts • joined 8 Feb 2011
Re: "SQL Anywhere - another product that nobody can see the point of."
I've been using it for 15 years, and I can see the point of it.
SQLAnywhere fills a niche that no other product seems to address - a mainstream, low maintenance semi-embedded database engine with transparent whole-database encryption, that can be deployed to thousands of remote devices with low support costs.
I haven't found any other product with these features, particularly the easy, transparent whole-database encryption. The main problem is the licence cost, which has caused me to move to SQL Server 2016 Express SP1 LocalDB, which only meets some of the requirements, but is "free".
Re: AWS has no billing controls...
And somewhat ironically, they charge you for sending you email alerts about the amount they are charging you.
As others have said, DXC got off lightly. It's likely that large numbers of their staff will have learned useful security lessons from this, which would otherwise have required expensive training.
Changing the colour scheme is not enough
Using a different colour scheme between test and production is not enough.
There should have been text on every screen saying "TEST".
The configuration file that controls all this should be encrypted, to stop power-users trying to convert test installations to production installations.
There should also be a set of test logins that won't work at all in production.
Even then, sooner or later test users will find a way to insert embarrassing test data eg. "Mr Mickey Mouse, 69 Big Bottom Road" into production. It's one of the things that keeps me awake at night.
At least in this case, the production data was being entered into a test environment, which is less likely to result in newpaper headlines than test data going in to a production environment.
74 countries hit by NSA-powered WannaCrypt ransomware backdoor: Emergency fixes emitted by Microsoft for WinXP+
Re: And we'd sure appreciate it if you could stop clicking on attachments
I've never opened a hostile email attachment, but in the last 15 years, I've seen 2 of my software developer colleagues do it. Prior to the incidents, I would have rated them as average in terms of intelligence and security awareness. Sooner or later I'm going to get tired or careless and do it myself.
Why did it take so long for someone to combine a worm with ransomware?
I'm surprised this hasn't happened before. Most of the ransomware I've read about seems content just to encrypt the local disks in the PC of the person unwise enough to open a dodgy email attachment. Is this the first time a virulent worm has been combined with ransomware?
When one of my colleagues' PC was obviously infected with ransomware, the off-shored out-sourced IT helpdesk insisted it remain connected to the network for several hours while they tried to remotely connect and diagnose the problem. Fortunately that ransomware didn't seem interested in spreading itself.
Re: Rule 1
Most of the status pages I've seen seem to be run by the marketing department rather than directly linked to the service they claim to be monitoring. They generally don't admit there's a problem until several hours after it started, and use weasel words to minimise the apparent size of the problem. I don't trust them.
I thought S3 was a worry-free storage option
Having recently emerged from an AWS exam, I thought that one of the selling points of S3 was that data is automatically replicated across multiple availability zones within a region without the customer needing to worry about the details. I also thought that the availability zones within a region were highly isolated from each other (e.g. separate data centres in different cities). I guess I'm wrong about at least one of those things.
At least the problem was largely fixed the same day. When problems occur within my employer's on-premises infrastructure, it usually takes several days to get it fixed, including a phase during which even the existence of the problem is denied.
A valuable insight into human nature
I work for a big company that recently had a reply all storm. The people who replied-all seemed to fall into a number of categories:
1. I'm really important, why are you bothering me with this. (Don't understand what's going on.)
2. Oh no, help! I don't know what's going on, will somebody please tell me whether this email is relevant to me. (Don't understand what's going on.)
3. Please fill in form A34/FD and follow procedure 3004/R4 if you want this email to be actioned. (Don't understand what's going on.)
4. Ha ha this is fun! (Understand what's going on.)
5. Please don't reply all. (Understand what's going on.)
Working on legacy systems is a career dead-end
I work for an out-sourcing company doing support and development of "legacy" systems for various customers. The most modern technology used is 15 years old. When the customers finally decide to replace the whole thing with something agile and "Digital", I could be a bit stuffed. The customers think me and my employer are slow-moving dinosaurs. Because I work for multiple customers, it's unlikely TUPE would be applicable. I spend at least 10 hours a week of my own time self-training in modern technologies, which are almost completely unrelated to the stuff I use at work, and this is likely to continue. I don't see how this is sustainable.
Why didn't co-workers notice?
I'm slightly surprised that someone was able to slip in a code change without co-workers noticing.
In my workplace, although we co-operate most of the time, people tend to take an active interest in code-changes to "their" systems, and are often keen to highlight any mistakes or questionable behavior by their colleagues.
Don't Juniper have a version-control system that records who made each code change, or maybe that was hacked as well? What about peer-review of code changes?
I'm a 45 year old developer, and while the company I work for is as full of stupidity as any other, at least it doesn't expect everyone to manage staff like some organisations. I know from experience that I don't have the people skills to be a good manager, but I also know I'm pretty good at gaining and using technical knowledge. My plan is to keep my technical skills up to date, and pour enough money into my pensions that I can retire at 50 if necessary.
Why are ATM fascias so complicated and intricate?
I think the design of ATM machines makes it easier to attach card-skimming devices. They have lots of joints, recesses, protrusions, badges, unnecessary styling features and so on. Even genuine ones look like they've been assembled from various mismatched components over a period of years.
If the entire ATM facia was a single large moulded piece of smooth curved plastic, preferably flush with the wall of the building, it would be easier to spot at a glance recently attached card-skimming devices.
I was a MicroVAX man
My memories of DEC's products:
- VMS was rock-solid, and made MS-DOS look like a toy in the early nineties.
- The reliable, well-documented compilers for Fortran, C and Ada, and the way in which it was easy to write programs that mixed languages.
- The excitement of receiving several large cardboard boxes full of tapes and manuals each time a new version of VMS was released.
- TK50 tape drives that sounded like a dentist's drill.