Posts by I Am Spartacus

Hello Genie

Would you mind getting back in to your bottle?

I inherited one

It was an employee training record system, called Training Information Tracking System. Can you see where this is going. I came in late to the project, to take it from a VB6 incarnation to a fully fledged mainstream app on SQL Server. But I was sitting with the team, getting their user stories, when one of the ladies on the desk found a record that wasn't it the database. She went to tell the boss (male) who promptly shouted out "Well get it on your TITS then".

Just as his boss walked by. Big boss WAS NOT AT ALL AMUSED, said so, and asked who was responsible, to which they all looked at me.

That caused me no end of grief with HR getting involved for "my gross profanity" until the IT director had the decency to say I had taken over the project, and it was the now ex-contractor who was responsible.

Cypher like SQL

Not from where I sit. I use both SQL and Cypher - there is no similarity at all.

Oh, and along the way I bought a UK Software company

Well, it seemed like a good idea at the time

1990's calling, we want our tech back

>>> Linux being Linux, the new version also includes an oddity in the form of a fix for an ancient bug that could cause the OS to hang when a floppy disk is ejected.

Who still has a diskette, let alone a floppy drive, on their system

Oh god. This sounds very familiar

And I thought I had buried all memory of this. Thanks, el Reg, Now I will have this pain all over again.

Sanity check

If this password policy is 10 alphanumeric characters, does that include upper and lower case characters and the numerics 1-0? If so that means that are 62 possibilities for each character cell. We have to have a character at the start, so the number of possibilities is

26 x 62^9 = 7E17.

which is quite a lot. If you can try 100 Million a second, that works out to around 200+ years.

Even if we don't allow lowercase characters, and if the first character has to be a letter, that still leaves 36 possibilities for each other character cell. So the number of possibilities is 26 x 36^9 = 2.6E15, which is a sizeable number. Or at 100 Million tries per second, 300 days. Not perfect by any means, but not a day.

To achieve cracking the password in a day, the cracker would have to do 30,000 Million tries per second. Thats only going to be possible with a network of quite beefy computers, and will result in a DDOS attack on Virgin Media. Some may say that they deserve this, I couldn't possibly comment.

Besides which, modern systems recognise when random attempts are being tried to guess a password and should simple disable the password and text or call the subscriber.

This must be ...

This so feels like my experience at a well known white goods reseller who merged with a PC supplier. I can't say which one, but I am just about to launch a legal case against them.

Note to Mike Lynch

I hear the Ecuadorian Embassy has a nice room.

I think I met this supplier.

That would be the one who turned up 2 weeks after installing a massive double fronted rack of disks, sliding in front and back. His job was to note the serial numbers down. Only he knelt down and knocked the master cabinet power switch. Only for a moment mind, he switched back on immediately, hoping no-one would notice. However, the Oracle clustered database which was using the array did, and crashed. And took out one of the table spaces which refused to recover.

No problem. We had a backup, written by the system manufacturer, so we just loaded up the tapes and found .... that tablespace wasn't backed up. Because it was a read-only table space.

So, we handed the whole thing over to the supplier. Tapes, disks, computers, backups, and told them - Recover That.

They failed, obviously. But the called a meeting to say that they had fixed the problem. Where they handed me, in front of the Director of IT, an envelope. Inside was a single sheet of paper. This was an official change to the manual that said that the configuration they had spec'd, installed, setup and handed over was no longer supported, so they weren't liable.

Strangely they got knocked off the preferred supplier list that morning.

Tsunami - Really

In my dictionary a Tsunami is a massive wave that causes extreme destruction and disaster.

By that measure, then yes, Windows 11 (all Windows) could be call a tsunami

Welcome to the 21sa Century

"We don't use paper charts at all," Severn's captain, Commander Philip Harper,

Actually, commercial vessels have used n Electronic Chart Display and Information System (ECDIS) for some time. No one in the commercial world has used charts for decades.

What would more helpful is if Royal Navy ships actually use AIS (Automatic Identification System) whilst they are manoeuvring in port, so that other vessels see them on their ECDIS systems and can take avoiding action when the Navy Lark pulls some damn fool stupid turn without notice, expecting everyone else to scatter out of their way.

Ahoy, Skipper:our very large cargo ship/oil tanker does not exactly spin on a six-pence when it comes to turns, and we need 1/2 nautical mile (that's 37 Olympic swimming pools) to stop.

Got to love VB. Keeping contractors employed for decades

My best one is when I inherited a complete trading and logistics system written in VBA with an Excel front end. Oh, and with approx 20 inter-linked spreadsheets.

Nightmare. It was still running when I left, because the team that used it actually loved the fact that it was built for them, by a contractor they employed directly. The first IT knew of it's existence was when the contractor left and they had to ask IT to take on support. My attempts to have it rewritten in to something more supportable where not accepted.

Nothing to see here

The beauty and evil of standards is that there are so many to choose from.

We don't use K8 or Docker here either. It just seemed to us to be overly complex for the deployment of a simple JAR. We use a script to build the jar and deploy to a staging area. It works well. We are in total control, and there are no unnecessary layers.

Of course, as with any projects, the STO reserves the right to change his/her mind at any future point in time, with out notice or explanation. So by the time you read this we could be on AWS using Elastic Beanstalk. Exciting being in devops.

Been there - on a Nuclear Power Plant

similar story. We had built the first image for a power control plant that was to hook up and manage a number of nuclear power stations. Thanks to the local telecoms muppets we were way behind schedule and hadn't started our clone of the standard image on to the workstations. Until one evening, the system came online, and we started doing a long suite of tests with the power station. And left for the night.

When I got in next morning all hell had broken lose. People were going mental and the site managing director wanted to rip me a new one. It seems that we had sent a "SCRAM" command to the reactor. For those not knowing, this shuts down the reactor hard and fast, and can take months to recover from. I asked for an hour to find out what was going on.

With the hour up, we went back in to the meeting for round two of lets beat up the IT techies. Where I asked if "Jerry" was joining us (not his name). Jerry was there. He was from the company building the reactor control equipment that we connected to. His work was behind schedule, caused by our work being behind schedule. So I asked him how come all the PC's in the control office were all up and running. He then somewhat sheepishly admitted that he had, over night, cloned our working machine that was doing tests and installed the image over all the new machines that we had not yet configured. He then started doing some commands to see if the reactor was behaving.

The problem was that he had not changed the unique addresses of the workstations. This is pore internet, so they were sort of like IP addresses but exactly the same. The protocol allowed the boxes to come up. So Jerry booted all 8 boxes. And sent a command to the reactor.

Now the protocol was: Send a command. Reactor sends the command back for confirmation. The PC then replies, yes, that's what I want, and the reactor says OK, here is the result. Trouble was, one PC said yes, that's fine but 7 said - no, we didn't ask for that. So the reactor does another round of checks. And agsin 1 says yes and 7 say no. The reactor then assumes it's under attack and shuts itself down. Hence the scam command.

Fortunately we didn't cause too much damage as we were only talking to the control test rig, not the actual reactor. But it did get me the missing lock on our computer room and Jerry a flight home. Oh, and we got our names on rather splendid mural at the entrance hall for having saved the say!

The explosion icon, well, its obvious.

GPDPR

We just peed all over your GDPR.

Opt out form here: https://digital.nhs.uk/your-data/opting-out-of-data-sharing

Advanced FARidiot alert

When you see someone wearing one of these reversed, with the glass over their necks.

Happened to me as well!

At what was once described as Europe's Biggest Data centre . have no idea if this was true, but as a 23 year old, it was pretty damn big. Think a large aircraft hanger filled with mainframes, tapes, printers and drum storage. The local power builders managed to put a JCB through the heavy duty three phase power supply, which mist have brought tears to the operator.

We ran a motor-generator set, with a large fly wheel to keep the generator going until the diesel kicked in. Which it duly did, coughed spluttered and died. We had forgotten that diesel can wax, which ours, unused for years, duly had. So the injectors clogged and the thing refused to work. The embarrasing thing is that we were an oil company, and we were supposed to know about such things!

Fastly cost savings

I thought I would look at Fastly to see if they could host my companies website,

eCommerce - Check

Small business - Check

Savings of £150,000 over a three year period. Sound good, that £35,000 savings per year,

WAIT ONE - we aren't spending anything like that to manage a web server, three app servers and a database server. With associated firewalls, routers, etc. Its costing us a LOT less than this.

People need to understand that the "cloud" should really be pronounced "someone else's computers"

Te bug is real but can it be exploited

If I understand this correctly, two co-operating processes can communicated over a hardware side-channel. The speed that this happens at is, frankly, irrelevant The fact that it happens is the real worry.

However, if this is on IoS you have to either get the app from the app store, or jail break the iPhone/iPad. If you jailbreak it then you're very much on your own. If its apps from the app store then you are downloading compromised applications. If you have a compromised app then I am not sure whether the CPU bug matters at all, given that you have, however inadvertently, downloaded something nefarious.

On an iMac or MacBook (and I am in the market for a new M1 MacBook, so this does matter!) then the problem is more serious. You can download apps from anywhere.

There is no saving grace (not even, there are so many other points of intrusion that this doesn't matter). Nor that similar problems plague Intel and AMD.

Back door in to the comms systems

I do recall when I was Application Support Manager for a sizeable telecoms company and found, quite by accident, that the installation engineers had deliberately installed a support line in to the main switch. The switch it self was HUGE, thing mainframe and add extra cabinets. These forward thinkingguys had put this modem in so they could remote dial in to the system and patch any faults. But they hadn't thought of any security. None whatsoever. You dialled in to the number and you had a console, albeit at 9600 baud, directly in to the internals of the switch operating system. From this you could do anything you wanted: Want a new number? Easy. A free-for-life phone line? Simples. Whats more, this went in at such a high level nothing was even logged so we never knew if this was hacked.

Nothing to see

As someone who runs Linux desktops & servers there doesn't appear to be anything of substance. N64? Why?

HPE - Caveat Emptor

Due diligence is a bitch, doubly so if you don't read it!

Of course its easily repairable

As the Apple Support bod told me after my third call and copious email exchanges) my very hard to repair iPad Pro was easily repairable by the simple expedient of buy a brand new one. There, job done and so simple and quick.

Safe Computers

Just because you have a Mac it does not mean you don't take all necessary precautions. Safe Computing is like Safe Sex, you can never be too careful .

Paris Icon - obviously

Part of the problem...

... is that the data predates wide spread rollout of relational databases. Its not just a case of restoring the rows to the tables. This is a hierarchical data store which uses record offsets to link to the next record in the set. What this means in practice is that once the erroneous delete happened there are only two ways back:

1) Stop the database and recover from backup. But that would wipe out any active ongoing investigations.

2) Restore the backup to a spare machine, run some scripts to compare the restored backup to production to see whats missing, and then manually re-enter the missing data by hand. The fun part is (re)establishing the links to all the 3rd party agencies that connect to the PNC.

Well, I suppose (2) could be improved by writing a program. But then you would want to test that VERY carefully, sort of like, much more carefully than the original script was tested!

Fun with halon

I worked in a computer room in the early 80's when Halon was all the rage. This was a VERY large computer room, the equivalent of several large aircraft hangers, with multiple main frames, tape room, printer rooms, etc. It was fitted with the "state of the art" fire suppression system. There was a control panel that prevented the halon from going off when people were in the room - well it gave you 45 seconds to get the flock out of there when the alarm went off.

The system was to have bulbs of halon in both the ceiling and floor voids. These bulbs had pyrotechnic devices to shatter them when triggered. Translations - a small explosive charge. They were wired in series with a trickle charge to show that the circuit was complete. It all showed up on the control panel outside the doors. What could go wrong?

Well, when the control unit has a hissy fit and fails dangerous, it sets off the charges. Which it did. Without any warning whatsoever. Some, but not all, the globes of halon exploded. Some didn't which from a fire protection point of view was a problem. However, a bigger problem for two of the operators was when they did go off close to a person. One of the main frame controllers was sat at his desk when the globe above him blew. He was thrown out of his chair and broke his arm.

Worse was to come. A lady in the tape room was reaching in to a tape unit (remember those ones with 2400' tapes?) when the globe beneath here exploded. She survived but here dress didn't. She ended up in her underwear!

Everyone had a ringing in their ears from the bangs, made worse by the rather belated sirens going off warning us to get out.

Icon - well obviously!