Posts by I Am Spartacus

Nothing to see here

The beauty and evil of standards is that there are so many to choose from.

We don't use K8 or Docker here either. It just seemed to us to be overly complex for the deployment of a simple JAR. We use a script to build the jar and deploy to a staging area. It works well. We are in total control, and there are no unnecessary layers.

Of course, as with any projects, the STO reserves the right to change his/her mind at any future point in time, with out notice or explanation. So by the time you read this we could be on AWS using Elastic Beanstalk. Exciting being in devops.

Been there - on a Nuclear Power Plant

similar story. We had built the first image for a power control plant that was to hook up and manage a number of nuclear power stations. Thanks to the local telecoms muppets we were way behind schedule and hadn't started our clone of the standard image on to the workstations. Until one evening, the system came online, and we started doing a long suite of tests with the power station. And left for the night.

When I got in next morning all hell had broken lose. People were going mental and the site managing director wanted to rip me a new one. It seems that we had sent a "SCRAM" command to the reactor. For those not knowing, this shuts down the reactor hard and fast, and can take months to recover from. I asked for an hour to find out what was going on.

With the hour up, we went back in to the meeting for round two of lets beat up the IT techies. Where I asked if "Jerry" was joining us (not his name). Jerry was there. He was from the company building the reactor control equipment that we connected to. His work was behind schedule, caused by our work being behind schedule. So I asked him how come all the PC's in the control office were all up and running. He then somewhat sheepishly admitted that he had, over night, cloned our working machine that was doing tests and installed the image over all the new machines that we had not yet configured. He then started doing some commands to see if the reactor was behaving.

The problem was that he had not changed the unique addresses of the workstations. This is pore internet, so they were sort of like IP addresses but exactly the same. The protocol allowed the boxes to come up. So Jerry booted all 8 boxes. And sent a command to the reactor.

Now the protocol was: Send a command. Reactor sends the command back for confirmation. The PC then replies, yes, that's what I want, and the reactor says OK, here is the result. Trouble was, one PC said yes, that's fine but 7 said - no, we didn't ask for that. So the reactor does another round of checks. And agsin 1 says yes and 7 say no. The reactor then assumes it's under attack and shuts itself down. Hence the scam command.

Fortunately we didn't cause too much damage as we were only talking to the control test rig, not the actual reactor. But it did get me the missing lock on our computer room and Jerry a flight home. Oh, and we got our names on rather splendid mural at the entrance hall for having saved the say!

The explosion icon, well, its obvious.

GPDPR

We just peed all over your GDPR.

Opt out form here: https://digital.nhs.uk/your-data/opting-out-of-data-sharing

Advanced FARidiot alert

When you see someone wearing one of these reversed, with the glass over their necks.

Happened to me as well!

At what was once described as Europe's Biggest Data centre . have no idea if this was true, but as a 23 year old, it was pretty damn big. Think a large aircraft hanger filled with mainframes, tapes, printers and drum storage. The local power builders managed to put a JCB through the heavy duty three phase power supply, which mist have brought tears to the operator.

We ran a motor-generator set, with a large fly wheel to keep the generator going until the diesel kicked in. Which it duly did, coughed spluttered and died. We had forgotten that diesel can wax, which ours, unused for years, duly had. So the injectors clogged and the thing refused to work. The embarrasing thing is that we were an oil company, and we were supposed to know about such things!

Fastly cost savings

I thought I would look at Fastly to see if they could host my companies website,

eCommerce - Check

Small business - Check

Savings of £150,000 over a three year period. Sound good, that £35,000 savings per year,

WAIT ONE - we aren't spending anything like that to manage a web server, three app servers and a database server. With associated firewalls, routers, etc. Its costing us a LOT less than this.

People need to understand that the "cloud" should really be pronounced "someone else's computers"

Te bug is real but can it be exploited

If I understand this correctly, two co-operating processes can communicated over a hardware side-channel. The speed that this happens at is, frankly, irrelevant The fact that it happens is the real worry.

However, if this is on IoS you have to either get the app from the app store, or jail break the iPhone/iPad. If you jailbreak it then you're very much on your own. If its apps from the app store then you are downloading compromised applications. If you have a compromised app then I am not sure whether the CPU bug matters at all, given that you have, however inadvertently, downloaded something nefarious.

On an iMac or MacBook (and I am in the market for a new M1 MacBook, so this does matter!) then the problem is more serious. You can download apps from anywhere.

There is no saving grace (not even, there are so many other points of intrusion that this doesn't matter). Nor that similar problems plague Intel and AMD.

Back door in to the comms systems

I do recall when I was Application Support Manager for a sizeable telecoms company and found, quite by accident, that the installation engineers had deliberately installed a support line in to the main switch. The switch it self was HUGE, thing mainframe and add extra cabinets. These forward thinkingguys had put this modem in so they could remote dial in to the system and patch any faults. But they hadn't thought of any security. None whatsoever. You dialled in to the number and you had a console, albeit at 9600 baud, directly in to the internals of the switch operating system. From this you could do anything you wanted: Want a new number? Easy. A free-for-life phone line? Simples. Whats more, this went in at such a high level nothing was even logged so we never knew if this was hacked.

Nothing to see

As someone who runs Linux desktops & servers there doesn't appear to be anything of substance. N64? Why?

HPE - Caveat Emptor

Due diligence is a bitch, doubly so if you don't read it!

Of course its easily repairable

As the Apple Support bod told me after my third call and copious email exchanges) my very hard to repair iPad Pro was easily repairable by the simple expedient of buy a brand new one. There, job done and so simple and quick.

Safe Computers

Just because you have a Mac it does not mean you don't take all necessary precautions. Safe Computing is like Safe Sex, you can never be too careful .

Paris Icon - obviously

Part of the problem...

... is that the data predates wide spread rollout of relational databases. Its not just a case of restoring the rows to the tables. This is a hierarchical data store which uses record offsets to link to the next record in the set. What this means in practice is that once the erroneous delete happened there are only two ways back:

1) Stop the database and recover from backup. But that would wipe out any active ongoing investigations.

2) Restore the backup to a spare machine, run some scripts to compare the restored backup to production to see whats missing, and then manually re-enter the missing data by hand. The fun part is (re)establishing the links to all the 3rd party agencies that connect to the PNC.

Well, I suppose (2) could be improved by writing a program. But then you would want to test that VERY carefully, sort of like, much more carefully than the original script was tested!

Fun with halon

I worked in a computer room in the early 80's when Halon was all the rage. This was a VERY large computer room, the equivalent of several large aircraft hangers, with multiple main frames, tape room, printer rooms, etc. It was fitted with the "state of the art" fire suppression system. There was a control panel that prevented the halon from going off when people were in the room - well it gave you 45 seconds to get the flock out of there when the alarm went off.

The system was to have bulbs of halon in both the ceiling and floor voids. These bulbs had pyrotechnic devices to shatter them when triggered. Translations - a small explosive charge. They were wired in series with a trickle charge to show that the circuit was complete. It all showed up on the control panel outside the doors. What could go wrong?

Well, when the control unit has a hissy fit and fails dangerous, it sets off the charges. Which it did. Without any warning whatsoever. Some, but not all, the globes of halon exploded. Some didn't which from a fire protection point of view was a problem. However, a bigger problem for two of the operators was when they did go off close to a person. One of the main frame controllers was sat at his desk when the globe above him blew. He was thrown out of his chair and broke his arm.

Worse was to come. A lady in the tape room was reaching in to a tape unit (remember those ones with 2400' tapes?) when the globe beneath here exploded. She survived but here dress didn't. She ended up in her underwear!

Everyone had a ringing in their ears from the bangs, made worse by the rather belated sirens going off warning us to get out.

Icon - well obviously!

ISP for fun and profit

Some years ago I worked with a telco that was rolling out a single rack unit that would replace a whole cabinet full of modems. This was specifically aimed at the large ISP's who had rooms full of racks, each one stacked with 9600 baud modems.

As we were talking to them a network engineer came in to the room and calmly powered off a whole cabinet, waited 30 seconds and powered it back on. When we innocently asked what he was up to, fearing our kit would have a hissy fit if he did that to it, he explained. One of the modems had got stuck and wasn't connecting properly. It was too hard to figure out which one it was, so he narrowed it down to the cabinet and simply power cycled all of them.

And all the other people copnnected? Don't they get disconnected? The reply was priceless: "Well, what do they expect for just a tenner a month?"

Fudging the CPU upgrade

I do recall working on mainframes in the mid 80's. We did a memory and processor upgrade to one of the Sperry Univac 1100's. Before we had field service put the new cards, actually I think it was whole racks) in, we wrote a job that would sit there and do nothing useful except gobble up all the memory and the new processor. When the new system was turned on, we told everyone to expect a performance boots, and so it was perceived for a couple of weeks.

Then, of course, people started to notice it was actually just as slow as before and issued complaints. So we tweaked the system to get more power, meaning we just started to ratchet down the amount of resources our cpu hog was taking. Happy users.

We kept this game going until well after bonus day, with praise coming in that whenever some user notices poor performance the system engineering team could magically get it fixed!

Data - its a bitch

They looked at 100 Million Stars.

There are 100 Billion stars in our galaxy. There are over a billion galaxies. So, thats, <click> <click> 1E20 stars in the universe (give or take the odd one or two).

So they have looked at a sample size of 0.000000001%

No shit sherlock.

Well, there goes their FSA license

KPMG should have their FSA license revoked, but probably won't.

I recall working with a large commodity trading group who had to install, and prove that they had installed, robust chat backup of all chat facilities. That caused a lot of angst when traders were told that they could only use specific named, versions of tools for IM and chat. These were the ones that had centrally controlled backup policies. Failure was to risk revoking the license to trade.

Conveiently being found out that all the history had been erased would not have been good. Not good at all.

Spring in to NHS?

Can we expect that Pivotal have built the NHS app in Spring Boot?

Hello World in Cobol

The issue is not how long Hello World is in Cobol (it's 5 lines, if your asking).

No, the problem is how long the JCL is to compile it on IBM/MVS - that can be twice the size of the program. EASILY!

Oh, and only truly experienced programmers remember that the compiler was called: IGYWCLG

Fake News!!!

I'm calling Bullsh*t on this one. It was believable right up to the point where he said the manager REWARDED him with a nice bottle of wine.

That never happens. Never. And not a nice bottle, may be we could stretch to a bottle of Australian gut rot. Nut not a nice bottle.

I just tried

and failed to convince my CTO that Neo4J was the right way to go. So now I am battling SQL Server (again).

Someone buy me a pint, I really need it just now.

Systemd = Marmite

You either love it or hate it.very little middle ground

Personally: Systemd = Love

Marmite = hate