* Posts by yoganmahew

448 posts • joined 1 Apr 2014


Leaky AWS S3 buckets are so common, they're being found by the thousands now – with lots of buried secrets


Re: And the corporate world ...

Well, not really. An on-premises data centre is securted by firewalls and gateways, often provided by external professionals. It takes some work (or F5 :|) to leave exploitable holes and even then those holes have to be exploited.

Much cloud storage is individual, each bucket is a separate piece of infrastructure that needs to be individually secured. Failure to secure = no security. It literally takes no effort to see the contents of an unsecured S3 bucket (for example).

You end up effectlively with hundreds or thousands of datacentres to secure.

Teardown nerds delve into Dell's new XPS 15 laptop to find – fancy that – screws and user-serviceable parts


Re: Cans of Compressed Air, how quaint!

Lidl portable compressor. Not powerful, so perfect. Cleaning everything from PS4 to laptops to filters on the vacuum.

F5 emits fixes for critical flaws in BIG-IP gear: Hopefully yours aren't internet-facing while you ready a patch


Re: Public services are probably at higher risk

They're all architected to the same shoddy standard, though, lowest common denominator development, make it secure as an afterthought..

I was screwed over by Cisco managers who enforced India's caste hierarchy on me in US HQ, claims engineer


Re: How did they learn he was Dalit?

Hi name may give it away or he may have gotten an education or first job leg up due to being scheduled caste or OBC (as part of an affirmative action program).

What did it take for stubborn IBM to fix flaws in its Data Risk Manager security software? Someone dropping zero-days


Re: Trust

Accompanied by "we take our customers security seriously" boilerplate.

ServiceNow slammed for 'tone deaf' letter telling customers contracts can't be tweaked as COVID-19 batters businesses


Re: @Chris Hills - Are you telling me

Absolutely that's the way it works, with an additional step - between the highest management signing and the finer details, there's a big announcement about how much better the new is going to be and how much will be saved. Then half the workers on the old proceses are ditched and replaced with SNOW customisation 'experts'...

OOP there it is: You'd think JavaScript's used more by devs than Java... but it's not – JetBrains survey


Re: Journalism, Press Releases, and Surveys


"Unfortunately, in this case, JetBrains had to explain why second place was really first place."

They've chosen the already accepted answer though, that many have to do a bit of Javascript for the front-end and I think they've chosen a good method to expose it by asking what the main language used in the last year was.

80-characters-per-line limits should be terminal, says Linux kernel chief Linus Torvalds


Re: not the terminal, the punch card

Still coding to 71 characters, 72nd character the continuation line, and the last 8 the sequence number in IBM assembler, but when I started in 1990, we used 132 column emulators for listings, system dumps etc. Ah, VM (now z/VM), what a wonderful development and test environment!

That string of supercomputer hacks last week? Of course it was a crypto-coin-mining get-rich-quick scheme


The weakest link in the toolchain

If the payloads are compiled on site, does that suggest the CI toolchain and automated CD are the weak link?

Microsoft doc formats are the bane of office suites on Linux, SoftMaker's Office 2021 beta may have a solution


Everybody loves Remond

[this message is intentionally left blank]

Sweet TCAS! We can make airliners go up-diddly-up whenever we want, say infosec researchers


Indeed, but would you prefer a spoofable computer (it will always be spoofable)? Personally, I'll always want a sack of meat at the pointy end with decision rights.

'VPs shouldn't go publicly rogue'... XML co-author Tim Bray quits AWS after Amazon fires COVID-19 whistleblowers


Re: "XML"

Article still here: https://www.theguardian.com/technology/2020/may/04/amazon-tim-bray-resigns-working-conditions-coronavirus Is it the same one?

Three years ago, IBM ordered staff to work in central hubs. Now its new CEO ponders mid-pandemic: Is there a better way of doing things?


Downvote because "Ginni Rommety was a good CEO. But she frittered away a of IBM's technological opportunities and advantages."

As you later put it, morale is in the sh1tter too.

And centralised bureaucracy (a result of large sites methinks) is also bloated.

If this is a good CEO, then goodness me, I don't want to see a bad one.

Cloudflare goes retro with COBOL delivery service. Older coders: Who's laughing now? Turns out we're still vital


Re: “Old Hardware” is fake news

Indeed, the sixty year old code I update (extend) and maintain is flying. Well, would be flying if anyone was, er, flying. The z-series is a fabulous piece of kit. That IBM keep expanding the hardware capabilities tells you the demand there still is for it.

You can wipe those smiley faces off: Unicode technical website is going to be out for 'a couple of weeks'


Re: Hieroglyphics

You forgot your glyph of exclamation!

COBOL-coding volunteers sought as slammed mainframes slow New Jersey's coronavirus response



"there are also problems like the bios ending being so old it just dies even if you keep changing the battery"

I'll just leave that bit there.

Your post makes me sad.



"I know for a fact that some of IBM's current gear will run COBOL that I wrote in the early 1970s unaltered."

Indeed, the z series is backwards compatible with assembler too (I'm still active).

How did they end up in their legacys situation with their cobalts and their assemblers? Outsourcing, downsizing of anything that works, refusal to replace retirements, ignorant people in charge who fail to realise the importance of the IT systems they rely on; they're called mission critical for a reason.

Cobol/assembler on mainframe (whether IMS or CICs or whatever (I program on whatever)) technically has no issues. It's a manpower issue. There just aren't enough people employed who know the business systems well enough to touch them, or even to understand them so they can be adequately specified.

The big g will no doubt fire up its Cornerstone acquisition and convert to java. Imagine, if you will, a sprawling java monolith that can only be understood by looking at the original cobol and that still operates in the same way as the original... once you hit a hardware choke point (even in the cloud), you're f'd...

Microsoft Teams usage jumps to 32, no, 44 million as Windows-slinger platform slides onto home workers' PCs


Re: The only thing I lilke about Teams

Yeah, you can install whiteboards in Teams, as a side app from the Windows store (free, I believe).


You've clearly never used Jabber. Teams is a Ford Mondeo to Jabber's Edsel...

ServiceNow pulls on its platforms, talks up machine learning, analytics in biggest release since ex-SAP boss took reins


Re: ServiceNow is great

Process, process, process, and more process. Need a pencil from the store cupboard? there's a service now twenty minute workflow for that. Laptop dead? Open a service now ticket! Can't get to service now because your laptop is dead? Open a service now ticket! In a support role and want to do no work provisioning new links? Set up an incomprehensible service now workflow that requires you to learn how to provision the link before you can open a ticket.

I hate it.

edit: oh yeah, and let's automate offboarding so we can automate deleting all our contractors at random points in the quarter while they work out the difference between "one" and "all"...

Corporate VPN huffing and puffing while everyone works from home over COVID-19? You're not alone, admins


Re: Split-tunnelling? Security madness, surely?

Never mind the security, feel the process. Six months at my place for the promised split tunnelling to relieve the already creaky VPN.

Re: security - almost certainly your VPN already whitelists all those MS addresses to make o365 and OverDose work, so all you're saving is a round trip through your infrastructure...

Poor old Google. Its cloud division only brought in $8.9bn last year. So it's chucking a few billion at US offices and data centres


They also bought...

Cornerstone BV who make some interesting claims on their website (cornerstone.nl) about their zOS transformation tech.

Sophos was gearing up for a private life – then someone remembered the bike scheme


Indeed, the owners seem to be going for a portfolio that's literally twelve shades of shite.

Firefox, you know you tapped Cloudflare for DNS-over-HTTPS? In January, it briefly knackered two root servers at the heart of the internet


Re: "Extreme testing"

Absolutely; "edge case" me hoop.

Everything you don't test is an edge case, that tells you nothing about either how common it is or what the impact of a failure is.

FMEA should tell you that you don't load a quick-fix to broken code in key infrastructure, you fall the original code back and fix it properly and test it properly. It also tells you your original code was insufficiently tested the first time, since it was loaded with a bug in it.

Duped into running bogus virus scans at Office Depot? Dry your eyes with a small check from $35m settlement


Re: "Office Depot agreed to fork out $25m while not admitting liability"

Nope. Happens everywhere, often between insurance companies.

Gin and gone-ic: Rometty out as IBM CEO, cloud supremo Arvind Krishna takes over, Red Hat boss is president


Re: It's hard to believe that...


They blew it similarly in the mainframe market. Overcharging license costs, slow and underfunded software capabilities and OS expansion. Products like CICS, TPF, even MQ are milked for all their worth. They are sadly end of life. There may be some twitching, but alternatives exist and if, as an enterprise, you have to re-engineer to reduce cost, you might as well re-engineer onto a different platform.

You're not Boeing to believe this: Yet another show-stopping software bug found in ill-fated 737 Max airplanes


Re: Isn't THIS why we've got to teach 2nd-graders how to "code", rather than how to think?


"The ethos was pretty much "make it work any way you can. I don't care how, just do it quickly", the obvious undertone being "make it look like it works, I'm expecting a botch job that's good enough to get a sale"."

They now call it agile development. The way it is implemented, particularly scrum, is exactly this. Sweatshop it out the door, never mind testing it.


Re: Isn't THIS why we've got to teach 2nd-graders how to "code", rather than how to think?



" These technical reviews are expected to turn up glitches and gremlins for Boeing engineers to fix, so this is kinda to be expected."

is just wrong. Very, very, wrong.

The FAA are not the PO, they're not there to do a demo to. It suggests Boeing don't know how to code safety critical systems.

Totally Subcontracted Business: TSB to outsource entire IT estate to IBM for a cool $1bn after 2019 meltdown


Replatforming is almost never a business initiative. It is a tech initiative ostensibly to save costs, but with entirely doubtful projections. Generally it hits the point of "cutover or cancel" as it drains the company dry. The decision is often to cutover badly performing systems. In the case of TSB, it appears unfixably badly performing, since they're outsourcing the entire fiasco.



"Red Hat OpenShift tech will be used to deploy on-container architecture, and new cloud native apps will be deployed"

Ah, a new toaster, just what I need for my toaster collection.

I got double points for the malapropism of deploying existing systems as cloud native apps...

Tea tipplers are more likely to live longer, healthier lives than you triple venti pumpkin-syrup soy-milk latte-swilling fiends


Re: missing details

Lard factory finds lard is great for you.

'No BS' web host Gandi lives up to half of its motto... Some customer data wiped out in storage server meltdown


Re: Backups in 2020 are still important

The cloud: still you own data and your own processes. PAAS, the hint is in the P... it's not a managed service, it's a managed platform.

I am broot: The Reg chats to French dev about Rust tool that aims to improve directory navigation


Yep and then repeat for all 900 directories off the main directory to find the errant large log file.

Here we go again: Software nasties slip into Google Play, exploit make-me-root Android flaw for maximum pwnage


Re: No, no, no!

To be followed by "if your phone is more than six months old, bin it, you'll never get a fix for this and many other security holes".

Train-knackering software design blunder discovered after lightning sparked Thameslink megadelay


Re: and basically impossible to test for.

Absolutely @vogon,

here continueth the rant:

and even if the edge cases tests are run, when the inevitable design errors are found, they are ignored because "we're too close to cutover and anyway that's an edge case". Fast forward two years and the product no longer works for so many edge cases that happen daily (when you hit volume, nothing is edge) and the agile prophet has moved on to leading the design of another key piece of product.

Never mind not having any idea, they don't care that it isn't going to work.

WAD has become WBAD - Working Badly As Designed.

Oddly specific 'cyber attack' hits Alaskan airline RavnAir and one plane type


More likely the maintenance system ran only on old operating systems, Win XP or older.

If it is the maintenance systems scrambled and they don't have a historical backup, the planes are effectively scrap. Without a documented maintenance history, they won't be permitted to fly (leaving aside the maintenance scheduling aspects and the requirements to confirm). It may be they can fallback to paper, but my guess is the paper processing skills have long since been made redundant.

I've said it before, airlines are enormous nickel-and-dime IT shops with shiny planes in front of them. Without IT, your airline is grounded, there are many, many components to that IT and generally you can't just go to pilotjobs.com and hire in something different.

This isn't Boeing very well... Faulty timer knackers Starliner cargo capsule on its way to International Space Station



So that's what you rely on when you don't design well.

Microsoft's Teams goes to bat for the other team with preview on Linux


Re: "There is no escape from collaboration"

Then, no, it's just me :)


Re: "There is no escape from collaboration"

Or you use Teams. I won't spare you lot my diatribe about this piece of shut.

One thing at a time on a window (no pop-outs, no multiple windows).

Doesn't like VPN (uses a different sign-in protocol and an "am i alive" that involves phoning home to the mothership (I shut you not)).

No group chat without making a team.

Search is awful (though not as awful as Outlook search of shutting archived folders on Onedrive).

You can only speak US english on it and there's no way to turn off spell check so every name (unless it's Brad or LaShut, every acronym, every number with a shutting letter) shows up as misspelled.

The chat editor works differently to the 'full' editor.

This may be a different diatribe to the last list, this is just what the shutting shutter of a shut did to me today.

Join us on our new journey, says Wunderlist – as it vanishes down the Microsoft plughole


Re: The Age of the Customer is over

Cloud is the new platform, and it's worser than platform ever was :(

Xerox woos HP stock owners with talk of layoffs, selloffs and cash payouts post merger


Re: Until The Twelfth Of Never

Hmmm, it sounds like Icahn has two lemons and is hoping to make lemonade with them and the sugar of staff cuts.

If you want an example of how user concerns do not drive software development, check out this Google-backed API


Re: No Chrome,...

Well, do note that Chromium have committed to enabling the feature...

Windows 10 Insiders: Begone, foul Store version of Notepad!


Re: A good u-turn

I'm equally impressed with the u-trun on drivers. It's not just printers, my aged laptop only works with a particularly aged version of an Nvidia driver. I had to hack around a bit to block the driver update. As an aside, disabling, removing, and reinstalling a display driver is the work of the devil.


Hmmm, Sublime: TOTAL: $80 USD

Atom is interesting, but their teletype add-on neither sends nor receives teletype messages... I was quite disappointed.

Anthos: Google's bid for Kubernetes differentiation ... and market share


Re: The more things change...

... shutdown support for the free version.

This page has been intentionally left blank

This post has been deleted by a moderator

Mysterious IT snafu at British Airways causes bunch of inbound flight delays and cancellations


Re: BA = Bloody Awful


Some way from Alpha.

Cisco blasts sueball at 3 ex-employees it claims handed trade secrets over to same rival


"And this is how..."

" they produce such shoddy, back-door ridden crap and get away with it while Huawei take all the heat".

Oracle and Google will fight in court over Java AGAIN and this time it's going to the Supremes


If only someone would invent a self-levelling mechanism for the worlds oceans.


Re: Without any sign of a nod toward irony

Time to ditch java entirely?



Biting the hand that feeds IT © 1998–2020