Why respect?
When you can buy in scrum teams and they fit neatly into your spreadsheet?
584 publicly visible posts • joined 1 Apr 2014
SITA is almost out of the PSS business, it has wound down its multi-host platform and New Horizons seems not to have built much popularity. Based on the damage, I'd say it is alliance frequent flyer datasets that are routinely shared to provide good service. When you fly on one alliance airline (e.g. in Star or Oneworld), you can use your FF card on other members of the alliance and get points, upgrades, use of facilities and the like. Because the datasets are quite large and the systems are globally dispersed, typically they are copied locally and updated, erm, weekly? (It is, erm, 10 or more years since I was involved!). The lookup is to check validity and tier level.
What interests me more is where the breach happened. The legacy systems poo-poohed in the article are difficult to hack by their nature (they are poorly connected, have obtuse internals, and weird data formats - SITA PSS was Unisys), so my guess is it's a modern offload and probably a copy to an unsecured cloud bucket. For all the sneering at legacy, this modern stuff is shite.
I agree, I'm senior tech in a specialised field and have been on call for the last 8 years, 24x7x365.25; I'm in the middle of an extra-special on-call where I have to be at my desk within 5 minutes of a call for a customer activation. Total remuneration for this? Zero.
So not just an hour minimum per call, but also a minimum payment for on-call hours.
I was in the role of A/P, and came to be the only one that understood a critical part of a large system. The large system is being "mainframe offloaded to cloud", so now I'm a cloud architect setting the requirements for a bullshit bingo outsourced vendor to go and rewrite the system in jave framework on cloud vendor for lowest possible cost to a fixed timescale. Oh, and exactly matching function...
What can possibly go wrong? What could possible be a more depressing job vista?
While I agree with your definition of monetary value, I'm wondering what you consider will work day in, day out? I have colleagues with Macbooks, they are always broken if you use anything other than an apple stock app. My daughter has a ChromeOS book for school and there was never a more benighted product, neither fish nor fowl. I've used various strands of Linux since forever and it's okay, if clunky, until it no longer works at all and you have to reinstall the whole thing.
I have fond memories of DOS on a 286 where you could magically flick between DW370 and Netmaster, giving you access to VM and MVS, and Keith and Andy only a short walk and a cup of coffee bribe away from any fix. I'm not sure that's what you have in mind though :)
Add in continuous PCI compliance on a bleeding edge system and components, where a security patch may come with dependencies (since who's going to bother isolating security patches for what's essentially a development OS).
The timing is cynically fabulous too...
"Tell me how to protect an environment from a monitoring system that, by design and function, has access to every system in the network?"
Absolutely.
Zero trust only 'works' by giving blanket authority to monitoring agents (like Orion). The proliferation of these agents is quite troubling - every container has the same AppD agent, the same Orion agent, the same Qualys agent on the golden container baseline.
PCI DSS gives you a max of 30 days to install critical updates to any of these agents, your external component libraries, and the OS image.
The volume of updates is already well beyond manual review...
Like @sitine, I'm concerned at the blast radius. Solarwinds is inside the VPN, inside the the secure zone. The secure zone where all the deprecated machine instances run, where patching is months behind (because why would you need to patch when you're in the secure zone?).
Jake Williams, Security Analyst, might want to consider the thrill of enterprise security logic before he goes happy clappy.
Hmmm, when you sign up for a free trial, G a number of times reassures that it will close down the project and look for confirmation before proceeding past the free $300 credit. I have experienced this to be so, though with a spanner cluster server.
So there's a bit not being spoken, maybe it was a company account, not a free-sign-up?
Short meetings would entirely be taken by Gary from BizOps introductory remarks about how he and the random vendor he's chosen could do the project and really don't need any IT buy in and anyway IT is insignificant next to the dark side power of being a budget owner. Repeat every 15 minutes for different projects and different Garys...
I'm old enough to remember when Middlesex and Essex were blocked by spam filters. Made a mess of my fantasy cricket. Hmmm, a quick G, sees it's still an issue: https://www.computerworld.com/article/2767791/spam-filters-blocking-ontario-county-with-a-racy-name.html
It seems we have both much and little to fear from AI...
Why kill one SRE error budget, when you can kill budgets all over the world?! Of course, companies don't factor that in to their customer experience when they move to the cloud, nor do they care that they are moving from their own DC, limited complexity so good recoverability times (if they staff it) to a complex cloud (the underlying infrastructure is complex) with poor recoverability times (even if they bother staffing it).
The thrill of it all, is a large corporation moving to Salesforce Cloud, Oracle Cloud (or RE), Office364&Azure for desktop, AWS for workloads, F5& Centurylink for networks, you're beholden to all those actors and more doing their jobs; an endless patch cycle (because everything is at least semi-publilc), an endless cycle of EOL mattering.
You cease to be a company in a business sector for your customers and become an operations company for your own inftastructure.
Ah, we're on to software engineers fixes!
Have they thought about having another set of engines behind the first set of engines to balance? It wouldn't do much for the aerodynamics or the fuel efficiency, but it would make the QA tests pass.
Hmmm, make the QA tests pass... that's what MCAS does...
Thank you - that might explain it. A four hour partial outage (flapping at 20-40% of traffic) at my place with the fallback routes not working (customers not able to reach us. Only the timing stopped it being a much bigger incident, so I guess +1 for a weekend change slot versus continuous deployment...
@Nick
"An entire sub-industry"
And what they build can only be changed in timescales measured in eons. So much for a new option to do something different hacked up in a day, now it is weeks of lead time and a release cycle away.
Or do we have to live with that worst of both worlds "enter additional parameters in this box" and then the GUI does a flipping CLI command under the hood :|
It's a pain in the ass, though, to have chat ephemeral. My company set it to 30 days after having no retention set. By that point, everyone had stopped using email and were chatting preliminary project design decisions, preliminary functional agreements etc. All lost, and chaos and arguments ensued for some months. Even on a personal level, having to reask who someone is (it's a large company) every time they infrequently ping you is painful.
"Only personal chats were lost, it's claimed, not chats conducted as part of a Teams meeting or Teams channel, and not any files uploaded to personal chat threads."
This is what MS say, but the meeting chats disapper too. Only chats in a channel are safe, but the channels are broken once you have more than six. Files you upload are still there, somewhere, but the link to them is removed, so finding them can be challenging...
Well, not really. An on-premises data centre is securted by firewalls and gateways, often provided by external professionals. It takes some work (or F5 :|) to leave exploitable holes and even then those holes have to be exploited.
Much cloud storage is individual, each bucket is a separate piece of infrastructure that needs to be individually secured. Failure to secure = no security. It literally takes no effort to see the contents of an unsecured S3 bucket (for example).
You end up effectlively with hundreds or thousands of datacentres to secure.
Absolutely that's the way it works, with an additional step - between the highest management signing and the finer details, there's a big announcement about how much better the new is going to be and how much will be saved. Then half the workers on the old proceses are ditched and replaced with SNOW customisation 'experts'...
@HildyJ
"Unfortunately, in this case, JetBrains had to explain why second place was really first place."
They've chosen the already accepted answer though, that many have to do a bit of Javascript for the front-end and I think they've chosen a good method to expose it by asking what the main language used in the last year was.
Still coding to 71 characters, 72nd character the continuation line, and the last 8 the sequence number in IBM assembler, but when I started in 1990, we used 132 column emulators for listings, system dumps etc. Ah, VM (now z/VM), what a wonderful development and test environment!
Downvote because "Ginni Rommety was a good CEO. But she frittered away a of IBM's technological opportunities and advantages."
As you later put it, morale is in the sh1tter too.
And centralised bureaucracy (a result of large sites methinks) is also bloated.
If this is a good CEO, then goodness me, I don't want to see a bad one.