* Posts by Lil Endian

1284 publicly visible posts • joined 14 Jul 2021

Page:

Criminals go full Viking on CloudNordic, wipe all servers and customer data

Lil Endian Silver badge

Not if it isn't the legaleze, it isn't.

Not if it isn't the legaleze, it isn't.

Contractually speaking 100% correct, except contract law does not usurp statute. I didn't mention contracts or statute, I was referring to an ethical logic - I was clearly ambiguous, apols.

----------

Home Owner: The work you did on my roof didn't help. It leaks more now!

Roofer: It says in the contract you signed that you were responsible for your own carpet.

Home Owner: ........

Roofer: Oh... And roofing is hard!

Home Owner: *click* *bang*

One less roofer cowboy!

----------

Lil Endian Silver badge

Re: "their own backups as a contingency"

I don't know what the mix of CloudNordic customers are, but I'd bet a fair number of them would glaze over after listing to that :-)

Hehe! Well, I wouldn't be very good at my job if I spoke to a non-techie client like that ;)

I've been working with SMEs since the 80s, I can speak non-geek - and draw pretty pictures too! I'm a bespoke programmer. Part of my role is to ensure that my/their software runs and is resilient. As such, I advise where appropriate, even if I don't undertake the agreed upon action myself. I used to provide Doze desktop support as part of a contract to those ends, but kicked that in 2000, cos pushing string up a hill. I mostly deploy client/server applications, and I now leave client side support to their chosen service supplier.

And yeah, they always can access source via escrow in the case of the proverbial bus :D

Lil Endian Silver badge

Couldn't agree more Doctor. It's lesson #1 to anyone I'm advising: what's the most important part of a computer system? Your data. Because any other part of the system[1] can be replaced, hardware/OS/applications, but if your data's gone then it's gone.

[1] Speaking generically. If risk lies elsewhere it should be identified, eg. bespoke code/hardware, obsolete doobries etc.

Lil Endian Silver badge
Facepalm

Re: "their own backups as a contingency"

<Bah! Just missed the edit window!>

Edit: The setup can be any combination primary/backup1/...backupn/mirror with storage local/cloud/offline/mirror - where mirror location can be local or remote depending on requirements and feasibility.

Lil Endian Silver badge

Re: "their own backups as a contingency"

Any resiliency is better than none! If there's only the primary data that's the problem. The setup can be any combination primary/backup1/...backupn with storage local/cloud/offline.

Since all systems are deemed vulnerable, the more the merrier - with appropriate backup encryption of course!

If <user's> primary and only data was/is stored on CloudNordic/AnotherCloudProvider, they clearly don't know what risk analysis is, or they do and it was deemed an acceptable risk/loss or they intentionally didn't deployed a back up solution, eg. for saving funds.

If CloudNordic customers did maintain backups, be that local/cloud/offline, then they should be okay(-ish) and (advisedly) finding a new cloud provider.

Lil Endian Silver badge

Re: And Then ?

I did consider "stupidity", but there's no "tort of stupidity". For which I find myself thankful!

Lil Endian Silver badge

Re: All Eggs in One Basket

Well, having a "master key for all machines" is effectively the same problem as the one in this affair, isn't it ?

Hmmm, yes and no. The issue is that systems that were previously "on separate networks" were later not segmented. In the initial scenario there were, therefore, no "master keys" - and then *poof* there were. The muppets. There's no indication that a "master console" weakness was present before or after, other than as a synonym for using an actual terminal/console that could access the entirety of those systems. Again: the muppets.

Lil Endian Silver badge

Re: Where are the backups?

I just thought I should add that I'm not saying cloud users should not have their own backups as a contingency, of course they should. That doesn't mean that the onus is not on CloudNordic in this case. As far as I'm concerned if said user does not have a resilience/contingency plan then they're negligent.

Lil Endian Silver badge

Re: And Then ?

The entire "cloud" idea looks questionable.

While I fully agree that the cloud is not the place for business critical systems and data, and sensitive data, this is not a case of "magic". CloudNordic failed in basic security principals by their own admission:

During the work of moving servers from one data center to the other, servers that were previously on separate networks were unfortunately wired to access our internal network that is used to manage all of our servers.

Unfortunately? Try negligently. They put all of their eggs in one chicken coop, and the fox was already in residence. Granted, it's early days so things might change, but it's unlikely that a company would make such a statement on a whim.

Lil Endian Silver badge

Re: Where are the backups?

Why is it the company's [CloudNordic's] responsibility to make backups of the customer's data?

If a CloudNordic customer borks their own data, that's on the customer. If CloudNordic borks customer data, that's on the CloudNordic.

This case is the latter, and the onus is on CloudNordic. They fucked up.

[Edit: It's CloudNordic's own data that they failed to adequately protect and by extension, their customers' data.]

Start rummaging: Atari's new 2600+ console supports vintage cartridges

Lil Endian Silver badge
Pint

Rose Tinted Glasses

What makes a good game...? It's subjective.

If realistic jiggly body parts make a good game, now is visibly better. Game play? Suspension of disbelief?

Balderdash? Boulder Dash I say!!! Spent ages playing that :)

Lil Endian Silver badge
Happy

Re: No shipping

Woolies - ahead of the curve!

Selling Amigas in '83? Shirley, you can't be serious!

Thanks for reminding me about the Vectrex - that was a unique bit of kit!

Lil Endian Silver badge

Re: No shipping

Yeah, '78 sounds good for UK, I was pretty sure I'd seen it before '80. Stateside was 1977.

Finally found the page I was looking for, from The Centre for Computing History: Atari VCS.

Couldn't find a 2600 price, but for a reference point, the Atari 800 was released in 1979 for, wait for it... an initial price tag of $999.85!

Lil Endian Silver badge
Angel

Woohoo! Star Raiders!

I can be a Garbage Scow Captain again!

Sadly, the last time I looked I only found the empty box, no cartridge. QQ

Lil Endian Silver badge

Re: Lovingly recreated joystick?

Bah! I wanted to love... complain about... love complaining about the CX40 first! Wah!

Not microswitches on the CX40, it was those kind of two-bits-of-solder-held-apart-inside-a-flattened-plastic-bubble switches - can't think what they're called.

But man! I got through dozens of those! Those white plastic rings for tension/centring, shocking! The first microswitch joystick I recall was a Quickshot, well, decent one at least.

Lil Endian Silver badge

Re: No shipping

The 2600 was the first gaming system or home computer I had hands-on IIRC, and that was before summer of 1980. There weren't many home computers around then, being Acorn Atom and ZX80 times. That's after the Apple II ('79). I'm fairly confident, but can't cite, that the VCS would have been cheaper. Happy to be wrong.

IBM says GenAI can convert that old COBOL code to Java for you

Lil Endian Silver badge

Re: Programming is independent from language

To which family of languages does machine code belong?

Lil Endian Silver badge

Re: Programming is independent from language

I think you're missing my point, and that's my bad. Let me rephrase the statement "programming is independent from language" as "programming is independent from coding". Same thing. And yes, they're sweeping statements, but if viewed definitively I argue that the underlying point stands.

Learning different programming languages, ie. coding in that language, involves learning that language's semantics and syntax. Learning programming, that's logic, and involves logical steps which relies on sound program flow - the aforementioned sequence/condition/iteration. In essence, the programming part does not need to be relearned. Yes, there's a difference between OO and procedural program structures, but the individual functions, the actual working bits, are still made of the same program flow.

Program design at its lowest-ish level: anything but a trivial program and CISC/RISC assembler are bound to require a different number of instructions, but that program flow will contain the same options of sequence/condition/iteration. In essence the top-down program flow would be close enough to be perfectly recognisable.

One does not need to relearn programming when learning a new language. But there might be a more convenient program flow for a given language/use case!

Programming != Coding

[...floored by APL or Forth... -- I'll add Algol, if I may!]

Lil Endian Silver badge
Stop

Re: Programming is independent from language

If you can learn the language in an afternoon, there is by definition not a shortage of capable people...

Well, you continue to conflate potential and actual. There is by observation a shortage of capable people.

Lil Endian Silver badge

Re: Why?

For corporates and large orgs this is usually a political (non-)decision. Anyone that okays the decision to replace an existing, and importantly working, business critical system risks committing professional suicide if the project borks or if the rolled-out system is discovered to contain flaws and it's "too late". So the C Suite and D Suite types don't want to go there. Not that they usually suffer penalties for incompetence, usually quite the opposite: a golden handshake and a role in another firm, or as a government adviser!

Lil Endian Silver badge
Coat

Re: If this really worked as well as they claimed

Sensibly the programmer sorted the cryogenics software for Y2K compliance before being frozen, with: PIC 99/99/9(4) - or he might have been defrosted retrospectively!

Lil Endian Silver badge

Re: Programming is independent from language

Your logic seems fallacious. Just because there's a potentially higher headcount doesn't mean there isn't a shortage. We know there's a dearth of COBOL experience currently, but you're saying there isn't. I don't get it, apols if I'm blind to your point.

... there should never been any new programming languages because, by definition, no-one will initially know how to use them...

Again: wut? That's blatant non sequitur fallacy.

The problem with COBOL is not the language itself, it's the environment in which it is used that is largely unfamiliar to programmers today.

Here I agree.

Lil Endian Silver badge

Re: Programming is independent from language

...its easier to learn COBOL than it is to translate millions of lines of code...

Agreed. That's what I meant in the bit (Hugely impacts A) but you put it much more concisely[1]! The problem is $Corps want to cut out as many programmers from programming as they can, leaving just the ones that can make automated tools to replace said programmers. It won't work, hence: because the $Corps should stop fucking about and help themselves by not scrimping.

As far as legacy H/W goes, generally speaking I'd have thought COBOL to be a highly migratable across platforms, thanks to the likes of CODASYL.

Like I said, programming is independent from language. If one can program already, essentially all you're doing is learning some new catch words - unlike learning a new natural language, the diversity of which is broad, yet still underpinned by the same objectives, ie. to communicate about objects/actions etc.

[1] Note to self: posting when knackered leads to drivel... watch it!

Lil Endian Silver badge

Programming is independent from language

(A) COBOL supports many vital processes

So don't try to squish it through a mincing machine and trust it.

(B) The bad news is it's been working for a little long.

Longevity is not a sign of weakness, a lack of headcount knowledgeable in COBOL is the problem.

(C) "If you can find a COBOL programmer, they are expensive..." + there are billions of lines of COBOL code...

Sounds like a reason for learning COBOL for some, it's a supply/demand no-brainer.

----------------------

Programming consists of logic with one of three choices in program flow: sequence; condition and iteration. All programming logic follows this, and all languages accommodate it[1]. If you're a programmer, you can code your program in any language you know[2] .

Converting code autonomously is essentially starting from scratch, autonomous reverse engineering, without the human taking hands-on until testing - that won't leave any bugs. (Hugely impacts A)

If (A) is important, you really don't want to risk this approach, it creates a mind fuck.

(B) appears to be/is the case because of FOTM, it's chic to code in Python/Rust/Java... or whatever. It doesn't matter[2].

If you combine (A), (B) and (C) it's clear that's what is "needed" is for more COBOL coders, not a farcical "AI" fix. (A) because the $Corps should stop fucking about and help themselves by not scrimping, and (C) benefits the programmer. They combine to (B).

[1] If that's not the case, it's beyond the scope of the significant context.

[2] If it's the right language for the job.

Microsoft teases Python scripting in Excel

Lil Endian Silver badge
Pint

LMFAO

Thanks for that! :D Here -->

Lil Endian Silver badge

Re: Aaaaaaarrrrrrrrgggggghhhhhhh!

Wait until you see "Visual P++"

If I weren't so jaded, that thought would have me twitching. If I were fickle, the actuality would have me heading to Beachy Head.

Lil Endian Silver badge

Something libreoffice can.

Something else LO can do: Python macros. No fekkin cloud required :)

LibreOffice 7.6 arrives: Open source stalwart is showing its maturity

Lil Endian Silver badge
Pint

Re: LO 7.6 - Outline View

Thanks for the feedback Liam, I'll stick with vim for now then :D

Lil Endian Silver badge

LO 7.6 - Outline View

I'm not sure if this is the functionality required: https://help.libreoffice.org/latest/en-US/text/swriter/01/outlinecontent_visibility.html?DbPAR=WRITER

This seems to bring outlining to the main edit rather than within Navigator, but I can't test as I'm not on 7.6 yet.

IBM sells off cloud business – yes, we mean Weather.com

Lil Endian Silver badge
Coat

Weather.com is Out of the Blue

#It's over, it's over, all over, it's all over now!#

'Millions' of spammy emails with no opt-out? That'll cost you $650K, Experian

Lil Endian Silver badge

Grow Up Experispam

Although we disagree with the FTC's allegations...

Let's see... From the DoJ filing:

These emails violate CAN-SPAM by failing to provide (1) clear and conspicuous notice of consumers’ ability to request to opt out of receiving further marketing messages and (2) a mechanism for them to do so.

So, you're implying you did provide notification and ability to opt out? No, wait. You mean you disagree like a five year old disagrees with a parent about tidying their bedroom.

PS. You tried too hard on the clever acronym thing Capitol Hill: CAN-SPAM literally says spam-away!

California DMV hits brakes on Cruise's SF driverless fleet after series of fender benders

Lil Endian Silver badge

Re: Failing the easy part

That's true, but with skinbags: liability is clear; humans have been tested prior to going on the road lawfully; with all human drivers, it's a level playing field; there's tonnes....

Take AVs off of the roads until they pass a driving test. Every. Single. One. Must. Pass. Individually. One failure, they can all fuck off. Why? Each human carries individual faults, but the systemic faults in AVs are shared across the range.

Lil Endian Silver badge

Ah! Paris!

Yeah, Paris would be a test for sure.

Going slightly out of lane, this reminded me of a time when I was with my then GF. She's French, from Lille, and a really nice person - not the kind to create problems or antagonise others, a safe driver. She was driving on a dual carriageway, somewhere around Lille. Not a lot of vehicles on the road, when she pulled out in to an overtaking position on the only car in front, which seemed odd as she'd been quite comfortable being behind the car and we weren't in a rush. I threw her a quizzical look.

"The car coming up behind," she said "is a 75 plate, that's Paris. When non-Parisians drive in Paris, the Parisians make driving really difficult for them. So, whenever a Parisian car is seen outside of Paris, we return the favour!". It took a quite a little while for her to slowly overtake and get back into the nearside lane.

A bit naughty, but at least the 75 plate slowed to a legal speed.

Lil Endian Silver badge

Re: LoJack

I like that.

It could still be a bit awkward for the cops en route to that 'bank robbery in progress'. I'm not doing the maths, but limiting the transmission field to X metres might work, considering the vehicle speeds and reaction times etc.

Lil Endian Silver badge

Re: CPUC vs DMV

Maybe I wasn't clear, but that is what I was saying:

The points would be cumulative with regards to the system, not individual vehicles. Enough points accrued, and it's off the road for all vehicles using that system...

The idea being that the entire fleet, operating the same system, uses a shared licence - regardless of operator. So, if 12 points are needed to revoke operational licences, and a fatal incident gets 12 points, one fatal incident and they're all "grounded". Pranging a bollard may be 1 point; speeding 6 etc etc

Really though, they just shouldn't be operational at this time - they're not ready.

Lil Endian Silver badge

Re: Emergency Vehicles...

I wanted to suggest using LoJack as the signal source. But if emergency vehicles emitted such a signal it would give away the vehicle's location to anyone wanting to know it, and I'm pretty sure that would be abused.

Lil Endian Silver badge
Stop

Re: CPUC vs DMV

...tickets are for drivers.

If we substitute "drivers" with "vehicle operators" we can move forwards. An individual, as a driver, is limited to operating one vehicle at a time. Software controlling AVs is equivalent to a single driver operating multiple vehicles concurrently. The systems used can be awarded penalty points per transgression, as with drivers[1], with any fines or other penalties being applied to those deploying the systems. The points would be cumulative with regards to the system, not individual vehicles. Enough points accrued, and it's off the road for all vehicles using that system, with any criminal negligence sending the responsible meatware to prison.

It raises the question: how are these vehicles allowed on the road without passing a driving test?

[1] In the UK at least.

Lil Endian Silver badge

Re: Failing the easy part

...anxious to get to their destinations... -- not anywhere near as much as if they were in, or in need of, said emergency vehicle.

It's also one of the easiest since they have flashing lights of a certain color and even the noise of a siren should be able to be detected and localized to a direction.

Probably not as easy as we'd like. Reflections of sound and light would be a huge problem for determination of direction. However, direction may not matter - detection of either could force a pull-over until further data is gleaned. Yeah, so the siren is heard across the town and you stopped, tough titties, you wanted to be in an AV.

Lil Endian Silver badge

Hmmm... Perhaps deploying an LLM is overkill, or maybe dumb it down and just train it to play Leader Board. It's ancient and has been surpassed, so fits nicely.

Moscow makes a mess on the Moon as Luna 25 probe misses orbit, lands with a thud

Lil Endian Silver badge

Re: Lithobreaking

FUBAR

[Hey, you went over three too!]

Lil Endian Silver badge
Joke

Re: "Luna 25, by contrast, tried to make the trip in nine days"

SS[1] or it didn't happen!

[1] C'mon, you know SS means screen shot!

Lil Endian Silver badge
Coat

Re: BIRCS?

Well of course! Carnaval[1] attracts more than Canaveral!!!

[1] Sticking with the Portuguese makes the joke!

Lil Endian Silver badge

I don't think Sunak's a billionaire, yet, but point taken.

Lil Endian Silver badge
Pint

Great British Mars Probe

Hehe! Here, have one of these: /sarc and one of these -->

At least the GB probe touched down successfully. That must... be galling 2 Roscosmos.

Leak of 75k employee records was insiders' fault, claims Tesla

Lil Endian Silver badge
Go

Re: That rogue engineer...

you defeat the snake

Level: 1 Gold: 0 Hp: 9(12) Str: 16(16) Arm: 4 Exp: 1/2

Woot! Woot!

# apt-get install bsdgames-nonfree

$ rogue

Enjoy!

Lil Endian Silver badge
Pint

Re: That rogue engineer...

Touché!

Lil Endian Silver badge
Thumb Up

Re: That rogue engineer...

...fining a new job...

Poxels? Fining? Deliberate or serendipitous typo? :-) :-)

Lil Endian Silver badge
Stop

Nice Attempt At Downplay

"We have not identified evidence of misuse of the data in a manner that may cause harm"

I think that statement may be erroneous, if indeed the data does contain "alleged customer complaints". Whistle blown, follow it up, and if the conclusion shows a lack of safety stop the money making murder machines.

I'd say make Lone Skum's only form of transport a Tesla exclusively locked in to FSD mode, but I wouldn't want to risk the welfare of others.

Page: