|
ookiimarukochan posted:A Robert X Cringely article for you - he's one of a handful of IT pundits who is right almost as often as he is wrong, and his suggestions here are certainly believable (I know that there've been issues where UK data has leaked via poorly paid Indian outsourcers at least) - even better, read through the comments for a guy who totally fails to understand how chip and pin would mitigate against whatever happened here. To be fair, chip+pin is pretty easy to defeat, since the PIN is stored on the card and it's a boolean "PIN verified" flag that gets sent back to the card provider. The only thing chip+pin does is let the banks say "not our fault, you must have revealed your PIN", and then refuse to refund you. See also: 3D Secure.
|
#
?
Dec 24, 2013 00:45
|
|
|
|
| # ? Apr 23, 2024 09:33 |
|
|
Means that you need the vendor to be corrupt now as well, so it should stop some of the hilariously goofy skimming that used to happen. 3DSecure is a loving stupid piece of security theatre though - is this the point to reveal that in my experience the worst programmers out there are the ones who work for banks? Weird as hell given what a slog it actually is (again, in my experience) to get a job working for one.
|
|
#
?
Dec 24, 2013 01:20
|
|
|
ookiimarukochan posted:Means that you need the vendor to be corrupt now as well, so it should stop some of the hilariously goofy skimming that used to happen. Nope, there's ways that avoid this, especially now since the cashier probably wont even see the card, or it's a self service till. quote:3DSecure is a loving stupid piece of security theatre though - is this the point to reveal that in my experience the worst programmers out there are the ones who work for banks? Weird as hell given what a slog it actually is (again, in my experience) to get a job working for one. Does it still require cross-site scripting to function? I know no-script used to regularly block it because of that, but these days I do my online purchases on a card that doesn't require it.
|
|
#
?
Dec 24, 2013 01:29
|
|
|
ookiimarukochan posted:3DSecure is a loving stupid piece of security theatre though - is this the point to reveal that in my experience the worst programmers out there are the ones who work for banks? Weird as hell given what a slog it actually is (again, in my experience) to get a job working for one.
|
|
#
?
Dec 24, 2013 02:15
|
|
|
Lum posted:To be fair, chip+pin is pretty easy to defeat, since the PIN is stored on the card and it's a boolean "PIN verified" flag that gets sent back to the card provider. To go along with this here's a Defcon talk on just how poo poo the current (at least as of mid 2011 some of this might have been fixed?) implementation of chip and pin is: https://www.youtube.com/watch?v=JABJlvrZWbY Galler fucked around with this message at 03:02 on Dec 24, 2013 |
|
#
?
Dec 24, 2013 02:57
|
|
|
EAT THE EGGS RICOLA posted:It should be a crime to not say how much a job pays. One of our good managers left a month ago. Apparently things go well up until the pay part comes up. They've had to beg most of them to come back for the 2nd interview. Apparently having someone be a technical manager for 3 departments, with 3 submanagers and somewhere around 20 people, 50k isn't cutting it. Which means when they find some poor sap to take this position, its going to be really loving hilarious. At least for people who don't have to work for them.
|
|
#
?
Dec 24, 2013 06:03
|
|
|
I second the opinion that 3D secure is a joke. What looks more secure than a clumsy redirect to a 3rd party website embedded in an iframe which then claims to be "from your bank" and asks for a password? It's like they decided to purposefully condition people to click on malware.
|
|
#
?
Dec 24, 2013 11:21
|
|
|
The Queen finally pardoned Turing: http://www.cnn.com/2013/12/24/world/europe/alan-turing-royal-pardon/index.html?hpt=hp_c2 That's about as great of a Christmas present I could ask for.
|
|
#
?
Dec 24, 2013 17:30
|
|
|
Powdered Toast Man posted:The Queen finally pardoned Turing: http://www.cnn.com/2013/12/24/world/europe/alan-turing-royal-pardon/index.html?hpt=hp_c2 I'm actually opposed to this, but not because I in any way believe the way he was treated was acceptable. Turing's treatment was appalling, a fact which the government acknowledged several years ago when it issued a formal apology. However, Turing broke a law which was on the statute books at the time, a law of which he was only too well aware; despite how we view that law now, at the time Turing knew he was committing a criminal offence. To issue a pardon is an attempt to rewrite history and sets a terrible precedent. It's also a slap in the face to the many thousands of others convicted under this same abhorrent law, some of whom were subjected to similar treatment, some of whom are alive today. Why does Turing deserve a pardon but they don't? Why should a dead man have his criminal record amended whilst people still alive continue to live with the stigma of theirs? An apology was enough. A pardon is a cynical publicity stunt, and the real reason it hasn't been extended to everyone convicted under this law is because of the litigation liability that would create for the government. Yeah. They did this out of the goodness of their hearts. [/derail] rolleyes fucked around with this message at 18:08 on Dec 24, 2013 |
|
#
?
Dec 24, 2013 18:05
|
|
|
So working a lab we have a lot of medical analyzers. A lot of these hook up to our LIS which is basically the system we use to do resulting, billing, and everything else around the lab. I get a call this morning from one of the lab techs saying "The interface is down". Now what exactly does that mean? One of twenty things that can be wrong with our analyzers including but not limited to: No network connection, no output of results to the LIS, no video signal to the monitor thats connected, etc. So I walk over to the lab building and the "Hide sent" button was checked so the tech could not see the results. This kind of stuff doesn't piss me off but it's kind of annoying when it happens every week.
|
|
#
?
Dec 24, 2013 19:41
|
|
|
Merry Christmas fellow chumps.
|
|
#
?
Dec 24, 2013 19:50
|
|
|
rolleyes posted:A pardon is a cynical publicity stunt Decrying a good gesture for having ulterior motives, and not going far enough, isn't cynical?
|
|
#
?
Dec 24, 2013 19:55
|
|
|
So today my boss knew we needed some one on site to get a phone line added between "7-11" because phone companies always give stupidly big ranges. I was notified at 8:30 by text message (I don't get in until 9) so I spent my entire half day waiting for them to come, at the site and my boss never told me they apparently came at 8 to the site and had already left. Apparently the guy came at 7:30 and left at 8 when no one was there to let him in and show him where to go. I called my boss after and he told me to "get to the point" and when I said its not happening today he said "yeah I figured as much at this point" and hung up. I say boss but its really acting boss, my real boss is on vacation this week but this guy got promoted a few months ago and he's a real dick after being promoted and terrible at management, he was a pretty awesome co-worker. I love my actual boss but I'm seeing less of her and her telling me to talk to this guy. No office party for me because of this poo poo.
|
|
#
?
Dec 24, 2013 20:07
|
|
|
rolleyes posted:
This is one of the things I hear in IT a lot that pisses me off; I don't know if there is a personality tendency or what, but many IT folk I know, particularly devops in my experience, will constantly talk the talk about being an out-of-box thinker and a hacker, while rigidly and sometimes spergily holding that There Is a Right Way about really anything (politics, grooming, sex, cooking brisket, building a Lego tower, women's behavior--anything--and God help you if you suggest something else. There is this pervasive idea that rules are rules and statutes are statues and best practices just are. Turing was, in my mind, being civilly disobedient, rebelling against a totally unjust law. In which case, he was perfectly sensible. The law is not infallible, and it absolutely must be broken when it is unjust to human rights. To reject civil disobedience as a fair tactic is to undermine nearly all civil and labor rights movements ever, and reduce those movements to have to desperately outgun and outman the power structures that harm them. Anyway, I love this thread A LOT and have lurked for like, two years on this subforum. I can't really hold it in anymore. Can I just say for real content that as a grad school tech writer I absolutely loathe how my tiny university IT office currently handles docs? Which is to say...there is no real standard for how they are done or who does them or when or how long we have?  = the Linux/Unix lead, fulltime, for our office, a twentysomething whiz who, unlike me, could make Puppet run on a toaster and whose hobby is also Linux. He is leagues above me in Linux competency. = me, one of only 4 part-time student workers who focuses on documentation, paperwork, housecalls to users, and who is the printer padawan to the old dude in our office. I am also the de facto tier 1 helpdesk coordinator (which is what nearly all volunteers do, unless they work in the DC under various sysadmins). "Hey Treguna, we need docs on the new OpenVPN config." "OK, what changed? Let's get this--" "Just hack at it a bit." "I don't have root access for this project. Maybe I could schedule a meeting and we could sit down and you could tell me--" "Naaah, don't worry about it, I'll kluge something together." "Dude, I know that writing stresses you out, but if you just tell me--" "It's cool. You're busy." "O...kay?"[ He assigns me 5 other tickets but doesn't really explain the priority on them. I have housecalls to make and volunteers to train. Two weeks pass ] "Hey, Treguna, where's my documentation?"
Treguna Mekoides fucked around with this message at 08:47 on Dec 25, 2013 |
|
#
?
Dec 25, 2013 08:35
|
|
|
Figuring out the technical client requirements for a VPN is probably easier by just banging client configs against it when you have access to both sides of the config/logs and it's understandable if he didn't want to try to hash it out in a meeting without any actual technical testing. That said, expecting tickets to be done without a specified deadline is pretty dumb.
|
|
#
?
Dec 25, 2013 09:15
|
|
|
Treguna Mekoides posted:This is one of the things I hear in IT a lot that pisses me off; I'm really not interested in having an argument about it so I'll just leave this here as it makes my point better than I ever could. I recognise not everyone will agree with me, but my position boils down to "pardon everyone or pardon no-one". To do otherwise is itself an injustice.
|
|
#
?
Dec 25, 2013 09:51
|
|
|
fivre posted:Figuring out the technical client requirements for a VPN is probably easier by just banging client configs against it when you have access to both sides of the config/logs and it's understandable if he didn't want to try to hash it out in a meeting without any actual technical testing. It's not being brushed off that bothers me, just he expected me to do it without another word or access. It hasn't worked properly since they set it up months ago, and students come in and complain daily (because it will only take ~20 users), and I wanted to make sure when we push this update to our website that there were no issues. I understand his viewpoint, but we were both told this had to be done and I kept messaging him with questions and he kept brushing me off. Usually he's more hands-on and I wanted to do testing on the config before we pushed it. The way the Linux team had it, it completely died using the network manager on Ubuntu and you look connected but you aren't, due to needing to sudo in the .config path.  That's what I wanted to avoid.He's an awesome dude, I'm almost never frustated at him ever, but this whole "meh do the docs whenever...hey where are my docs? why would I need to make you a ticket?" thing is a common frustration for me. No one seems to think about documentation or users when they can hack on cool stuff, and sometimes I feel like I don't matter at all.  FWIW, I don't have access to logs, code, networking, anything like that. I don't have root, as in, I NEVER have root. I do documentation, do tier 1/2 user support, do mentor stuff/student orientations/hosted groups, etc, and build machines. I have root on my personal laptop. I love 90% of my job; it's mostly legacy issues, like anything else. The CMS I work with is Mambo, though. I'm allowed to complain about that, right? rolleyes posted:I'm really not interested in having an argument about it so I'll just leave this here as it makes my point better than I ever could. Fair 'nuff! Treguna Mekoides fucked around with this message at 23:39 on Dec 25, 2013 |
|
#
?
Dec 25, 2013 23:33
|
|
|
I'll vent here, even though I vent at work all the time anyways. So back when everything was physical, someone decided to give virtualization a whirl. I love this, because it is my job and keeps me on my toes. What I do not like is that some guy told everyone "oh it's OK, it's JUST LIKE physical except you can have AS MANY CPUS AND AS MUCH RAM AS YOU WANT. What did this lead to? People auto provisioning servers with 16 virtual CPUs and 64GB of ram when they need ONE CPU, literally A SINGLE CPU. That is the single thing I hate about my job. People treat virtualization like a magic pill that solves everything because you can assign an arbitrary number of CPUs and RAM and that it's just infinite! Then when I show them the hard data that they have better performance with 1-2 CPUs (rather than 16) they say "well, we want 16 anyways!". UHGHHHHEUHRERER
|
|
#
?
Dec 26, 2013 22:10
|
|
|
mAlfunkti0n posted:I'll vent here, even though I vent at work all the time anyways.
|
|
#
?
Dec 26, 2013 22:21
|
|
|
anthonypants posted:If virtualization is your job and they're not going to let you do your job, have them sign away their support rights and have them buy a server of their own. Offer to set them up with an EC2 node and describe the look on their faces when the invoice comes in. Exactly. I have been arguing this and finally starting to make some progress on it. That or they are going to fire me for being so outspoken. I know how to manage our environment properly, but my hands have been tied for so long with it. Heck though, it is a LOT of good experience because plenty of things go wrong and I get to learn how to fix it on the fly.
|
|
#
?
Dec 26, 2013 22:23
|
|
|
mAlfunkti0n posted:I'll vent here, even though I vent at work all the time anyways. Give them 1 and tell them it's 16, they won't know the difference. People who don't understand that you can't give everyone infinite probably wouldn't understand the difference between 1 and 16 CPUs/cores other than the idea that 16 is a number greater than 1 and it somehow sounds better. Otherwise just tell them no, simple as that. And if they don't understand the word no, then tell them to fork over the money to buy themselves more cores. That will instantly shut them up.
|
|
#
?
Dec 26, 2013 22:25
|
|
|
Megaman posted:Give them 1 and tell them it's 16, they won't know the difference. People who don't understand that you can't give everyone infinite probably wouldn't understand the difference between 1 and 16 CPUs/cores other than the idea that 16 is a number greater than 1 and it somehow sounds better. Otherwise just tell them no, simple as that. And if they don't understand the word no, then tell them to fork over the money to buy themselves more cores. That will instantly shut them up. I would love to do this, but these are (somehow!???!) people that are able to run perfmon and gather logs, so checking the number of CPUs is easy for them. Granted, I have told them perfmon in a virtual environment is darn near useless but it's fun to watch them run it anyways. This is a huge company, and it's supporting the internal "clients" (aka the company), so billing has not really been something they focused on. However, they are throwing around the idea of associating a cost so that people understand there is pain associated with the size of a VM they "need". The past few requests for resources have been denied .. but sadly they have implemented the change process in the auto provisioning system as well. Now I get emails when something was modified, which is even more irritating. But again, it's excellent experience which is something I have needed for a long time. Edit : I frequently have days where I feel like the Mugatu character in the movie Zoolander, the part where he makes the statement about taking crazy pills. I have that feeling often. mAlfunkti0n fucked around with this message at 22:33 on Dec 26, 2013 |
|
#
?
Dec 26, 2013 22:31
|
|
|
hirvox posted:For most of this week, we've been going through the WSDLs for the customer's SAP. There are only three data types: Strings, decimals and bytes. And to submit changes, you first need to request the entire data structure. Why? Because when you submit it back, anything that is missing is deleted from SAP. And the kicker? The system has no conflict detection and does not use any kind of locking. This reminded me of this, which I'd blocked out until now: a customer posted:Very unlikely that you will get a WSDL from the web site, we stop this from happening. Reverse-engineering WSDL from a word document listing a bunch of SOAPActions: good times.
|
|
#
?
Dec 26, 2013 23:22
|
|
|
mAlfunkti0n posted:oh it's OK, it's JUST LIKE physical except you can have AS MANY CPUS AND AS MUCH RAM AS YOU WANT. quote:People auto provisioning servers with 16 virtual CPUs and 64GB of ram I do this, then scale back when its not needed as with a big cloud of servers this makes the most expedient time to deployment in bespoke configurations. quote:better performance with 1-2 CPUs (rather than 16) they say "well, we want 16 anyways!". I get this a lot as I build a pre-sales environment where each machine is doing pretty much nothing, hence scaling back afterwards. However these are all multi-million dollar monstrosities and performance is largely irrelevant. However I follow linode's blog and they assign full host socket? cores to each machine instead of limiting to 1-2 on smaller configurations. I wish they publish the numbers but I go with the hypothesis is that this is the most optimum process scheduler configuration. Otherwise your guest OS and host OS can be competing on where to execute and that is just dumb. VMware vCloud is dumb as balls as you can allocate 128 cores, 1TB system memory and have absolutely no indication of what the host hardware actually supports. This particular environment has three profiles: basic, balanced, optimised, the latter just randomly crashes out assigning more than 32GB: its some weird over-commit scheme that ultimately gets Windows to reject applications requesting more than the host can provide. The balanced scheme runs 64GB hosts without issue though, so no idea what is underneath. Actually the most annoying thing is disk. If it's your own environment you can overcommit disk and randomly assign everyone terabytes. In a service hosted environment the hosting organisation gets the benefit of over-commit and the users get shafted with the physical model. VMware vCloud extends this pain by not exposing the functionality to shrink or expand volumes: which is staring you in the face with a vSphere client. All my users have no clue how much space they want so I prefer blankly assigning 256GB and shrinking afterwards. In RHEL this is really easy with LVM and ext4 as long as you can bring the volume off line. In Windows Server it is more tedious and you have to convert everything to dynamic volumes but is still ultimately possible. MrMoo fucked around with this message at 23:51 on Dec 26, 2013 |
|
#
?
Dec 26, 2013 23:33
|
|
|
Not pissing me off today: discovered that Unitrends Enterprise Backup offers a Not-For-Resale license if you're Microsoft or VMware certified. It's a nice alternative since Veeam Free doesn't do incremental backups. Passed the VCP5-DCV a while ago and finally put the copy of Workstation 10 to use today playing around with Ubuntu Server and UEB.
|
|
#
?
Dec 27, 2013 00:33
|
|
|
xiw posted:This reminded me of this, which I'd blocked out until now: Holy gently caress, that is incredible. Your post and the one you're replying to make me ever more certain that the decision to use SOAP in the first place is a symptom of being terrible at software. (Not just because the APIs people design seem to be universally horrible, I think it's a wretched, massively inefficient, over-designed piece of poo poo to begin with) I YOTJ'd to a job I'd gladly stay at until the end of my career a few months ago but if they told me I'd be doing SOAP I might quit. At my last place I worked with some VMWare WSDLs that were a complete loving train wreck. It didn't help that their production code was so broken that it was impossible to tell if you sent the request wrong or their server was just making GBS threads itself. Saikonate fucked around with this message at 11:24 on Dec 27, 2013 |
|
#
?
Dec 27, 2013 11:18
|
|
|
xiw posted:Reverse-engineering WSDL from a word document listing a bunch of SOAPActions: good times. Saikonate posted:Your post and the one you're replying to make me ever more certain that the decision to use SOAP in the first place is a symptom of being terrible at software. There are a surprising number of people out there who tell their vendor "We want to interface with your system", and when they hear "Oh, we have some web services for that!" then say "Great! Thanks!" only to admit they have no idea what a web service is when they get show the WSDLs. If you can point me to a system that allows you to expose interesting parts of your system to authorised customers without having a large maintenance overhead associated, I'd love to know.
|
|
#
?
Dec 27, 2013 13:55
|
|
|
I saw "WSDL" in the thread, blacked out, and came to in a pool of my own vomit. Did I miss anything?
|
|
#
?
Dec 27, 2013 15:13
|
|
|
e: ^^^ lolookiimarukochan posted:If you can point me to a system that allows you to expose interesting parts of your system to authorised customers without having a large maintenance overhead associated, I'd love to know. My implication definitely wasn't that there exists a way to write an API for customers that obviates a maintenance overhead, just that I don't feel like SOAP is a good way of doing it. I think you necessarily have to undertake some sort of maintenance burden when you agree to expose functionality in your system to someone. At best, having a WSDL that everyone agrees to use gets you a bunch of code (via a SOAP library for whatever language you're working in) that serializes/deserializes a bunch of objects defined in the WSDL for you whenever API calls are made, but all that really means is you get to spend a bunch of time writing a layer that translates between those autogenerated objects and real, usable code in your system, since the two are generally not identical, at least for consumers of your API. I'm sure there are WSDLs out there that don't define a ton of complex types and support really pretty simple APIs, but again, I question what SOAP's buying you there - I'm overwhelmingly certain doing things a different way can save both sides implementation time and nets you a much less heavy message-passing format.
|
|
#
?
Dec 27, 2013 15:21
|
|
|
Saikonate posted:e: ^^^ lol jsonrpc, unless you need to serialize binary objects
|
|
#
?
Dec 27, 2013 15:48
|
|
|
evol262 posted:jsonrpc, unless you need to serialize binary objects That is precisely what we used (and our API was something praised industry-wide) at my last job, and what I was getting at with "overwhelmingly certain doing things a different way can save both sides implementation time."
|
|
#
?
Dec 27, 2013 15:54
|
|
|
Grown-rear end adults who can't clean up after themselves. It's fine, if you're a visiting person from a branch office, to take over the cube of someone who's not here that day. It's even okay to disconnect his keyb/mouse/monitor for your laptop so you can work better. I have no problem with this. It's not okay not to hook it all back up before you leave, or at least tell the IT monkey so he (read: so I) can hook it back up at the end of the day. Otherwise I get a very pissed off ticket going to my phone at 7:00. Loctite. I think I need Loctite.
|
|
#
?
Dec 27, 2013 16:37
|
|
|
sfwarlock posted:Grown-rear end adults who can't clean up after themselves. If you put locktite anywhere near a vga plug I will personally murder you.
|
|
#
?
Dec 27, 2013 17:06
|
|
|
One of mine: Motherboards that follow no logical layout of components. I have to find some angled sata cables for this machine because the video card, when installed, blocks all of the Sata ports on the board if you use regular cables. And of course, I saw a few last week but god knows where they all are now. Managing all the extra cables and pieces parts we have lying around here is a full time job in and of itself. What's the use of having so many extra parts if I have to dig through boxes searching for something that might or might not be there. I already cleaned up here once but I think the computer parts and screws are reproducing when no one is looking.
|
|
#
?
Dec 27, 2013 17:22
|
|
|
SEKCobra posted:If you put locktite anywhere near a vga plug I will personally murder you. Especially when it's so much easier to just tighten the screws with a small pair of pliers. I think we all know how difficult is it to unscrew a VGA plug when it's tightened down firmly.
|
|
#
?
Dec 27, 2013 19:57
|
|
|
Saikonate posted:Your post and the one you're replying to make me ever more certain that the decision to use SOAP in the first place is a symptom of being terrible at software. (Not just because the APIs people design seem to be universally horrible, I think it's a wretched, massively inefficient, over-designed piece of poo poo to begin with) I just love the way the Java Glassfish WSDL-import tools include a rather complicated system to hack and ostensibly fix broken WSDL declarations.
|
|
#
?
Dec 27, 2013 20:41
|
|
|
Crowley posted:Especially when it's so much easier to just tighten the screws with a small pair of pliers. I think we all know how difficult is it to unscrew a VGA plug when it's tightened down firmly. It's easy you just unscrew the thing the plug screws into as well and then wail in horror as the VGA socket disappears into the internals of your machine. Works with serial ports too. Now loctiting that little component is something I could support.
|
|
#
?
Dec 27, 2013 21:14
|
|
|
Dearest users: your stupid buttcoin-of-the-week program is not an appropriate use of company resources. Yes, we can and will remove unauthorized software from "your" computer, particularly if it twigs your virus scanner. No, it is not in fact your computer, nor your bandwidth, nor your electricity.
|
|
#
?
Dec 27, 2013 21:38
|
|
|
potato of destiny posted:Dearest users: your stupid buttcoin-of-the-week program is not an appropriate use of company resources. Yes, we can and will remove unauthorized software from "your" computer, particularly if it twigs your virus scanner. No, it is not in fact your computer, nor your bandwidth, nor your electricity. Please tell me it was dogecoin!
|
|
#
?
Dec 27, 2013 22:49
|
|
|
|
| # ? Apr 23, 2024 09:33 |
|
|
Lum posted:Please tell me it was dogecoin! Dogecoin should not just be allowed, it should be encouraged.
|
|
#
?
Dec 27, 2013 23:11
|
|
