> They protect these many companies, industries and even countries at such a global scale and you haven't even heard of them in the last 15 years of their operation
I certainly don't want to know (through disaster news) about the construction company that built the bridge I drive through everyday, not for another 15 years, not ever!
This kind of software simply should not fail, with such a massive install base on so many sensitive industries. We're better than that, the software industry is starting to mature and there are simple and widely-known procedures that could have been used to prevent it.
I have no idea how CrowdStrike stock has only dropped 10% to the values of 2 months ago. Actually, if the financial troubles you get into are only these, take back what I said, software should be failing a lot (why spend money on robustness when you don't lose money on bugs?)
working in software, you should know how insanely complex software is, even google, amazon, microsoft, cloudflare and such have outages. mistakes happen because humans are involved. it is the nature and risk of depending complex systems. bridges by comparison are not that complicated.
I actually expected their stock to drop a lot more than this, but goes to show you how valuable they are. investors know that any dip is only temporary because no one is getting rid of crowdstrike.
Think of the security landscape as early 90's new york city at night and crowdstrike as the big bulky guy with lots of guns who protects you for a fee, if he makes a mistakes and hurts you, you will be mad but in the end your need for protection does not suddenly go away and it was a one time mistake.
In the 3-4 decades of the security industry, testing signature files to see if they trigger a corner case system crash has never been practiced. You and others are proclaiming yourselves to be experts in an area of technology you have no experience in. This was not a software update!!
Then that's 3-4 decades of massive incompetence, isn't it? "Testing before pushing an update" is basic engineering, they have a huge scale so huge responsibility, and they have the money to perform the tests and hire people who aren't entirely stupid. That's gross malpractice.
testing for software, not for content. you test, and fuzz the software that processes the updates, not the content files themselves. it's like a post on HN crashing HN and you claiming HN should have tested each post before allowing it to be displayed. you test code not data, and I dare you to back up any claim that data processed by software should also be tested in the same way. Everyone is suddenly an expert in AV content updates lol.
I used to work for Microsoft in a team adjacent to the Defender team that worked on signature updates and I know for sure that these were tested before being rolled out - I saw the Azure Devops pipelines they used to do this. If other companies aren't doing this then that's their incompetence but be assured that it's not industry-wide.
I'm not saying they don't test them, I'm saying they don't do code tests, as in unit tests and all that. I have no idea what they do, I'm just speculating here, but if in fact they do no testing at all, then I agree that would be pretty bad.I would think their testing would be for how well it detects things and/or performance impact and I'd expect it to be automated deployment (i.e.: test cases are passing = gets deployed), i guess they don't have "did the system crash" check in their pipelines? In your experience at MS, did they test for system/sensor availability impact?
A config file IS code. And yes, even a post can theoretically break a site (SQL injection, say), so if you're pushing data to a million PCs you'd better be testing it.
You're right, but "testing" could mean anything, you'd need to have the foresight to anticipate the config crashing the program. Is it common to test for that scenario with config files?
Moseley and Marks "Out of the tar pit" is a nice essay / paper.
Ousterhout's "A Philosophy of Software Design" goes along the same vein, not an essay but a short book.
Both of these agree on something that I really relate with: the main thing to keep in mind in a software project is complexity.
Managing complexity to reduce cognitive load on programmers is something I always have in mind, it works not only within a codebase, but also across codebases that talk to each other through APIs, and even across software teams when considering their boundaries and modes of communication.
I watched it again and read the algorithm description part, and I think you're right - D should have been switched to false, as the hand was pointing to it when a cache miss happened.
The behavior is inconsistent with what happens to A and B at the very beginning.
Whenever the hand skips a visited node in search of an unvisited one, it must flip it to unvisited.
If D were given this special treatment every time the hand cycles around, it will forever stay in the cache even if not accessed (D-plomatic immunity?)
I'm not that knowledgeable in this department, but: if the BDFL is really hurting the usability of their library / service, can't it just be forked by more benevolent actors?
A basic KVM switch [0]. Got tired of switching my mouse, keyboard and monitor cables between my work laptop and my desktop PC. This makes it a 1 button press.
During the day desktop PC is off and I work on my laptop, then I turn it off and switch to the desktop PC. With synergy one would always have to be on.
Babylon 5 is a well made SciFi show and I'd recommend it!
I'm currently on season 3, started watching it because of Casey Muratori's (video game programmer, author of "Handmade Hero" educational streams) series of interviews with Jonas Kyratzes (video game designer, writer of "Talos Principle"), where they discuss the show: [0]
The distinguishing point about the show is that it features a coherent world, where some small detail happening in one episode can come back 6 episodes later. It's also coherent in between seasons, since it was pre-planned as a 5-season show spanning exactly 5 years on the Babylon 5 station.
Also, it features early computer animated 3D art made on Amiga computers. It hasn't aged that well but gets the job done.
Yes, Season 1 is really uneven. For new viewers, if you have someone to pick out the important episodes, then you can skip the rest and come back later. (And you can always skip "TKO".)
Seasons 2 to through 4 are still some of my all-time favorite science fiction TV. The three-episode mini-arc of "Messages from Earth", "Point of No Return" and "Severed Dreams" (IIRC) is still incredibly intense.
The closest thing I can think of today is probably The Expanse. It has the same mix of human politics in the face of aliens we cannot comprehend. Of course, The Expanse has a higher budget and more consistent acting.
In a lot of ways, Babylon 5 is the first "streaming-style" show. There's a clear series arc, viewers are expected to know what happened in previous episodes, and there's plenty of foreshadowing for the attentive viewer. (The original online Babylon 5 fandom kept track of every tiny hint.) Buffy was also moving in that direction, and Star Trek quickly followed.
It's tricky even just pulling out key episodes from Season 1, because a lot of what you need is the character work. You can get all the raw plot elements that come up again later, but if you're not somewhat invested in characters like Londo and G'kar, the impact of later events is going to be dulled.
Your comment was great timing, I've been watching the first season and it's been starting to grow on me, but I really wasn't sure if I would stick with it. It's crazy that it came out 7 years after Star Trek TNG, but still somehow aged so much worse.
Exactly. I felt the Expanse was similarly engaging. The shenanigans of season 5 being on again off again impacted the way B5 ended up, but even with those headwinds I highly recommend it.
If you read the JMS script books, it wasn't that they weren't sure if they would get an S5, it was that they were 100% sure they would NOT get an S5 and he was forced to wrap everything up in S4 or it would be gone forever.
S4/S5 would have been much better had the original plan stuck, but, that wasn't even the primary reason S5 had major issues. JMS was staying in a hotel at some con and a maid helpfully cleaned up his room including trashing 100s of post-it notes containing his outlines for S5. This was the same conference where Claudia Christian blew him off and lost the last opportunity to be on the show -- not entirely her fault as she did not got bad advice -- she talks about this in her book but she thought it was a negotiating ploy and she (and her agent) wanted to raise her quote for the final season especially since it was well known it was the final season and she would immediately be job hunting after S5 and it unfortunately ended up with her off the show.
It didn't help that they had killed off XXXXX (can I spoil a 20-year-old show? not going to find out...) and saved her character.
Keep in mind JMS had been show runner for 4 years at that point and had written most of S1, almost all of S2 and all of S3/S4, something unheard of at the time and even crazier considering that they are 20+ episode seasons each, then he lost two starring actors (in variously shitty ways), lost all his notes, I'm amazed we got an S5 at all and a lesser person would have just given up.
Ultimately the final season was just shot through with challenges, despite it all, I enjoy it. The telepath situation and the conclusion of that was a great arc.
Season 5 might have sucked watching one episode a week but as a binge watcher, I thought it worked out pretty well.
The whole series ended up with a narrative arc like a novel. First season was setup. Things started to pick up in season 2, then 3 and 4 built to a huge peak, and season 5 wound it down, like Lord of the Rings after the ring is destroyed.
I can't think of any other show that has a single narrative arc like this across the whole series. At most you get an arc per season. Often not even that; e.g. the new Battlestar Galactica was a continuing story but the narrative tension was pretty even throughout, with a series of small arcs, each just a few episodes long.
B5 was one of the first non soaps to have a continuous narrative. Stargate followed, and later seasons of ds9 copied it too. Was a great time
Later shows went for a single narrative spread over a season — 24 pioneered that, but before that Buffy had championed the “big bad” each season, although with Buffy you didn’t have to watch every episode in order for it to make sense.
Even in the 2010s the new Star Trek series (Picard, Discovery), and especially the CW arrowverse are prime examples of how poor that structure is.
Stargate did have an overarching plot, but was still very episodic (like many other shows at the time). To me, Farscape was far more in line with the new idea of a continuous narrative.
This type of TV was enabled by TiVo/DVRs. Before then, producers couldn’t rely on people not missing an episode, because if they did they’d be lost. (Not coincidentally, Lost was also enabled TiVos for the same reason).
SG-1 and B5 were both fantastic. The effects in SG-1 age a little better, but I think they both hold up pretty well. I miss that feeling of hoping the VCR or TiVo worked properly so that I didn’t have to wait for the rerun XD
I’m aware of and was around when VCRs came out. They were always a huge pain to use and program. People would make the effort for really important things, but not for general TV shows. Because there wasn’t enough critical mass of people recording, TV shows weren’t made that would have taken advantage of it.
By the time TiVo came out, VCRs had almost been relegated to nothing, as the rental markets had moved to DVDs, and media companies were perfectly happy with consumers using products that were read-only. The idea of recording TV to a hard drive was absolutely revolutionary, as it finally made it easy enough to use and reach the critical mass needed for continuous storylines.
I did. I had a fancy VCR that would automatically skip commercials "Commercial Advance", and I setup a VCR+ program on my computer so I could quickly and easily program the VCR.
When I missed a show (it was rare) I found online review sites that would recap the episode, sometimes they even had screenshots. Or I would stock up recordings and wait for the rerun, and then continue.
Back then TV stations were pretty good about having reruns relatively soon after an episode, specifically for people who missed the original broadcast. They would often do them late at night.
I never really understood the point of VCR+ aside from selling Sunday papers (or whatever day the TV guide came bundled in), since it was easier to just enter the parameters based upon when the show regularly aired. Then again, I used the VCR purely for what would later be called time-shifting. Recording over an original broadcast and ending up with a rerun didn't much matter to me. But the feature to skip commercials sounds pretty sweet.
I never got the paper, so I calculated it with a program on my computer. It was just very fast to enter some digits vs working through the menus to record something.
I later automated it with electronic listings with just the shows I was interested in, that fed directly into the VCR+ program and gave me a quick list I could enter.
> But the feature to skip commercials sounds pretty sweet.
In some ways it better than what they have now - it would fast forward through the commercial, so you could see if it made a mistake, or if there was a preview, or a special ad that was also partly the show (yah they did weird things like that then).
> It's also coherent in between seasons, since it was pre-planned as a 5-season show spanning exactly 5 years on the Babylon 5 station.
Though the 5th season is weak, because the show was threatened with cancellation. IIRC, each season had an "major plot" and a "minor plot." To adapt to the cancellation threat, they crammed the season 4 and 5 "major plots" into season 4 (IIRC defeat the Shadows, liberate Earth), leaving season 5 with two "minor plots." The season 5 finale was originally shot as part of season 4, but delayed when the show was renewed.
I started watching this series back in the day because it involved Commodore Amiga and Lightwave 3D (both of which I owned and used at the time). Totally agree with you about "distinguishing features". That's what kept me watching it right to the end (including the movies)… As to "It hasn't aged that well" re; the animation, it's honestly aged better'n some other shows from around the same timeframe, although some A.I. upscaling of resolution for modern displays might be nice to see. I'm highly in favor of more new Babylon 5 stuff coming forth…
It may be a common trait in programmers, since we're rewarded by getting to the bottom of things: "why is this function failing? who calls it? in which possible states?"
Most programmers have experienced being so immersed in code that we don't notice time is passing, forgetting to eat or sleep.
It's similar with immersion in social media / food / whatever. We become lost in the activity and lose our sense of self.
I've recently heard of the concept of conscientiousness as a personality trait. People with low conscientiousness tend to procrastinate more, and it's tied to ADHD. Apparently it can be trained. I'm trying (though not really succeeding) to make pauses, take a deep breath and think about "what am I doing right now? What should I be doing instead?". Seems so basic, like I've regressed to being a child who has no self control...
> to make pauses, take a deep breath and think about "what am I doing right now? What should I be doing instead?".
this too can have its pitfalls. In my case, I always feel like I have BOTH too many things that I WANT to do and too many things HAVE to do and whenever I step back and try to look at the bigger picture, I realize that I don't feel like I'm making tangible progress on any of them. And then the anxiety sets in and I feel like, "well, if I'm working this hard and not even keeping up, why am I working at all?" And so I sort of "give up" for a few days or a week and feel even MORE guilty because literally nothing is getting done and I'm getting even further behind.
A lot of the comments I write here may sound like I really have my shit together, but that's just because I have a lot of generalized experience that just basically comes from lots of introspection and time being alive. But I have yet to figure out the one weird trick to being both productive (making progress toward future life goals) and happy (enjoying what I have in the present).
I joke about my procrastination with my team: "I looked at my TODO list for the day and there's no way I can get to 90% of it, so I might as well just not get to 100% of it". Sometimes there's a lot of truth to the joke, however.
As much as I know I should prioritize it based on urgency, highest impact, what I could delegate etc., if the willpower required to do that is more than the ramifications or not doing it, it can be a losing battle.
On days when I push through a ton of work, I'm energized at the end of the day. Compared to the feeling of guilt that I just wasted a day when there's so much to do and I achieved little. Yet knowing that still just doesn't provide the necessary motivation some days. I've yet to figure out a reliable solution for it.
It's worth mentioning that conscientiousness is a personality trait that's part of the "big five" personalities traits. It's a personality trait brouping that is supported by evidence [1] unlike Myers Briggs [2].
Note that the client would only need to do this on a failed attempt.
So if i typed "Password" on mobile. The client would first send the request as "Password". If that succeeds, then no worries. If it fails, then the client could send a second request by reversing the case of the first letter. In this case, it would send a second request for "password".
At most, it is 2 login requests per password. Many other commenters here are incorrectly stating that 3 requests would be necessary, but this is untrue. A letter can only have 2 possible cases (uppercase or lowercase). So the client sends the originally typed one, and if that fails, then it flips the case of that first letter. That is the only alternative. There is not a third option.
A well-built login form would restrict users after 3-5 login attempts anyway and require a password-reset process. So that is 6-10 client requests to the backend (n * 2). That shouldn't be hitting any sort of rate limit.
It would only half the rate limit, but any real brute force attempt requires way way more than what a normal human would try. Something like 5 attempts would double to 10 in the backend, still nowhere enough to bruteforce, but enough for human trial and error.
I certainly don't want to know (through disaster news) about the construction company that built the bridge I drive through everyday, not for another 15 years, not ever!
This kind of software simply should not fail, with such a massive install base on so many sensitive industries. We're better than that, the software industry is starting to mature and there are simple and widely-known procedures that could have been used to prevent it.
I have no idea how CrowdStrike stock has only dropped 10% to the values of 2 months ago. Actually, if the financial troubles you get into are only these, take back what I said, software should be failing a lot (why spend money on robustness when you don't lose money on bugs?)