jm + fail   137

WHAT WENT WRONG IN BRITISH AIRWAYS DATACENTER IN MAY 2017?
A SPOF UPS. There was a similar AZ-wide outage in one of the Amazon DUB datacenters with a similar root cause, if I recall correctly -- supposedly redundant dual UPS systems were in fact interdependent, in that case, and power supply switchover wasn't clean enough to avoid affecting the servers.
Minutes later power was restored was resumed in what one source described as “uncontrolled fashion.” Instead of gradual restore, all power was restored at once resulting in a power surge.   BA CEO Cruz told BBC Radio this power surge  caused network hardware to fail. Also server hardware was damaged because of the power surge.

It seems as if the UPS was the single point of failure for power feed of the IT equipment in Boadicea House . The Times is reporting that the same UPS was powering both Heathrow based datacenters. Which could be a double single point of failure if true (I doubt it is)

The broken network  stopped the exchange of messages between different BA systems and application. Without messaging, there is no exchange of information between various applications. BA is using Progress Software’s Sonic [enterprise service bus].


(via Tony Finch)
postmortems  ba  airlines  outages  fail  via:fanf  datacenters  ups  power  progress  esb  j2ee 
25 days ago by jm
After Seven Years, Microsoft Is Finally Fixing the "J" Email Bug
True story: when I started at Amazon, I thought people were using "J" instead of smileys as shorthand for "joking". Great job Microsoft!

(via Tony Finch)
microsoft  fail  operating-systems  monoculture  character-sets  j  wingdings  exchange  email 
27 days ago by jm
Exclusive: The Leaked Fyre Festival Pitch Deck Is Beyond Parody | Vanity Fair
This is the worst future ever.
As the pitch deck claims, within the first 48 hours of the social-media blitz, the Fyre Starters had reached “300 million social impressions”—impressions being the kind of dumb synonym one uses instead of the word “people,” in the same way someone at a bar tries to sound smart by saying he is “inebriated” instead of “drunk.” (And to be fair, an impression isn’t even a sentient person. It’s essentially reaching a person when they aren’t paying attention.) To pull off the 300 million impressions, McFarland and Ja Rule partnered with a P.R. agency, a creative agency, and Elliot Tebele, a once-random nobody who has created a social-media empire by siphoning other people’s jokes into the Instagram account @FuckJerry.

One of the biggest deceits of the entire media campaign was that almost all of the 400 influencers who shared the promotional videos and photos never noted they were actually advertising something for someone else, which the Federal Trade Commission requires. This kind of advertising has been going on for years, and while the F.T.C. has threatened to crack down on online celebrities and influencers deceitfully failing to disclose that they are paid to post sponsorships, so far those threats have been completely ignored.
fyre  fail  grim  influencers  instagram  ftc  pr  advertising  festivals 
7 weeks ago by jm
May's Brexit plan is falling apart and the press are talking about Easter eggs
Now the prime minister has embroiled herself in a negotiation in which we are at a disadvantage in terms of time and negotiating capacity. There will of course be no admission from Brexit MPs about this. They fixate on the one prediction economists got wrong - the surprising resilience of consumer spending - while ignoring everything their side was wrong about, like the fall in sterling, the announcement of a second Scottish independence referendum, the threat of a sudden hard border in Ireland or the crisis over Gibraltar.

This is not point scoring. Unless there is a sober assessment of what is going right and wrong on both sides there can be no realistic negotiating posture. We are condemned to keep making the same mistakes again and again and working ourselves into ever-more disadvantageous positions.
eu  politics  brexit  uk  fail  theresa-may 
11 weeks ago by jm
Automated unemployment insurance fraud detection system had a staggering 93% error rate in production
Expect to see a lot more cases of automated discrimination like this in the future. There is no way an auto-adjudication system would be allowed to have this staggering level of brokenness if it was dealing with the well-off:

State officials have said that between Oct. 1, 2013, when the MiDAS [automated unemployment insurance fraud detection] system came on line, and Aug. 7, 2015, when the state halted the auto-adjudication of fraud determinations and began to require some human review of MiDAS findings, the system had a 93% error rate and made false fraud findings affecting more than 20,000 unemployment insurance claims. Those falsely accused of fraud were subjected to quadruple penalties and aggressive collection techniques, including wage garnishment and seizure of income tax refunds. Some were forced into bankruptcy.

The agency is now reviewing about 28,000 additional fraud determinations that were made during the relevant period, but which involved some human review. An unknown number of those fraud findings were also false.
fraud  broken  fail  michigan  detroit  social-welfare  us-politics  computer-says-no  automation  discrimination  fraud-detection 
12 weeks ago by jm
Phoenician Sun God in Eighteenth-Century Ireland? - Beachcombing's Bizarre History Blog
It is the most extraordinary inscription. This mill-stone rock, which once stood on the top of Tory Hill in County Kilkenny in Ireland, has been taken as proof of Carthaginian contact and settlement or at least trade with Ireland in antiquity. The words clearly read (give or take some distorted letters) Beli Dinose, a reference to the Carthaginian god Bel or Baal Dionysus. Extraordinary to think that Phoenicians, in the early centuries B.C. brought their nasty child-killing faith to the green hills of Ireland. Only of course they didn’t… At least not on this evidence. The stone celebrating ‘the lordly one’ actually has a rather different origin.


excellent tale.
phoenicia  dionysus  baal  history  tory-hill  kilkenny  carthage  gods  typos  fail  archaeology  graffiti 
march 2017 by jm
"I caused an outage" thread on twitter
Anil Dash: "What was the first time you took the website down or broke the build? I’m thinking of all the inadvertent downtime that comes with shipping."

Sample response: 'Pushed a fatal error in lib/display.php to all of FB’s production servers one Friday night in late 2005. Site loaded blank pages for 20min.'
outages  reliability  twitter  downtime  fail  ops  post-mortem 
march 2017 by jm
Falsehoods Programmers Believe About CSVs
Much of my professional work for the last 10+ years has revolved around handing, importing and exporting CSV files. CSV files are frustratingly misunderstood, abused, and most of all underspecified. While RFC4180 exists, it is far from definitive and goes largely ignored.

Partially as a companion piece to my recent post about how CSV is an encoding nightmare, and partially an expression of frustration, I've decided to make a list of falsehoods programmers believe about CSVs. I recommend my previous post for a more in-depth coverage on the pains of CSVs encodings and how the default tooling (Excel) will ruin your day.


(via Tony Finch)
via:fanf  csv  excel  programming  coding  apis  data  encoding  transfer  falsehoods  fail  rfc4180 
january 2017 by jm
How and why the leap second affected Cloudflare DNS
The root cause of the bug that affected our DNS service was the belief that time cannot go backwards. In our case, some code assumed that the difference between two times would always be, at worst, zero. RRDNS is written in Go and uses Go’s time.Now() function to get the time. Unfortunately, this function does not guarantee monotonicity. Go currently doesn’t offer a monotonic time source.


So the clock went "backwards", s1 - s2 returned < 0, and the code couldn't handle it (because it's a little known and infrequent failure case).

Part of the root cause here is cultural -- Google has solved the leap-second problem internally through leap smearing, and Go seems to be fundamentally a Google product at heart.

The easiest fix in general in the "outside world" is to use "ntpd -x" to do a form of smearing. It looks like AWS are leap smearing internally (https://aws.amazon.com/blogs/aws/look-before-you-leap-the-coming-leap-second-and-aws/), but it is a shame they aren't making this a standard part of services running on top of AWS and a feature of the AWS NTP fleet.
ntp  time  leap-seconds  fail  cloudflare  rrdns  go  golang  dns  leap-smearing  ntpd  aws 
january 2017 by jm
Facebook's Fight Against Fake News Was Undercut by Fear of Conservative Backlash
Well fuck this and fuck Facebook.
One source said high-ranking officials were briefed on a planned News Feed update that would have identified fake or hoax news stories, but disproportionately impacted right-wing news sites by downgrading or removing that content from people’s feeds. According to the source, the update was shelved and never released to the public. [....] “They absolutely have the tools to shut down fake news,” said the source, who asked to remain anonymous citing fear of retribution from the company. The source added, “there was a lot of fear about upsetting conservatives after Trending Topics,” and that “a lot of product decisions got caught up in that.”
facebook  politics  us-politics  trump  fail  fake-news  hoaxes  news  newsfeed 
november 2016 by jm
Rents dwarf Celtic Tiger era with ‘disastrous effect’ on society

“The scale of the challenge here remains depressing,” says the report. “It has never been viable to build apartment blocks in the vast majority of this country.” [...] The report notes that the rise in living costs of almost three quarters in less than five years is “a symptom of strong demand for housing” as economic recovery continues and the population grows.
“But there is nothing inevitable about housing costs rising with demand,” it says. “That only happens when supply fails to respond, and the complete absence of any meaningful level of construction over the past five years is a systemic failure in desperate need of policy solutions.
“There is no more urgent task facing the Minister for Housing, his department and advisers, and the Housing Agency, than understanding why the costs of building, and building apartments in particular, is so dramatically out of line with our own incomes and indeed with the cost in other countries.”
daft  housing  ireland  fail  homes  rent  building 
november 2016 by jm
seriot.ch - Parsing JSON is a Minefield 💣
Crockford chose not to version [the] JSON definition: 'Probably the boldest design decision I made was to not put a version number on JSON so there is no mechanism for revising it. We are stuck with JSON: whatever it is in its current form, that’s it.' Yet JSON is defined in at least six different documents.


"Boldest". ffs. :facepalm:
bold  courage  json  parsing  coding  data  formats  interchange  fail  standards  confusion 
october 2016 by jm
Paypal 2FA Bypass
Holy shit.
Using a proxy, remove “securityQuestion0” and “securityQuestion1” from the post data.


Massive facepalm.
paypal  2fa  security  fail  web  html 
october 2016 by jm
Anti-Brexit traitors outed on twitter
oh god this is funny. Louise Mensch and various UKIPpers fall for transparent pisstake involving "taking Article 50 out of the ring binder and shredding it. It now goes straight from 49 to 51" etc.
twitter  louise-mensch  funny  idiots  fail  brexit  ukip 
october 2016 by jm
Google Intrusion Detection Problems
'We have lost access to multiple critical data stores because Google has an automated threat detection system that is incapable of handling false positives.'
google  security  cloud  false-positives  intrusion-detection  automation  fail 
august 2016 by jm
The tyranny of the algorithm yet again...
Paypal will no longer handle payments if the user's address includes the word "Isis":
That these place names exist won't be a surprise to anyone familiar with English limnology - the study of rivers and inland waters. As Wikipedia helpfully tells us, "The Isis is the name given to the part of the River Thames above Iffley Lock which flows through the university city of Oxford". In at least one local primary school I'm familiar with, the classes are called Windrush, Cherwell, Isis and Thames.

[...] Now PayPal has decided that they are not prepared to facilitate payments for goods to be delivered to an address which includes the word "Isis". An Isis street resident ran into some unexpected difficulties when attempting to purchase a small quantity of haberdashery on the internet with the aid of a PayPal account. The transaction would not process. In puzzlement she eventually got irritated enough to brave the 24/7 customer support telephone tag labyrinth. The short version of the response from the eventual real person she managed to get through to was that PayPal have blacklisted addresses which include the name "Isis". They will not process payments for goods to be delivered to an Isis related address, whatever state of privileged respectability the residents of such properties may have earned or inherited in their lifetimes to this point.


One has to wonder if this also brings the risk of adding the user to a secret list, somewhere. Trial by algorithm.
isis  algorithms  automation  fail  law-enforcement  paypal  uk  rivers 
june 2016 by jm
The Mitsubishi Outlander vulnerability allows trivial remote car alarm unlocking.
Nearly-open wifi (easily-cracked weak WPA PSK), and a 6-byte string to disable the car alarm, discovered via replay attack. Massive fail
internetofshit  mitsubishi  fail  outlander  wpa  alarms  security  replay-attack 
june 2016 by jm
[RFE] add a way to run in a new systemd scope automatically · Issue #428 · tmux/tmux
omgwtfbbq. 1: User reports that their gnome session leaks processes; 2: systemd modifies default session behaviour to kill all processes, including screen/tmux; 3: _everyone_ complains because they break 30 years of UNIX process semantics, then 4: they request that tmux/screen hack their shit to workaround their brokenness. Get fucked, systemd. This is the kind of shit that would finally drive me to BSDland
systemd  horror  linux  fail  unix  gnome  tmux  bugs  omgwtfbbq 
may 2016 by jm
LinkedIn called me a white supremacist
Wow. Massive, massive algorithm fail.
n the morning of May 12, LinkedIn, the networking site devoted to making professionals “more productive and successful,” emailed scores of my contacts and told them I’m a professional racist. It was one of those updates that LinkedIn regularly sends its users, algorithmically assembled missives about their connections’ appearances in the media. This one had the innocent-sounding subject, “News About William Johnson,” but once my connections clicked in, they saw a small photo of my grinning face, right above the headline “Trump put white nationalist on list of delegates.” [.....] It turns out that when LinkedIn sends these update emails, people actually read them. So I was getting upset. Not only am I not a Nazi, I’m a Jewish socialist with family members who were imprisoned in concentration camps during World War II. Why was LinkedIn trolling me?
ethics  fail  algorithm  linkedin  big-data  racism  libel 
may 2016 by jm
#825394 - systemd kill background processes after user logs out - Debian Bug report logs
Systemd breaks UNIX behaviour which has been standard practice for 30 years:
It is now indeed the case that any background processes that were still
running are killed automatically when the user logs out of a session,
whether it was a desktop session, a VT session, or when you SSHed into a
machine. Now you can no longer expect a long running background processes to
continue after logging out. I believe this breaks the expectations of
many users. For example, you can no longer start a screen or tmux
session, log out, and expect to come back to it.
systemd  ops  debian  linux  fail  background  cli  commandline 
may 2016 by jm
World’s first vanity gTLD goes live
".richardli". TLDs are now officially beyond a joke
tld  absurd  fail  gtlds  domains  dns  vanity  richard-li 
may 2016 by jm
Apple Stole My Music. No, Seriously.
some amazingly terrible product decisions here. Deleting local copies of unreleased WAV files -- on the assumption that the user will simply listen to them streamed down from Apple Music -- that is astonishingly bad, and it's amazing they didn't consider the "freelance composer" use case at all. (via Tony Finch)
apple  music  terrible  wav  sound  copyright  streaming  apple-music  design  product  fail 
may 2016 by jm
[Updated] Using a Dyson hand dryer is like setting off a viral bomb in a bathroom | Ars Technica
Clumping the data from all six heights together, the Dyson produced 60 times more plaques than the warm air dryer and 1,300 times more than paper towels. Of the viruses launched by the jet dryer, 70 percent were at the height of a small child’s face.


(vomit)
gross  hand-dryers  dyson  fail  health  bathroom 
april 2016 by jm
Internet mapping turned a remote farm into a digital hell
I think this a bit of a legal issue for MaxMind:
The trouble for the Taylor farm started in 2002, when a Massachusetts-based digital mapping company called MaxMind decided it wanted to provide “IP intelligence” to companies who wanted to know the geographic location of a computer to, for example, show the person using it relevant ads or to send the person a warning letter if they were pirating music or movies.
maxmind  fail  location  ip  geodata  gps  mapping  kansas 
april 2016 by jm
Irish drone register allowed access to personal details of 2,000 members
The breach, which allowed registered users to view names, addresses, email addresses and phone numbers of other people registered on the site, was brought to the attention of the authority on Sunday night.
In a statement to TheJournal.ie, the IAA revealed it was aware of four users who downloaded the file.
fail  drones  ireland  iaa  security 
april 2016 by jm
'Devastating' bug pops secure doors at airports, hospitals
"A command injection vulnerability exists in this function due to a lack of any sanitisation on the user-supplied input that is fed to the system() call," Lawshae says.


:facepalm:
security  iot  funny  fail  linux  unix  backticks  system  udp  hid  vertx  edge 
april 2016 by jm
Google's Nest killing off old devices
Google is making customers' existing devices useless, less than 2 years after the devices were available for sale, with only 2 months warning. This is one of the reasons I won't spend money on the Internet Of Things shitshow.

'"Which hardware will Google choose to intentionally brick next?" asks Arlo Gilbert. "If they stop supporting Android will they decide that the day after warranty expires that your phone will go dark? Is your Nexus device safe? What about your Nest fire alarm? What about your Dropcam? What about your Chromecast device?"'
iot  fail  google  alphabet  nest  revolv  home  shutdown 
april 2016 by jm
CNBC "How Secure Is Your Password" tester form is a spectacular security shitshow
It not only runs over HTTP, it also sends your password to a bunch of third-party ad trackers. omgwtfbbqfail
fail  wtf  funny  cnbc  clowns  inept  security  passwords  http  ad-trackers 
march 2016 by jm
Clampers have to clock off as hour change crashes system
DST strikes again:

The failure of the ParkbyText system, operated by National Controlled Parking Systems (NCPS), was described by one employee contacted by a midlands motorist unable to pay for his parking at a train station as a “Y2K moment”. The system failure caused early morning panic for thousands of drivers who tried unsuccessfully to use text messages or an app to pay for their parking ahead of returning to work after the bank holiday weekend.


Impact was that they had to stop enforcement until the day passed, I think.
parkbytext  sms  parking  ireland  ncps  dst  fail  bugs 
march 2016 by jm
Microsoft terminates its Tay AI chatbot after she turns into a Nazi
'if you tell her "repeat after me" she will parrot back whatever you say, allowing you to put words into her mouth.'


what. the. fuck. Microsoft.
omgwtfbbq  4chan  funny  microsoft  fail  tay 
march 2016 by jm
Nook DRM promises to kill book collection unless user takes action
yay, DRM. "It is important that you transfer your purchased NOOK Books to ensure access"
drm  fail  nook  uk  sainsburys 
march 2016 by jm
Troy Hunt: Controlling vehicle features of Nissan LEAFs across the globe via vulnerable APIs
holy crap. Nissan expose a public API authenticated _solely_ using the car's VIN -- which is more or less public info; the API allows turning on/off AC, grabbing driving history, etc.
security  fail  nissan  leaf  cars  apis  vin  authentication 
february 2016 by jm
Indonesia's war on emoji
'Indonesia's government has demanded that instant messaging apps remove stickers featuring same-sex couples, in the latest high-profile attempt to discourage visible homosexuality in the socially conservative country.'

(via fuzzix)
via:fuzzix  indonesia  fail  stupid  emoji  lgbt 
february 2016 by jm
Why Eircode is a shambles, by someone who works in the transport industry
This is full of good points.
Without having a distinct SORT KEY for a geographically distinct area, a postcode is of no real benefit to any type of transport firm or agency.  To take one example, Eircode have used the same sort key, F92, for Arranmore (Donegal’s largest inhabited island) and the north western Donegal mainland.  Cill Rónáin, Inis Mór, the largest of the Aran Islands, has the same sort key H91, as Connemara and Galway City.  Galway city and the Aran Islands may be in a relatively small geographical area, but keen eyes may have noticed that the Aran Islands are separated from the mainland by a small section of the Atlantic Ocean.  Sort codes which ignore clear and obvious boundaries, like seas or oceans, need to be redesigned. In two seconds a [UK] website could tell a Hebridean that his delivery will take 4 days at a cost of fifty quid by using the first three characters of the postcode.  The Eircode-using Irish equivalent website would need to lookup a large database to tell an Arranmore resident the cost and time for delivery – and they’d need the full exact code.  Any mistake made here, and your estimated delivery time, and cost for delivery will be wrong.
postcodes  eircode  loc8code  fail  couriers  delivery  geodata  geocoding  galway  aran-islands 
january 2016 by jm
Valid MFA token does not work during first 1am hour before daylight savings ends and second 1am hour starts · Issue #1611 · aws/aws-cli
Add another one to the "yay for DST" pile. (also yay for AWS using PST/PDT as default internal timezone instead of UTC...)
utc  timezones  fail  bugs  aws  aws-cli  dst  daylight-savings  time 
november 2015 by jm
Twins denied driver’s permit because DMV can’t tell them apart
"The computer can recognize faces, a feature that comes in handy if somebody’s is trying to get an illegal ID. It apparently is not programmed to detect twins."

As Hilary Mason put it: "You do not want to be an edge case in this future we are building."
future  grim  bugs  twins  edge-cases  coding  fail  dmv  software  via:hmason 
october 2015 by jm
Eircode cost the Irish government EUR38m
The C&AG has said it is not clear that the €38m scheme will achieve the data-matching benefits the Government had hoped. 


Well, that's putting it mildly.
eircode  fail  ireland  costs  money  geo  mapping  geocoding 
september 2015 by jm
Using Samsung's Internet-Enabled Refrigerator for Man-in-the-Middle Attacks
Whilst the fridge implements SSL, it FAILS to validate SSL certificates, thereby enabling man-in-the-middle attacks against most connections. This includes those made to Google's servers to download Gmail calendar information for the on-screen display. So, MITM the victim's fridge from next door, or on the road outside and you can potentially steal their Google credentials.


The Internet of Insecure Things strikes again.
iot  security  fridges  samsung  fail  mitm  ssl  tls  google  papers  defcon 
september 2015 by jm
Amazon EC2 2015 Benchmark: Testing Speeds Between AWS EC2 and S3 Regions
Here we are again, a year later, and still no bloody percentiles! Just amateurish averaging. This is not how you measure anything, ffs. Still, better than nothing I suppose
fail  latency  measurement  aws  ec2  percentiles  s3 
august 2015 by jm
Inside the sad, expensive failure of Google+
"It was clear if you looked at the per user metrics, people weren’t posting, weren't returning and weren’t really engaging with the product," says one former employee. "Six months in, there started to be a feeling that this isn’t really working." Some lay the blame on the top-down structure of the Google+ department and a leadership team that viewed success as the only option for the social network. Failures and disappointing data were not widely discussed. "The belief was that we were always just one weird feature away from the thing taking off," says the same employee.
google  google+  failures  post-mortems  business  facebook  social-media  fail  bureaucracy  vic-gundotra 
august 2015 by jm
murbul comments on The security issue of Blockchain.info's Android Wallet is not about system's entropy. It's their own BUGs on PRNG again!
I was in the middle of writing a breakdown of what went wrong, but you've beat me to it.
Basically, they have a LinuxSecureRandom class that's supposed to override the standard SecureRandom. This class reads from /dev/urandom and should provide cryptographically secure random values.
They also seed the generator using SecureRandom#setSeed with data pulled from random.org. With their custom SecureRandom, this is safe because it mixes the entropy using XOR, so even if the random.org data is dodgy it won't reduce security. It's just an added bonus.
BUT! On some devices under some circumstances, the LinuxSecureRandom class doesn't get registered. This is likely because /dev/urandom doesn't exist or can't be accessed for some reason. Instead of screaming bloody murder like any sensible implementation would, they just ignore that and fall back to using the standard SecureRandom.
If the above happens, there's a problem because the default implementation of SecureRandom#setSeed doesn't mix. If you set the seed, it replaces the entropy entirely. So now the entropy is coming solely from random.org.
And the final mistake: They were using HTTP instead of HTTPS to make the webservice call to random.org. On Jan 4, random.org started enforcing HTTPS and returning a 301 Permanently Moved error for HTTP - see https://www.random.org/news/. So since that date, the entropy has actually been the error message (turned into bytes) instead of the expected 256-bit number. Using that seed, SecureRandom will generate the private key for address 1Bn9ReEocMG1WEW1qYjuDrdFzEFFDCq43F 100% of the time. Ouch. This is around the time that address first appears, so the timeline matches.
I haven't had a thorough look at what they've replaced it with in the latest version, but initial impressions are that it's not ideal. Not disastrous, but not good.


Always check return values; always check HTTP status codes.
bugs  android  fail  securerandom  random  prng  blockchain.info  bitcoin  http  randomness  entropy  error-checking 
may 2015 by jm
iPhone UTF-8 text vulnerability
'Due to how the banner notifications process the Unicode text. The banner briefly attempts to present the incoming text and then "gives up" thus the crash'. Apparently the entire Springboard launcher crashes.
apple  vulnerability  iphone  utf-8  unicode  fail  bugs  springboard  ios  via:abetson 
may 2015 by jm
Volvo says horrible 'self-parking car accident' happened because driver didn't have 'pedestrian detection'
Grim meathook future, courtesy of Volvo:
“The Volvo XC60 comes with City Safety as a standard feature however this does not include the Pedestrian detection functionality [...] The pedestrian detection feature [...] costs approximately $3,000.


However, there's another lesson here, in crappy car UX and the risks thereof:
But even if it did have the feature, Larsson says the driver would have interfered with it by the way they were driving and “accelerating heavily towards the people in the video.” “The pedestrian detection would likely have been inactivated due to the driver inactivating it by intentionally and actively accelerating,” said Larsson. “Hence, the auto braking function is overrided by the driver and deactivated.” Meanwhile, the people in the video seem to ignore their instincts and trust that the car assumed to be endowed with artificial intelligence knows not to hurt them. It is a sign of our incredible faith in the power of technology, but also, it’s a reminder that companies making AI-assisted vehicles need to make safety features standard and communicate clearly when they aren’t.
self-driving-cars  cars  ai  pedestrian  computer-vision  volvo  fail  accidents  grim-meathook-future 
may 2015 by jm
32-bit overflow in BitGo js code caused an accidental 85 BTC transaction fee
Yes, this is a fucking 32-bit integer overflow. Whatever software was used, it calculated the sum of all inputs using 32-bit variables, which overflow at about 20 BTC if signed or 40 BTC if not. The fee was supposed to be 0xC350 = 50,000 satoshis, but it turned out to be 0x2,0000,C350 = 8,589,984,592 satoshis.
Captains of the industry. If they were captains of any other industry, like say for example automotive, we'd have people dying in car crashes between two stationary vehicles.
bitcoin  fail  bitgo  javascript  bugs  32-bit  overflow  btc 
april 2015 by jm
The missing MtGox bitcoins
Most or all of the missing bitcoins were stolen straight out of the MtGox hot wallet over time, beginning in late 2011. As a result, MtGox operated at fractional reserve for years (knowingly or not), and was practically depleted of bitcoins by 2013. A significant number of stolen bitcoins were deposited onto various exchanges, including MtGox itself, and probably sold for cash (which at the bitcoin prices of the day would have been substantially less than the hundreds of millions of dollars they were worth at the time of MtGox's collapse).

MtGox' bitcoins continuously went missing over time, but at a decreasing pace. Again by the middle of 2013, the curve goes more or less flat, matching the hypothesis that by that time there may not have been any more bitcoins left to lose. The rate of loss otherwise seems unusually smooth and at the same time not strictly relative to any readily available factors such as remaining BTC holdings, transaction volumes or the BTC price. Worth pointing out is that, thanks to having matched up most of the deposit/withdrawal log earlier, we can at this point at least rule out the possibility of any large-scale fake deposits — the bitcoins going into MtGox were real, meaning the discrepancy was likely rather caused by bitcoins leaving MtGox without going through valid withdrawals.
mtgox  bitcoin  security  fail  currency  theft  crime  btc 
april 2015 by jm
Keeping Your Car Safe From Electronic Thieves - NYTimes.com
In a normal scenario, when you walk up to a car with a keyless entry and try the door handle, the car wirelessly calls out for your key so you don’t have to press any buttons to get inside. If the key calls back, the door unlocks. But the keyless system is capable of searching for a key only within a couple of feet. Mr. Danev said that when the teenage girl turned on her device, it amplified the distance that the car can search, which then allowed my car to talk to my key, which happened to be sitting about 50 feet away, on the kitchen counter. And just like that, open sesame.


What the hell -- who designed a system that would auto-unlock based on signal strength alone?!!
security  fail  cars  keys  signal  proximity  keyless-entry  prius  toyota  crime  amplification  power-amplifiers  3db  keyless 
april 2015 by jm
Bigcommerce Status Page blasts IBM Softlayer Object Storage service
This is pretty heavy stuff:
Bigcommerce engineers have been very pro-active in working with our storage provider, IBM Softlayer, in finding solutions. Unfortunately, it takes two parties to come to a solution. In this case, IBM Softlayer intentionally let their Object Storage cluster fall into disrepair and chose not to scale it. This has impacted Bigcommerce, IBM and many other Softlayer customers. Our engineers placed too much trust in IBM Softlayer and that's on us. However, the catastrophic failures to see metrics and rapidly scale capacity, the decisions to let hard drives sit at 90% utilization for weeks and months, the cascading failures of an undersized cluster of 52 nodes for the busiest data center in their business speaks to IBM Softlayer’s lack of concern for their customers. We found this out 3 days ago.


(via Oisin)
softlayer  bigcommerce  outages  shambles  ibm  fail  object-storage  storage  iaas  cloud 
april 2015 by jm
Avro, mail # dev - bytes and fixed handling in Python implementation - 2014-09-04, 22:54
More Avro trouble with "bytes" fields! Avoid using "bytes" fields in Avro if you plan to interoperate with either of the Python implementations; they both fail to marshal them into JSON format correctly. This is the official "avro" library, which produces UTF-8 errors when a non-UTF-8 byte is encountered
bytes  avro  marshalling  fail  bugs  python  json  utf-8 
march 2015 by jm
tebeka / fastavro / issues / #11 - fastavro breaks dumping binary fixed [4] — Bitbucket
The Python "fastavro" library cannot correctly render "bytes" fields. This is a bug, and the maintainer is acting in a really crappy manner in this thread. Avoid this library
fastavro  fail  bugs  utf-8  bytes  encoding  asshats  open-source  python 
march 2015 by jm
devbook/README.md at master · barsoom/devbook
How to avoid the shitty behaviour of ActiveRecord wrt migration safety, particularly around removing/renaming columns. ugh, ActiveRecord
activerecord  fail  rails  mysql  sql  migrations  databases  schemas  releasing 
march 2015 by jm
AllCrypt hacked, via PHP, Wordpress, and the marketing director's email
critical flaw: gaining access to the MySQL db let the attacker manipulate account balances. oh dear
security  fail  allcrypt  hacks  wordpress  php 
march 2015 by jm
Irish government under fire for turning its back on basic research : Nature News & Comment
Pretty much ALL of Ireland's research scientists have put their names to an open letter to the Irish government, decrying the state of science funding, published this week in "Nature".

'Although total spending on research and development grew through the recession, helped by foreign investments, Ireland’s government has cut state spending on research (see ‘Celtic tiger tamed’). It also prioritized grants in 14 narrow areas — ones in which either large global markets exist, or in which Irish companies are competitive. These include marine renewable energy, smart grids, medical devices and computing. The effect has been to asphyxiate the many areas of fundamental science — including astrophysics, particle physics and areas of the life sciences — that have been deprived of funding, several researchers in Ireland told Nature. “The current policies are having a very significant detrimental effect on the health and viability of the Irish scientific ecosystem,” says Kevin Mitchell, a geneticist who studies the basis of neurological disorders at Trinity College Dublin. “Research that cannot be shoehorned into one of the 14 prioritized areas has been ineligible for most funding,” he says.'

That's another fine mess Sean Sherlock has gotten us into :(
sean-sherlock  fail  ireland  research  government  funding  grants  science  tcd  kevin-mitchell  life-sciences  nature 
march 2015 by jm
President's message gets lost in (automated) translation
In a series of bizarre translations, YouTube’s automated translation service took artistic licence with the [President's] words of warmth.

When the head of state sent St Patrick’s Day greetings to viewers, the video sharing site said US comedian Tina Fey was being “particular with me head”. As President Higgins spoke of his admiration for Irish emigrants starting new communities abroad, YouTube said the President referenced blackjack and how he “just couldn’t put the new iPhone” down. And, in perhaps the most unusual moment, as he talked of people whose hearts have sympathy, the President “explained” he was once on a show “that will bar a gift card”.


(via Daragh O'Brien)
lol  president  ireland  michael-d-higgins  automation  translation  machine-learning  via:daraghobrien  funny  blackjack  iphone  tina-fey  st-patrick  fail 
march 2015 by jm
Sony PSN hacking horror story
My account got hacked, running up over $600 in charges. Here's the conclusion after running through the Sony support gauntlet.
They can only refund up to $150.
I can dispute the charges with my bank, but that will result in my account being banned.
I cannot unban my account, and will thus lose my purchases ("but you only have the Last of Us and some of our free games, so it's not a big deal")
Whomever hacked my account deactivated my PS4, and activated their own. Customer support will only permit one activation every 6 months. I'm locked out of logging into my own account on my PS4 for six months.
games  sony  psn  playstation  fail  ps4  hacking  security  customer-support  horror-stories 
march 2015 by jm
Apple Appstore STATUS_CODE_ERROR causes worldwide service problems
Particularly notable for this horrific misfeature, noted by jgc:
I can't commit code at CloudFlare because we use two-factor auth for the VPN (and everything else) and non-Apple apps on my iPhone are asking for my iTunes password. Tried airplane mode and apps simply don't load at all!


That is a _disastrous_ policy choice by Apple. Does this mean Apple can shut down third-party app operation on iOS devices worldwide should they feel like it?
2fa  authy  apps  ios  apple  ownership  itunes  outages  appstore  fail  jgc 
march 2015 by jm
South Korea faces $1bn bill after hackers raid national ID database • The Register
Simon McGarr says: '80% of S.Korea's population have had their ID number stolen, crimewave ongoing. >> Turns out a pot of honey is sweet'
fail  south-korea  korea  security  id-cards  ssn  id-numbers  privacy 
february 2015 by jm
Australia tries to ban crypto research – by ACCIDENT • The Register
Researchers are warned off [discussing] 512-bits-plus key lengths, systems “designed or modified to perform cryptanalytic functions, or “designed or modified to use 'quantum cryptography'”. [....] “an email to a fellow academic could land you a 10 year prison sentence”.


https://twitter.com/_miw/status/556023024009224192 notes 'the DSGL 5A002 defines it as >512bit RSA, >512bit DH, >112 bit ECC and >56 bit symmetric ciphers; weak as fuck i say.'
law  australia  crime  crypto  ecc  rsa  stupidity  fail 
january 2015 by jm
More on the VATMOSS debacle
This is a really good page summarizing where UK-based small digital-media-vending businesses stand
smes  uk  vat  vatmoss  tax  fail  eu 
december 2014 by jm
Amazon sellers hit by nightmare before Christmas as glitch cuts prices to 1p | Technology | The Guardian
From 7-8pm on Friday, [RepricerExpress] software, used by third-party sellers to ensure their products are the cheapest on the market, went a bit haywire and reduced prices to as little as 1p.
1p  amazon  resellers  repricer-express  fail  price-cutting  automation  risks  undercutting 
december 2014 by jm
OS X doesn't support 'ndots' DNS resolution
"ping foo.bar" will not append the "search" domains configured in /etc/resolv.conf. Apparently this has been broken since OS X Lion, no sign of a fix. Nice work Apple
apple  fail  bugs  resolv  dns  domains  osx 
november 2014 by jm
Eircom have run out of network capacity
This is due in part to huge growth in the data volumes and data traffic that is transported over our network, which has exceeded our forecasted growth. We are making a number of improvements to our international connectivity which will add significant capacity and this work will be completed in the next two or three weeks.


Guess this is what happens when Amazon poach your IP network engineers. doh!

More seriously though, if you're marketing eFibre heavily, shouldn't you be investing in the upstream capacity to go with it?
eircom  fail  internet  capacity  forecasting  networking 
november 2014 by jm
Rails migrations with no downtime
Ugh, Rails fail. It is impossible to drop a column from a Rails-managed table without downtime, even if nothing in the code accesses it (!!), without ugly hacks that don't even seem to work on recent versions of ActiveRecord.
activerecord  deploy  migrations  rails  ruby  sql  fail  downtime 
november 2014 by jm
Asus trackpad driver sets the CPU speed to maximum during scrolling
LOL, hardware people writing drivers. Good reason not to buy Asus, I guess
asus  fail  hardware  drivers  throttling  cpu  touchpad  trackpad  scrolling  laptops 
november 2014 by jm
Eircode postcodes will cost lives, warn emergency workers
A group representing frontline emergency staff has warned lives will be lost unless the Government reverses its decision on a new national postcode system due to be rolled out next spring.

John Kidd, chairman of the Irish Fire and Emergency Services Association, said the “mainly random nature” of the Eircode system would mean errors by users would go unnoticed, as well as cause confusion and may be “catastrophic” in terms of sending services to the wrong location.

[....]

Neil McDonnell, general manager of the Freight Transport Association Ireland, said he understood Mr Kidd’s concerns. “Take, for example, two adjacent houses in Glasnevin, Dublin,” said Mr McDonnell. “One could be D11 ZXQ8, the other one D11 67TR. The four-character unique identifier is completely random, with no sequence or algorithm linking one house to the other.”
eircode  fail  postcodes  ireland  geo  location  gps  emergency 
october 2014 by jm
Belkin Router Apocalypse
Many Belkin routers attempt to determine if they're connected to the internet by pinging 'heartbeat.belkin.com', in a classic amateur fail move. Good reason not to run Belkin firmware if that's the level of code quality to expect
belkin  fail  ping  icmp  funny  internet  dailywtf  broken 
october 2014 by jm
Inside Apple’s Live Event Stream Failure, And Why It Happened: It Wasn’t A Capacity Issue
The bottom line with this event is that the encoding, translation, JavaScript code, the video player, the call to S3 single storage location and the millisecond refreshes all didn’t work properly together and was the root cause of Apple’s failed attempt to make the live stream work without any problems. So while it would be easy to say it was a CDN capacity issue, which was my initial thought considering how many events are taking place today and this week, it does not appear that a lack of capacity played any part in the event not working properly. Apple simply didn’t provision and plan for the event properly.
cdn  streaming  apple  fail  scaling  s3  akamai  caching 
september 2014 by jm
Apple: Untrustable
Today, Apple announced their “Most Personal Device Ever”. They also announced Apple Pay (the only mentions of “security” and “privacy” in today’s event), and are rolling out health tracking and home automation in iOS 8.

Given their feckless track record [with cloud-service security], would you really trust Apple with (even more of) your digital life?
icloud  apple  fail  security  hacks  privacy 
september 2014 by jm
Postcodes at last but random numbers don’t address efficiency
Karlin Lillington assembles a fine collection of quotes from various sources panning the new Eircode system:
Critics say the opportunity has been missed to use Ireland’s clean-slate status to produce a technologically innovative postcode system that would be at the cutting edge globally; similar to the competitive leap that was provided when the State switched to a digital phone network in the 1980s, well ahead of most of the world.
Instead, say organisations such as the Freight Transport Association of Ireland (FTAI), the proposed seven-digit format of scrambled letters and numbers is almost useless for a business sector that should most benefit from a proper postcode system: transport and delivery companies, from international giants like FedEx and UPS down to local courier, delivery and service supplier firms.
Because each postcode will reveal the exact address of a home or business, privacy advocates are concerned that online use of postcodes could link many types of internet activity, including potentially sensitive online searches, to a specific household or business.
eircode  government  fail  ireland  postcodes  location  ftai  random 
september 2014 by jm
Richard Clayton - Failing at Microservices
Solid warts-and-all confessional blogpost about a team failing to implement a microservices architecture. I'd put most of the blame on insufficient infrastructure to support them (at a code level), inter-personal team problems, and inexperience with large-scale complex multi-service production deployment and the work it was going to require
microservices  devops  collaboration  architecture  fail  team  deployment  soa 
august 2014 by jm
Comment #28 : Bug #255161 : Bugs : “cupsys” package : Ubuntu
file(1) bug causes the input Postscript file to be misidentified as an Erlang JAM file if it contains the string 'Tue' starting at byte 4.
via:hackernews  file  unix  cups  printing  funny  bugs  fail  ubuntu  linux 
august 2014 by jm
AWS Speed Test: What are the Fastest EC2 and S3 Regions?
My god, this test is awful -- this is how NOT to test networked infrastructure. (1) testing from a single EC2 instance in each region; (2) uploading to a single test bucket for each test; (3) results don't include min/max or percentiles, just an averaged measurement for each test. FAIL
fail  testing  networking  performance  ec2  aws  s3  internet 
august 2014 by jm
« earlier      
per page:    204080120160

related tags

1p  2fa  3db  4chan  32-bit  abortion  absurd  accidents  accuracy  accuweather  activerecord  ad-trackers  advertising  ai  airlines  airport  akamai  alarms  alert  algorithm  algorithms  allcrypt  alphabet  amazon  amplification  android  anonymous  apis  apple  apple-music  apps  appstore  aran-islands  archaeology  architecture  assassins-creed  asshats  asus  attacks  australia  authentication  authy  automation  av  avro  aws  aws-cli  ba  baal  background  backticks  bad-programming  banking  bash  bathroom  belkin  bicycle-calming  big-brother  big-data  bigcommerce  biometrics  birdsong  bitcoin  bitgo  bitrot  blackjack  blockchain.info  blocking  blogging  bluetooth  boing-boing  bold  boobs  brexit  broken  btc  bugs  building  bureaucracy  business  buttcoin  bytes  ca-7  caching  capacity  cars  carthage  cash  cdn  censorship  censorware  central-bank  character-sets  cli  cloud  cloudflare  clowns  clueless  cnbc  coding  coding-standards  coins  collaboration  commandline  comodo  computer-says-no  computer-vision  computers  concurrency  confusion  connected  constants  copyfight  copyright  corrections  costs  council  courage  couriers  cpu  crap-code  crashlytics  crime  crypto  csv  cups  currency  customer-service  customer-support  cybercrime  cycling  d1000  daft  daily-mail  dailywtf  data  data-privacy  data-protection  data-science  databases  datacenters  dataviz  daylight-savings  dcc  debian  defamation  defcon  defective-by-design  del.icio.us  delivery  dependencies  deploy  deployment  design  detection  detroit  devops  dhs  diagrams  digitalone  dionysus  discrimination  distribution  dmca  dmv  dns  doh  domains  downtime  dpc  drivers  drm  drones  dst  dublin  dyson  e-voting  ec2  ecc  ecommerce  edge  edge-cases  eir  eircode  eircom  elections  email  embedded-software  embedded-systems  emergency  emoji  encoding  entropy  error-checking  errors  esb  ethics  eu  europe  excel  exchange  fabric  facebook  fail  failures  fake-news  false-negatives  false-positives  falsehoods  fascism  fastavro  fastmail  fbi  festivals  fianna-fail  fiasco  fiat-currency  file  filesharing  filtering  fine-gael  fingerprinting  firmware  floating-point  fonts  forbes  forecasting  formats  fps  france  fraud  fraud-detection  fridges  ftai  ftc  funding  funny  future  fyre  gadgets  galway  games  gaming  garadget  geo  geocoding  geodata  gnome  go  gods  golang  google  google+  goto  goto-fail  government  gpg  gps  graffiti  grants  graphics  graphs  grim  grim-meathook-future  gross  gtlds  gwibber  hacking  hacks  hadopi  han  hand-dryers  hardware  hashing  hashmap  hate  hbgary  health  hid  history  hoaxes  holland  home  home-automation  homes  homophobia  horror  horror-stories  hosting  hotmail  housing  html  http  humor  hysteria  iaa  iaas  ibm  icloud  icmp  id-cards  id-numbers  identity  idiots  imageshack  imap  imessage  imgur  incident-response  india  indonesia  inept  influencers  infographics  infoviz  innovation  instagram  insteon  interchange  internet  internetofshit  intrusion-detection  ioactive  ios  iot  ip  iphone  ireland  irish-times  isis  isps  it  itunes  iwf  j  j2ee  james-joyce  java  javascript  jdk  jgc  jobs  journalism  joyent  json  kansas  kernel  kevin-mitchell  keyless  keyless-entry  keys  kilkenny  korea  laptops  latency  law  law-enforcement  leaf  leaks  leap-seconds  leap-smearing  legacy  legal  legal-threats  lgbt  libel  life-sciences  linkedin  linux  loc8code  location  logos  lol  louise-mensch  machine-learning  macron  magic-numbers  mail  mail.app  maintainance  malpractice  malware  mapping  marine-le-pen  marketing  mars  marshalling  mastercard  maxmind  measurement  medicine  memos  messaging  michael-d-higgins  michelangelo  michigan  microservices  microsoft  migrations  minting  mitm  mitsubishi  mobile  money  monoculture  ms  msm  mtgox  music  mysore  mysql  nasa  nature  natwest  nazis  ncps  nest  networking  news  newsfeed  nissan  nmap  nook  npm  ntl  ntp  ntpd  nudity  o2  oauth  object-storage  ocsp  oh-dear  omgwtfbbq  online-shopping  oops  open-source  operating-systems  ops  oracle  organisations  osx  ouch  outages  outlander  outsourcing  overblocking  overflow  ownership  panti-bliss  pantigate  papers  parkbytext  parking  parsing  passwords  patent-trolls  patents  pathetic  paypal  pedestrian  percentiles  performance  philadelphia  phishing  phoenicia  phones  php  pie-charts  ping  piracy  pirate-bay  pki  playstation  politics  post-its  post-mortem  post-mortems  postcodes  postmortems  power  power-amplifiers  powwow  pr  pregnancy  president  press  prfail  price-cutting  printing  prius  privacy  prng  product  programming  progress  proximity  ps4  psn  pty  public-interest  public-key  python  racism  racks  radio  rails  random  randomness  rbs  rebranding  redirects  redis  releasing  reliability  rent  replay-attack  reporting  repricer-express  research  resellers  resolv  reviews  revocation  revolv  rfc4180  richard-li  risks  rivers  rm-rf  roflscale  roles  rrdns  rsa  rte  ruby  rumblefish  rvm  ryanair  s3  sainsburys  samsung  satis  savita  scalability  scaling  scanner  scanners  schemas  science  scripps  scripting  scrolling  scroogled  sculpture  sean-sherlock  search  search-and-seizure  securecode  securerandom  security  self-driving-cars  shambles  shoddy  shutdown  signal  smart-tv  smc8014  smes  sms  smtp  soa  social-media  social-welfare  softlayer  software  sony  sound  south-korea  spam  speculation  springboard  sql  ssh  ssl  ssn  st-patrick  standards  statistics  stereotypes  storage  streaming  streisand-effect  strongdisk  stupid  stupidity  support  surveillance  surveys  swpats  system  systemd  systems  tax  tay  tcd  tcuod  team  tech-debt  terrible  terrorism  testing  the-register  theft  theresa-may  three-strikes  throttling  time  time-warner  timeline  timezones  tina-fey  tld  tls  tmux  tor  tory-hill  tos  touchpad  toyota  tpb  tr-064  trackpad  trade-secrets  trading  transfer  translation  trolls  trump  trustwave  tsa  tv  tv5monde  twins  twitter  two-nines  typography  typos  ubisoft  ubuntu  udp  uk  ukip  ulster-bank  ulster-blank  ulysses  undercutting  unicode  unit-testing  unix  updates  ups  uptime  us-politics  usa  utc  utf-8  vanity  vat  vatmoss  vbv  vertx  via:abetson  via:AdamMaguire  via:christinebohan  via:cscotta  via:daraghobrien  via:davebolger  via:destraynor  via:fanf  via:fuzzix  via:hackernews  via:hmason  via:hn  via:kevin-lyda  via:mark-russinovitch  via:oisin  via:reddit  via:rsynnott  via:tjmcintyre  via:tzink  via:waxy  vic-gundotra  video  vin  virgin  viruses  visa  visualisation  visualization  vodafone  volvo  vulnerability  warning  water  water-coolers  wav  weather  web  wemo  wingdings  wordpress  wpa  wtf  x-ray  xml  youtube  zyxel 

Copy this bookmark:



description:


tags: