I’ve worked with massive customer databases of over a million people multiple times in jobs I’ve had. And while each company has spent tens-of-thousands of dollars in cyber security to protect that data from outside hackers, none have given any fucks at all about who accessed it internally or what they do with it.
I’ve literally exported the entire customer database in two different jobs, dropped the CSV into my personal Google Drive (from my work computer), and worked entire databases at home.
No one has ever known I’ve done it, cared, or checked if I have any customer personal data when I quit.
Sounds like they didn’t spend any money on Cyber security’s team to properly implement it then…data exfil %100 would have been picked up by any real DLP solution and even barebones heuristics based EDR would have thrown a red flag as well.
Haha, please. You’re talking about machine learning when the best any business is using is antivirus. You forget, Boomers are still running big business and IT departments are running security.
It’s perfect world vs. real world my dude, and real world puts out tender for the cheapest solution.
It sounds like you’ve been working for Mom and pop shops then, and they’re not having audits done. Companies with millions of customers will usually either have in house secops or an mssp handle everything. Point being is, without audits then insurance usually will not be approved for PII loss or they flat out will not work with the company at all. It even more so with HIPAA laws.
I’m with the above commenter. I’ve worked at many companies of various sizes, from small local shops up to international corporations, including at least one contractor for the US military.
Every one of them had rules and policies and training on security, to varying degrees. But at every one of them, I’d find some vulnerability, or instance where someone was neglecting security. Each time, I’d bring it to the attention of someone in management. Each time (with one company as exception), those warnings would be “heard” and “passed up the chain”, and then nothing would happen. Only one company in 20 years of work actually fixed a security issue I found. And no company I’ve ever worked for was leak proof.
In my experience, until it threatens to cost a company much more money in losses than it would cost to fix the problem, but said problem will not get fixed. That’s profit motive. And often it seems they’d rather roll the dice until a loss occurs, and then (maybe) fix the issue.
I’ve worked at plenty of companies with exfil protection and people still did this. One has 100 devs and 500 total employees
Truth
The past decade of the tech industry has felt very snakeoil-y.
INB4 “It always has been.”
What’s sad is there are plenty of actual problems out there that could be solved with software. Most of the time they’re not that ‘sexy’ and management is so blinded by greed that they throw away all the good opportunities.
Do you have any examples of problems currently lacking a (plausible) software solution?
If you’re good at building hype and have some connections, you can attract all sorts of investors hoping to get in on the ground floor of the next big thing.
Dan Olsen’s NFT video from a year ago summed it up well, I think (link). People with money to invest today want to repeat the insane growth in wealth brought about by computers, the internet, social media, etc. So they will basically gamble on any new ideas that have an air of plausibility to kick off the next boom.
I think it started with registry cleaners.
Those weren’t really pushed as a get-rich-quick scheme, which a lot of the hustle seems to be currently.
Oh, you’re thinking of crypto to junk. Nah, Fudge That.
It is kind of hilarious that airplanes are seen as being safe and reliable, when if they were given the same factor of safety as most other consumer goods, they’d never get off the ground from being too heavy.
I do NOT recommend you do this, but if a ladder says it is designed for 300 lbs, then it should carry 1200 lbs. 4X is a fairly common factor of safety for things like ladders where people’s lives are in jeopardy. Most other items are usually 2X. (I want to point out that there are qualifications to this… static loading and dynamic loading are totally different things. Also a simple point load is not the same as a cantilevered loading condition. A new piece of equipment is not the same as one abused on the job for the last 10 years. All these things will dramatically affect safety ratings for things)
I’d say the difference is that every single part of an airline is carefully rated though. Everything that’s supplied for use on an airline is expensive because of all the regulations.
A ladder may be rated for 1200 pounds, but nobody inspects every single use-case for that ladder and ensures that the entire system always has 4x safety. Once you buy the ladder it’s up to you what you lean it up against, etc.
Regulations and quality checks on aerospace parts is no joke. More so on stuff that goes out into space and on military hardware, but every single nut and bolt and everything in between can be traced back to a supplier and that supplier will be able to tell you when it was made, by who and even where the raw material came from and show you the certs. Regular airplanes not nearly as strict or as much paperwork, but it isn’t that far behind, quite honestly.
Also, you might be surprised by the testing that ladders go through. Not so much the cheapo Chinesium stuff, but safety in all fields is no joke. It is too costly to skimp on testing.
I used to believe this, but recent incidents have exposed systemic issues in engineering and QA at at least one major US aerospace manufacturer.
The USA is run by unpaid 22 year old interns being supervised by underpaid 24 year olds.
Old people in charge are definitely a problem (McConnell, Feinstein etc) but the people in their offices doing all the heavy lifting are basically children.
I mean, people in their 20s have done some pretty amazing things.
Yeah but most people aren’t Alexander the Great or Mozart. And even if you are, you’re probably not working in congress, hah
Alexander had Aristotle to tutor him. If you find yourself young and in power, you better hope your elder advisors are that good.
Software Engineering. Most software is basically just houses of cards, developed quickly and not maintained properly (to save money ofc). We will see some serious software collapses within our lifetime.
Y2038 is my “retirement plan”.
(Y2K, i.e. the “year 2000 problem”, affected two digit date formats. Nothing bad happened, but consensus nowadays is that that wasn’t because the issue was overblown, it’s because the issue was recognized and seriously addressed. Lots of already retired or soon retiring programmers came back to fix stuff in ancient software and made bank. In 2038, another very common date format will break. I’d say it’s much more common than 2 digit dates, but 2 digit dates may have been more common in 1985. It’s going to require a massive remediation effort and I hope AI-assisted static analysis will be viable enough to help us by then.)
My dad is a tech in the telecommunications industry. We basically didn’t see him for all of 1999. The fact that nothing happened is because of people working their assess off.
My dad still believes the entire Y2K problem was a scam. How do I convince him?
Well my dad does too and he worked his ass off to prevent it. Baby boomers are just stupid as shit, there’s not really much you can do.
My dad had to stay in his office with a satellite phone over new years in case shit hit the fan.
Windows, Linux, FreeBSD, OpenBSD, NetBSD, and OSX have all already switched to 64 bit time.
Tell that to the custom binary serialization formats that all the applications are using.
Edit: and the long-calcified protocols that embed it.
So they have a year 202020 bug then
I get the joke, but for those seriously wondering:
The epoch is Jan 1, 1970. Time uses a signed integer, so you can express up to 2^31 seconds with 32 bits or 2^63 with 64 bits.
A normal year has exactly 31536000 seconds (even if it is a leap second year, as those are ignored for Unix time). 97 out of 400 years are leap years, adding an average of 0.2425 days or 20952 seconds per year, for an average of 31556952 seconds.
That gives slightly over 68 years for 32 bit time, putting us at 1970+68 = 2038. For 64 bit time, it’s 292,277,024,627 years. However, some 64 bit time formats use milliseconds, microseconds, 100 nanosecond units, or nanoseconds, giving us “only” about 292 million years, 292,277 years, 29,228 years, or 292 years. Assuming they use the same epoch, nano-time 64 bit time values will become a problem some time in 2262. Even if they use 1900, an end date in 2192 makes them a bad retirement plan for anyone currently alive.
Most importantly though, these representations are reasonably rare, so I’d expect this to be a much smaller issue, even if we haven’t managed to replace ourselves by AI by then.
Omg we are in same epoch as the butlarian crusade.
Butlarian crusade
Butlerian Jihad, my dude. Hate to correct you, but the spice must flow.
Im just glad you got that reference
If you’re going to correct people about Dune quotes, at least use one from the book! “The spice must flow” doesn’t appear in any of them, it’s a Lynch addition.
an end date in 2192 makes them a bad retirement plan for anyone currently alive.
I can’t wait to retire when I’m 208 years old.
How many UNIX machines in production are still running on machines with 32-bit words, or using a 32-bit time_t?
Package management is impossible. When a big enough package pushes an update the house of cards eill fall. This causes project packages with greatly outdated versions to exist in production because there is no budget to diagnose and replace packages that are no longer available when a dependency requires a change.
Examples: adminJs or admin bro… one of them. Switched the package used to render rich text fields.
React-scripts or is it create react app, I don’t recall. Back end packages no long work as is on the front end. Or something like that? On huge projects, who’s got the budget to address this to get the project up to date?
This has to be a world wide thing. There is way to many moving targets for every company to have all packages up to date.
It’s only a matter of time before an exploit of some sort is found and who knows what happens from there.
Supermarket employee here. We have a “fresh” fish counter selling stuff like whole mackerels and raw salmon fillets and the like.
Each and every one of these has been frozen at least once - this is a mandatory health hazard prevention thing (to kill off parasites etc) and also basically the only food-safe way to transport them in great quantities over long distances without them going bad. They get delivered frozen solid, get thawed behind the scenes and then put on display / on ice for customers to buy. And then they’re lying there all day long until someone happens to buy some … people still treat the pre-packaged fish from the frozen foods aisle as a second choice, even tho those have NOT been lying around half-thawed in the open air for 10 hours straight.
Long story short, “fresh” fish from the counter is less fresh than the frozen stuff, despite customers commonly believing it to be the other way around.
Hold up, you mean that market in the middle of nowhere (like Kansas) with “fresh caught” fish was not caught by my local fisherman.
Shocked, I tell you 😂
Oh you’d be surprised … by the way, the same goes for literally everything at the bakery counter. Heard a customer complain once that she won’t ever buy pretzels in the store again because they weren’t actually freshly made, the employees just tossed prepackaged frozen pretzels ino the oven yadda yadda … uhhhm lady, do you really think they’re kneading dough behind the scenes?! Never wondered why your croissants, bread rolls and the like always have the same shape, size and weight? It’s almost as if they were made in a factory or something …
…yet these, too, are treated like first choice over the frozen bread rolls you can bake at home, because “a real baker made them” …
The bakery part hits me especially hard, I’m living in germany, where many people are proud of the bread culture, and you basically need to look for artisan bakeries to get stuff they actually made themselves instead of having frozen stuff delivered and just baked in the store. The saddest part is most people don’t realize, while still writing comments online about how “american bread is just sugar”
If you’re ever in San Francico there’s this hole in the wall Bob’s Donuts on Polk Street, go there after 8pm and order whatever was just made. Eat a five-minute-old donut.
Bob’s supplies most of the cafés and donut shops in San Francisco, and tapping the source is a fast way to becoming a donut snob and addict.
Inside almost every arcade cabinet is a Dell Optiplex running Windows 7, or 10 if its really recent. There’s no such thing as an arcade board anymore, they’re all Dells, or sometimes those HP mini PCs, usually with the protective plastic still on.
Daytona even uses a Raspberry Pi to control the second screen. SEGA intentionally ships those with no-brand SD cards that consistently fail after 3 months. It’s in their agreement that you’ll buy another card from them instead of just flashing the image onto an SD card that won’t break.
The Mario Kart arcade cabinet uses a webcam called the “Nam-Cam” that is mounted in a chamber with no ventilation, which causes it to overheat and die every few months, so of course you’ll have to replace those too. The game will refuse to boot without a working camera.
Oh yeah also all arcade games with prizes are rigged. All of them. We literally have a setting that determines how often the game will allow wins.
Oh yeah also all arcade games with prizes are rigged. All of them. We literally have a setting that determines how often the game will allow wins.
One time on vacation, my little sister and I found a crane game in the game room of our hotel that was clearly over tuned - basically every button press was another win, it was great. We still remember it fondly. A stupid thing, but even at that age we knew these are usually scams and we we’re stoked to just basically get cheap toys.
It’s in their agreement that you’ll buy another card from them instead of just flashing the image onto an SD card that won’t break.
Sounds like it’d be pretty simple to just replace it and not tell them. If they tell you they know it should’ve broken down by now, just ask, “Why, did you intentionally sell me something defective?”
Psst, that’s another secret
If I was to open up a classic video.game arcade and run it entirely on downloaded roms is someone coming to take me down?
Yes. You have to have a license to charge people money to play those games.
Otherwise you would have seen a ton of arcades open already
Edit: I only know this because I asked a guy who ran one. His machines were in pretty bad shape and I inquired why he didn’t just do as you thought.
[in the US] your insurance dictates your healthcare, not your disease, deformity, symptoms etc. If your insurance pays for an allergy test, you’re getting an allergy test (even if you came in for a broken arm). If insurance pays for custom orthotics, you’re getting custom orthotics (even if you came in for a wart removal). We will bill your insurance thousands of dollars for things you don’t need. We’re forced to do it by the private equity firms that have purchased almost all of American healthcare systems. It’s insane, it’s wasteful. The best part is the person who needs the allergy test or the custom orthotics can’t afford it, so they don’t get the shit we give away to people who don’t need it.
I would gladly kill myself if it meant we got universal healthcare, but private equity firms can’t monitize a martyr so it would be pointless.
Fuck everything about the current US healthcare system. The US can be so much more, can be so much better, if we could somehow just make a single percent stop fucking over the other 99%
When your favorite band cancels their gig because the lead singer has “come down with the flu”, that’s industry code for “got too wasted, and is currently too busy getting alcohol and possibly drugs out of their system to perform”.
I even worked one show that had to end after 20 minutes because one guy in the band was visibly under the influence, refused to play, talked to his hallucinations, then spent a few minutes talking to the audience about how his foot was evil and wanted to kill him, before the tour manager could drag him off stage. Then he tried to assault several backstage staff for not allowing him to cut off his foot. This was on a tour that promoted alcohol free rockshows btw, so we didn’t provide alcohol to the artists backstage. God knows what he might’ve purchased from our local street dealers lol.
The next day in the papers, the headline says “[the band] cancels first week of reunion tour after flu outbreak” 🙃 Yes, of course
I always wondered why Paul Westerberg caught the flu so much. When I finally got to see him live a few years ago he definitely was coming down with the flu on stage.
Private mental health providers in the US are pretty unsupervised and have a conflict of interest in that they make more money by keeping their patients/clients unwell, which can lead to negligence and abuse. The only thing keeping in line is the possibility of someone informed and insightful enough to report them to the licensing board or pressing a lawsuit.
For example, if a provider has poor integrity, it is in their best interest to not treat depression, but rather help the patient/client feel good for the moment. What the patient/client experiences is that they feel better when they see their provider, so they become dependent on their provider. This ensures the provider a reliable source of revenue.
Another issue is that masters level therapists, while capable of providing treatment for simple cases such as a clear depressive episode, are not properly trained to conduct thorough assessments for complex cases, meaning they can misdiagnose quite easily. Complex cases would be better treated by a well-trained psychologist that can conduct thorough psychometric assessments that are quite sophisticated and take lots of time to analyze. These services are costly and the vast majority of insurance policies won’t cover them.
Relevantly, yet another issue is insurance for mental health. Most insurance policies that pay for mental health services pay low, so the care you receive can be substandard since the more effective providers are charging what they’re worth in a market economy. One example that comes to mind is Better Help. They pay providers insultingly low, like around $30/hour, while effective providers are charging ~$150/hr out-of-pocket. That means that when someone uses Better Help to obtain care, they’re getting the bottom of the barrel therapist.
Lastly, the majority of family and marriage therapists aren’t properly trained in narcissistic emotional abuse. This can mean that therapy would not only be a waste of time, but can make things much worse as they can help the narcissist abuse the victim even further. Narcissistic abuse is quite complicated and requires a relationship therapist that specializes in that to properly assess and help the victim escape.
Tips: If you have been seeing a therapist for 12 sessions, and you haven’t realized any considerable long-term changes, find another therapist. Also, if your therapist doesn’t call you out on your bullshit, let’s you ramble about tangential matters, or focuses on helping you overcome specific weekly struggles, rather than helping you develop skills and restructure deep cognitive matters to address them yourself, find another therapist. An effective therapist would develop a clear treatment plan with you that aims to meet objectively measurable goals within a certain time frame.
Note: I am not a therapist. I have just worked in the mental health field and have friends that are therapists.
Restaurant manager here, been doing this for a few decades. You do not want to know just how much leeway we get with basic sanitation. Seriously, be very thankful that you have an immune system.
Not a restaurant manger, but I worked for Sbarro’s back in college. The one on campus wasn’t bad, but the one in the mall? We had pizzas sitting under heat lamps for 6 hours or more before they were bought, tossed in the oven for a second, and then handed to the customer. They had to search for gloves because I was the only one who wanted to wear them.
At one point, I needed to put pepperoni on a pizza.i told my manger I couldn’t because the pepperoni was moldy. My manger reached into the bag, pulled a small handful of moldy pepperoni out, threw it out, and declared that rest of the bag perfectly good (without even looking at it).
It’s been 30 years and I still can’t eat at Sbarro.
IMO, for the average, healthy customer, the sanitation requirements are overkill. But not every customer is, so the rules help protect the less healthy customers.
The biggest thing about food, is most of it is pasteurized by the cooking. Raw foods like salads are the ones that need a much higher standard.
I can guarantee you that many of the rules keep even healthy guests with solid immune systems from getting sick or even dying. The FDA Food Code is like 700 pages. There are A LOT of rules. Many seem overkill from a layman’s perspective, but they protect against unlikely but serious consequences. There are a ton of ways that contamination can occur, even after the food has already been cooked.
That you don’t notice is just a good sign that you’re eating at safe places.
The worms in those strawberries are just some extra protein.
And that is why the Snozzberries taste like Snozzberries!
Not worried about that as much as things that scurry. Barf.
If you want to feel the thrill of hunting some scurrying critters for extra protein, you can get the protein activity package. It’s normally only 17.99 €, but if you also bring a friend, you get a -50% discount.
Wow on sale! Sign me u— waitaminit…
Phone systems that give you the prompt, “Press # for more options” etc are called Interactive Voice Response (IVR) systems. If you encounter an IVR that asks for credit card info, social security number, etc, don’t enter it in! If you stay silent, you will usually be routed to an agent, though that varies on whichever system you are calling into.
Even if the system is designed for completely non-nefarious purposes, the IT people who maintain the phone system can analyze call logs to pull electronic keypresses (DTMF) and reconstruct every digit entered to capture your data. Most IT people would never consider abusing this access, but some organizations contract or sub-contract their phone support out to the lowest bidding third parties and might not do a great job of vetting their techs.
Giving this information to a live agent has its own risks, but if you initiated a call to a documented telephone number for the organization you are trying to reach, it is generally a safer option than keying in sensitive digit strings to an IVR. It is much harder for anyone outside of the call center to scan recorded audio for information like this. (Though technology is closing that gap)
I used to work as a contractor for an environmental remediation firm. All the waterways that you joke about not swimming in are actually full of some awful carcinogen. Old industrial plants dumped awful chemicals for years and years. Some of these issues are being slowly addressed, but regulation is always well behind the science. But often, if the liability is significant enough, companies will spend millions of dollars a year to kick the can down the road doing studies and monitoring so that they can avoid what would be hundreds of millions to actually remediate the problem.
Accounting is a goddamn mess. There’s lots of mistakes in accounting, finance, banking, etc but we’re supposed to act to outsiders like they never happen. Publicly traded companies (US) get audited every year, but no audit company would give a paying customer a failing grade. New grads are funneled into working for public firms - the 10 or so companies that cater to the world’s audit, tax, and consulting needs. They’re supposed to teach discipline, but in reality they only teach you security theater. You’re worked to the bone until you either burn out or agree to perpetuate the system to keep your job.
And the only reason it continues to work is society’s social contract agreeing that it has to work because we don’t have any other options. All it takes is the rumors that the idea is failing - like in the silicon valley bank run - and we’re all out of luck. With the speed of information these days all it takes is a few minutes for a situation to spiral out of control. It’s bonkers.
I got into accounting because I enjoyed bookkeeping in high school. Now that I’m in it I refuse to work for anything larger than a mid sized, non public company.
Accounting, just like economics, likes to pretend it is a hard science when in reality is it close to reading tea leaves.
So basically, everyone is full of bullshit and lying to keep the system working.
Why am I not surprised?
Social security would be a ponzi scheme if it wasn’t done by the government. System only works because new younger people are “convinced” to put in money to pay the old in hopes that new younger people will pay them in the future.
The social security liability is currently 23 trillion. If no new people started paying in and everyone wanted to cash out, they couldn’t get a dime.
We are 33 trillion dollars in debt. 33 trillion.
If we as a country ever tried to cut spending and save money to pay that down, our economy would collapse so fast.
Social security was designed to be that way, it’s not a secret or anything. It’s how the system was set up and it’s how it is supposed to work. Today’s workers fund today’s retirees.
Except it was built with the assumption that everyone would continue to have 2.5 kids, and skilled immigrants would keep making the US home, and the economy would keep growing and growing forever, and retirees would die off a couple of years after they retired.
All the base assumptions on which the system were built were shaky. People are having fewer kids, so there’s less money coming in. Retirees are living longer so they need more benefits. People who paid hundreds of thousands into the system during their lifetimes are requiring millions in benefits at the end of their lives. But, people are having fewer kids and so the bottom of the pyramid is shrinking.
More immigration would help, but we’re just too damn racist
Loading animations on websites and some apps that give you a percentage and messages about what’s going on are usually faked with animations. The frontend for things like that usually just puts fake messages and animations because it’s not easy to track the stages of complex steps happening on the backend. It’s possible in some cases but I don’t think I have ever seen a real working version of a loader like that in my 15 years of experience.
It is virtually impossible to remove yourself from advertiser’s rolls.
Thanks to the new CPRA regulation, you can ask companies to delete everything they know about you. Great!
Except that the way the law is written, that often includes deleting the fact that you asked to have your data removed. So the next time they get your data from a broker, (or the next time a broker gets your data), you’re right back at square one.
In theory, if you managed to send simultaneous requests to every company that’s holding your data, you could wipe the slate clean…until the next time you used a website.
There are so many data sets out there that we are all a part of. And if your data is in just a single one that didn’t get wiped, everyone will end up with it again as a matter of course.
