No surprise here. Honestly, their team seem to be lower skill or less experienced than I'd have thought.
I would never approve a production system as expansive as Gitlab's to only have two databases in a cluster. That is asking for trouble, and any {sys,db}admin worth their salt will tell you the same. As soon as you need to do anything on one database, you've just lost your cluster policy.
The lack of automation, especially around validating db backups, failover (not having the failover process scripted and tested is _begging_ to have a nightmare at 2am where you're reading documentation on how to fail over a db), etc.
The simple thing of having your hostname / $PS1 say the machine's purpose could have stopped this. All prod machines have a bright red PS1 and a clear name of <type>-<service>-<prod/dev/etc>-<region>-<dc>.corpnet in my setups.
All of this is reflected in their discussion style, meeting style, etc. Ad-hoc, not very carefully designed, random off-hand comments. Obviously a young team with a lot to learn. Nothing wrong with that, but a lot of customers are relying on their skills! Learn quick!
> I would never approve a production system as expansive as Gitlab's to only have two databases in a cluster. That is asking for trouble, and any {sys,db}admin worth their salt will tell you the same. As soon as you need to do anything on one database, you've just lost your cluster policy.
I do agree with you it reflects poorly on GitLab for only having a primary and replica, with broken backups.
BUT, they are a startup, and they need to be laser focused on growing the company and securing funding for the next quarter so they can keep the lights on.
This kind of pants on fire growth in a startup often (always?) comes at the cost of redundancy and best practices. If you stop to make your platform bulletproof instead of the new features you promised customers/investors, you die.
I'm not saying this is an excuse for them to permanently shrug off making their platform more redundant and engaging in best practices. But, as with many startups, they're focused on delivering features as fast as possible to grow their user base.
I think, and hope, that their recent outage has been the experience they needed to prioritize their shift toward more redundancy and best practices.
"BUT, they are a startup, and they need to be laser focused on growing the company and securing funding for the next quarter so they can keep the lights on."
Having run and sold a few startups and turnkey operations, let me tell you - if you don't focus on your core product first and foremost and demonstrate the utmost competency in it, you're just pissing money away and are likely to fail.
> if you don't focus on your core product first and foremost and demonstrate the utmost competency in it, you're just pissing money away and are likely to fail.
I don't have direct experience running/selling a startup, but I have worked for several as an employee.
In my experience, the product is important, but not necessarily the deciding factor in whether the company succeeds. Most of the success is down to the management team (e.g. CEO, CTO, CFO) being able to sell the company (and product) to investors during funding rounds.
Doesn't matter how good the product is, if management can't pitch it to get funding you're dead.
Obviously it is important to have a good product, but just look at Uber for example. Losing billions of dollars per year, with no clear path to profitability, and yet they're valued at something like $60B. Great sales/marketing by their management to investors!
"Doesn't matter how good the product is, if management can't pitch it to get funding you're dead."
Good products literally fund themselves and don't need outside investors. Just like drugs sell themselves, a good product will sell itself without the need for anything like marketing or investors. The money will naturally come.
It's a security feature, often malware will send encrypted traffic over 443 in an attempt to bypass firewalls. If BlueCoat can't understand the traffic, it drops it as it assumes it's malicious.
But the traffic is totally understandable -- the right action does not require knowing what TLS 1.3 is.
The way it is supposed to work is as following: there is a protocol negotiation when the connection is established (which is obviously unencrypted), which contains TLS version supported. If MITM proxy does not understand the version, it can just change these bytes to force hosts to negotiate at a lower version.
So the only reason BlueCoat fails is because the authors failed to implement force version downgrade.
The Bluecoat sales people did a number on you huh? Sounds really good until you ask 'why doesn't Bluecoat understand this traffic' - because it really should.
This is a failure to implement any version of TLS correctly, not just v1.3. (TLS has support for version negotiation including receiving a hello from a client with a future version, such as v1.3.)
Your greatest risks of all cause mortality are foods you eat, your car, and medical mistakes. I wouldn't worry about gun users very much as being a recreational gun user doesn't typically involve driving a car while intoxicated.
The OP's comment was a politically charged statement that sterotyped all white males. This is the same argument that Trump uses to de-facto ban Muslims.
Two wrongs do not make a right, and this kind of comment does not meet the hackernews guidelines for quality posts. I hope you reflect on your hypocrisy.
Windows constantly bombards you with elevation prompts, dialog boxes, etc. A large number of people literally do not care at all what the box says they just want it to go away so they can do the thing they were trying to do with their spreadsheet bob from accounting sent over so they can go home to see their kids at 6pm.
IME Windows 7 and above are judicious about the elevation prompts, at least compared to Vista. Sadly too many legacy apps still need those privileges. And those users who don't understand the risks may be more likely to be using that kind of older software.
Wow, that's great, so all the NYPD needs to do is grep through their text message database for "Can you come over?" sent to the same numbers over and over along with their other "code words".
There are secure methods of transmitting data that would not raise the suspicions of police or be trivially greppable.
Very surprised such "sophisticated" criminals let an obvious mistake through a published article. They should have bought a pentest from a reputable firm.
There are a lot similar services in NYC that allow you to text a number to summon a deliver person to your home. The only thing that makes this one unique is that they hire models.
I'm sure the NYPD is aware that these services exist, and I doubt it would be difficult to identify most of the larger ones and shut them down if the city cared enough to allocate the resources to do so. The fact that that isn't happening is probably an indication that no one cares. If that changes it will probably have to do more with the unpaid taxes than anything else.
Machine learning just on text message metadata can probably be surprisingly accurate on classifying relationships and situations like friend, lover, employee, breakup, drug dealer, prostitute.
which included some manual analysis and use of telephone directories and some automated analysis. (Their data set was tiny and derived from opt-in contributions.)
I'm still hoping to see, and maybe help bring about, better technical and legal protections for communications in my lifetime, or at least better technical protections.
There are those who cannot take vaccinations due to medical conditions and there are those who opt-out from vaccinations due to beliefs. Guess who suffers damage for no fault of their own ( not blaming the children of the parents who are making the choice ).
> There are those who cannot take vaccinations due to medical conditions
Those folks are relatively rare though.
Seems to me that living surrounded by contagion is part of the human condition, and that all of us have the right to take action to protect ourselves (and our children) from that contagion, but no-one has the right to violently force someone else to protect himself.
There's always a little chance of getting infected even with the vaccine.
Herd immunity makes that chance orders of magnitude smaller.
It's not about forcing people to protect themselves. It is about forcing people to not increase the chances of my kids dying of a completely avoidable issue, just because these other people believe in fairies.
No, this is the first I've heard that, but sounds like another myth made up to deal with the first one:
>"Since transplacental immunity and waning of maternally derived measles specific antibodies play an important role in determining the optimum age for vaccination of infants against measles..."https://www.ncbi.nlm.nih.gov/pubmed/10829850
EDIT:
It looks like you may have heard about IgA maternal antibodies, which are not the relevant type here:
>"The vast majority of maternal antibodies are of the IgG isotype. In humans, maternal antibodies are preferentially transferred before birth transplacentally, and in animals of veterinary importance, preferentially through uptake of IgG in the intestine from colostrum within the first 24 h after birth. These passively acquired antibodies enter the bloodstream of offspring and act as a protective shield throughout the body in the same way as actively produced antibodies. Sometimes IgA antibodies contained in breast milk are also referred to as maternal antibodies. However, there are important differences in the action of passively transferred IgG and IgA antibodies. Upon transfer after birth, IgG antibodies are present in the bloodstream of the neonate in a finite amount that declines over time. These IgG antibodies suppress vaccine-induced immune responses. In contrast, IgA antibodies are continuously supplied through breast milk from the mother and protect the gastro-intestinal tract against pathogens without having an effect on the immune response. For the purpose of this review, the term “maternal antibodies” will be used for passively transferred IgG antibodies."https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4165321/
Some people are unable to get a vaccine, largely if you are immunocompromised (new born, AIDS, extreme other sickness, immunosuppressors etc). By having a large portion of the population not able to transmit the disease you have herd immunity that protects those that can't get it.
You also reduce the load & cost to our healthcare system.
>"Some people are unable to get a vaccine, largely if you are immunocompromised (new born, ...)"
This is wrong. In the case of newborns they do not give the vaccine because the baby is already immune (which interferes with the vaccine):
>"The most important factor affecting the success of measles immunization is the disappearance of maternal anti-measles antibodies."https://www.ncbi.nlm.nih.gov/pubmed/14604165
Yes, it seems that vaccination of the mother leads to less protection of the infant. That is why some argue the vaccination age needs to be lowered:
>"An increasing proportion of children in the United States will respond to the measles vaccine at younger ages because of lower levels of passively acquired maternal measles antibodies.
[...]
Our data indicate that, in the future, when virtually all women of child-bearing age will have vaccine-induced immunity, the recommended age for vaccination may be able to be lowered further without diminishing vaccine efficacy"https://www.ncbi.nlm.nih.gov/pubmed/8545224
This isn't politically acceptable because people harbor a myth about the reason newborns are not vaccinated.
You're missing the "herd effect". There are cases where children are too young or have another health issue that prevents them from being vaccinated. These children rely on the greater population to be vaccinated and to help decrease their chances of becoming infected.
Some who are vaccinated will still contract the disease. Some cannot be safely vaccinated because of preexisting medical conditions. For both groups, herd immunity provides additional protection; herd immunity is frustrated by those who choose to not vaccinate.
vaccines are not perfect. Thus, some people who have the vaccine could get the illness. We rely on "herd immunity" to protect those people.
Also, some people are unable to take the vaccine, and again we rely on herd immunity to protect those people.
By not vaccinating their children anti-vaxxers are not just risking the health of their own children but are risking the health of the wider community.
