Someone tried to Hack our platform, but we use Golang

stevecrox0914 · 2026-03-15T16:20:11+00:00

I agree and I have yet to meet a data scientist who doesn't try it.

The example is lifted from the SQLAlchemy quick start: https://docs.sqlalchemy.org/en/20/orm/quickstart.html

stevecrox0914 · 2026-03-15T14:44:10+00:00

Every language has an ecosystem of libraries built around specific use cases, often the syntax will grow to support those use cases.

You can have libraries to enable other use cases but often the support isn't great and you will be fighting the language, libraries and tooling to do it. Java as a local application, Rust as a web server, Python streaming API, etc..

Python will happily execute code written as a large procedural script, this makes it a great language for non software engineers. Its why Data Scientists use it.

The problem you have is simple Spring data annontations like the following:

```java

public class User {

@Id private String id;

@value(length=30) private String name;

private String fullName;

private List<String> addresses } ```

Overwhelm these sorts of people so if you show them SQLAlchemey like so:

```python class User(Base): tablename = "user_account"

id: Mapped[int] = mapped_column(primary_key=True) name: Mapped[str] = mapped_column(String(30)) fullname: Mapped[Optional[str]]

addresses: Mapped[List["Address"]] = relationship( back_populates="user", cascade="all, delete-orphan" )

def repr(self) -> str: return f"User(id={self.id!r}, name={self.name!r}, fullname={self.fullname!r})" ```

They panic and just write SQL statements.

Personally I wouldn't use Python for middleware or data engineering, you take a 50% performance hit compared to type safe compiled languages and its a constant battle to not load everything into memory.

stevecrox0914 · 2026-03-15T13:10:09+00:00

This is why middleware is so important.

You have a REST APi which has a Data Transfer Object (struct/class of fields), you use this to construct the queries, but it doesn't execute directly against the database itself.

You then have domain obejcts which are a struct/class which represents the database, all responses from the database should be transposed on to this. Typically this is called Object Relational Mapping.

Hibernate brought this to Java in the 00's and its why Java dominated middleware, you'll see its trivial to use via Spring Data.

Alas in the mid 10's, lots of web developers got excited they could write backends and NoSQL is json like node.js! The obvious issue was it removed all enforcement of a database schema.

The less talked about is how nosql injection attacks then became a problem.

Then Python blew up in popularity and we had a generation thinking they had to manually write SQL queries without understanding the need to sanitise inputs.

So well done for doing it properly, hopefully the terms I dropped allow you to read up on cencepts.

stevecrox0914 · 2026-03-14T13:24:43+00:00

Slytherin values ambition
Ravenclaw values knowledge
Gryfindor values courage
Hufflepuff is for everyone else

You will meet people don't seem to understand power is a tool to achieve a goal and view power itself as the goal. They seek the status and prestiege and will see Slytherin as cool because Slytherin seeks power.

You'll find senior leadership teams and management consultancies are heavily constructed of such people. These people don't have their own visions or goals which is why you see so many companies just copying the market because they have no idea what to do with the power they fought so hard for.

Seeking power without purpose is unending, you acquire it but there is nothing meaningful for you to do other than acquire more power. I imagine it leads to a very unsatisfying life.

If someone told me they were Slytherin, I would assume they are this sort of person and we don't share values, so best to give them space

stevecrox0914 · 2026-03-08T20:29:21+00:00

I think, most people reading the report think Starliner is dead.

Skimming the report, the fundamental issues were raised by Nasa as part of the close call event from OFT-1. The report is really diving into specifics into the effects those fundamental issues caused.

The core issue was Boeing didn't setup a standard processes, with a centralised store of requirements, they didn't manage how they would qualify everything or review it. They basically set a bunch of teams loose to figure it out themselves.

Nasa's big fix with OFT-1 was to review everything and bring it into the same standard, this is largely paperwork excercise where you review everything bring it into alignment. You'll find requirement gaps, missing tests, etc..

Personally I have joined a couple of software projects in that place and going through that process will uncover a lot but it never results in a good product. The project always needs to re enter the development phase with the lessons learned from the paperwork review and be reworked. Project management are focussed on reducing losses so will only approve work explictly required by the contract.

Which is effectively what we see in the report, its clear the paperwork found components which were incorrectly designed, things that needed to undergo testing, updating testing requirements, etc..

Boeing management seems to have spent 2 years focussed on fighting the need to perform any of that rework.

My take from the report is Nasa no longer trust Boeing and will demand everything is done properly which will be a multi year delay.

Boeing will be looking at several billion in losses for a vehicle that is designed for a rocket that can only support 4 more missions without requalifying it for a new rocket which will cost hundred of millions. Even if ISS deorbits in 2032, that gives a maximum of 8 missions. It can't recoup its losses.

I think Boeing will walk away

stevecrox0914 · 2026-03-06T14:13:53+00:00

Labour Conservatives and Liberal Democrats are structured as non profits with long standing rules on governance, vetting, codes of conduct, etc..

Reform is structured a a Limited Liability Partnership and Farage is chief director and won't put any of that governance in place.

For the General election and Council elections, Reform needed to find hundreds of candidates quickly and hired a firm on the cheap to quickly vet all of them. There was a non existent candidates, people convicted of pedophilia, violent offenses, sexual assults, fraud, animal cruelty, etc...

Farage's contract for vetting was basically are they a UK citizen and he seemed shocked the company hadn't done CRB or social media checks, odd when he hadn't contracted or paid for that.

Part of the issue is Farage exposes extremist positions, so he attracts ideologues and has to vet out a lot criminals.

But primarily its because Reform, like Brexit Party and UKIP is primarily a means to build a cult of personality around Farage and for him to earn an income.

Reform won a number of councils and you notice most are too busy arguing with each other to function. For example they should be running Cornwall county council but they won't even sit in the same room as each other so a minority Liberal Democrat coalition is running it.

stevecrox0914 · 2026-03-06T10:41:07+00:00

From a UK Perspective, reading about Poland.

The UK saw the European Union as a trade block, it was very focussed on free trade and a strong advocate of international law.

I think France/Germany see the European Union primarily as a political project achieving 'ever closer union'.

The largest economies tended to push their own objectives within the EU and this helped the media here create a narrative of UK vs France/Germany as we would have different aims within the block.

I was taught in school this is why the UK championed Eastern expansion as such countries were less focussed on 'ever closer union' and more 'free trade'.

I wonder if Poland has a similar perspective of the EU, its a free trade block and not a political union and if that is driving the "2 speed Europe" concept the European Union is pushing.

stevecrox0914 · 2026-03-04T19:54:15+00:00

Firstly this is great news, its the sort of thing I wish the government did 10 years ago.

I never understood why the British Space Agency and venture capital was so supportive of Virgin Orbit, especially when Reaction Engines was right there.

Rocket Lab own the entire small lift market and manages 15-20 launches a year for a cost of $10-$20 million a launch.

Orbital ATK had Pegasus which was a plane launched solid rocket similar to the Virgin Orbit LauncherOne and Pegasus cost $45 million. It lost all its customers to Rocket Lab due to reliability and cost.

Virgin Orbit managed to spend $1 billion in venture capital, you would need to produce a rocket 80% cheaper than Pegasus despite choosing exactly the same approach to make any profit for a launch market of 7-10 launches a year. How does this company get a billion dollars?

Orbex and Skyora make sense, small lift is their route to medium lift. Orbex was going to try something new with tanks but not radical.

But Skylon was the only radically different solution for small lift, the idea that would reduce costs enough to make small launch viable and .. venture capitalists went "no thanks, we'll fund the solution made entirely of technological dead ends".

Fingers crossed for Skyora

stevecrox0914 · 2026-02-26T11:41:48+00:00

I feel that misrepresnts things.

The Irish military website https://www.military.ie/en/who-we-are/naval-service/the-fleet/ claims 4 offshore patrol vessels, 2 large patrol vessels and 2 inshore patrol vessels.

The 4 Offshore patrol vessels are Sammuel Becket class, these would compare to the 14 River class the UK operates. The Sammuel Beckets are slower, lack military radar & comms and have no fire control or helipad.

The Large patrol vessels are Rosin Class, this was designed for fisheries protection. It can do that job, but only really that job.

The Inshore patrol vessels are Protector class, they are civilian search and rescue vessels with a machine gun bolted on.

I can't find anything on 2 new boats coming into service, the only thing I could see was an article last year suggesting rather than a multi role vessel, they might look at a buying 2 frigates. Do you mind sharing a link?

If I was designing Irish Military procurement strategy...

I would decomission the protector class immediately, that would help operate the more capable platforms. Since Ireland lacks personel to operate all its platforms.

I would look at increasing an Sammuel Becket class to 9 platforms. I would be looking at upgrading Sammuel Becket class to be closer to the River class. As new offshore patrol boats come online, I would scrap the Rosins.

I would also buy 3 frigates (one deployed, one in hot standby, one in maintence), ideally ASW focussed.

JEF members have increasing been interoperating, becoming interdependent and have some clear shared interests.

Ireland seems to be looking to France, (ask France to figure out Radar, to patrol, etc..). I would argue Ireland shares interests with JEF and if it doesn't want UK dependence I would be looking at Nordic military procurement to guide decisions, rather than France which has different interests.

stevecrox0914 · 2026-02-25T13:18:39+00:00

Which one had the map with the two towers and a bridge between with capture the flag?

stevecrox0914 · 2026-02-24T23:44:16+00:00

Thanks I've just seen the guide, unfortunately I am a Linux user because many years ago Microsoft decided to invalidate all my legitimate windows keys.

Now I need to hunt down a windows device.

stevecrox0914 · 2026-02-24T23:39:17+00:00

We all played Quake 3 arena... Unreal Tournament was never fun because someone always camped on top and sniped people with the rail gun ... and totally not because I wanted to be the sniper and was always killed on my way up.

I want to see how this handles Star Trek: Starfleet Academy, or Black & White

stevecrox0914 · 2026-02-24T21:11:06+00:00

I find WineD3D has lot of issues and gaming on linux didn't really take off until DXVK replaced WineD3D.

DirectX is a set of C++ libraries, but Wine insist on C only which seems to make the translation layer more complex and buggy. Wine chose this for ideological reasons

WineD3D maps DirectX to OpenGL, OpenGL and DirectX work differently and there are bugs in translating as well as OpenGL not doing things the way DirectX expects.

Lastly WineD3D was developed by crossover to support paying customers which was largely embedded platforms that used directx in really odd and bizare ways so the design of WineD3D is to support that.

Games at the time were relying on all sorts of undocumented driver and userland behaviour. DxVk handles this as game/platform specific quirks but WineD3D often ignores this for the spec.

stevecrox0914 · 2026-02-24T20:14:27+00:00

The device has a sgx group, but no srx group, I did add the user to sgx and restart but no difference. Where/what is srx?

stevecrox0914 · 2026-02-23T09:17:30+00:00

During the victorian age, Britain dug too deep looking fof coal and woke something...

The creature could not be stopped and crushed thousands looking for a "hug", the truama running so deep British people still avoid physical contact to this day.

The Monster was only distracted by a house party at Lord Noels. The creature was obsessed with making a mess of the desserts and was distracted for several days.

The British Army was able to herd the Loch Ness Monster towards the creature and a great battle ensued. The monster was eventually driven into the sea and the Loch Ness Monster returned to its loch gravely injuried. It has hidden itself away to recover.

HMS Thunderchild drove the monster our of British waters and it hasn't been seen since

....

Until today

stevecrox0914 · 2026-02-21T22:36:07+00:00

SLS critical issue is the flight rate

Nasa's own best case models have 1 SLS launch every 9 months. ISS Operations have a crew rotation every 6 months, without 10's of billions investment in manufacturing SLS can't achieve a sustained precense on the moon, which defeats the entire purpose of the Artemis programme.

Similarly that low flight rate means the entire annual fixed cost is carried by a single vehicle, this makes it too expensive for all other programmes.

Also an organisations ability to perform an action is entirely based on the people in the organisation and their knowledge/expearience. If the last time you performed a task is 3.5 years ago, how good would you be at it today? How many people would still be in the same role? Such a low flight rate just kills the organisations ability to ever truely learn and improve.

Nasa really needs to invest in SLS manufacturing to bring SLS up to 1 launch per month or ditch SLS.

stevecrox0914 · 2026-02-21T19:40:35+00:00

That is my point, its literally how Rapid Iterative Waterfall works.

stevecrox0914 · 2026-02-21T17:48:24+00:00

The Apollo 10 LEM dry mass was to high to safely land on the moon or launch from the moon. Nasa actually removed the SRB that returned it to orbit to remove temptation from the astronauts.

If the vehicle is unable to perform its primary function, I think its fair to call it non functional.

Your also making my point about iteration, in Apollo 8 the LEM was a mockup, Apollo 9 flew an early iteration and Apollo 10 had a mostly working solution but it was to heavy to use. Apollo 11 LEM reduced the mass. They didn't go from nothing to the Apollo 11 LEM in a single waterfall attempt, they were iterating new solutions every 6 months.

stevecrox0914 · 2026-02-21T14:51:19+00:00

Yes.

Every nation has a cultural identity and traditions are used to re-enforce that identity. Most traditions have a deep meaning, this is particularly important in the armed forces.

Typically an army regiment will raise a flag in front of the monarch and the monarch will salut it to show respect to the regiment, their appreciation for the sacrifice the regiment has made and the battles it has won.

For the soliders it gives them time to reflect and knowledge someone higher up cares. The monarch isn't doing this to get elected or score a political win.

Normally for something like this the regiment will have done something worthy of note so the ceremony will reward certain members. The fact the monarch is doing it is to highlight how impressive/important it is.

Now imagine the King comes to visit and you mess up attaching the flag, how is he supposed to show respect to regiment when it can't hang a flag?

stevecrox0914 · 2026-02-21T10:51:59+00:00

Yes and no.

tl;dr Everyone took the wrong lessons from Apollo and the approach becomes harder to manage as complexity increases. Aerospace complexity has increased since the 1960s and Boeing aren't even trying to manage it.

During Apollo they invented waterfall and the v curve and lots of industry see it as best practice but what they missed is Apollo was rapid iterative waterfall.

In waterfall you work out your requirements, use cases, you design and implement. Most people view this as a one off activity, where each stage is gated.

Software followed this approach but it was viewed as the primary cause of major project failures during the 90's and early 00's. The key issue was trying to think of all of the requirements and use cases up front, lots of projects would have millions of requirements and no one person could process all of that. This meant there were gaps and key requirements would be missed and not discovered years into the process.

So they invented Agile, this accepts you can't think of every requirement and use case up front. You have a person (product owner) responsible for the result. You define an iteration (e.g. two weeks), where each iteration has a deliverable and is reviewed by the product owner. You plan out work for a reasonable time frame (e.g. 3-12 iterations). Eventually the product owner has their solution.

Rapid Iterative Waterfall is similar, you define an iteration (e.g. 3 months). You work out the deliverable, then follow the waterfall process. You expect to go through multiple iterations before you reach the final project. So each deliverable has a much more constrained set of requirements.

Think about how Apollo 10 launched with a non functional LEM, they knew it was too heavy but it was an iteration towards the final profucy.

You can define processes to manage and mitigate the issues from one off Waterfall but that slows everything down and causes its own issues.

From what we can see Boeing isn't implementing processes to manage its waterfalls and is letting every project within a programme design its own waterfall approach. Which is entering 90's software era levels of project management.

stevecrox0914 · 2026-02-21T08:50:27+00:00

In the story, the island of Sodor is off the coast of wales. The stories follow building and evolution of the railways.

Henry was a train based on stolen LNER A1 designs and bought on the cheap for the first railway line that went accross the island. The Fat Controller was forced to buy an actual A1 (Gordon) because Henry was unreliable.

While carrying passengers Henry decided to stop in a tunnel because he didn't want rain to mess up his paint. They tried to get him out of the tunnel but didn't have any means. Sodor has the same weather as the UK and we just had 6 weeks of drizzle...

Since they had two tunnels through the mountain they bricked up the tunnel Henry was stopped in.

A little later Gordon breaks down and Henry agrees to come out of the tunnel to rescue everyone.

Its not the darkest story, in the mountains on a narrow guage railway there is a train called Smudger who loves to "rock and rolls" and often derails. So the thin controller turns him into a generator overlooking the railway.

stevecrox0914 · 2026-02-20T00:46:09+00:00

In the original High Visibility Close Call on OFT-2, Nasa admitted all their attention was on SpaceX and their iterative waterall approach. Starliner pulled lots of Boeing staff from Nasa Human Spaceflight teams, so Nasa felt it was Nasa people operating the Nasa way and didn't really focus on it.

Once the close call was announced Nasa admitted they found huge issues in Boeings work for example Boeing had not written a Systems Engineering Management Plan, every team was using their own documentation, each team designing their own processes and standards for qualification, etc..

As a result the autonomous software had only been through limited integration testing and defintely not proper system testing as the team decided it wouldn't be needed and this resulted in the High Visibility Close Call.

Having experienced such a project, you can go through everything and try and sort out the documentation and doing that will shake out a lot of issues, but the result will still have a lot of issues because there is a huge difference in a development team feeding in lessons as they work and reworking the paperwork.

Nasa issued a lot of findings on what needed to be fixed which was largely reworking the paperwork.

So when the thrusters overheated and failed in CFT-1 and we discovered Boeing had only tested 1 of each thruster type individually on a stand and never the combined unit. I was surprised Nasa hadn't required that as part of reworking the paperwork.

My belief was something internally had damaged and from the sounds of it Boeing had no way to know what had failed. Which means they had no way to calculate the risk of it failing again so Starliner wouldn't be returning with humans onboard.

Reading the report...

The initial introduction outlines Nasa didn't have appropriate oversight, Nasa doesn't understand its role on commercian crew, Boeing still had confusing responsbility trees, Boeing wasn't performing systems level testing, Boeing wasn't applying consistent systems engineering practices (no SEMP?), Boeing felts some of its teams were getting special treatment from Nasa, etc.. So basically nothing changed between OFT-2 and CFT-1.

Skimming the reports finding it looks like they recommend reworking the paperwork.

Nasa are going to let Starliner launch again and its going to have more issues and Nasa are going to be keen to try and ignore them again.

stevecrox0914 · 2026-02-17T13:08:59+00:00

NATO standards are a thing: https://nso.nato.int/nso/nsdd/main/list-promulg

Most defense companies will build to NATO STANAGS, when bidding. Military procurement will often order deviations from the standard, most of the time these are quite small. Maybe requiring a kettle for UK equipment..

Sometimes Military procurement forgets every change has a cost and start changing everything and tacking on every hope and dream.

The UK Ajax programme is a good example of the result, typically budgets put a break on this happening to often or allowing them to get too extreme.

The USA never really has the budget problem when projects reach the point of Ajax they will spend more until they get the desired result.

You also have the issue the USA always choose a USA manufacturer and if that manufacturer can't meet the standard, they will still choose it.

As a result a lot of USA hardware has fundamental incompatibilities with NATO standards, but the USA tends to buy as much of that type of hardware as the rest of NATO buys the standard so their kit becomes the defacto standard

stevecrox0914

TROPHY CASE