I worked there and I can say that this is not accurate at all. It is very much a blame culture. I've seen people fired for less severe incidents. Beyond the core technology of the Pillar engine, the place is not comparable to a modern tech company in almost any way.
As somebody who worked with them as a client, I can confirm this. There is currently a spec-level bug with their core Pillar engine and it was essentially bounced between several different teams and ultimately ignored as nobody's problem.
How does them being a securities exchange in any way affect the analysis of their software engineering practices? They're not some special snowflake, they can suffer the same software engineering and business process issues as other companies.
But they are. The consequence of a one-day or one-hour shutdown on their system is exponentially worse than most any other. I would expect them to have more rigorous systems, including more rigorous attention to development. Comparing the NYSE to any other business is like calling Fort Knox just like any other bank vault.
I disagreed with you until: "...like calling Fort Knox just like any other bank vault."
Interesting point that teeters on false equivalence. I think AWS or Azure might make for a better analogy. Your point identifies the inherent risk of actually operating a platform business. A bank vault is (mostly) synonymous with Cloud, in this context. If a vault is robbed or a cloud goes offline, losses extend beyond the business which inherently compounds the severity of downtime.
But if a cloud goes offline, there is damage to the economy linear to the length and breadth of the outage. Sure, there are losses to businesses serviced by the cloud's users, but they'll bounce back, even if a day-long outage was so severe as to temporarily ground flights and halt supply chains.
If a stock exchange executes trades at incorrect prices, even for a short amount of time, all of a sudden you're in a kind of non-linear sigmoid regime, where investor confidence can suddenly tip into panic selling and recessions can be triggered. Thankfully, that didn't happen here, but it could have. If you're going to give a company that power, you should better hope that they're held to higher standards than most dysfunctional tech organizations!
"If a stock exchange executes trades at incorrect prices, even for a short amount of time, all of a sudden you're in a kind of non-linear sigmoid regime, where investor confidence can suddenly tip into panic selling and recessions can be triggered."
No company or organization is immune to bad business practices.
Them being a securities exchange does not somehow provide immunity from developing rigorous systems which have oversights, or make bureaucracy magically go away.
Likewise, the impact of an outage being more extreme does not mean the people there are infallible. Things slip through. Especially random customer requests being bounced around from team to team, the thing in question.
Then somehow we are in agreement. It is my impression that you were saying precisely the opposite, that why should we focus on NYSE's bad practices over others'? Well the answer to that question is, this is a thread about NYSE under a post about NYSE. And besides, we should be, if anything, more scrutinizing of their practices because of the outsize effect that disruptions in their services would have on the global economy.
I used to work for a small startup, and postmortems were truly no blame - engineers would talk about exactly what happened and wouldn't hesitate to put the blame on their mistakes.
But as the company grew, the postmortems became more about blame since now you're not blaming an engineer, but an entire team so singling them out isn't personal. The postmortems were no longer a single engineer describing what happened in his code, but were team leads talking on behalf of teams. They were all about shifting blame from your own team and talking about why a service from another team led to the problem, even if your team could have (and should have) been able to work around it without melting down.
I'm no longer at the company, but Postmortems are much more useful when they really are no-blame because you can get to the real root of the problem, but I don't know if that's possible in a large company.
This happens within big organizations that are large enough where they start having that internal small company feel within units. I would say a good program, which could be small or a chunk in a massive org, does a blameless post mortem.
A few years back, a task to modify an index was given to a scrum team. The lead was away and the senior people could not be bothered. The junior developer stack overflowed an answer, asked for review, tested the script and let it rip. She missed that the change deleted everything if you noticed. Every environment, every data center wiped out. 10B records in each prod instance. Lessons were learned and processes fixed. She was not fired, but rather became one of the people safeguarding the keys to our prod kingdom as we fixed out broken process. I stole her away as my first report when I switched groups.
Suddenly I don't feel so bad about deleting an entire PVCS repository (happily answering 'yes' to all the 'are you sure?' questions) at 4:30PM on a Friday.
Having been in the industry for a couple decades, and having worked at both, they're not all that different. Some groups are going to be better than others in the same company. Some companies are floating on venture money today, and might disappear tomorrow. Most technologies constantly cycle. Our experiences working at the same company were different.
Blame cultures and process cultures are both problems in different ways. Blame cultures don't care about individual accountability, only that someone suffers. Process cultures only care that no one suffers, not that individuals are accountable. Both have some misguided notion that something other than personal accountability can lead to good results. Misattributed blame and suffering does not deter poor performance or mistakes. Not even correctly aimed punishments are very good at that. Accountability isn't about punishment, it is about limiting power to the level of responsibility demonstrated. Rules and procedures don't prevent poor performance, they can in fact entrench and guard it, and they only mildly impact mistakes. Best practice can mitigate mistakes to the same extent or better (due to easier adaptability), but people keep trying to turn them into rules, and that has to be fought. If you followed all the rules but didn't get the job done, you still shouldn't be handed the same task again, but not out of blame.
I was on a severely understaffed edge team fronting several thousand engineers at a fortune 500 - every deploy felt like a spacex launch from my cubicle. I have a lot of reverence for the engineers who take on that kind of responsibility.
Is there any open source, embeddable alternatives or frameworks? I've got an ETL DSL that is fully serializable and I've been looking to create a UI tool for it.
I don't know of a solution for ETL DSL -> UI but https://github.com/lowdefy/lowdefy goes from a DSL to internal web apps. Perhaps some inspiration could be taken from there. Good luck!
Perhaps you can have them provide an access key instead? I vaguely recall seeing a button on a 3rd party platform that let me configure my DNS in Cloudflare to route to the 3rd party. Not sure how that flow worked to be honest, but I believe there is some programmatic way to delegate.
Any suggestions on where to start to use this as a LTE uplink that reads from an SD card and uploads images? I'd like to replace my expensive faulty game camera subscription.
In case you aren't familiar with the details of consumer RF standards (including IEEE 802.11, but especially LTE or anything cellular related) or don't have some prior RF knowledge: To put it mildly, LTE is not an easy standard to implement on an SDR, especially if it's your contact with SDRs. Even GSM is nowhere near a simple stack.
If you want to get a feeling for what kind of cellular projects are possible using SDRs from a hobbyist/free software perspective, have a look at the Osmocom (Open Source Mobile Communications) projects [1] as well as Harald Welte's blog [2] (one of the main Osmocom contributors). The Osmocom projects are focused on the carrier side of LTE/GSM networks AFAIK.
Another warning: While cellular technology involves lots of networks, it is completely different from the standards and terminology used in the Internet. For example, citing the description for OsmoHNBGW:
"An Open Source implementation of a HNB-GW (HomeNodeB-Gateway), implementing the Iuh, IuCS and IuPS interfaces. It aggregates the Iuh links from femtocells (hNodeBs) and presents them as regular IuCS and IuPS towards MSC and SGSN (such as OsmoMSC and OsmoSGSN). It uses M3UA as signaling transport."
The description totally makes sense to an insider, but if you only dabbled with TCP/IP, routers and switches so far, be prepared for learning a whole new world of networking terms.
If you are familiar with RF/cellular engineering and/or if you're trying to do this on a corporate budget then you probably already know what I mentioned above, and your project can certainly be realized for $$$.
If you're looking for a one-off DIY solution then you could use something like a u-blox SARA-R4 [3] modem (for NB-IoT/low bandwidth). Similar boards with higher bandwidth also exist.
> If you want to get a feeling for what kind of cellular projects are possible using SDRs from a hobbyist/free software perspective, have a look at the Osmocom (Open Source Mobile Communications) projects
Just want to say these guys are absolutely awesome. I got a great hobbyist discount on some hardware from them for a project I’ve admittedly fallen behind on.
My only complaint was lack of documentation, but the source code of their stuff has been reasonable enough for me to read and get stuff working.
No, the daily key is not broadcast; instead it's used to generate a series of rolling identifiers to broadcast. The rolling identifiers change much more frequently. The daily keys don't leave the device until/unless filing a positive diagnosis report.
As we know from the Bitcoin wallet problems, generating random private key and verifying that it's random is an extremely hard problem. For this reason I wouldn't use any contact tracing app that is not open source.
