Step 1: have two datacenters in different locations Step 2: test that you can fail over to the other site regularly
That's it. That takes care of every single disaster you have listed, with one solution. There is no excuse to not have two sites for a company as big as BA.
I'm not saying 10-15% isn't a big deal. The meters need to be fixed, but 10-15% isn't 600%.
If lighting is not the main driver of your energy usage, then there is no way replacing your light bulbs with LEDs is going to increase the metered energy usage. Even if the LEDs are causing your meter to over-report, which would likely only happen under ideal conditions that are not your case, the energy saved by switching away from incandescents would more than make up for it and you'd still wind up with a lowered bill. Given that lighting isn't the main component of your energy usage, it's unlikely you'd have this issue at all.
I pulled that 10-15% figure out of nowhere, but it's an educated guess for the kind of effect you might see under ideal conditions for an actual household that might actually exist. You'd still have to use identical LED bulbs behind dimmers set to the same dim setting and have that be a significant portion of your energy consumption to get a significant effect with the flawed meters. It's difficult to say exactly what the effect with mixed loads will be, but the tests in the article have all the hallmarks of a pathological scenario, and my opinion it's all going to be mostly a wash for the majority of people.
On the other hand, it's worth noting that typical AC dimmers, in general, tend to be terrible from an electrical engineering standpoint. Meter shenanigans aside (though for the same reasons), they also cause tons of RF interference and have other issues, and often significantly shorten the lifespan of whatever bulbs you connect them to. You're beter off with DC/PWM dimming (e.g. lights with built in brightness control, not standalone AC dimmers) or smart bulbs.
Oh, I don't expect them to. Power factor requirements need to dealt with via legal standards - customers shouldn't have to think about it.
But in practice no consumer is going to have an electrical load equivalent to what this test used. It's just extremely unlikely in a home scenario. So even if you buy cheapo LED lights with a bad power factor, and even if you use dimmers, it isn't going to be this bad. Nonetheless, meters should be improved to better deal with this scenario - the testing standards for them need to be updated.
Again, I'm not saying that's *acceptable*. I don't know why everyone seems to think I'm some kind of advocate for the power companies or something.
All I'm saying is the 600% number is just pure clickbait intended to induce outrage. Yes, these meters need fixing, but there is no indication that this is some kind of conspiracy theory to overcharge customers. Measuring power usage accurately is actually a difficult engineering problem when terribly non-ideal loads are present, and the 600% figure came up during a practically worst-case scenario test, with meters using a particular technology susceptible to it (note that another tecnology under-measured under the same conditions, so it goes both ways). The problem is simply that meter testing standards do not test for this, so meters are not certified to be able to deal with it.
What's the actual effect with real-world loads? We don't know. Someone needs to run a better study to find out. The testing standards need to be updated to test a wider variety of load conditions.
The simple fact of the matter is that no meter is ever going to be perfect, and in fact, some load conditions will never work due to sheer physics. Industrial customers are actually charged higher rates if their power factor is poor, because in fact using misbehaving loads like these puts a higher strain on the grid and increases transmission losses; residential users are actually getting a good deal there because they can have whatever horrible power factor they want and the power company has to suck it up and deliver it. Would you expect your meter to accurately be able to measure the power consumption of a load that averages 100W, but actually draws 10000W during 1% of the AC cycle? Would you consider that a reasonable load? It's great to think AC power is a magical perfect sine wave and you're allowed to draw whatever current waveform you want, but the laws of physics mean that isn't the case. The more you deviate from an ideal resistive load, the more problems you're going to cause. These meters should be improved to better deal with less than ideal loads, but no meter will ever be able to deal with an arbitrary load. Because physics.
Analog meters can be broken and under-measure too. You only have two data points. You don't know which one is incorrect. You need an additional control to find out.
Maybe your smart meter is reading too high. Maybe not. This article proves nothing relevant to your home, since its tests only yielded incorrect readings with a load that is definitely not what you have at home. That is not to say your smart meter definitely isn't over-reporting usage, but nothing you've said so far proves it is either.
You can go to small claims court all you like, just don't expect to cite this study and automatically get an 83% refund on your electricity bill. You're going to have to prove that you're actually being overcharged and that your meter actually has excessive readings in your case (unless this becomes a class action, which would probably involve a much more detailed study under practical conditions and yield some average refund given the average amount overcharged).
All I'm saying is the chances of you being charged 6x usage are basically nonexistent. Yes, these meters have a problem that needs to be fixed, but the headline is clickbait. More realistically some fraction of people are being charged 10-15% over actual usage or some similar low figure, if they have the right usage pattern (e.g. a significant of lights behind dimmers and a large portion of their power usage is for lighting). Maybe not even that; this study didn't really perform a proper root cause analysis, so it's entirely possible that the excessive readings are a pathological case that goes away for all practical purposes once you add some resistive/well-behaved parallel loads.
Does it measure the incorrect amount of energy? Yes. Is it defective? Yes. Are the testing standard broken? Yes. Are people actually being charged 6 times their power usage in practice? No.
As I said, there is a certification failure here, but the headline and the statistic that all of these news sites are parrotting is pure clickbait.
56% measured power usage much greater than what was actually being used in a ridiculous corner case scenario involving a parallel string of identical low-quality LED lights with an absolutely dismal power factor, connected to a dimmer to make the power factor even more extreme. Read the actual article with the current waveforms. They looks like something a 2 year old scribbled on a piece of paper, not a sine wave.
Yes, there's a certification failure here (meters are not tested with non-sinusoidal current loads), but no, nobody's meter is actually measuring 6 times real power usage in reality. The moment you have any reasonable loads in parallel the current waveform will start being something more reasonably approximating a sine wave and the meter will read more accurately.
This is the actual list of tests from the article:
Resistive load 1800W: <3%
20 LED + 30 CFL <3%
20 LED + 30 CFL + Cx <3%
Dimmer 90deg, LED+CFL -28%, +64%
Dimmer 90deg, LED+CFL + line choke <3%
Dimmer 135deg, LED+CFL -32%, +575%
So no, unless your whole house consists of crappy LED and CFL lights behind a huge shared dimmer at a 135 degrees setting, and no other appliances, your meter isn't going to read 600% of real energy consumption. To even get 164% readings you still need everything behind a dimmer at 90 degrees.
The trick is it isn't corruption. The US has completely legalized what many other countries would call corruption. Companies can just throw money at US politicians or their campaigns in various ways and it's all legal.
String comparison in PHP is broken between two strings. Nothing to do with types. You can't compare two strings with ==, it doesn't work properly (it works most of the time and becomes a security hole when you least expect it). Since clearly you think PHP is the bees' knees and documentation is everything, of course you knew this, right?
Now tell me in what universe it is reasonable for the == operator to be unable to compare two strings correctly.
Brainfuck is clearly documented. Heck, it's so simple you can explain it in about two sentences. It is trivial to write a bug-free Brainfuck interpreter. You can even compile it to C.
Does that make Brainfuck a good language to write a website in? No, no it doesn't.
PHP was slow as molasses until recently, and cleaning up compromised servers after you get pwned isn't cheap, nor is maintaining a legacy code-rotting PHP codebase, which is what PHP encourages.
PHP became popular because it was easy back when the dynamic web was getting started and people just wanted to write quick hacks. By the time people realized it was a terrible idea we had legions of PHP coders who thought they knew what they were doing, and tons of PHP frameworks evolving from toys to something that was trying to be serious, with the language following a similar path. But the foundation was rotten to the core, and as much as they've tried, nobody has yet managed to fix PHP, nor is it really possible without reinventing, effectively, a whole new language. Even deprecating completely batshit insane ideas like magic_quotes_gpc has taken years of effort.
Meanwhile Python 2 was pretty good, way better than PHP ever was (and probably ever will be), but even then the Python community knew that some things needed to be torn up and redone properly, and thus we got Python 3. Things work differently when the people designing and maintaining a language actually know what they're doing. The Python 2 to 3 transition has been long, but worth it in the long term.
Oh, I agree that JavaScript is full of WTFs. Not nearly as many as PHP, but plenty going around. I wouldn't write a web backend in node.js either, even though many people seem to think that's a good idea.
Joomla is just as bad as WordPress. I just spend last weekend cleaning up a compromised server that was running an outdated Joomla version managed by other people. Ended up sandboxing it in a VM to make sure that if it gets pwned again it doesn't start sending spam nor has access to any sensitive information.
That premise is nonsense. By your definition, there is no stupid design, as long as it is accurately documented.
Just because it's documented doesn't make it not stupid. There is such a thing as the principle of least surprise. PHP almost seems to try to be as surprising as possible, in all the wrong ways.
The irony is that any WordPress site getting any reasonable amount of traffic is already using WP-Super-Cache... which generates static HTML pages for public content to be served directly from the web server. So they get the worst of both worlds: caching issues and a dynamic backend that is still just as susceptible to exploits as without the cache.
The only secure way to use WordPress is as a static site generator, where the live version is deployed with no dynamic functionality and the administration backend is secured by a layer above WordPress (e.g. HTTP BASIC authentication).
WordPress isn't particularly terrible code, but it is written in a particularly terrible programming language where it's practically impossible to write something secure because things are insecure-by-default and you're expected to defend against all the gotchas explicitly.
The flaw was specifically made possible by PHP's eagerness to convert malformed strings to best-guess integers instead of raising an error like any sane programming language. You didn't read TFA, did you?
Parent is mostly correct, except where he lumps together all "scripting" languages. This isn't a problem with "scripting" languages, it's a problem with languages like PHP that were designed by people who had no idea what they were doing. Worse, PHP is designed to be deployed in a way that encourages mistakes (PHP files directly in the webroot). PHP security is a game of whack-a-mole where if you forget to whack all the moles in one of your scripts, your site is toast. This wouldn't have happened with a sane scripting language, like Python.
$ php7.1 -r 'echo (int) "123test";' 123 $ python3.5 -c 'print(int("123test"))' Traceback (most recent call last):
File "", line 1, in ValueError: invalid literal for int() with base 10: '123test'
If you want to worry about legacy stupidity bloating Intel chips, look at their cache model, not their instruction set. Their legacy "everything is coherent everywhere" requirement means they need snooping/invalidation logic around every single little cache block (e.g. the branch predictor). ISAs where, for example, you are not allowed to execute dynamic code without first flushing it from D cache and invalidating that range from I cache don't have this problem.
Except the A9X doesn't have an ARM core, which is what the parent was talking about. It's a chip that implements the ARM instruction set. Big difference.
IP cores from ARM Holdings Inc, today, do not compete with Intel. Nor do any of the other ARM cores around (e.g. Qualcomm's, Nvidia's). But it seems Apple right now has better engineers than all of those and is actually managing to design ARM-compatible cores that are starting to be comparable to Intel chips.
It isn't, but ARM is better at the low-power scale in absolute terms, and less complex chips have lower leakage. It's hard to build a single chip that can scale from high to low power, and Intel doesn't know how to build small chips. But yes, at desktop/server scale, Intel still smokes ARM. High-end POWER does better than ARM but Intel still wins.
Slashdot Mirror
All of those disasters are trivial to plan for.
Step 1: have two datacenters in different locations
Step 2: test that you can fail over to the other site regularly
That's it. That takes care of every single disaster you have listed, with one solution. There is no excuse to not have two sites for a company as big as BA.
WannaCry exploits Windows XP's poor security and then uses security against the user, which is then defeated by, again, Windows XP's poor security.
It's security fail all the way down.
Oh, then the anonymization and deletion pipelines I kept running while I worked for Google were all a ruse?
Seriously, this deceitful cynicism is getting old.
I'm not saying 10-15% isn't a big deal. The meters need to be fixed, but 10-15% isn't 600%.
If lighting is not the main driver of your energy usage, then there is no way replacing your light bulbs with LEDs is going to increase the metered energy usage. Even if the LEDs are causing your meter to over-report, which would likely only happen under ideal conditions that are not your case, the energy saved by switching away from incandescents would more than make up for it and you'd still wind up with a lowered bill. Given that lighting isn't the main component of your energy usage, it's unlikely you'd have this issue at all.
I pulled that 10-15% figure out of nowhere, but it's an educated guess for the kind of effect you might see under ideal conditions for an actual household that might actually exist. You'd still have to use identical LED bulbs behind dimmers set to the same dim setting and have that be a significant portion of your energy consumption to get a significant effect with the flawed meters. It's difficult to say exactly what the effect with mixed loads will be, but the tests in the article have all the hallmarks of a pathological scenario, and my opinion it's all going to be mostly a wash for the majority of people.
On the other hand, it's worth noting that typical AC dimmers, in general, tend to be terrible from an electrical engineering standpoint. Meter shenanigans aside (though for the same reasons), they also cause tons of RF interference and have other issues, and often significantly shorten the lifespan of whatever bulbs you connect them to. You're beter off with DC/PWM dimming (e.g. lights with built in brightness control, not standalone AC dimmers) or smart bulbs.
Oh, I don't expect them to. Power factor requirements need to dealt with via legal standards - customers shouldn't have to think about it.
But in practice no consumer is going to have an electrical load equivalent to what this test used. It's just extremely unlikely in a home scenario. So even if you buy cheapo LED lights with a bad power factor, and even if you use dimmers, it isn't going to be this bad. Nonetheless, meters should be improved to better deal with this scenario - the testing standards for them need to be updated.
Again, I'm not saying that's *acceptable*. I don't know why everyone seems to think I'm some kind of advocate for the power companies or something.
All I'm saying is the 600% number is just pure clickbait intended to induce outrage. Yes, these meters need fixing, but there is no indication that this is some kind of conspiracy theory to overcharge customers. Measuring power usage accurately is actually a difficult engineering problem when terribly non-ideal loads are present, and the 600% figure came up during a practically worst-case scenario test, with meters using a particular technology susceptible to it (note that another tecnology under-measured under the same conditions, so it goes both ways). The problem is simply that meter testing standards do not test for this, so meters are not certified to be able to deal with it.
What's the actual effect with real-world loads? We don't know. Someone needs to run a better study to find out. The testing standards need to be updated to test a wider variety of load conditions.
The simple fact of the matter is that no meter is ever going to be perfect, and in fact, some load conditions will never work due to sheer physics. Industrial customers are actually charged higher rates if their power factor is poor, because in fact using misbehaving loads like these puts a higher strain on the grid and increases transmission losses; residential users are actually getting a good deal there because they can have whatever horrible power factor they want and the power company has to suck it up and deliver it. Would you expect your meter to accurately be able to measure the power consumption of a load that averages 100W, but actually draws 10000W during 1% of the AC cycle? Would you consider that a reasonable load? It's great to think AC power is a magical perfect sine wave and you're allowed to draw whatever current waveform you want, but the laws of physics mean that isn't the case. The more you deviate from an ideal resistive load, the more problems you're going to cause. These meters should be improved to better deal with less than ideal loads, but no meter will ever be able to deal with an arbitrary load. Because physics.
Analog meters can be broken and under-measure too. You only have two data points. You don't know which one is incorrect. You need an additional control to find out.
Maybe your smart meter is reading too high. Maybe not. This article proves nothing relevant to your home, since its tests only yielded incorrect readings with a load that is definitely not what you have at home. That is not to say your smart meter definitely isn't over-reporting usage, but nothing you've said so far proves it is either.
Most modern PC PSUs have power factor correction circuitry (it's mandatory in Europe) and wouldn't cause these kinds of wild readings.
You can go to small claims court all you like, just don't expect to cite this study and automatically get an 83% refund on your electricity bill. You're going to have to prove that you're actually being overcharged and that your meter actually has excessive readings in your case (unless this becomes a class action, which would probably involve a much more detailed study under practical conditions and yield some average refund given the average amount overcharged).
All I'm saying is the chances of you being charged 6x usage are basically nonexistent. Yes, these meters have a problem that needs to be fixed, but the headline is clickbait. More realistically some fraction of people are being charged 10-15% over actual usage or some similar low figure, if they have the right usage pattern (e.g. a significant of lights behind dimmers and a large portion of their power usage is for lighting). Maybe not even that; this study didn't really perform a proper root cause analysis, so it's entirely possible that the excessive readings are a pathological case that goes away for all practical purposes once you add some resistive/well-behaved parallel loads.
Does it measure the incorrect amount of energy? Yes. Is it defective? Yes. Are the testing standard broken? Yes. Are people actually being charged 6 times their power usage in practice? No.
As I said, there is a certification failure here, but the headline and the statistic that all of these news sites are parrotting is pure clickbait.
56% measured power usage much greater than what was actually being used in a ridiculous corner case scenario involving a parallel string of identical low-quality LED lights with an absolutely dismal power factor, connected to a dimmer to make the power factor even more extreme. Read the actual article with the current waveforms. They looks like something a 2 year old scribbled on a piece of paper, not a sine wave.
Yes, there's a certification failure here (meters are not tested with non-sinusoidal current loads), but no, nobody's meter is actually measuring 6 times real power usage in reality. The moment you have any reasonable loads in parallel the current waveform will start being something more reasonably approximating a sine wave and the meter will read more accurately.
This is the actual list of tests from the article:
So no, unless your whole house consists of crappy LED and CFL lights behind a huge shared dimmer at a 135 degrees setting, and no other appliances, your meter isn't going to read 600% of real energy consumption. To even get 164% readings you still need everything behind a dimmer at 90 degrees.
His bank probably runs on mainframes.
The trick is it isn't corruption. The US has completely legalized what many other countries would call corruption. Companies can just throw money at US politicians or their campaigns in various ways and it's all legal.
Except Python is 4 years older than PHP.
String comparison in PHP is broken between two strings. Nothing to do with types. You can't compare two strings with ==, it doesn't work properly (it works most of the time and becomes a security hole when you least expect it). Since clearly you think PHP is the bees' knees and documentation is everything, of course you knew this, right?
Now tell me in what universe it is reasonable for the == operator to be unable to compare two strings correctly.
Brainfuck is clearly documented. Heck, it's so simple you can explain it in about two sentences. It is trivial to write a bug-free Brainfuck interpreter. You can even compile it to C.
Does that make Brainfuck a good language to write a website in? No, no it doesn't.
PHP was slow as molasses until recently, and cleaning up compromised servers after you get pwned isn't cheap, nor is maintaining a legacy code-rotting PHP codebase, which is what PHP encourages.
PHP became popular because it was easy back when the dynamic web was getting started and people just wanted to write quick hacks. By the time people realized it was a terrible idea we had legions of PHP coders who thought they knew what they were doing, and tons of PHP frameworks evolving from toys to something that was trying to be serious, with the language following a similar path. But the foundation was rotten to the core, and as much as they've tried, nobody has yet managed to fix PHP, nor is it really possible without reinventing, effectively, a whole new language. Even deprecating completely batshit insane ideas like magic_quotes_gpc has taken years of effort.
Meanwhile Python 2 was pretty good, way better than PHP ever was (and probably ever will be), but even then the Python community knew that some things needed to be torn up and redone properly, and thus we got Python 3. Things work differently when the people designing and maintaining a language actually know what they're doing. The Python 2 to 3 transition has been long, but worth it in the long term.
Oh, I agree that JavaScript is full of WTFs. Not nearly as many as PHP, but plenty going around. I wouldn't write a web backend in node.js either, even though many people seem to think that's a good idea.
Joomla is just as bad as WordPress. I just spend last weekend cleaning up a compromised server that was running an outdated Joomla version managed by other people. Ended up sandboxing it in a VM to make sure that if it gets pwned again it doesn't start sending spam nor has access to any sensitive information.
That premise is nonsense. By your definition, there is no stupid design, as long as it is accurately documented.
Just because it's documented doesn't make it not stupid. There is such a thing as the principle of least surprise. PHP almost seems to try to be as surprising as possible, in all the wrong ways.
This.
The irony is that any WordPress site getting any reasonable amount of traffic is already using WP-Super-Cache... which generates static HTML pages for public content to be served directly from the web server. So they get the worst of both worlds: caching issues and a dynamic backend that is still just as susceptible to exploits as without the cache.
The only secure way to use WordPress is as a static site generator, where the live version is deployed with no dynamic functionality and the administration backend is secured by a layer above WordPress (e.g. HTTP BASIC authentication).
WordPress isn't particularly terrible code, but it is written in a particularly terrible programming language where it's practically impossible to write something secure because things are insecure-by-default and you're expected to defend against all the gotchas explicitly.
The flaw was specifically made possible by PHP's eagerness to convert malformed strings to best-guess integers instead of raising an error like any sane programming language. You didn't read TFA, did you?
Parent is mostly correct, except where he lumps together all "scripting" languages. This isn't a problem with "scripting" languages, it's a problem with languages like PHP that were designed by people who had no idea what they were doing. Worse, PHP is designed to be deployed in a way that encourages mistakes (PHP files directly in the webroot). PHP security is a game of whack-a-mole where if you forget to whack all the moles in one of your scripts, your site is toast. This wouldn't have happened with a sane scripting language, like Python.
$ php7.1 -r 'echo (int) "123test";'
123
$ python3.5 -c 'print(int("123test"))'
Traceback (most recent call last):
File "", line 1, in
ValueError: invalid literal for int() with base 10: '123test'
If you want to worry about legacy stupidity bloating Intel chips, look at their cache model, not their instruction set. Their legacy "everything is coherent everywhere" requirement means they need snooping/invalidation logic around every single little cache block (e.g. the branch predictor). ISAs where, for example, you are not allowed to execute dynamic code without first flushing it from D cache and invalidating that range from I cache don't have this problem.
Except the A9X doesn't have an ARM core, which is what the parent was talking about. It's a chip that implements the ARM instruction set. Big difference.
IP cores from ARM Holdings Inc, today, do not compete with Intel. Nor do any of the other ARM cores around (e.g. Qualcomm's, Nvidia's). But it seems Apple right now has better engineers than all of those and is actually managing to design ARM-compatible cores that are starting to be comparable to Intel chips.
It isn't, but ARM is better at the low-power scale in absolute terms, and less complex chips have lower leakage. It's hard to build a single chip that can scale from high to low power, and Intel doesn't know how to build small chips. But yes, at desktop/server scale, Intel still smokes ARM. High-end POWER does better than ARM but Intel still wins.