What Does NYSE’s 404 Page Look Like?
Image by bpbailey 
Trading shut down today for four hours at the New York Stock Exchange.
United Airlines couldn’t take any of its planes off the tarmacs for two hours today.
Everybody (at Gawker) panicked.
Needlessly. Just software and networking issues, not bad guys who, as it turned out, failed to make good on their threats.
But it’s a reminder that quite a lot of us can’t do what we do anymore without lots of electrons flowing around very freely and functionally. Even me — once upon a time, lawyers read physical books to learn the law, and wrote their nasty letters to each other on typewriters with carbon paper. (That must have sucked.)
So maybe you shouldn’t throw away those slide rules and Shepard’s Citation guides just yet.
Burt Likko is the pseudonym of an attorney in Southern California and the managing editor of Ordinary Times. His interests include Constitutional law with a special interest in law relating to the concept of separation of church and state, cooking, good wine, and bad science fiction movies. Follow his sporadic Tweets at @burtlikko, and his Flipboard at Burt Likko.
I’m going to tell you a simple truth about computers — especially the internet.
99% of what’s running on the bottom, the core stuff EVERYTHING lives off of — was designed by naive people with nary a thought to security. It either never crossed their brilliant minds that bad people might try to do stuff, or they thought it was just for a secure little thing that you’d have to physically break into buildings, military bases, or offices to get to a computer, then figure out the password, THEN you could maybe do bad things. So, you know, like hiring another guard was a much better use of time and energy and money.
Every tiny bit of security that the internet runs on was bolted on after the fact.
Don’t get me wrong. Brilliant, brilliant people turned their minds to “making this safe and secure” and have done a ton of work. They have gone in and changed, altered, built on, hacked into, and otherwise tried to secure that mess. And done miracles and wonders indeed. But in the end, the system was built on principles that are…hard to secure.
But even now, the number of folks happily coding applications, programs, and whatnot? Security doesn’t even cross their mind.
I’ve heard people refer to files as ‘encrypted’ that were…not. (A Caesar cipher, which was what it effectively was, is NOT encryption to anyone but 10 year olds who only have pen and paper. Millions of dollars worth of data, secured by a WEAKER system than used by the decoder ring in A Christmas Story. Seriously. I replaced that with AES.)Report
I suppose it should seem obvious that a Caesar cipher is going to be easy to poke some holes into.Report
A Brut-force attack, no doubt.Report
Oh, not you too.Report
Yeah, that one stunk like cheap cologne.Report
Minus 10 points to Gryffindor for those vile puns!Report
Well, let’s put it this way — the name indicates about when it was invented, using the complex math available to guys without a concept of “Zero” and who wrote the number 14 like “XIV”.
The key is something like “+5” so you just take each letter of the original message and switch five letters down the alphabet, write that down, and there’s your encrypted message.
Admittedly, with computers you can do it with the entire ASCII alphabet, but 26 letters or 256 it’s the same, really easy to break, system.
Kim’s also right that social attacks are even more successful. Seriously, never give out your password to a guy on the phone.IT doesn’t NEED your password. They have admin rights.Report
Some of the best hacks in history have been pulled off with nary a cyberattack. Just phone calls, or other “physical” attacks.Report
Media = Panic mongers.Report
Its probably an evolutionary thing from when we still lived in the forest and could easily be taken down.Report
Molly Crabapple has some excellent coverage at the Guardian:
http://www.theguardian.com/commentisfree/2015/jul/08/new-york-stock-exchange-suspends-trading-wall-street-aftermathReport
Speaking from ancient experience, yes, typewriters with carbon paper suck. Carbon paper sucks, no matter how you use it. Unless you’re four, when the ability to get smudges and fingerprints on everything — the original, the copy, your dad’s desk, and your mother’s white tablecloth — is a feature, not a bug.Report
You know how they did it before typewriters and carbon paper? They wrote out copies by hand. That really sucked.
I have read enough 19th century documents to get a feel for how the penmanship worked. There was a wide range of legibility. At the top are documents meant to impress. The copperplate hand on these is gorgeous. Then there are letters, up to several pages in length. These are perfectly legible, but not as pretty. Then there are longer documents such as contracts and legal pleadings. These still have to be legible, but if the damn thing is twenty pages long, it will get a bit scrawlly. At the bottom are texts only for the writer himself. A typical example would be a file copy of an outgoing letter. These tend to be illegible messes. This makes reading an archival correspondence file a bit of a challenge. The letters they guy received are crystal clear. The file copies of his replies? Not so much.
People have this notion that everyone had beautiful penmanship back in the day, and the absence of beautiful penmanship today is yet another sign of the sad decline of civilization. Actually, what has happened is that technology has replaced all but the low end of the penmanship spectrum. What remains is no worse than it was, back in the day.Report
Weirdly, both the NYSE problem and the UA problem seem to be related to connectivity. But the infrastructure in question couldn’t be more different.
We know that the UA problem was cause by a bad router. I strongly, strongly suspect that UA was limping along on ancient technology, with, obviously, single points of failure.
There’s not much to go on for the NYSE failure, but engadget reports, “the NYSE reported a problem had been fixed concerning order acknowledgements and connectivity issues”. I suspect some cluster or another got accidentally split, where one half couldn’t talk to the other. But orders weren’t getting posted, and that’s a very serious problem. Not because some router failed, but because one set of machines “forgot” that another set existed. This is how cloud things fail. This is all, of course, a Scientific Wild Ass Guess.
You can find articles about how this means that Amazon Web Services is risky, but I’m quite confident that NYSE did this in house.
But you know, I think that once upon a time, there were always days where you ran out of carbon paper, or the phone didn’t work, or the book you wanted got left at home by your partner, or something. This affects us differently because it strips away the idea that we have control.Report
I have certainly had moments at work where the entire firm came to a standstill because something went down at IT or with an off-party vendor.Report
Because there is fish-all a lawyer can do productively these days without a computer.Report
For the last, oh, 35 years I have been telling people “It’s a software world.” And trying to encourage them to learn at least something about software and systems, because software is going to fish up your life. Repeatedly. In more ways than you can imagine. More often than you can imagine.
Like Casandra, I have been poorly received.Report
Employment tip: If you know how to find and reinstall a no longer updated printer driver, you can henceforth be considered some sort of demi-god.Report
I’ve had to just give up and throw out a functional printer (or other peripheral device) because my computer died, bought a replacement, and there simply was no driver available that was compatible with the new version of Windows.Report
Why not just write the driver yourself? It’s a freaking print driver, can’t be too difficult (now, I won’t guarantee you can get everything to print, but if the linux geeks write them, you can too).Report
Umm… You do understand that I’m not a codemonkey, right? I understand that may be easy to forget given at least half the contributors and commenters seem to be IT folk.
Even if I was, my understanding is that writing device drivers, particularly when you don’t have access to the proprietary tech specs, is a bit of a dark art. Which explains why so many Linux drivers end up as pretty bare-bones affairs, often lacking much of the functionality of the driver supplied by the manufacturer.
Example: An HP All-in-one printer/scanner/copier/fax machine. Using the only available Linux driver, which was a semi-generic this-will-work-for-several-models-of-HP thingy, I could cajole it into straight-up printing a document but that was about it. I don’t remember if I got the (again generic) TWAIN driver to recognize it as a scanner. The copy and scan functions were pretty much manual affairs anyway, except for the print-to-fax function, which I couldn’t get to work.
But even just as a printer it was pretty lame. Double-sided printing? Nope. Monitor ink levels? Uh-uh. Align the heads after you change cartridges? Oh hell no.
But I’m supposed to just write a good driver for that thing, easy-peasy, right? Jeebus, but you’re full of crap sometimes.Report
I remember when you bought a computer thingy, it came with schematics and specs and everything. My first Apple II had full schematics and a (printed version) of the ROM source code. The floppy controller had all the specs and this little state machine diagram that showed how to code for it.
Great times.Report
In other news…
Kids today!Report
Now it doesn’t come with hardly any paper at all. You take it out of the box and plug it in and hope it works.
And mostly that’s fine for the typical consumer. Those of us who don’t need to write our own code because we’re actuaries or lawyers or stockbrokers or television show producers or pretty much anything other than tech types.Report
Me too (it was connected to an ancient PC that runs nothing newer than XP, and there’s no Linux driver for it.)Report
You clearly never done an immigration case. Since the federal government wants the originals of most documents for good reason, most of the filings are done the old fashioned way.Report
That’s the advantage of being a paralegal. My day-to-day tasks run a range from stuff lawyers do, such as drafting pleadings and performing legal research, to stuff beneath the dignity of lawyers, such as taking a mess of a paper file and beating it into submission. That last one doesn’t require a computer: just a hole punch, stapler, staple remover, a pad of sticky notes, and a pen. I can do this by candlelight.Report
One of the cool things about living in New Orleans is that not a single soul here cares about anything that happens in New York.Report
Truly the mark of a people that do not what is important in life.Report
At least not until the Dow crashes and we are in another recession/depression.Report
You don’t know a thing about the Dow Jones Industrial Average, do you?
Tell me, how many companies are there in it? Can you name ten?Report
Does Shepard still publish paper books? ‘Cause there can’t be anything more useless than Shepardizing a case with an outdated reference.
Slides still work just fine, though. On a related note, I have read that the Naval Academy has brought back training in navigation by sextant, for use after the Chinese have knocked out the GPS satellites. This seems to me a very good idea.Report