this post was submitted on 16 Mar 2024
1 points (100.0% liked)

United Kingdom

4089 readers
23 users here now

General community for news/discussion in the UK.

Less serious posts should go in [email protected] or [email protected]
More serious politics should go in [email protected].

Try not to spam the same link to multiple feddit.uk communities.
Pick the most appropriate, and put it there.

Posts should be related to UK-centric news, and should be either a link to a reputable source, or a text post on this community.

Opinion pieces are also allowed, provided they are not misleading/misrepresented/drivel, and have proper sources.

If you think "reputable news source" needs some definition, by all means start a meta thread.

Posts should be manually submitted, not by bot. Link titles should not be editorialised.

Disappointing comments will generally be left to fester in ratio, outright horrible comments will be removed.
Message the mods if you feel something really should be removed, or if a user seems to have a pattern of awful comments.

founded 1 year ago
MODERATORS
 

cross-posted from: https://infosec.pub/post/9811127

Two of the UK's biggest supermarket chains, Tesco and Sainsbury's, were hit with technical issues on Saturday; Sainsbury's blames a software update (Bloomberg.com)

Bloomberg.com: Two of the UK's biggest supermarket chains, Tesco and Sainsbury's, were hit with technical issues on Saturday; Sainsbury's blames a software update  —  Two of the UK's biggest supermarket chains - Tesco and Sainsbury's - were hit with technical issues on Saturday.

top 13 comments
sorted by: hot top controversial new old
[–] [email protected] 0 points 8 months ago (3 children)

This because their checkout are just Windows PC with what I guess is some big wigs' nephew's VB/C# app running?

It's not just the wastefulness of the overly large software stack, and the massively overblown hardware requirements that adds, it's the size of the attack surface. Oh and lack of control of a closed platform.

What a grown up would have done is a tiny Linux thing that ran nothing but what was required and locked down. Made with Buildroot or Yocto. Running on some low power ARM thing.

I'm guess they have got some Windows infection.

[–] [email protected] 0 points 8 months ago (1 children)

It doesn’t sound like you’re aware of PCI DSS

Regulatory burden aside, you don’t do data analysis at scale running “some big wigs’ nephew’s VB/C# app.”

[–] [email protected] 0 points 8 months ago (1 children)

I've not worked directly with any of these payment systems, but I can't believe the only solution is go all 90s style Windows based system. There will be embedded ways that comply to regs.

I can see they are Windows based when there is issues. I'm sure of Tesco and Morrisons but Sainsburys I don't go to often enough to have see an issue that bring up Windows. I was being flippant, but I don't hold using Windows to build stuff in high regard. In my experience the software engineers who doing that don't know anything else.

[–] [email protected] 0 points 8 months ago (1 children)

It's very likely to be one of the NCR platforms. If I were to hazard a guess, StoreLine. Though it could be Encor/ISS45, ECRS has a pretty big market share as well. POS software is a walled garden of security through obscurity. Windows dependencies tend to be in part because it is such a small market, but also due to workstation/server requirements as well as remote support.

Long time support and stability are the name of the game. The industry doesn't allow for much downtime which makes any change significantly harder than a lot of other industries.

[–] [email protected] 0 points 8 months ago (1 children)

I'm sure these brands/sector will end up Linux too at some point. I'm half expecting MS to move to the Linux kernel themselves in the not too distant future, so no matter how trailing edge they are, they could get dragged in.

[–] [email protected] 0 points 8 months ago (1 children)

I'm out of the industry now, but I was saying the same. Win 10 Embedded and Win 7 IoT both served very, very well. But the always online component and other issues with 11 make it poorly suited for the use case it had in the past. Systems that relied on mapped drives are now nearly fully depreciated.

[–] [email protected] 0 points 8 months ago* (last edited 8 months ago) (1 children)

I've not touched Windows Embedded much, but I did once know Windows guts well. For 11 years it was my work development platform . Last thing I did was a virtual filesystem of an internal version control system for game artwork and I put a TortoiseSVN like interface for it into Explorer. Doing those destroyed what respect I had for Windows. I've been in embedded Linux for 12 years now.

Edit: 24 years of developing stuff. I'm getting old!

[–] [email protected] 0 points 8 months ago

Very nice! I am what we in the industry call a fraud :^)

JK, I'm just not well versed in development or high level things. I'm in the administration, implementation and advisory side of things these days. I was a field tech prior.

One day I'll get more into the weeds of it all. Nothing but respect for the devs that hold it all together

[–] [email protected] 0 points 8 months ago (1 children)

Yes, the thing that tallies up how much cash should be left in the till, operated by people on minimum wage, has been coded by the CEO’s nephew. Sure.

[–] [email protected] 0 points 8 months ago (1 children)

I'm sure they would do the sensible thing and get a big hot shot Japanese tech company to do it.

[–] [email protected] 0 points 8 months ago

Yeah how about Fujitsu?

Look, I wasn’t arguing that it was quality software, merely that it wasn’t coded by the CEO’s nephew.

[–] [email protected] 0 points 8 months ago

What do you do when you need to update all the machines with your setup?

[–] [email protected] 0 points 8 months ago

Partner went into one of the larger stores today (she works there) and it was absolutely pandemonium. Credit to the staff because from what I understand some customers got very, very upset.