The Daily WTF

Curious Perversions in Information Technology

CodeSOD: Wait Longer

Karen was maintaining some specification tests that were flaky. Not extremely flaky, but three or four times out of a thousand, the tests would just fail. The tests were complicated, and some of the operations were timing sensitive, so it wasn't precisely surprising- but the problem was that they were actually generous with their timing windows. The unit tests passed consistently, it was only these functional, specification-based tests that failed.

So, for example, there were sections in the tests where they wanted to wait at least 2ms. Since the code and tests were in TypeScript, they used the setTimeout function, which per standard JavaScript documentation warns that it may wait longer. But again, Karen was fine with longer.

Unfortunately for Karen, the documentation for NodeJS is less specific, as it makes no guarantees about when the timeout function gets invoked. This means that it can fire the timeout before the time has elapsed.

After many, many hours of debugging, that was exactly the situation that Karen found herself in. Which is why her very simple wait function went from:

export const wait = (ms:number) => new Promise((complete) => setTimeout(complete, ms));

To the much more awkward:

export const wait = (ms: number) {
    const target = performance.now() + ms;
    return new Promise((complete) => {
        const checkReady = () => {
            if (performance.now() > target) {
                complete();
            } else {
                setTimeout(checkReady, 1);
            }
        }
        setTimeout(checkReady, 1);
    });
}

This version of the function checks the time every millisecond, and only completes the operation if we've waited at least as long as our target duration. This ensures that the timeout never fires too soon and it fixes the janky tests. But it's also terrible. Terrible that it exists. Terrible that this is the best solution. Terrible that our functional tests need to be so time sensitive. And terrible that the Node runtime actually breaks the one consistent scheduling guarantee that pretty much every other scheduler does: that it'll wait at least as long as you asked, but might wait much longer.

At best, we can say, "at least it's only testing code."

[Advertisement] Picking up NuGet is easy. Getting good at it takes time. Download our guide to learn the best practice of NuGet for the Enterprise.

The Register

Biting the hand that feeds IT — Enterprise Technology News and Analysis

Tech support scam caused massive data breach at Australian airline Qantas

Australia’s Privacy Commissioner has revealed a tech support scam was the cause of the massive 2025 data breach at Australian airline Qantas and found the carrier didn’t breach its privacy obligations despite leaking personally identifiable information for 5.7 million customers. The Commissioner reached that conclusion, and a decision not to open a formal privacy probe, in a report published today. Qantas has previously admitted the incident was the result of a social engineering attack on a contact center. The Commissioner’s report goes deeper, explaining a crook who claimed to represent “Qantas IT help” made the call and told a contact center agent to access a CRM system and perform certain actions needed to close a support ticket. Those actions instead connected the CRM to a data extraction tool which the crooks used to siphon off customer records. The Commissioner considered whether Qantas observed the Australian Privacy Principles (APPs), the binding rules that govern how businesses safeguard PII, and found the airline did the right thing. The report found that Qantas audited the operator of the contact center and tested the security awareness of its employees – and had done so in the months before the incident. Qantas also conducted mandatory and recurring training on how to handle PII. The Commissioner was therefore satisfied Qantas took adequate steps to ensure the contact center observed the APPs and didn’t fail in its obligations. The regulator made a similar finding regarding the airline’s cross-border data-sharing practices. “Our inquiries did not identify any omissions in the steps Qantas took that, if addressed, would have prevented the breach that occurred in this incident,” the report states. The APPs include a requirement to take reasonable steps to protect personal information from unauthorized access. Again, the Commissioner decided Qantas complied because it used role-based access controls, among other techniques to protect data. Another issue the regulator considered was whether Qantas took reasonable steps to destroy or de-identify the personal information it didn’t need. The carrier told the Privacy Commissioner that it scheduled annual data removal runs from its CRM, and that no records that deserved deletion or removal were present at the time of the attack. That clean record saw the Commissioner decide not to launch a deeper investigation. “I have a broad discretion to commence an investigation of an act or practice where it may be a contravention of the APPs and where it is desirable to do so,” the report states. The first-person pronoun is presumably the work of Commissioner Carly Kind, who observed “it does not appear that Qantas could have reasonably foreseen and prevented the breach in the manner that it occurred. The way in which the threat actor gained access was through a vishing attack which could not have been prevented by a strengthening of Qantas’ current role-based access controls.” It’s possible the Commissioner will revisit the matter at another time, and class-action lawsuits are also in train regarding the incident. Qantas may therefore still have to fight through plenty of turbulence before this matter lands. One thing the report doesn’t address is the identity of the attackers. Pundits have suggested the Scattered Spider gang did the deed after it started attacking the aviation industry in the weeks before the Qantas incident. ®

Even HP resellers thought the price of toner and ink was too high – so HP India facilitated an illegal cartel

The Competition Commission of India (CCI) has fined HP Inc. and some of its resellers, for what it calls “cartelisation” activities that inflated the cost of PCs and printers – and which it says HP used to head off threats from resellers to sell counterfeit ink cartridges. The ₹138.85 crores/$14.4 million fine won’t be a massive inconvenience to HP. The facts of the case may be, as the CCI found HP told its resellers what prices to charge when they bid for tenders posted to a government procurement site. The PC and printer giant also prohibited some of its resellers from bidding on tenders. In its order related to HP’s bids to sell printer supplies, the regulator reveals it accessed WhatsApp records that show HP staff and some of its resellers “were operating in a collusive arrangement and shows the practice of bid rigging including cover bidding, price fixation, and customer allocation, during 2017-2020.” Cover bidding is the practice of having one reseller make a ridiculously high bid that a vendor knows won’t win a deal, in the hope other resellers who offer more reasonable quotes will get the sale. The order also claims that HP would decide in advance which of its resellers would sell to which customer. The CCI found that one of HP’s motives was to ensure that it remained competitive with other PC and printer makers, rather than to favor a particular reseller. Another motive was to stop resellers from selling counterfeit ink and toner. “Due to constant downward pressure on pricing because of new resellers, Tier-2 resellers threatened a shift to low-cost counterfeit products to compete on price,” the order states. Some of those resellers formed an “understanding” about the prices they would charge, so they would not undercut each other’s bids. The order says HP “facilitated” development of that understanding to defend its printer supplies business. “HP India was commercially forced into a position where it had to support the collusive arrangement adopted by the Tier-2 resellers,” the order states. In a second order regarding the sale of PCs, the CCI found HP’s actions helped HP to navigate the reverse auction process used to determine the winner of some tenders. “HP India faced the risk if its resellers exited early due to unsustainable downward pricing pressure resulting in no sale for HP India,” the order states. “The coordination amongst HP India’s reseller was accordingly designed to ensure that at least one HP reseller remained present in the final round.” The orders compel HP, and the resellers it worked with, to cease all such activity. ®

Cyberattack threatens utterly critical infrastructure in Japan: KFC

The crippling high-consequence attack on vital infrastructure that cybersecurity experts have warned about for years is upon us, in the form of an incident that may force KFC to close some stores in Japan. Colonel Sanders himself is not the victim here. That role goes to Nichirei Group, a Japanese purveyor of frozen foods and super-chill logistics services that move them around. Nichirei Group on Monday posted a notice [PDF] in which it admitted “system failures caused by unauthorized access have occurred.” The failures meant the frozen food concern could not arrange shipments to or from its refrigerated warehouses or conduct its other operations. Shortly after Nichirei Group revealed its difficulties, KFC Japan warned customers that delivery of ingredients to its stores would likely be affected. The chicken chain therefore stopped taking orders through its app and website and said it may need to limit menu items and opening hours. “Some stores may be closed depending on the availability of ingredients,” the company said. On Wednesday, Nichirei Group confirmed the cause of the outage was a cyberattack and admitted attackers accessed a server that stores personal information. The Group declined to offer any detail on the incident “to prevent further damage.” The company hopes to resume operations on Friday. That Nichirei Group is unable to provide some services suggests a ransomware attack has made some data unavailable. The mention of “further damage” suggests that discussing whatever happened could divulge clues about security weaknesses that would allow further attacks, perhaps directed at the Group’s clients. KFC Japan hasn’t posted any information about store closures. Indeed, the company continues to promote summer menu items such as a Japanese-style citrus and chicken combo that the chain says is refreshing to eat even in the heat of summer. The Register’s Asia-Pacific bureau will not venture to Japan to assess the impact of this incident, or try the burgers: At times like this, with critical infrastructure under stress, that’s just the right thing (not) to do. ®

Ius Mentis

Internetrecht door Arnoud Engelfriet

Wat als een Vinted-verkoop misgaat? ‘Ineens had ik 817 euro verlies gemaakt’

Vinted is een van de populairste platforms voor tweedehands kleding, maar niet iedereen houdt daar een positieve ervaring aan over. Dat meldde TROS Radar onlangs. Ze onderzochten de uiteindelijk toch juridische vraag: hoe goed zijn verkopers op Vinted eigenlijk beschermd als er iets misgaat?

Kern van het probleem is dat het platform (net als diverse andere) met kopersbescherming werkt, waarbij verkopers eigenlijk met lege handen staan als het platform meent dat de koper een punt heeft:

Radar ontving de afgelopen tijd meerdere klachten over Vinted. Gebruikers vertellen onder meer dat zij onterecht worden geblokkeerd, dat zij namaak- of beschadigde artikelen ontvangen, en dat betalingen soms niet worden vrijgegeven of juist wel terwijl dat niet zou moeten. Ook wordt vaak genoemd dat contact met Vinted lastig is en dat besluiten niet goed worden uitgelegd of besproken.
Het idee van kopersbescherming is even sympathiek als eenvoudig. De betaling van de consument wordt in depot (escrow) gehouden tot je je producten hebt. Blijkt de zending kwijt, dan lost Vinted dat op door je geld terug te geven. Ook bemiddelen zij bij een geschil, en omdat de winkel het geld dan nog niet heeft, zal die sneller meewerken aan een oplossing.

Het probleem is even eenvoudig: als verkoper heb je nu geen enkele kans meer als de koper (te) makkelijk gelijk krijgt. Bezwaar is moeilijk, bewijslast torenhoog en contact krijgen wil vaak ook niet lukken. Al sinds 2022 zijn klachten van deze aard te lezen.

Juridisch is hier weinig over geregeld. De Digitaledienstenverordening (DSA) kent wel regels over online marktplaatsen, maar die gaan vooral over de consument meer informatie en waarborgen bieden. De wat minder bekende platform-to-business verordening (P2B) kent wél een beschermende regel voor bedrijven:

Onlinetussenhandelsdienstverleners zorgen voor een intern systeem voor het afhandelen van de klachten van zakelijke gebruikers.
Alleen gaat dat dan weer niet over klachten voortvloeiend uit de koopovereenkomst met de consument op het online platform. (Het is meer bedoeld voor zaken als je account dat zomaar gesloten wordt, of onduidelijkheden bij je app in de store geplaatst te krijgen.)

Arnoud

 

 

Het bericht Wat als een Vinted-verkoop misgaat? ‘Ineens had ik 817 euro verlies gemaakt’ verscheen eerst op Ius Mentis.

DNA Lounge: Wherein another artifact comes to light

I found another 36-year-old VHS tape on eBay! D.O.A.'s final concert, live at DNA Lounge, in 1990.


Slashdot

News for nerds, stuff that matters

US Suffered a Major Power Outage Every Month of 2026

An anonymous reader quotes a report from Electrek: A Reddit post making the rounds this week claims the U.S. has experienced at least one major power outage every month of 2026 -- but is it true? I dug into several outages, the extreme weather behind them, and what we can do to help keep the lights on. [...] The claim that hundreds of thousands of Americans were without power over extended periods at least once per month, every month of 2026 surprised be in two ways. First, because I had no idea if it was true -- and, second, because it felt true. We try to do better than writing about things that feel true around here, however, so I did a bit of research (translation: I Googled power outages by month) and came up with the following examples in about sixty seconds

January: More than 296,000 customers still without power as winter storm freezes much of the US
February: More than 380,000 customers without power as winter storm hits US Northeast
March: Storms Cut Power to Over 1 Million Customers in U.S. Midwest, Mid-Atlantic; Ohio Hardest Hit
April: At least 29 tornadoes touched down in Central Illinois on April 17th
May: Energy Secretary Issues Emergency Order to Deploy Backup Generation in the Mid-Atlantic Amid Heatwave
June: More than 373,000 U.S. customers without power due to extreme weather
... and that list is far from comprehensive, and how you feel about it might depend on what you consider a "major" outage, of course -- but consider that there are tens of thousands of Americans without power right now, and that's not making the news. [...] The lesson here is that weather-related grid outages -- whether they're caused by wildfires, mudslides, derechos, tornadoes, ice storms, hurricanes, heat waves, or some other disaster I'm lucky enough to have forgotten about -- read like statistics when they're happening over there, but get personal real quick when they're happening to you.

Read more of this story at Slashdot.

Found Photograph

Thomas Hawk posted a photo:

Found Photograph

Found Photograph

Thomas Hawk posted a photo:

Found Photograph

ajpscs posted a photo:

the SQUARE
COZY CORNER
TOKYO DAY WALK
EXPOSE MORE
© ajpscs

The Montecito

Thomas Hawk posted a photo:

The Montecito

The Montecito was built in 1935 with 95 units at a cost of $1 million. Set on a hill overlooking the city, the Montecito is the highest building in Hollywood. It has a private swimming pool, two subterranean garages and a parking lot.The building is a classic Art Deco design with Mayan influences and windows arranged in vertical blinds. In 1946, it was sold for $600,000. In 1954, it was sold again, this time by Isadore and Libby Teacher to Howard Fox and Harry Wyatt.

The Montecito was home to several future movie stars, especially New York based actors while working in Hollywood. It was Ronald Reagan’s first residence when he moved to Hollywood; Reagan lived at the Montecito from June 1937 to late 1938. Reagan was said to have been roommates at the Montecito with Mickey Rooney. Other celebrities who have lived at the Montecito include James Cagney, George C. Scott, Montgomery Clift, Geraldine Page, Don Johnson, Sal Mineo and Ben Vereen.

Las Palapas Beach

Thomas Hawk posted a photo:

Las Palapas Beach

Amazing sunset from Point Lookout, North Stradbroke Island, Queensland, Australia.

Phil Kingsbury - Thanks for 5.2 million views! has added a photo to the pool:

Amazing sunset from Point Lookout, North Stradbroke Island, Queensland, Australia.

OLYMPUS DIGITAL CAMERA
Olympus C730UZ
f/5.6 - 5.9 mm - 1/200 - ISO 64

Driftwood on the shore. Point Lookout, North Stradbroke Island, Queensland, Australia.

Phil Kingsbury - Thanks for 5.2 million views! has added a photo to the pool:

Driftwood on the shore. Point Lookout, North Stradbroke Island, Queensland, Australia.

OLYMPUS DIGITAL CAMERA
Olympus C730UZ
f/4.0 - 5.9 mm - 1/1000 - ISO 64

MetaFilter

The past 24 hours of MetaFilter

Keeping it short and sweet

Napalm Death Tiny Desk Concert

De vuursalamander houdt van regen, maar het moet niet te gek worden – en waar blijft de remedie tegen de salamandervreter?

In het wild kunnen vuursalamanders zo’n twintig jaar oud worden. Maar dat lukt in Nederland alleen met hulp van vrijwilligers. Een nachtelijke zoektocht naar larven in het Bunderbos.


Hoe ongekende hoeveelheden cocaïne met supersnelle drugsbootjes Europa binnenkomen

Er is een nieuwe route in drugsland: via de Atlantische Oceaan komen grote hoeveelheden cocaïne Europa binnen. De ingrediënten: volle zee en supersnelle speedbootjes.

Drugskartels overspoelen Europa met speedboten vol cocaïne: ‘Het heeft wat weg van Mad Max, maar dan op het water’

Drugssmokkelaars hebben op de Atlantische oceaan een nieuwe logistieke keten gebouwd tussen Zuid-Amerika, West-Afrika en Europa. De Franse overheid zet de marine in tegen speedboten die met 130 kilometer per uur drugs aan land brengen en wil hulp. Nederland kent het probleem, maar wacht op een officieel verzoek voor inzet van de marine.

Time Change

All discussions of daylight saving time policy are doomed by a mix of contradictory, inconsistent, and impossible preferences, which is why I think the only thing we can really hope to do is to make it worse.

AI is overal! Zeggen de makers die AI overal in stoppen - De Correspondent

AI is niet onvermijdelijk; ze wordt onvermijdelijk gemaakt – zonder echte discussie, zonder gezonde marktwerking en zonder instemming. ‘Sorry,’ zegt hoofdrolspeler Ava Daniels in de comedyserie Hacks, ‘maar dit is gewoon technologische verkrachting.’