Hacker News new | ask | show | jobs
by shadowgovt 772 days ago
Different issue. In that case, the vendor had given some guarantees of consistency of data across network nodes that the network didn't actually support. Because there were guarantees, the law went looking for horses instead of zebras, and the "horses" in this case were that only a few people had admin rights to mess with the transactions and the audit logs.

... but in reality, no human was messing with those; system bugs were dropping or duplicating data. The government should not have trusted claims of a third-party without independent auditing they controlled (and, ultimately, I think that's the takeaway that all governments should be taking from this disaster).
1 comments
DarkmSparks 771 days ago
dropping and duplicating data is exactly the symptom you get from not sanitising aprostrophies in your data correctly.
link
shadowgovt 771 days ago
Not at all. If I understand correctly, the failure to synchronize was a fundamental flaw in the the networking code and had nothing to do with the payloads inside the networking code.
link
DarkmSparks 771 days ago
that could still be ' handling,

try to sql

(`type`:'express post',`from`:'st mary's street',`value`:'50')

and it will drop the value field, throw an error, and quite possibly duplicate several type and half filled froms depending on how the error handling is done.

This article is basically admitting its cheaper to change the street names than unfux their buggy software, so something is up. what are the other options that meet that criteria?

link
shadowgovt 771 days ago
The software glitch that was involved in 1,000 people being arrested had nothing to do with street names.

By this point, the flaws are pretty well-documented. If you find anything in the reports about handling of apostrophes, feel free to cite it.

The underlying communication protocol from node to node wasn't even SQL; it was an XML format called "Riposte." There was, perhaps, SQL involved in eventual account database updating, but issues had occurred in message transit even before that phase, and it's those issues that led to account reconciliation errors and (incorrect) charges of fraud on the part of the subpostmasters.

link
DarkmSparks 770 days ago
source for it being well documented? xml suffers apostrophe issues to.

https://www.theguardian.com/uk-news/2024/jan/09/how-the-post... says As early as 2001, McDonnell’s team had found “hundreds” of bugs. A full list has never been produced,

seems almost guaranteed to me it had apostrophy bugs.

link
shadowgovt 770 days ago
Source for it being identified as a root cause of the Horizon issues.

As far as I can see, there is no evidence that it was.

link