That's why everything running in the cloud runs in containers on a cluster (Kubernetes or similar). If a physical server dies, the cluster control software just drops that server from the cluster. Load management then automatically moves the containers to the remaining servers in the pool. When enough servers are dead they send a tech and a truckload of replacements out. Same for storage: everything's on RAID arrays and as physical SSDs die the array drops that drive and keeps on going with no data loss. Once enough drives in the bay are dead they send someone to swap them out and the RAID controller takes care of initializing them and restoring data from the existing drives as required. It's not uncommon for 30% of the capacity to be out-of-service before replacements are ordered.

They still have to catch up to IBM's old mainframes though. Those you could go in during peak business hours and start pulling and replacing CPUs and memory modules and I/O controllers while everything was live and not disrupt anything.

The language part, true. The problem is dependencies. Any time you upgrade, especially if you're jumping a large number of versions, you're going to have packages your code uses needing upgrades too. Those package upgrades will usually require code changes to accommodate. Some of those changes will require refactoring to handle structural changes needed for things to work right. That is usually where you end up down a rabbit-hole.

I'd prioritize updating Java 8 applications to Java 11 first. Those are going to be the hardest to bring up-to-date with Java 25 (latest LTS), bringing them up to Java 11 buys the most time. Then upgrade to Java 25 starting with Java 17 applications, then Java 21, then Java 11.

Remember that Java 25 will end support in 2033, so plan on starting your upgrade from Java 25 to the next LTS version basically as soon as your last upgrades to Java 25 are done.

Yes. The construction jobs are very short-term, and once built the data centers bring huge costs (financial and otherwise) while contributing only a handful of permanent jobs. Remember, these are lights-out hands-off facilities. They'll employ a handful of security guards and maintenance workers, the rest will all be handled remotely from Malaysia or the like.

True up to a point, and governments are past that point. They can in fact tell companies what formats the government will accept and generate and companies can't afford to just ignore that. And that's actually the first step towards sovereignty: dictate formats that aren't controlled by hostile entities. So, start by declaring the ODF formats the official government standard formats. You'll accept documents in other formats, but you can't guarantee they'll be correctly rendered on your end and you won't put any effort into trying to clean up Word and other non-standard format documents. If they're bad or unreadable or whatever, they'll be rejected and it's on the sender to fix the problem. When you send documents you'll only send them in ODF format, no others, and it's on the receiver to be able to read them.

Internally you standardize on something like LibreOffice that natively handles ODF formats. Anyone else can use anything they want as long as it can handle ODF. Word, BTW, actually does a decent job of handling ODF. Inertia may be a thing, but remember that governments have a lot more mass behind them than private companies. If the government insists and won't budge, any company that needs to do business with the government will slowly come around.

So now NHS has nearly half a million headaches. I'm not sure this is an improvement.

Please, no. Often when writing code I need the API reference and only the API reference. I know what I want to do and how to do it, I just need a quick check of the exact order of arguments or exact symbol names. I don't need to try to sift that out of commentary. Likewise when I'm learning how to use the library I'm more interested in the overall view. I don't need to know the exact names of the options for a call, only what the options are for. I expect the code in the user's guide to be accurate, but I don't want the same things out of it that I want out of the API reference.

Except for the bit where it does that caching for a loop where each lookup only occurs once. Because everybody caches lookups, so that must be the right thing to do (it's the most likely thing to happen) in a case where the cache is never used. Riiiiight...

Something critical to note: intent is the most important thing to document when it comes to software. You can see what it does by reading the code, that's straightforward. What I need to know most, both when writing software and maintaining it later, is why it's doing that. What's it supposed to be doing? Why is it doing it in that way? What were the alternatives and why weren't they chosen? How is it supposed to be used by code that calls it? An LLM can't generate any of that just from the code.

This is why traditionally software libraries have had two separate pieces of documentation: an API reference that details every call and it's arguments and results, and a user's guide that lays out how and why to use the library.

This has been typical behavior for large companies when dealing with vulnerability reports for decades. Report one, they treat you as the problem. They'll try to ignore it, consider it "not exploitable", delay and deflect as long as they can get away with it, anything but address the vulnerability. And they'll never tell anyone the vulnerability exists. This only changes when they have no choice but to admit to the problem and fix it, usually when the vulnerability is being publicly exploited. They push "responsible disclosure" because it includes the reporter not making the vulnerability public until the company has a fix, which allows them to stall disclosure as long as they want.

It used to be enough to just include a reasonable deadline when reporting it, after which the reporter would make it public if the company hadn't taken some action on it. Then companies started threatening and then taking legal action against the reporter as soon as they reported the problem, playing the deadline up as "blackmail".

So, what do you do when faced with this? The only reasonable response is to skip the company entirely and make the details public immediately. You're going to be facing retaliation from the company either way, this way the public isn't vulnerable for an extended time. And yes you include details on how to exploit the vulnerability, ideally via working code, so researchers other than the company can confirm it's a real vulnerability that's actually exploitable without having to take your word for it. No, that doesn't give the bad guys anything because remember the working assumption for vulnerabilities: if a good guy has found it, the bad guys already know about it and are using it. Remember that when the company whines.

This isn't unusual for a cloud environment where services are distributed across multiple servers for performance and resilience. For read/write data the propagation window necessarily has to be short, but for read-only or read-mostly data like authentication tokens the architecture usually favors speed of authentication and resistance to infrastructure failures over fast propagation of changes. Eg., using a pull-based "changes since the last time I checked" process instead of setting up everything for a real-time event-driven process.

The main thing everyone needs to remember about cloud systems is that they are operating in a distributed environment and changes do not propagate instantly to the entire system. The question is whether the propagation delay is acceptably small or not.

Also, do not depend on "we can revoke the credentials" as your primary defense against compromise. That won't help you against use of the credentials in the span between when they're compromised and when you revoke them, if that's acceptable for you then extending that span by a bit isn't an existential crisis. Design your authentication so credentials can't be compromised in the first place, and are as difficult as possible to use from any system other than the one they were issued to if they are compromised. Hardware tokens (Yubikey etc.) have been a thing for a decade now, it boggles me that they aren't the minimum standard yet.

The smart homeowners will add solar/battery to their properties. I'd bet, though, that we'll see a sudden surge of voters pressuring their legislatures to force power companies to give residential service priority over data centers.

The most concerning part should be that the utility isn't auditing it's service. The most basic check is to compare water pumped or otherwise brought into the system against water usage billed to customers. Those two numbers should be equal, any discrepancy indicates leaks or other unaccounted-for draws. Any discrepancy should also be relatively stable, with any large variations correlated to known main breaks. You especially audit things immediately after a major change like bringing smart meters on-line to catch problems like this.

The sticky note under the keyboard or in a desk drawer is actually pretty secure. Most attacks are remote, they've no way to read that note. The social-engineering attacks don't target people who'd go to your desk either, they either target you directly (you already know your password) or support people who don't need to know your password to give them access.

I have to ask, are these platforms even trying to secure their systems anymore? Because I keep seeing of more and more of these breaches, involving more and more platforms, and the attacks are less and less sophisticated. I hear companies talk and talk about security, yet their day-to-day practices require their employees and contractors to violate practically every good security practice and treat the red flags of an attack as normal company practice instead.

Occam's Razor no longer applies, because at this level malice and incompetence are indistinguishable.