Not the person you're responding to, but I also quit my job and started a company that uses Elixir for internal stuff.
It's overkill for some of our problems but it's working fine! We make mistakes, but they're mistakes we'd have made with most other languages.
I did have to buy Pragstudio licenses for anyone using Elixir on the team. I'd prefer a few books, but most Elixir/Phoenix books don't seem like they're keeping up with the rate of change.
Pragmaticstudio is just an awesome starting point for Elixir + Phoenix. I delayed signing up for a long time - wondering if it would be worth the money - but I need not have
Pretty good. The company is jumpcomedy.com and I'm making less money but am much happier. Pair and mob programming have been hugely helpful in sharing learnings and patterns. We only have three developers - all remote. One very nice surprise has been how amazing LLMs are with Elixir, something about a clean functional language maybe, not sure.
Getting feedback directly from production has been helpful too to tell us when we didn't think something through. We don't use branches, everything is a commit to main and every push is a production deployment so all three of us are in the loop on what each other is doing.
Didn't really buy any books but testing and trying things out in LiveBook has been huge to learn the nuances of the language. The LiveDashboard has been great in monitoring things, especially the PostGres plugin for it. The Discord community has been very supportive as well, and the Elixir Forums as well.
I don't remember anything significantly bumpy for about 30 large-ish applications we migrated from 8 to 11, guess the mileage varied. JDK is serious stable stuff.
It's likely already happened, but we will never hear about it. Their attack surfaces will be clustered and broken up, through an inhomogenous distribution of various systems and layers and networks, and the entirety of the system will be protected through disjoint connections, both the intentional and the bureaucratic and structural that follow from the mere fact of being really big organizations. Any particular unit within the whole that gets pwned will have recovery tactics available, but reporting will probably be kept as private as humanly possible, even to the extent of avoiding reporting to government, so as to avoid "damage" to markets, loss of reputation, runs on the bank, and so forth. If they don't have a near instant recovery and mitigation of the attack, they'll be much more likely to pay and recover, quietly, than most other organizations. There are laws and regulations and boxes that get checked to ostensibly hold them to a high cybersecurity standard, but that's a lot of theater and pomp for public confidence over anything practical. Where they benefit is from being able to pay for teams and high quality security personnel and being incentivized to avoid getting hacked.
It's not in anyone's interest to make a lot of fuss or noise in the public eye, so us chickens out here won't ever hear about anything that happens.
That comes with the caveat that the big banks can afford to pay really nasty people to go find hackers and turn them over to authorities, or worse options in more lawless parts of the world, and the public will never hear about those actions either, which disincentivizes the hackers. There are easier ways of getting more money with less risk of catastrophic personal outcomes, with the technical difficulty of even attempting anything serious filtering out the impulsive and stupid.
Just because you never heard about, say, the BancoEstado ransomware attack doesn't mean it was covered up. It's actually pretty much impossible to cover up impactful ransomware events for several very obvious reasons.
For sure, but these are the level of organizations that have PR firms on hand to put in a lot of work to suppress news, to frame things in as bland a manner as possible, to use all the available tools to ensure that even if things get reported, they're noticed as little as possible. Authorities often work with them to suppress and gag reporting of specific institutions that get hit, for a variety of reasons, but obviously including corruption - it's easy to convince politicians that they don't want pension funds or mortgage lenders or whatever to take a hit from negative publicity.
Over the last 5 years, dozens of huge financial firms - banks, hedge funds, credit unions, mortgage lenders, etc - have been hit, and about 15-20% pay the ransoms.
Even if public notice is mandated, there are probably cases where it's an obscure notification on some official government website, or a 3-4 page deep "announcement" on a company page phrased to look innocuous and routine. "We experienced a cybersecurity incident which was resolved" or what have you.
It's fairly trivial for them - routine - to cover things up, right out in the open, and with the speed of the news cycle, it's only gotten easier.
We should probably mandate disclosure by big corporations, institutions, and banks through a glaringly obvious, top half of the front page of their website, blunt declaration for 30 days, with a government page listing incidents and responses for 5 years. "XXX Corp was hit by ransomware and paid $123 in bitcoin to the APT Group AwfulAsshats"
Mandating by law that ransom not be paid puts the onus of maintaining proper disaster and ransomware recovery on the insitutions - if you're handling a huge scale of resources, you're on the hook for responsibly managing your employees security and livelihoods, your users and customers assets and data, and not incentivizing ransomware as a viable avenue of attack. If you can't handle the responsibility of securing against ransomware, you've no business handling people's data and money, frankly.
This would wipe out a whole slew of nonsense businesses, I think.
"Bank runaway" and "Loss of confidence in markets" does it.
That works for your country. Why aren't banks in smaller countries affected? Their security is not good, and markets aren't important.
In Costa Rica there was an incident where the equivalent of the IRS was held ransom and the government didn't pay. (Thumbs up to them.) Again, why doesn't that happen to banks there?
Depends on the confidence and appetite for risk of the leadership, what they're instructed to do by boards, what they think they can or should get away with. If it's a hesitant political creature who wants to hide weakness it's going to be much different outcome than a strong leader with a principled stance, like Costa Rica.
Lots of shitty behavior is grounded in what weak people imagine other people will think of them, and them bending over backwards to hide and cover up and obfuscate. Those are the ones that pay ransomware gangs, and they're also the ones that don't plan ahead and prepare responsibly.
Luckily, the Venn diagram overlap of black hat hackers and greying IBM mainframe programmers who understand things like JCL, RPG, COBOL and VSAM is a very small one indeed.
GoatCounter is an open source web analytics platform available as a free donation-supported hosted service or self-hosted app. It aims to offer easy to use and meaningful privacy-friendly web analytics as an alternative to Google Analytics or Matomo.
