179 posts • joined 25 Oct 2007
Re: Predictable and not going away
Asking when rather than if your systems were/will be compromised is good security practice.
So your strategy is to make life as hard as possible for miscreants once they are in. One useful tactic might be to avoid (presumably) unencrypted password stashes called things like Extranet Oracle & SQL passwords 4.3.06.txt.
"it arrived at its decision using magic"
That is a very neat way of describing what most of my customers think. Being a developer of custom business applications, something I hear often is "shoudn't it just do that?". The "it" in the sentence is the key word. I will forever be amazed at how hard it is to explain that "it" does nothing except that which we tell "it" to do.
Ask the developers of climate models whether they really believe that if they just had enough data, if the data were *really* big, the truth would emerge ... as if by magic.
A significant minority of victims change their behaviour after becoming victims. For example, nearly half (45 per cent) opted to shut the stable door after the horse had bolted and 42 per cent report being extra vigilant to avoid a second lightning strike.
Didn't know I was so popular ,,, or controversial.
Pah! Lotus 123 ... modern drivel. SuperCalc, now there's a real spreadsheet.
I bet they make each other produce a current STD test certificate before they feel able to undertake their act of enclosive sexual intercourse.
The possibilities are endless
Accident and Emergency : OpenWound
Geriatrics : OpenGrave
Maternity : OpenLegs
Maternity (for the the executive with a meeting to get to) : OpenSunroof
Plastic Surgery : OpenChequebook
Pharmacy : OpenAllHours
Breaking news - Ukraine crisis over as Putin killed by high velocity frozen pint of British beer. President Obama, currently in Cardiff for the NATO summit, said "I wanna thank you guys. We got carriers and aircraft coming out of our asses, but it takes Brit genius to truly kick ass. Just like WWII." David Cameron couldn't comment. He was chillaxing having just downed his eighth pint of Brains SA (god no).
Re: Misuse of Word
The meaning of hacker in popular language has come to be the same as cracker. The two are now pretty much interchangeable. We the congoscenti will either have to find an alternative to replace the original meaning of hacker. How about code artiste or vim jockey or extreme keyboarder or even god forbid programmer? More likely we'll just have to be smug in our superior knowledge.
If I'm talking to a non-technical person I always say hacker when I mean cracker. Life's too short to fight the crowd on something which makes no difference to anyone.
Language does change. The meaning of gorgeous is literally "like a pile of of gore". How it got to mean beautiful over the aeons is anyone's guess.
It says "I woz 'ere" and "Kev 4 Shaz 37000BC"
Now a year is not exactly 365 days, but if it were then that would be 525600 minutes. At four nines that allows for an outage of 5256 minutes or 87.6 hours. SLAs calculated on an annual basis are worthless. The same service level would allow for an outage of 7.44 hours before being triggered if worked on a monthly basis, which is more reasonable.
All of the above is of course meaningless if there's no (or trivial) compensation in the event that the service level is breached, which is the case with most SaaS offerings.
One must not however confuse SaaS with cloud. It's quite possible to get a robust infrastructure in the cloud by using two or more infrastructure providers and installing your own business software. That's why SugarCRM is infinitely preferrable to SalesForce. You are in control be it in the cloud or on your own infrastructure.
Re: Makes sense
I agree. It's certainly unlikely and it does sound too simple. But it fits. Each time they switched from their emergency site back to the full site the thing died, presumably because the missing cache caused a database overload. So they then switched to the emergency site for several hours, probably to restore the cache from a backup, meaning it wouldn't have to be rebuilt organically.
Fun as it is shooting in the dark, it would be rather nice for the Beeb's technicians to provide El Reg with a full explanation, so that we can all take away the learnings (you've no idea how much I hate that phrase but I'm sure they use it a lot at the BBC).
It would make sense that if the cache was wiped, the load on the database servers would suddenly shoot through the roof as every request would have to be served from the original metadata. The cache failure may therefore be the root cause of the problem, not a coincidental second problem.
Re: Real portrayl?
Could have been worse. They might have gone the whole hog and cast Johnny Depp as Turing. Mind you, code breaking is probably about as close to swashbuckling pirate activity as boffinry gets.
Re: The exact location of Rockall
It's easy to find. It's right in the middle of Fuckall.
The most astonishing single thing here as that the server logs were unavailable. How can you do any kind of system administration, let alone security, without log files?
You're a braver man than I Mr MacLeod. After 170 downvotes and rising on 3 posts a weaker spirit may have quit while he was behind.
I sort of see where you're coming from and you're right, we haven't found our next door planets teeming with life and we haven't had any radio signals from nearby starts, but that's a very small neighbourhood. The odds are very good indeed that in the whole universe there is other life somewhere. Probably lots of it in fact. This does not preclude the chance that Earth contains the only life in the universe, but that's a vanishingly small chance.
To use a famous quote from one of Capaldi's other legendary characters :
"If some cu*t can fu*k something up, that cu*t will pick the worst possible time to fu*king fu*k it up cause that cu*t's a cu*t."
Having skimmed their website, at first glance this looks to be very nice stuff. In many ways it helps address the main criticism of running your stuff on cloudy infrastructure, namely the dependence on a single third party whose operations a opaque. You can run CoreOS instances all over the place, say Amazon, Rackspace, Google, and on your own hardware in your own DC and use the whole lot as a single cluster. With Docker in the mix, I'd say this is well worth keeping an eye on.
Re: What happened to GAGA
If you ask the guys at Indego, they'll tell you that theirs is a lot less bovver than a hover.
That's just utter bo**ocks. This has nothing to do with the cloud and everything to do with truly dreadful system administration. It could just as well have happened in a private data centre as on a cloud service. Cloud services may have their faults, but this is categorically not an example of one of them.
The next big thing
Is unknowable and is more likely to be born in a garage in Milton Keynes than in a creative co-working space in Shoreditch.
I cannot however argue with those who are lapping up the gravy. I would. It's those who are pouring it that are to blame.
Research has found
That a new born gnat grows at a faster rate than a full grown elephant.
Re: First modem
9600 baud (I know that doesn't exactly match bits per second). I missed a 1024 out, so it's actually 44,739,243 times faster than my first modem. I think.
If my sums are right then that's about 43690.67 times faster than my first modem. Blimey. Is my life 43690.67 times better for this technology though? Probably not.
My thoughts exactly. Looks more like a pretty untalented unenthusiastic bloke with a copy of Photoshop's impression than an artist's impression to me.
What's all this two weeks business? You've either got an infected machine, in which case you need to clean it up asap, or you haven't in which case you don't need to clean it up.
Nothing has changed in terms of the measures a sensible end user should be taking to protect themselves against these and other nasties. Run up to date software including anti-virus, don't open unknown attachments and the rest.
In fact, apart form shutting down a couple of command servers, which in the greater scheme of things is irrelevant, and convincing some idiot to headline their news with it, nothing at all has changed. There are nasty things out there and there always will be, so protect yourself.
I completely don't understand what this whole thing is about. What am I missing?
Re: Ubiquitous passwords
Never mind over the phone. What if you walked in to a physical shop (I know, SO last century) and before they allowed you to buy anything you had to give the the shop assistant your full name and email address. You just wouldn't do it.
Inflatable balloon that goes like a rocket, but with high endurance, and delivers a large payload at the end of it all. Hmmm.
Build brand loyalty by developing trust, by communicating, and by providing exemplary customer service. People expect stuff to go wrong, it's how a company deals with problems that matters.
We use Rackspace over Amazon because their motto is Fanatical Support, and they mean it. In the ten years that we've been using them the odd thing has gone wrong of course, but the support has always been first class.
Don't pretend your rubber dog turd is better than the next guy's rubber dog turd. Instead, supply it with a smile and savour the whiff of success!
If "the cloud" refers to virtualised computing environments, be they private, public or hybrid, then I am a fan.
Containerisation is an incredibly powerful tool for the development and delivery of applications in the virtualised world. Docker appears to have found a way of bringing containerisation into the mainstream. If you haven't looked at it yet, it is worth having a look. https://www.docker.io
All the signs are that this is not simple spoofing
I've been getting spam from AOL users. But it's from people I know and the other addresses on the recipient list are to their genuine contacts. This means their account has been compromised in some way rather than straight forward (and far less serious) spoofing of their email address to send to random recipients.
If there's one thing the Mounties should know, it's no use shutting the stable door after the horse has bolted.
Re: Security? Licenses?
It all boils down to trust. The biggest issue of trust for a company is the level of trust it puts in its employees. Far and away the greatest cause of data security breaches is accidental or deliberate action by an employee.
One example is the use of unencrypted emails as the file sharing mechanism of choice both within a company and with the company's customers, suppliers and partners. It doesn't really matter where your email service is or how tightly its security is locked down. Sensitve data is routinely launched in the clear, into the wild.
Now add BYOD smartphones and tablets and things get even more interesting.
A company with substantial in house systems puts a particularly high level trust in its IT administrators, who can, and regularly do, make mistakes, or worse, deliberately sabbotage systems or discolse sensitive data. Hell hath no fury like a sysadmin sacked.
Where a company's systems physically reside, other than the obvious data protection constraints on geophraphic location, is in many ways the least of its data security worries. In this respect, the use of an enterprise class cloud service is at least as good as using your own data centre.
Re: The dinosaurs live
I too have worked through (most) of those phases and qualify as a dinosaur myself. We've still got mainframes, UNIX systems, Windows servers and very probably DEC VAXs (although I haven't seen one in a while) and will have for a long time to come. What experience has taught me is that a great many new things have a lot of value as an additional tool, not a replacement one. I see farms of virtual machines, both in their private and public forms (Infrastructure, Platform and Software as a service) as pretty awesome things to add to my armoury.
Risk assessment, DR planning, performance management and the rest of it are perennial problems whatever mix of platforms you choose, and it is in these areas that experience counts most of all. You have known the heart stopping bowel moving panic and you have learned from it!
The dinosaurs live
Move my in house applications from a mainframe to a VAX ... never!
Move my in house applications from a VAX to a UNIX box ... never!
Move from terminals to PCs ... never!
Move my in house applications from a UNIX box to a Windows server ... never!
Move my in house applications from my network to the cloud ... never!
Worried about a 2e2 (who were more of a traditional outsourcer than a cloud provider) then use two providers and replicate your stuff.
Worried about trust? Well, as a sysadmin someone is trusting you. Why are you trustworthy? What SLA do you personally give to your company? Are you close to a breakdown? If you don't perform, how many years salary do you have to pay back to your business?
There is nothing new in the cloud. It's all simply about realising the economies and flexibility of working at scale.
Re: Science is amazing
I take it you didn't pull.
Jonathan Porritt once gave a lecture at my school which he opened with something along the lines of "I expect you think that we greens are all a bunch of woolly hatted lentil stirrers". In the intervening years (of which there are far too many), apart from not actually wearing a woolly hat or publicly stirring lentils, he has done little to convince me that he is not.
"in the event the doomsday box system goes titsup"
If the BRASTRAP can go titsup, then there must also be a system component called JOCKSTRAP to allow for the inevitable cockups.
In a nutshell, a Docker container contains an application *and* all of its dependencies. So say the application depends on a LAMP stack with specific versions of Apache, MySQL and PHP, you wrap those versions into the container. You can then move that container to any VM or physical server without worrying what the AMP versions are on the base install of the VM.
This is a huge step. Currently if you want to move an application from one VM to another, or you want to run mirror servers, you first have to build a second VM to the same specification as the original in terms of application dependencies. Even with things like chef and puppet this can be a time consuming task. Linux containers abstract away that problem without (so it is claimed) a significant performance overhead.
Re: Wan side access to the router
I think "in this day and age" sums up the problem, which is that most of these routers were purchased in another day and age, and haven't been touched since.
Re: Oh the security....
Excellent post and all good points.
The resources required to do what you say in house are significant and are realistic only for the size of business that has always been able to run complex systems in house.
The promise of cloud based services is to bring some of the benefits of complex business systems to companies that have no prospect whatsoever of being able to afford to deliver them in house, namely SMEs and startups. For those businesses the choice is either to use the cloud or to become progressively less competitive, and eventually die. The risks you describe are, for this class of company, unavoidable risks of doing business. What they probably need is a bit of consultancy from someone like you who understands the risks of the cloud and can help to mitigate them.
"All state information security systems were unprepared for such a brazen violation of the law."
Aha I see .... their security systems were only prepared for the more friendly kind of aggressor who does not brazenly violate the law but asks politely whether he can invade your country, and certainly wouldn't tamper with your phone systems unless he had your explicit permission.
Re: Wot no SLA
Given that six nines amounts to 2.6 seconds of allowable downtime worked on a monthly basis, you may aswell guarantee 100 percent. If you miss 100 you're almost certain to miss six nines, so as a supplier you are not in reality exposing yourself to higher risk.
Re: Test subject
Firstly a rather crass remark that you've made. Secondly, it's just under 80 for males, and only for males that are born today. For males born 80 years ago the life expectancy was considerably lower, so I think in this case, he is well ahead of average.
My old man smoked like a chimney, drank like a fish, ate like a king and died at the age of 69 - a very happy man!
Timing is everything
Just when Samsung are ramping up their efforts to break free from the chocolate factory. Tizen (tizen.org) it seems is the new Android. If they can do it, this would surely be a very good thing given the average consumer's current choice of being locked in to one of Apple, Google or Microsoft.
A tip if you want your blog comments to be read. Keep it brief, essays belong elsewhere. I skipped your comment.
"According to EMC, the staff cuts are down to its internal rejigging to decrease the effects of back-end loading of customers orders in each quarter."
Eh? What? There is a fine line between english and gibberish, and I think that in this case the line has been reached, crossed and left a few miles behind.
This is a clear case of a 42GB memory stick being illegally converted into a 42DD mammary stick with optional encraption (altough I'd go for plane text if I were you).
One million lines of code
That's an interesting defence. "Look mate, this system is huge. It cost loads and loads of money. It's so complicated that my head spins just thinking about it. So, when it fails I want it to fail big! No trivial little glitches that nobody even notices for me - oh no. Ask the banks, they understand. If you've paid for serious software then you want to see serious failures. I want my money's worth."
- Product round-up Ten excellent FREE PC apps to brighten your Windows
- Review Tough Banana Pi: a Raspberry Pi for colour-blind diehards
- Product round-up Ten Mac freeware apps for your new Apple baby
- Analysis Pity the poor Windows developer: The tools for desktop development are in disarray
- Chromecast video on UK, Euro TVs hertz so badly it makes us judder – but Google 'won't fix'