Posts by sugerbear
77 posts • joined Tuesday 5th January 2010 19:53 GMT
[quote]The first question a PwC (or any other 'management') consultant asked to carry out such a review will ask is: "What would you like the answer to be?" [/quote]
Hello Mr Fox, can you investigate why all my hens have disappeared.
Also telling that the senior (mis)management cant work out the causes of the problem themselves without squandering more cash on the problem. Do they actually have any IT experience or are they just managers who manage so far removed from the actual workplace that this kind of thing happens (and rinse and repeat).
Less Basil Fawlty
More organised scam. The parking operators used to employ people to collect money when people left the car park. In the name of decreasing costs they went over to automated systems and then the racket of towing and clamping anyone unlucky enough to be in one of their car parks without a ticket.
They could always go back to the man in a shed approach but I guess the revenue from charging people who dont pay or overstay, however % small that is, is worth more to them.
The "tickets" they send are just an offer to pay. So I choose not to.
Good price
Really good at this price, maybe B&N should have sold them at this price to get a bigger market share first of all.
Always playing catchup with Amazon/Kindle.
No mention of IMS
Moving from IMS to CICS was more open heart surgery with a brain transplant thrown in. CICS is the devils work.
Anyway, I know plenty of people that are mainframers in the age group of 35 - 50 but unfortunately their jobs can be done offshore much cheaper so no one is going to be hiring them anytime soon unless the whole offshoring industry collapses in a heap.
I would love a job back in a COBOL/DB2/IMS or CICS support role but i think the time I have spent away 4 years ish and my age of 40+ will mean that there really is no way back into IT unless there is another round of year 2000 type work.
I can write all sorts of complex SQL but I cant find a role that needs it solely. I must be looking in the wrong place.
Re: Problem?
[quote]I'm a self employed company director...[/quote]
or your full title... Powerfully built tax dodger.
Mike Errington's head on a plate?
Is Mike Errington still in charge of their IT?
If so he needs to be renamed Teflon, because the brown stuff certainly isn't sticking to him.
How much
That is all that matters.
A better question
Dear HP shareholders. Your board paid way too much for Autonomy. Where does the buck stop?
Apple to buyout Adobe..
Just a thought, wouldn;t be the first time that a company has brought in someone before taking over. They have a lot of cash swirling around in their bank account. Adobe have lots of "creative" software. Plus Apple could effectively kill flash once and for all withouth any chance of it re-surfacing.
Nothing mind crippling about any programming language.
You use the tool that is best suited for the job.
The arguments set forth here are like a bunch of carpenters trying to argue the merits of a drill over a router.
If you cant get your head round cobol then maybe you just aren't cut out for a career in IT (I have written in Pascal, C, c++, java, cobol, zos assember).
Oops I did it again...
Another piss implementation.
I wonder who was involved this time
Re: So...
ok. The worst that could happen is that the trader will know your PIN number. He may also know your card pan number and its expiry date. But the reader wont know what is on the magstripe (which is good, cant be cloned and used in the US).
Without the physcial card the info the trader has is useless. The generated cryptograms rely on (amongst other things) the application transaction counter (which is held on the chip) which is unique to every transasction.
So I understand peoples reluctance to use something that looks odd, but because it's chip it is much more secure.
Re: A certain Pin/Chip reader manufacturer ...
Unfortunatly you are being very selective by choosing a card (not Visa/MasterCard/JCB/Discovery/Amex) with a well known defect.
So please please please, take a bank card from the UK and clone ALL of the chip data (software, keys etc).
When you have done you can then post about it.
Mr Einhorn is correct
He is spot on.
Apple are under the impression that they can utilise the 100+ billion they have in reserve better than the investor (who own the company) can. The board of the company work for the investors.
if Apple need cash to purchase something in the future they can quite easily borrow from either their investors or a bank.
Mr Einhorn is saying is that he and other investors can better utilise the captial that Apple have sitting in their bank account. They want Apple to return that captial to the shareholders in the form of new shares of dividends.
He is spot on. Any company that has captial that is just sitting there doing nothing year after year is doing a diservice to their investors.
[quote]What about the man-in-middle attack reported last year (arbitrary pin can be used for purchases at an EMV terminal with a stolen card) rendering security put in place by such a system rather moot? OK granted it does require physical access to the card.
[/quote]
That attack doesn't work on all card, only where issuers dont have the correct rules in place on their auth platform. It certainly doesn't work on ATM's (where the PIN is sent online) nor does it work in countries that only support online PIN. And if the issuer issuer checks the CVR correctly (Which is signed by the chip and verfified by the issuer) then you certainly cannot bypass the PIN.
Clone a chip
A bit pointless trying to "clone" a chip transaction because the information is dynamic and one time. Much more of a problem for magstripe cards or where the terminal is used for card no present transasctions.
Re: Talk about stating the obvious... @Def
Ok I will bit and call B@llsh!t. Every single one of the IT contractors I know set up as a contractor for the sole reason that they receive more income and pay less tax. Deducting travelling/accomodation costs associated with working somewhere and being able to employ your non-working wife was also a great wheeze unavailable to PAYE employees.
All well and good until the IR realised that more and more people were avoiding income tax by playing "pretend" contractor and were no different to a normal employee that changed jobs every 6/12/24 months.
90% of IT contractors are not really contractors. They are just PAYE employees that change jobs more frequently. Businesses like them because they pay less tax and are easier to hire/fire.
I think it would end badly for you. It's the balance of probabilities and how beleivable you are in court. Trying to be a smart arse in court will alienate you from the jury and a lair normally gets found out. "it must be corrupted officer" excuses if found to be untrue will be reflected in your sentence.
To think a highly skilled hacker/cracker whatever manages to infiltrate networks and launch DDOS attacks but then the file the police are trying to unlock is corrupted ! Any decent barrister will be able to show either malicous damage or wilful obstruction.
Anyway, I have several dead bodies locked in a safe in my home and there is absolutely NO WAY that I am going to incriminate myself by giving the police the combination. I have NOTHING to hide ;-)
Bailing out 6 with six months to go.
Is it..
A) because they have found a much better contract
B) because they dont want to be anywhere near the project when it goes live.
Re: A 6-digit PIN gives 'emergency' cash to anyone who types it in
This is what I would worry about, the chances of guessing are 999,999 to 1 but if enough people use it then there is a fair chance that at some stage someone will guess one correctly.
Why not enter you account number or some other reference no instead (maybe your DOB even).
Re: Chip+PIN / ATMs
Hello America and your backward magstripe technology :o)
You are wrong though. EMV is used in ATM transactions, the difference is the PIN is authenticated at the issuer/processor. The US uses magstripe but only becuase they have such a fragmented market and no one to drive the changes other than the schemes (which will eventually happen between 2013-2015).
If I had the option I would do away with the magstripe on my EMV card but there are still some terminals that use it (before reverting to the chip).
[quote]Conservatives traditionally only support state intervention in cases of market failure[/quote]
I nearly fell off my seat laughing at that statement. They are quite happy to support their friends/relatives/business associates and their associated businesses. Especially if the relationship involves sponsorship of the party !
Might not work with the majority of EMV cards.
I look at the article and I beleive the attack is only possible with older static data (SDA) type cards.
The problem with Cambridge is that some of their research is based on old tech standards, but there are are still some SDA cards in circulation (because they are cheap). I have not had a chance to check yet but to correctly guess the cryptogram on a DDA (dynamic data authentication) card is impossible as the chip generates its own random number so seeing two transasctions with the same ICC random number would highlight a cloned card.
There are also other technologies such as the ATC count so again cloning is made difficult if the card hasn't been stolen.
As with all tech, someone will eventually break it but as long as it isn't cheap/quick then its still worth employing.
Paywave and Passpass incorporate even more complex cryptogram generation CDA which makes the duplication even more very difficult.
But dont let the above get in the way of a good story and worry mongering :o)
My document is out next week.
Next week I am also releasing a 60 page document. It will explain that banks have failed to invest in the one key asset that will in future prevent the global banking system from collapsing.
They are called employees, but most senior managers probably refer to them as excessive operational expenses.
No worries
All my data is safe in the cloud...
I suppose people should be gratful it didn't just wait to run out of money and some honking great repo man pulled the plug overnight and sold the servers on ebay.
Clouds. Love em.
[quote]We'll be simplifying the batches and tightening procedures a bit.[/quote]
I cant see that ending well.
See my previous posts. No change, no blame and more red tape ;-)
Re: what about the money
[quote]I'd say primarily a bank's business is making my money grow, and not losing any of it.[/quote]
The primary role of any business is to generate a profit. Risk, IT and so on all flow from that primary goal.
If you are shareholder, then I agree. Growing the share price and dividend are the primary objective of a publicly listed company. Growing turnover/market share count for nothing and are just vanity unless they can be turned into solid income (and profit).
As a customer the primary goal of any bank is to minimise the amount they spend on you, whilst making you generate income. They will be doing everything they possibly can to ensure your money grows as slowly as possible, because the margin between what they pay you as a saver and what they lend out is where their income is generated (actually probably a lot less reliant on you as a saver as they have the money market to borrow from so even less incentive to pay you anywhere near a competitive rate of interest).
On a side note, co-op premier account charge of £13 a month is pretty good I think for mobile phone insurance, worldwide family travel insurance, European RAC breakdown cover, £300 interest free overdraft.
Good article
Mr Chan, has in my opinion, hit the proverbial nail on the head.
The middle layer of management never seems to get mentioned, it isn't Mr Hester that is choosing to take risks by de-skilling the workforce but it will be his targets that are causing the problem. Required reduction in IT costs = Management finding an easy fix = ship the development off to a cheaper country whilst retaining their own jobs/salary/bonus.
It is the middle management layer that has failed. They chose not to listen, they ploughed ahead with changes and it has cost the company dearly. Given the culture at RBS, no one questions their boss above project manager level. If you did then the end of year rating system was used as a big stick.
I have said it before but the outcome of any review will be "more control". It wont point the finger of blame at any management strategy, it will be just an extra layer of change control that slows the development process down even further.
Re: Absence of evidence not equal to evidence of absence
But they do have a way.
If this was a problem then merchants and acquirers would be seeing a significant number of chargebacks where no authorisation had taken place.
(I am guessing that this "attack" makes the terminal believe that a transaction has authorised the transacton offline). There are also floor limits in place so that even if a chip card authorises a transaction offline the merchant must send it online for authorisation (or else take the hit for the chargeback).
Also sounds like its aimed at a very specific terminal or acquirer (with specific software).
The issuer (and cardholder) of the card is covered in this instance because the merchant/acquirer wont have obtained authorisation and the chip card itself wont have issued a genuine transaction certificate.
Might ?
Seems a like of "might and maybe" in the article.
Why no specific details on how this type of attack would work ? There are lots of different terminal implementations and lots of different versions of software.
So until they can demonstrate going into a retail shop and buying something then i am afraid that it all sounds a bit like scare mongering and the desire to make a name for yourself (or your consulting company wink wink).
Cockups happen
I have made plenty of cockups in my career, luckily none of them happened in an operating environement. Doing stupid stuff like DELETE * FROM CUSTOMER_DB ; WHERE CUSTOMER_ID = 5 ; (see the misplaced semi-quote, you just deleted the whole database) are much less likely to happen when you have two people, one to check the work and one to signoff. Errors get picked up BEFORE they impact the live environement, that is why you have senior developers and change management. They are there to gate keep the idiots under them.
Problems can occur for any number of reasons, but not checking what people do (ie slashing resources ) and given them root access to your o/s or god privilages on your database seems like the perfect way to end up in sticky position. Often the root cause isn't disaffection, malicious behaviour, its just fat fingers and the right (or wrong) user privilages.
I have only ever once come across one deliberate attempt at sabotage when a developer tried to add a timebomb into some code. No idea why he did it (I think his contract was coming to an end and no renewal possibly) because it was picked up when someone QA'd his code. I have also heard of code being altered to adding malicious code to extract card numbers, again picked up in QA. If you dont have checks and controls you will eventually come unstuck.
If you get to the stage where you have to call someone to interview you have already failed as a manager and deserve to be put out to pasture to find your next "opportunity".
Racists!
The only conclusion that I can draw from not choosing to go to India with a camera is that Capita are rampant racists (not a version of linux in case you were wondering).
They just want nice middle class whites to be in the company brochure.. People of the Indian Help Desk you need to rise up and stamp out this sort of behaviour.
how long can hester hold on
Bob Diamond has made the news again so this story wont be appearing in any headlines, but given that RBS will be fined in the few weeks/monhts I wonder how long the CEO of RBS can hold on.
I imagine there is a change freeze from now until the new year with only regulatory changes being the exception.
Isn't it easier just to pass the blame around
Batch services can blame the implementation crew
The Implementation crew can blame the developers
The developers can blame batch services
.. and repeat.
With so much blame being passed around senior managers wont actually know who to blame.
Actually, I know the best thing to do is to keep your mouth shut. And then counter by claiming victimisation, bullying, stress, overwork, you can always throw in some blackmail as well.
Another point (and I think a very good one) whoever was responsible will know that if they do get the push they will be in line for a nice 6 figure sum from one of the weekly rags. Max Clifford is very likely to be your best friend. Just make sure you come out looking the victim. (Nick Leeson didn't do too bad).
Re: Is it legal?
And RBS set it all up nicely.
First they had an arbitary downgrade of all grades at the end of the year. They also had the bell curve, what this did was to put a lot of staff that came in and did their day to day work but didn't want to get involved in office politics or career advancement or working stupid hours into the "failing" category. It also put people that would normally have got a bonus into the "no bonus" category. We were also told that anyone getting two consecutive two's would be "managed out". (good bye payoff). No one understood the rating system either as they were given behind closed doors.
A lot of staff in their fifties were entitled to full pensions with no penalty for leaving early (ie get the pension at 50 odd that you would have got at 65). We also got a payoff of something like 3.5 x number of years service = number of weeks pay. If you were retiring you could put that lump sum into your pension and then claim 25% of your pension pot tax free. So a bloody good deal.
So generally anyone with long service who was over 50 jumped at the chance, the first wave was fully subscribed.
Anyone with with long service and a decent work history also went, it's just a case of incentivising people of else making it so miserable to work there people volunteer to leave.
It looks good for RBS because very few people have to be made compulsory redundant and they can spin the line that everyone "wanted" to go where as if they gave everyone their notice then there would be headlines in the national paper.
Glad I got out in the first wave ;-)
Re: RBS Management
Because come hell or highwater the head of IT was going to reduce the staff costs. And he based that decision on the fact that UK workers cost x and India workers cost y. And because Y is about 1/4 the cost of X that made perfect sense. They both do the same job after all. Anyone can be taught to programme, anyone can be taught to run a batch schedule. and so on.
By reducing staff costs he would have been seen to have made a massive dent in expenditure and would no doubt have given him a nice leg up in his accent to the boardroom and his bonus is very likely to be linked to cost reduction and increased output. Manday cost were about £400 for a UK and about 1/4 of that for non-uk workers. Imagine reducing your costs by 75% and with ZERO impact on your business. What could possibly go wrong.*cough*
I am sure that execs rationalise the negative internal comments by linking them to the UK staff fear for their jobs. So anyone that suggests the outsourcing is a bad idea either gets sidelined or kicked out early.
Too much ?
Price point - anyone think it is too high ? At nearer to £100 it is worth it, once it starts moving up to the £200 level it is no longer such a good deal.
I have a 7 inch android tablet that is pretty good for reading/emailing, had hdmi out, plays games etc, ok the battery isnt great but it only cost me £80 and has a micro sd card slot thrown in.
Why include NFC then exclude a microsd slot ? No one is going to pay for stuff using NFC on this device because it isn't a wallet sized phone/card. and you can pick up a microSD card with NFC built in.
Looks a nice display and I am sure it will be quick, just doesn't tempt me at the price.
RBS to sue CA
According to the FT RBS is considering taking legal action against CA. Unless CA were actually managing the change I dont see how this would work.
Being a cynic I would say that the RBS PR machine is again at work trying to throw some mud around in the hope that some of it sticks.
Of course if they do it really will be a "drains up" moment for RBS if they press, so not a bad thing. I suspect it is PR bluster.
http://www.ft.com/cms/s/0/b03dd574-bf8e-11e1-a476-00144feabdc0.html?ftcamp=published_links%2Frss%2Fcompanies%2Ffeed%2F%2Fproduct#axzz1yvaWQwnl
Re: Sounds like they need...
Or Sanjeet couldn't find the UNDO button...
err...
"It's an example of astroturf".
I think they mean astroturfing.
Unless google is demonstrating an artificial grass surface.
Failure linked to the policy of Mike "offshore" Errington
If anyone is to blame its the man named above who started the whole process about five years ago.
Wouldn't listen, didn't care, you would think he was only interested in securing his own bonus (or he had shares in infosys!)
I wonder if he is feeling the heat now....
Re: If only.....
[quote]"I have no evidence of that. The area, if you like, the UK backbone, has received substantial investment."[/quote]
what UK backbone ? It was all outsourced to Chennai. Unless the investment is the money they used to pay the IT staff off (or maybe the money they pay monetise to manage their mobile applications).
Here is a CEO that doesn't have a fucking clue or else his reports are lying to him. If I were him (thankfully I am not) I would be looking for a new CTO because the ones he has aren't going to finger themselves in any blame.
Utterly clueless. And very likely to be found out when reporters start digging.
Re: Not convinced
It is easy. If on the first night of your batch run you miss a few input file and it isn't picked up until say the Tuesday afternoon (and let us say for example your support staff who specialise in CA7 had left for the day), you would be into Wednesday before you could be anywhere near identifying what the problem is and what caused it and what was missed the previous night. Then you have to fix the problem and work out how you are going to get the missing transaction into your batch file (they would then most likely reject because the batch header didn't have the correct day on it .. and so on..)
Of course all the time its getting escalated and people want answers, so that delays the fix because they dont want the fix screwing up something else.
Re: It seems entire nation is waiting for El Reg readers to tell them whats going on
Ex RBS here. From what I hear (Allegedly) it was an upgrade to CA7 that someone screwed up. CA7 is a bit of software that runs your batch jobs and allows you to add dependencies and start jobs to a stream of batch programs. If you fo' that up you effectively stop your bank working.
Now given that there hasn't been anything similar in the past 20 years at Natwest (which used OPC but lets not get bogged down in detail, they both ran big mainframe shops, Natwest much bigger and RBS didn't have the resource to complete the migration on their own) you can either guess that BMC left a bug in CA7 that only occured in when RBS ran the sofware and had failed to be picked up anywhere else on the plant.... or... someone who didn't know what they are doing cocked it up.
And of course RBS are not going to admit (even if it were true *cough*) that this is linked to the IT cost saving programmes that started around 2008 was in any way linked to what happened.
Repeat after me. All IT outsourcing (offshoring) deals save money and have zero impact on your business (tm).
That doesn't apply to the guys in Mumbai. You know, the ones fixing the problem ;o)
Re: Out-sourcing is bad
[quote]Good documentation helps prevent future disasters, and speeds up the resolution of problems. Good documentation should save you time in the future. The problem is that few people seem to realise the importance of good documentation until they don't have any.[/quote]
Haha.. 3..2..1 you're back in the room :)
Honestly, you have never worked in a real IT department then. People want to do the minimum in terms of effort and time, and documentation (updating it, managing it, reviewing it) will be the first thing that gets chopped and dropped when deadlines approach or the project finishes. IT Departments ignore the need for decent documentation or its control because it is expensive to manage.
You can probably rely on the original spec being right, but any subsequent updates will always be poorly document. In fact a decent programmer using a decent language should produce decent self documenting code anyway.
I worked in application support and trust me the last place I would look when fixing things was the documentation. Better to see what the source code is actually doing.
Re: Oooh
[quote] an IT disaster just waiting to be screwed up by offshore IT workers who's banking won't be affected when the systems are down for days.[/quote]
A very good point, if you work for Natwest or RBS you must have (or you certainly used to have ) a Natwest / RBS bank account so that your wages were paid in. So there is some vested interest in getting things right because you would be directly affected if you screwed up. Not so anymore when you dont use the products you look after.
UPDATE : Recieved a text this morning from Natwest (22nd) saying that accounts are still affected. All those IT savings are suddenly going to be eaten up by lost customers, refunds, ex gratia payments etc etc.
Re: Oooh
[quote]I loved my time at RBS, great people, fantastic IT, but sadly it just all got too much and when the voluntary redundancies were offered, I jumped...
[/quote]
Same here. Was quite good until about 2005/6 ish when they started the offshoring and bell curve (end) performance management stuff. I suppose the root cause wont be "sacked all the decent staff and shipped them off to mumbai"
3 days for ALL customers. That IS bad. Would have been resolved within hours when I worked there. Glad I am not there anymore.
If only the internet was more reslilient.
For people that dont understand the internet and just use google to find things this will be a killer blow. They will just have to turn on their radio, subscribe to sky/spotify or go back to Mr Wong and his DVD case of the latest blockbusters.
For everyone else....
Re: Last time I looked
Yes, the jobs normally go
Step 1. Advertise for role
Java developer required (add long list of java stuff that most of the time wont ever be used) willing to pay about 50% of the going rate and you will need to leave your existing secure job to come and work for my company. They also like to have junior developers with at least 25 years experience (so that I can use your experience and pay you even less than what you actually expect. Please dont apply for this role unless you are a 100% match.
Stage 2. Outsource.
The ICT needs of a company need to be planned for the long term not just the current project.
