Posts by Ball boy

Worrying - esp. in the UK

Given governments aren't generally in the business of running IT systems, the UK will doubtless put the management of root certificates in the hands of their favourite outsourcing partner. Now if the idea of the gubberment having access to your TLS handshake is worrying, consider the additional risk of an outsourcer's misconfiguration accidentally allowing world+dog to lift and copy certificates. Yes, the same could happen now - but I'd argue there's a fundamentally approach between supplying a core service directly to the industry and simply satisfying the (usually rather poorly defined) terms of an outsourcing contract for a government body.

Not sure it's the right tech. to monitor nukes

Monitoring a warehouse of one-off artworks, yes: I can see that a warehouse owner has a vested interest in making sure the articles haven't been tampered with; it's far less intrusive than installing movement sensors in picture frames, more able to cope with the introduction of a new item or intentional removal of one (re-signal the area, keep the updated signature), etc. - but for nukes? I'll monitor the silo a country has declared but how do we know that's the *only* silo the bad actors are using to store their fresh-from-the-factory atomic hell?

Missing a trick!

Strap a mattress to the roof and bolt a barbecue to the rear and they've solved - at a stroke - the housing shortage too!

Or maybe it's just that Honda know something about future traffic jams that we can only guess: they're betting we'll need a /lot/ more to entertain us while we queue-up in our cars...

I'm confused by this

Surely there was a period of dual-running? When migrating massive systems like this, you don't simply turn off the SAP services on a Monday morning and rely entirely on the as-yet-untested Oracle: you populate the new system with test data and check it does what you need it to do. If it doesn't work, you halt or delay migrating users and live data until the problems are ironed out. Sure, you won't catch them all - but being able to do something as routine as producing financial statements must surely have been a baseline requirement.

Even then, there's usually a period of parallel running where data is entered into both the known system and the 'new' system. Again, if the outputs don't match - or if you discover a process takes 30 people rather than 3 - then you should delay the disarming of the old, stable, system.

Sounds to me a bit like BCC need to swallow a bitter pill and renew their SAP licenses. Yes, it'll cost a fortune because SAP know they have them with their pants down and will aim for full penetration - but it wouldn't be the first time a major project organised by a public body was badly managed (I give you NHS IT, HS2, any number of power stations and, if the Eye is to be believed, the northern Freeports). Umm...unless they didn't keep the SAP system current - abandoning that system this early in the changeover would be almost criminal!

If I'm missing something, forgive me - and do please help further my education.

"The master boot record was gone, and with it Ricardo's dignity."

Sums it up perfectly. And who amongst us has not had that sinking feeling at one time or another?

The future is even more worrying

Picture the scene: a boardroom of a company selling IoT devices like this. Last year they sold hardware & their cloud-backend and made 20% margin. If they swap to a subscription model, they can add some 25% in access fees per year (sub. in your own numbers, the logic still applies).

However, these new profits quickly become normalised and the investors want the return to improve...so they start selling off advertising space. Hell, they already know the subscriber is willing to part with cash and they know a fair bit about what kinds of adverts will hit home. Win-win!

The future, my friends, isn't looking particularly rosy.

Phones, 'smart' watches and the like are all destined to be throwaway devices: if nothing else, the demands placed on them by the upgraded OS that comes out after the hardware means it'll eventually die even if the hardware itself were to magically keep working forever. Same applies - on a slightly slower timescale - to PC's (my daily driver is 14 years old, TYVM).

On the plus side, I suppose these solid gold watches - like the diamond encrusted Nokia's of the 90's - are far more likely to be recycled than your run-of-the-mill Samsung simply because of the inherent value in the materials. Or they'll become collector-pieces that get traded for however many years Apple is still a 'thing', meaning their recycle value pales into insignificance compared to their perceived value (you could use the same argument for a van Dyke painting, I guess: worthless as raw material....but very valuable all the same).

If we want to stop the e-waste then we need to design products that are built to last (replaceable components, active third party suppliers market, etc) AND do something to address the obligation to upgrade just because the OS/app suite needs newer/faster/more extension-aware hardware. Not sure how we do that, though. Imagine: would we all be happy with a i286 running at 8Mhz and all its inherent memory limitations because that's kind of what we should have stuck with if we're going to subscribe to the 'don't evolve' logic.

I don't have the answer - I don't think anyone can square this particular circle.

An open letter to the blackhats out there:

Could you please focus on exposing data on politicians; their home addresses, bank details, phone numbers and so on?

If you did that successfully, we'd very quickly evolve procedures to mitigate data losses like this.

Thank you.

If Ellison called out this Birmingham 'win' as a triumph for Oracle then surely it's time to hold his feet to the fire: he should now pay the costs of making it functional.

I can see it now: fit Monkey bars and drop the seat down and back and we have a reboot of the classic Easy Rider.

We can call it Eeasy Rider. Just be in slo-mo. :)

There's a trust issue at stake

So, rather than allow a Government to possibly spy on my comms or have authoritarian regimes block what sites I can visit, I'm meant to put all my faith in a company that makes the vast bulk of its revenue by using the marketing data it has syphoned off from the very people passing through its services?

Not sure I like that very much.

This thing measures your *soul*?

If this device can measure our soul then we have a problem in the making.

To quote from the Good Book: The argument goes something like this: "I refuse to prove that I exist,'" says God, "for proof denies faith, and without faith I am nothing."

"But," says Man, "The Babel fish is a dead giveaway, isn't it? It could not have evolved by chance. It proves you exist, and so therefore, by your own arguments, you don't. QED."

Substitute for Babel fish and simplify.

We need a machine that measures irony - but the scale would have to go to 11 ;)

A 'business cost' of 0.06% of their profits?

Yep, that'll definitely scare every C-suite into thinking twice before firing off marketing campaigns won't it?

/Sarcasm

Cisco’s top priority is the satisfaction and support of our customers."

No, it isn't: its top priority is to be profitable because if it fails at that then the company folds - and if that happens then, by definition, you won't have customers. Just ex-customers.

/pedant

Western press: "Russian space probe crashes attempting moon landing"

Russian State media: "Glorious scientists first to firmly place explorer module on moon's south pole"

FIFY ;)

Voyager 2, the signal decoded...

It reads as follows:

"You don't call, you don't write. It's like we just drifted apart"

Joking, natch. Well done to the boffins wot picked up a heartbeat in the noisy clutter of deep space and let's hope for a successful reset on the 15th

Not checking is suicidal

Back in the days of NT4 and Lotus Notes, I was in a hardware distributor who's MD thought it would be a good idea to actually use one of the RAID boxes we sold as our data volume - you know, so we could proudly show customers one of these damn things actually doing something. Lo, it came to pass and we ended up with a set of three SCSI disks humming away in an external 4-slot RAID box. The OS and RAID monitoring was on the internal boot disk and all worked nicely for a while....until someone got an alert to say drive #2 had gone down. A junior IT bod shutdown the box down and pulled the drive from the slot labeled '2', replacing it with a fresh one. They even remembered to set the SCSI ID to '2' with the jumpers on the back of the drive.

Those that know SCSI busses - or anything much about computer systems, really - will recall that ID's tend to start at '0': What the RAID cabinet called slot '1' was, in fact, SCSI ID 0 and so on. One can only imagine the chaos that he was met with when the system was rebooted: one dead drive still in the array, one good one pulled out and replaced with a virgin unit - but with an ID conflicting with the only remaining good one...oops.

We only knew about it because when we came in the following morning, there he still was, unshaven and looking very much like a deer caught in the headlights but he just about manged to get the system stable by 9am. Those who didn't know the reason for the all-nighter called him Zorro for being such a hero. We nicknamed him Zero because never was a name so justly deserved!

How about a simple rule?

Make it a requirement that a supplier of subscription services has to make their cancellation process use no more clicks than their sign-up process. If they can make it a one-click sign up to get hooked into their premium service then it'd be a one-click to get out.

Dropped out by mistake? Then it'll be one click to get suckered opt back in. Simple.

Zuck couldn't have asked for better advertising

This is the problem with sending the poop emoji out as a default press response: the media will naturally jump on any story that shows the business in a bad light (yes, I know: spoiled for choice when it comes to the man-child's machinations). '30 million users in the first month', 'works just like Twitter', etc. are wonderful marketing messages that, thanks to the likes of the BBC et al, have reached a far wider audience than anything the Cyborg's team could have come up with themselves. It wouldn't surprise me at all to see a very significant upward spike to Threads' user-base as a result of this free publicity.

<sarcasm>Nice move, Musk</sarcasm>

The perfect size!

This is just the thing for me to store my f**ks in.

See Thomas Benjamin Wild's amusing I've no more f***s to give recording for details. Link very NSFW by the way - but, hey, it's a Friday afternoon so there!

To all the author & all pun-makers

A pat on the back to you, one and all.

Oh, hold on.... ;-)

I think I see a basic problem

As I understand it, the traditional way to develop a product is to get feedback from your market place in order to develop ideas. From there, you try things out based on the information received.

"As is normal for the Dev Channel, we will often try things out and get feedback and adjust based on the feedback we receive," they wrote

The Redmond approach seems to work in reverse: they foist ideas on the users and see which ones stick. Perhaps GUI development is the exception to the rule. Or maybe Redmond need a core rethink.

'SAP takes data security very seriously'

When we get caught, we take it seriously. Normally, we just assume everything is tickey-boo. Very relaxed about our data warehouse and its appalling physical security until it was discovered to be a weak point. Now it looks like we have a PR disaster on our hands so we need to show that we really do care, honest.

There, FIFY.

Not generally a fan of ambulance chasers

While I'm sick of the 'Did you buy or own a diesel vehicle between 1000 B.C. and today? Sign up with us to claim a rebate because the pollution data debacle means you might have been mislead' adverts - going after Crapita (or any business that exposes peoples ID) seems like a damn good idea. I can't easily replace my identification - and the effects of a loss could well last for many, many years.

Tarring and feathering all their policy-makers and execs or putting them in the stocks with a sign saying 'unclean' might be a little unsophisticated but, for everyone's sake, something needs to make this kind of problem get the attention it deserves.

This is the Microsoft way

Rather than fix the underlying issues, they prefer to put more shiny on top. Way to go, Redmond!

About time!

I've put up with snapd's 'entertaining' behaviour for a while but, over the weekend, had a play with Debian 11 to see if I should give Ubuntu a rest until they see sense!

Glad to see non-free will be rolled into the main branch in 12: it was entertaining figuring out how to get it all neatly setup. As per LP's comment, tidying up the installer wouldn't go amiss either - but once it's installed I doubt people will ever need to see it again and so, given finite resources, making the firmware libraries more inclusive is definitely the right call.

A question that didn't get asked?

I can't see a logical reason why I might want to install a webcam in, say, my bathroom but it still doesn't mean those that do should expect it to be compromised.

Perhaps authorities should be asking of Amazon et al some more searching questions like this: You clearly log access to these recordings (and if you don't log then, oh man, are you in the deepest of shit) so 1.) Immediately provide details of every such incident where a camera feed was viewed by your own employees where there was NOT an open tech. support case assigned to that device; and 2.) Justify why any feed can be viewed by employees when there's no defined need to see it.

Hu? Change browser.vpn_promo.enabled to false?

What do we change next? I shouldn't have to set browser.crypto_promo to false or browser.other_crap_we_think_you_need_to_see_promo to false.

Just no promotions. End of. People use a browser to see content generated by a web site, not by the browser's marketing department.

I wouldn't get too excited

A statement of 'we can fix it all if we get in' from a politician in opposition. I'm not taking sides here but it's not like we don't hear that kind of thing in the daily exchanges in the House or in regular opinion-pieces in their favourite media outlets.

Said with the best intentions, I'm sure, but if/when the speaker does finally get the keys to power, they realise everyone else in the party has committed to spending the same money elsewhere, plus there's limited time to make an impact if they want to get re-elected. Priorities change; low hanging fruit becomes the focus and the grand plans that could make a long-term difference are quietly put out to grass - and there's no assurance they would be implemented correctly with clearly defined goals and milestone (both questionable concepts in huge, centrally-managed government projects).

Crapita errors. Again.

This is now so common, I would be surprised if it doesn't spawn a phishing campaign in its own right: 'Your details were unfortunately exposed during the <insert a recent Capita goof> event and we strongly advise you to change your password. Click [here] to update your account'.....

Sadly, some people will most likely fall for it.

What?

"Development of Business Patriotism", achieving "technological and industrial" breakthroughs, and "strengthening" economic sovereignty?

I think someone's read 1984 - Orwells' rather good novel about a dystopian future - and assumed it's a 'how to' guide on running a country.

I am surprised

I thought the usual way around the 'no snooping on your own citizens' rule was a bilateral agreement with a friendly overseas spook. The UK rules allow British intelligence to poke about in a US citizen's knicker-drawer because they're not British subjects, while the FISA act allow the Americans to go panty-sniffing in British underwear.*

*substitute your own countries and euphemisms for 'spying' as you see fit. I'd be amazed if this kind of thing isn't pretty routine practice in any number of countries.