* Posts by Lee D

4215 publicly visible posts • joined 14 Feb 2013

Microsoft license shuffle means Power Apps users could break the bank

Lee D Silver badge

When you have to "subscribe" to your essential in-house business tool, you know it's time to change.

Voyager 1 starts making sense again after months of babble

Lee D Silver badge

Re: If ever there was a use case for LLM

That is the singularly most awful idea I've ever heard.

You know that all such "AI" just collapses into a heap of nonsense the second it has to think for itself, receives unexpected data or strays outside its training boundaries, right?

Job interview descended into sweary shouting match, candidate got the gig anyway

Lee D Silver badge

Re: The first one is free

The problem with fancy interview questions is that you are only testing whether people can answer fancy interview questions.

It's a self-fulfilling prophecy - you're selecting candidates based on some arbitrary criteria which is only vaguely related to their job, so the candidate who "does best" may not actually be good at anything vaguely related to the actual job they need to do.

I've always held that job interviews should be little more than "We pay you for a day, you work with us for a day". Anything else is nonsense. All those lateral thinking and logic tests (which, incidentally, I'm *amazing* at, being a mathematician) will knock out people who would have been great at the job if it wasn't for that test. All those impressive answers someone gives in interviews where they turn a perceived problem with themselves on its head and make you think they're wonderful? Congratulations you've hired a very good BS'er. All those interview that utterly impress the management types with management-level BS, while all the people who are hands-on, in the field, etc. are completely hating them? If you go ahead, you've hired someone good at speaking managementese who's going to be hated by their underlings and co-workers.

The interview is a selection process - and a two-way one at that! You have to consider "What am I selecting for with this question?" but more importantly "What am I selecting for when I'm looking at the answer?". Because a simple technical question may well be useful to "get right", but someone who admits they don't know, asks if they've be allowed to research the answer, takes a decent stab, tells you what they are sure of and what they are not based on their previous knowledge/experience, and can state where they'd go to get a definitive answer... I'd rather have that guy. I want to select for their METHOD and their communication and honesty, rather than that they don't know what menu the button is under to restart a cluster, or whatever.

Interviews are a selection process. Select for what you want to see, not some arbitrary score system of nonsense. Because like natural selection, if you cull perfectly good applications based on random nonsense and/or the highest-scoring person is just someone lucky, then you're going to end up evolving entirely the wrong direction compared to what you actually want to happen.

Lee D Silver badge

I was asked to design interview tests at my current workplaces and I have the same attitude.

I don't care that you don't know specifics, haven't memorised a keyboard shortcut book, I'm more interest in how you approach the problem, that you have a general feel for something, and that you wouldn't be stumped if I left you to do something specific - you'd be able to run off and find out the exact details for yourself.

Sure, you really should be able to, say, name a competing but similar product to Hyper-V, for example, but if you can't because you worked on Linux systems all your life I'm not going to hold that against you. I couldn't care less if you can subnet an IP address in your head, I'd want you to double-check with an online tool or similar anyway if it was complex enough that we had to sit down and work it out. I'm for more interested in "A user does this, and then comes to you and says that, please describe what you would say/do in response", and even "Name an OS/programming language. Please name another alternative OS/programming language to the one above and describe how it differs" is a useful question to get a feel for someone.

But a quiz is just a quiz and I wouldn't use anything like that for a formal assessment of someone's capabilities. It's just to weed out people with zero industry knowledge, no customer service skills, or those who are obviously bluffing in their claimed experience.

If you want to set tasks, set a task. Something real, that someone can achieve or not, and then see if you approve of their METHOD not their results. The so-called "inbox exercise". There is no one right answer and I don't expect you to do everything and get it all perfectly correct. I just want to make sure that you aren't going to just pull a wire and take the network down without checking, and that you realise things like change management, etc.

In one interview, I was asked a technical question and immediately my response was to say that there was a potential impact so I would follow whatever change management protocol they had in terms of alerting the team, notifying users, recording the change, assessing the impact, etc. The interviewer said "That'll do me, everything else is secondary" (with a big exaggerated "tick" gesture while writing on their clipboard) and moved on before we ever got to the actual technical answer.

Lee D Silver badge

Interviewed at a school for an IT position once. Actually two similar roles at the same school, and I was qualified for both. They were interviewing on different days for each, so I got given an interview for both roles on different days.

As I was driving to the weeks-before-booked appointment, and it was a 30-minute drive away, they sent an *email* to say that the interview had moved to another venue on the other side of town. Just sheer chance meant I had stopped for fuel and checked my email.

When I turned up, the front of the school looked like a tip.

Was pointed to reception (there were no signs!) by a random staff member.

Ending up sitting on a broken, torn, dirty sofa in a "reception" area which was an area of grubby, torn-up carpet in the corner of a corridor.

Was left waiting there 20 minutes without any sign, long after the interview should have started.

Was eventually collected by someone and led - no exaggeration - THROUGH an in-use staff toilet room. It was the only way to access the main IT office.

"Office" was a cupboard just big enough for 3 people to stand in it. If two of you ducked under horrendous cupboards above your head that were a literal hazard. It was clearly a former cup-washing kitchen type room, because it wasn't big enough for any practical purpose whatsoever. Which was unfortunate because there were 3 of us, me, the guy who'd collected me (who was a teacher) and the IT manager.

I had to sit hunched the whole time because the chair for the interviewee was under a cupboard so standing up meant braining yourself.

Cue an interrogation about... the school. Not once was IT mentioned, but they were disappointed that I hadn't remembered the EXACT pupil numbers on their website (but I was not only in the ballpark but I had merely rounded up to the nearest ten). I get "knowing your customer" and checking the website before interview, but memorising random facts like establishment date and pupil number seemed to be the only thing they were interested in. This went on for a LONG time, and obviously some of it I literally hadn't memorised, some of it they weren't happy unless the number was absolutely exact, and none of it was about IT.

In some prestigious school, I might expect *some* of that, and in fact had worked in many such places hence why I had checked the website and had answers for all the relevant stuff, even if they didn't like them. But this was a run-down state school that looked like it would be condemned any minute. And if it was about child protection policies, or generally working in the school, fine, I'm used to those questions. But this was literally about "what year was this school established", "who was the first headmaster" (hint: absolutely nobody you would ever remember), etc.

At one point got asked a inane "management"-type question that wasn't even relevant to any school role I'd ever had in my life. "I'm sorry, but can I just check, this is the interview for the IT <whatever job title it was> position, right?". They absolutely hated that and tried to terminate the interview there and then. I was already halfway there myself, but out of politeness, and with the help of the teacher guy, we pulled it back to common sense for a second. Then they continued on exactly the same lines. Eventually the manager and I just looked at each other and said "This isn't going to work". We terminated the interview there, not an IT question asked.

We didn't even bother to shake hands. As I was led out, the teacher apologised profusely, and I told them politely that if they didn't want to hire, they shouldn't waste people's time. The guy was clearly trying to either protect his job from people with better experience, or was so antisocial that he literally didn't want anyone to take the role at all. Even if he was trying to "warn" people off the job, there are a million better ways to do that, but that's absolutely NOT what he was trying to do. He'd taken exception to me before I'd even walked through the door... or through the staff toilet, and yet we'd never actually spoke and basic interview / hiring etiquette on my part meant that he had absolutely no reason not to like me at that point.

Nobody, nor myself, mentioned or bothered about the second interview for the other (similar but different) role.

As an IT manager for private schools now, I use that as a lesson when hiring on what NOT to do to any candidate no matter how ill-fitting you think they are.

Other ones I've had included a "technical test" where the question was "How would *you* retrieve all the DNS servers configured on a client machine?". IPCONFIG. "Wrong!". Oh, right, you mean "ipconfig /all" then. "Wrong!". No, honestly, I would. It lists them all. In plain text, in a copyable format, and shows if you have more than two, and shows all interface and their configured DNS. Guy absolutely outright insisted that it didn't and that I was wrong. As this was only a year or so after the above interview, I was already in the "Okay, this isn't going to work" phase, so I battled on and insisted that it does. I had a keyboard thrown at me... "Go on then, show me! You're wrong". So I ran ipconfig /all, scrolled up and there were all the DNS servers listed for each interface in a plain-text copyable format. I even copied it to prove that.

He didn't even have the decency to look humbled. He got very stroppy, told me that it was "the wrong way" and that the only way to do it was through the GUI (that was never part of the question, and the question was how would *I* do it!) - and I pointed out that that took many clicks, was increasingly being hidden away on modern Windows, the classic interface only showed two DNS servers until you went to another tab, and that you had to do it for each and every interface separately. He just stuck with his "Wrong!" attitude. I didn't bother wasting their time from then on.

'We had to educate Oracle about our contract,' CIO says after Big Red audit

Lee D Silver badge

Re: That is why web site Ts & Cs are not a contract

A contract is a "meeting of minds" legally, so many T&Cs are not enforceable, and are often found to be that way in court.

However, there's also a factor of variation and acceptance of that variation when you start.

What people often don't realise is that even a contract is not cast in stone - and there may be unenforceable parts within it, everything from the jurisdiction (i.e. a US company doing business with EU companies can't always have every aspect of their business contract only be answerable to US law/jurisdiction, it simply doesn't work like that) to the actual thing they are trying to do.

"Your statutory rights are not affected" means something, and doesn't even need to be explicitly stated (it often is, but for other reasons!) - because those rights are statutory and are not affected whether they tell you that or not!

To be honest, despite having screwed several companies to the wall with their own contracts in the past, I wouldn't touch or deal with Oracle contracts. They are certain companies you just should not be doing business with.

LinkedIn's turn to fall over: Outage hits thinkfluencer hub

Lee D Silver badge

If you hit refresh a few times

"If you hit refresh a few times..."

Sorry, but with my IT hat on, I hate you. The website is down, so let's pound it senselessly until it comes back up...

EU users can't update 3rd party iOS apps if abroad too long

Lee D Silver badge

Re: Why does anyone buy Apple?

I had a discussion only yesterday where I was trying to work out what value there is in a stupendously expensive iPad if you're going to give it to kids.

I never really got a proper answer.

They're aren't more manageable, they aren't more robust, they don't have access to software that others don't, they aren't better in any practical way... and for the cost of each one I can buy several of their competitors and throw them away if they break.

Year of Linux on the desktop creeps closer as market share rises a little

Lee D Silver badge

Re: Repeat after me:

You mean remote terminals, virtual machines and SIP?

Gosh. I wonder how long they've been the core design of other desktop OS and, for instance, when things like Asterisk took over the SIP-based telephony market.

You keep reinventing the wheel. The rest of us know that Windows was the LAST operating system to add those features, with the exception of Macs that literally REMOVED such features from their desktop environment.

Honestly, of all the arguments...

Lee D Silver badge

Re: Repeat after me:

They said that in 2014:

https://www.neowin.net/news/munich-germany-realizes-that-deploying-linux-was-a-disaster-going-back-to-windows/

After a decade of already being on Linux. I wouldn't call an entire decade of operation (in fact nearly two) "unviable", would you?

And there's already a campaign to return to it again.

Their flip-flop has far more to do with their political landscape and opportunity to profit than it does the technical viability of what they're doing.

And, hell, running Windows software on Linux in 2004 was a VASTLY different landscape to today's mostly-web-services environments.

Lee D Silver badge

Re: Repeat after me:

"In those years there hasn't been a single role or outfit I have worked for that could have adopted Linux even if they wanted to."

That's some serious hyperbole.

They could have adopted it, at any time. It would have cost money to transition, they would have had to made some small sacrifices, not unlike ANY upgrade or system change project.

But saying they COULDN'T have done it is just wrong. They didn't want to.

Any one single item you might consider a blocker will have an alternative that may be less preferable, but equally as viable.

I've yet to actually work in a single place where I couldn't have just replaced everything with Linux overnight, let the users scream and shout for a few weeks, and then business would have just carried on as normal. Maybe you'd have to swap out a banking integration with a dumb bank that only knows about Windows, or had to change the office suite to a web version, etc. but saying that not one place you've ever worked could have gone Linux is just a flat-out lie.

What you mean is: "without impact", but the impact of changing any system is pretty much there, even going from Windows to Windows, or merging two Windows networks, or whatever.

Microsoft: Copyright law didn't stop the VCR and shouldn't stop the LLM

Lee D Silver badge

The VCR was a tool used to do something - and that something could be illegal or not depending on what the user did with it.

LLMs are a tool used to do something - and that something could be illegal or not depending on what the user did with it.

Not only are they the same in that respect, that argument actually means that you still can't use them illegally and still need to get consent for the data you're using, and can't just randomly spew out thousands of copies and sell/give them away without the original owners seeking action against you.

This is a dumb analogy, and actually makes the argument fall against them even worse.

Microsoft's February Windows 11 security update unravels at 96% for some users

Lee D Silver badge

Re: Windows 11 might "face installation issues."

Linux isn't immune.

SystemD is an absolute pain when it goes wrong and I have had it go drastically wrong.

It's simply that more care is taken, and updates are far more modular. There is no "roundup", no manual dependency checking (pretty much each Windows update just to "look for" what it needs, there's no centralised mechanism to handle it all so things can break, especially with things like .NET), far more testing, far more care, no silently obsoleting user's setups but carrying on pushing updates that expect the latest setup, and no reboots unless it's literally a kernel or bootloader update.

Windows they just slap it together and fire it out with the expectation that it's on the user and thousands of IT department worldwide to handle the problems and "just reimage" if it goes wrong.

I suspect that internally at their cloud service there are either thousands of techs just as frustrated with their nonsense as everyone else, or who literally have special access to stop all that happening that they never roll out to other users, even huge enterprise.

Lee D Silver badge

It would be the work of a moment to generate a unique ID for a particular line of code / error value at that line, and present a link to the user like:

"More information may be available at:...."

And then when that error hits and becomes an issue for lots of people, they could make that page and describe the potential causes and fixes.

I mean, hell, there's no reason that part of the error routine couldn't be "Look up this code and see if there's a page I can direct the user at, and if not THEN just display a code and nothing else".

If you did it right, you'd be able to capture stats on new errors just from your web logs, you'd be able to have consistent and useful error messages with solutions when common problems happen, and you wouldn't need to update the OS *AT ALL* for those error messages to be kept up to date with full breakdown of cause, symptoms, diagnosis, resolution, etc.

All you need is a unique hash, a website that returns "Sorry, can't help with that error" for anything that doesn't already have a page, and someone copy/pasting the relevant information into a page for each unique error that becomes an issue. Even if they only did it once a month the week after Patch Tuesday, it would be SOMETHING, and they might actually get some useful telemetry to spot problems in release builds etc. BEFORE they go out to general release to billions of customers.

But what do I know, I'm just a programmer, geek, IT guy of 30 years, and they're a mega-corporation with almost unlimited resources.

Gimme free Azure storage/processing and a cluster of VMs to run a server farm etc. on to serve the pages, and we could have it running by the end of the week and roll out small updates to error routines over the next year to actually do something useful with returned error codes and/or dialogs that pop up with obscure errors and hell, who knows, maybe even blue-screens.

Lee D Silver badge

Re: "Something didn't go as planned. No need to worry – undoing

Well, the first warning sign was that those pop-up notification things are called toast notifications.

Can I interest you in a toasted teacake?

Work for you? Again? After you lied about the job and stole my stuff? No thanks

Lee D Silver badge

Re: With friends like these..

I don't trust companies at all.

I *may* trust certain specific individuals within the company if they have a proven track record of actually doing right by me.

But even they can't guarantee that they'll be around next week, or that the company will do what they should.

I trust certain people, only. Those people - by and large - don't let me down, and they're the ones whose promises I believe, not the companies (and often those promise are at extreme odds with each other).

When a person I trust tells me that they'll get me that raise... I will tend to believe them, and it will tend to happen. Even if the company doesn't want it to.

When a company tells me they'll get me that raise... I have zero interest until it's written down and even then it's not a sure thing.

Trusting a company is like trusting a concept, or a thought, or a idealism. No. But when Fred (who I've known, worked for and trusted for years and doesn't ever let me down if it's at all in their power) says it, then I will listen. And even if Fred then does let me down, it's going to be because the company got involved and/or broke their promises to him. That's not Fred's fault. And Fred, almost always, will then apologise enormously, plus never pass on a promise he can't personally deliver ever again.

You're dumb to trust an imaginary entity, controlled by basically random people outside your control, to do anything. You're dumb to trust most people too. But the ones you can trust pretty much won't let you down.

And that applies to all industries and workplaces. The people I trusted, I'm still in touch with years later and still trust them because of their track record with myself alone. The companies I've worked for? Eventually almost every one of them failed me because the PEOPLE changed.

Lee D Silver badge

Was once on the receiving end of just such a conversation where it was absolutely, 100%, totally, utterly going to end up in me being sacked.

Why hasn't X been done, X was absolutely for you to do, it's really important that we do X, you've failed to do X, you must do X, X is part of your job, you were instructed to do X, etc. etc. etc.

My reply, by email, was nothing more than a date, time and subject.

Referencing an email nearly a year earlier where I'd taken to putting in writing the results of a meeting with EXACTLY the person who sent the above, against their wishes (they hated anything being formally recorded) and had clearly done it as a "Okay, so when this all goes utterly pear-shaped, please remember that you said this, and that I'm reminding you now that you said this" type of email. It was all there, in black & white (or white & black if you use night mode). Don't accuse me of not doing things that you literally stopped me doing and told me not to do.

The temperature went from 1000C to about -273.15C so fast, you could see the contraction cracks appear in the metalwork of the building.

My colleague wasn't aware of what was going on, because at that point I was doing it all in "private meetings" and by email, but even they asked why I had such a big smile on my face for the rest of the day.

Lee D Silver badge

Re: "And to this day, the more he dislikes someone, the more polite he is towards them."

The point of burning bridges is so that NEITHER they - nor I - ever walk back over them again.

It's literally a self-defence mechanism.

Say you burn the bridge with a new and horrible boss and then walk. People say "But what if you go to another job years later and that boss is on the interview panel?" Then I just found another company that I never want to work for, because they hired the person I never want to work for again, and I presume they know what they hired (and if not, I still don't want to work there).

A kind of self-fulfilling prophecy.

Be careful what bridges you burn, sure, of course. But if I burn a bridge and then feel tempted to cross that river at that same point again? Yeah, I need to stop and think carefully about what I'm doing. I burnt that bridge for a VERY good reason. And if I ever feel I made a mistake, maybe I'm not good at deciding what bridges to burn. (Hint: I'm EXTREMELY good at deciding what bridges to burn!).

I dance in the light of my burning bridges, and only hope that they can see me from the darkness of the opposite riverbank.

Lee D Silver badge

Re: Got to love an optimist ...

When I was self-employed, I would often add on a stupidity tax for those clients who were really annoying.

If I have to sigh, bite my lip, and rouse myself in order to just walk in the door of a certain client, I'm making sure I'm compensated for it.

And if I set it "too high" (cough) they would complain but often then just forget all about it. Which was exactly what I wanted.

Nobody ever dared not to pay, though. I'd be into bailiffs and courts for that, for even the smallest amounts, let alone £2k.

Lee D Silver badge

Many such incidents, many not quite the same scale however.

Work in schools, and one school hired a new "IT Coordinator" (teacher). He decided that he knew more than everyone.

One of the things he did was bought a bunch of dictaphones (long along those things were obsolete) that saved in WMA format. And a piece of software (which was absolutely awful and had a million competitors that were better) that opened and used MP3 format audio.

He insisted that I make them work together. Nope. First, I had no part in their purchasing. Second, they're incompatible. Third, I don't take orders.

This went on for a few months. One day, when he was actually particularly nice, I implemented a workaround. If he saved the WMAs in a certain network location then 10 minutes later they would appear as MP3s in the same location. All automated.

Not good enough.

When I left a few months later, he tried to badger me for the administrator's passwords. Not going to happen. I asked why? Because, obviously, the administrator password would make these two incompatible file formats "just work", don't you know? That was seriously his argument.

A few weeks later, I was still getting regular calls at my new workplace from him, determined to get the administrator's passwords. Claimed that the headmaster had told him to.

I reported him to his employer and said I would never provide him with details. I had provided both the headmaster and a governor (who worked in IT) with full documentation including passwords before I left, had them both sign off on it, and told them they were responsible for those details going forward as I would be removing them from all my records.

When I told him that, he got very shirty - because I said that all he has to do is get his headmaster to give him those passwords, or get his headmaster to speak to me and I'll do what I can to help if they've BOTH lost the passwords.

Never heard from him again.

The next employer I spent many years at, and with full knowledge of a very techy Bursar we took a number of shortcuts over the years to save money. These were done knowing full-well that eventually they would be undone, and a bog-standard expensive commercial product used in their place. We both talked the same language, we both knew the implications, we both understand the trade-offs.

We met regularly, I compromised to save money, he compromised to make sure we still had systems I could manage. We saved a ton of money, everything did what was required (and more!), and we both had great fun with it.

Then the headmaster changed. Basically gave the Bursar (my boss) a heart attack with stress. He left and - because of our relationship - not only gave me explicit warning of what was going to happen (including that I would be next-in-line), but also kept in touch to this day and helped me our enormously.

When he left, exactly that happened. All the vaguely-technical stuff that a bursar would normally oversee got pushed to me with the blame for everything (and given that they were completely non-technical, it was almost impossible to argue the case in even the simplest of things).

They ordered a full IT audit. Done. They never showed me the report. (But I was party to it, via a "friend"! And it was hilarious - it was basically saying "What more do you expect your IT guy to do, he's running the place on his own, doing a great job, everything's working, everything that you should have you do have, he's planning ahead, working to a tiny budget, he's paid under-market rate, he has no help, no outside support, no expertise in some of these things, and you refuse him holidays and reasonable adjustments?!").

Anyway, they came up with a small one-liner list of "improvements" from the report. Basically nothing of consequence ("we should have a formal policy on X" - it was literally a sheet of A4 to write down what had been policy for decades! Took me about 10 minutes).

I agreed to do them all, so long as they agreed to do all the points that they needed to do. They agreed. We set a deadline six months down the road.

The next day, I presented evidence that I'd done all my bullet-points. They accepted that. They said no more.

Six months later, I asked them for theirs. Nothing. Literally nothing. One of the points for them was "Decide who should be on a IT steering committee". They hadn't even bothered to do that. A post-it with my and the headmaster's name would have sufficed! Nothing!

So I made an ultimatum... fix it or I go. Oh, and by the way, I know exactly what the full report said, even though you refused to show me, and none of your bullet-points actually address the real issues highlighted in it, so I want some word of what's happening with them too.

Nothing.

I turned up to the meeting where we were due to discuss this (second) deadline and they have invited a deputy head with a broken laptop to hijack it. The meeting turned to yelling and accusations that "nothing worked". So I asked if they'd filed a ticket. They went white. Having staff file tickets, as was the policy!, and not just announcing nothing works, was literally one of the items they were supposed to address. No ticket. "But I told you". 1) No, you didn't, you're an absolute liar claiming that (and I used those words because in this case it was true), 2) It doesn't matter, you're supposed to file a ticket, that's literally the policy, always has been, and now confirmed and written as determined by the IT audit.

So now that we're into meeting-hijacking, not even fulfilling a single bullet-point, senior staff yelling at me in meetings, etc. it's now time.

"If this is how it is, then I'm done. This is my resignation". The envelope was already in my pocket, dated that day.

"You can't.". Oh yes I can.

"You have to work out your notice period". No, I don't. Because I just came from HR. And they have determined that - with all the holiday you never let me take, but which I was explicitly allowed to "rollover" several times because I was never allowed to take it... it's actually MORE than my notice period. I can walk today, and you have to pay me for the entire two month's notice period, plus extra!, and I don't ever have to come back. (The holiday was all accumulated and agreed with the previous bursar, who had always been lovely about it, and MADE me roll it over even if I knowingly hadn't used it, but when he left they stopped letting me take it!)

Bye!

They hated it. But the consequences were even funnier.

1) I did literally just walk and not come back.

2) They got a guy who worked at a BMX track (his only job!) to take over the IT.

3) Within three months, they'd had to spend three times the annual IT budget just on putting things to a place where he could understand them (i.e. no in-house email, migration to managed servers, support contracts for CCTV, access control, etc. etc.). I had warned them, as had the audit, that they needed a skilled person to take it over.

4) The head was reported to the Department for Education for financial mismanagement, and the governors too for knowingly misrepresenting pupil numbers in order to spend the above money.

5) The assistant bursar (a lovely woman) was sacked - for not keeping child protection records. Which was not in her remit, that she'd warned them about in writing repeatedly, and which nobody ever did anything about. She later sued for unfair dismissal, was later cleared of all such responsibility, and became a bursar at another school herself! They'd sacked the real HR person and several replacements in previous years and nobody had ever picked up the child protection checks, so they were just trying to dump it on her.

6) The head was banned from teaching or running a school ever again.

7) The governors were all forcibly replaced immediately.

8) EVERY SINGLE MEMBER OF STAFF was replaced within a year.

9) I got a phone call before I'd even got home, from my bursar friend, with a job offer at another school. I worked there for nearly 10 years afterwards. (My girlfriend at the time was absolutely fretting over "What I would do" etc. as I was telling her why I was home early. How would I get another job? What about my references? What if we couldn't pay bills? Etc.etc. The phone rang, it was my bursar, I had a better-paying job at a bigger school by the afternoon).

Sorry, but if you're going to take advantage of people, please make sure you're in a position to do so.

Google co-founder Brin named a defendant in wrongful death complaint

Lee D Silver badge

Re: More than surprising

It's extremely credible to me that someone that has accumulated $111bn of wealth - by any means, fair or foul - and still retains it is absolutely the kind of person who disregards rules, has no care for other people or their lives, and would do exactly such a thing - including covering it up at extensive efforts merely to avoid paying out money than to actually avoid jail (as he didn't do the modification himself, did he?).

You can't become or remain a billionaire, let alone a hundred-billionaire, and claim to be of moral character and care about others whatsoever. It's completely disingenuous to even suggest so.

That's even not counting things like extramarital affairs when you have children, and with an employee.

This guy's got more money than half the world's countries have as their GDP.

Web archive user's $14k BigQuery bill shock after running queries on 'free' dataset

Lee D Silver badge

Cloud is just a way to go back to charging for computing resources per byte, per cycle, per second.

I don't understand it, and I don't see how people have managed to convince business (who like fixed determinable costs) to go down that path.

For instance, if I was to migrate our in-house AD and VM structure to Azure, how much would my bill be next month? I can tell you *most* of it (reserved instances and all that), but I can't tell you at all what it would actually say on the invoice, nor can I guarantee that tomorrow it won't spike massively through our own ordinary use of the same systems.

Thin client, fat client, thin client, fat client...

Distributed, consolidated, distributed, consolidated...

In-house, outsourced, in-house, outsource...

And now computing is

Purchased, rented, purchased, rented...

Sorry, but I don't want a system where it's even CAPABLE of running up an unexpected $12,000 in a year, let alone one query. It just shouldn't be possible. And when you consider the majority of the clients of such services, surely jumping out of free tiers into $12k bills is something that none of them want, that there should be guards against, and that the query should be denied outright and you have to go in and authorise it individually rather than it "just happens". I'd really rather my servers just stopped, for instance, than issued me a $12k bill for carrying on. And yet I spent many times more than $12k on my in-house servers that do the same.

This isn't about dumb users, or about how much you can run up a bill. This is about profiteering at the expense of having a set credit limit and a separate authorise button for anything over a user-controlled limit that has no default and has to be explicitly set by each customer before they are able to use the system.

City council megaproject mulls ditching Oracle after budget balloons to £131M

Lee D Silver badge

Re: So whose bright idea was it in the first place?

They ended up on Oracle, that's all you need to know.

You only end up on Oracle when you have absolutely no sense, control or idea of what you're actually doing, what that requires, and what the best way to implement it would be.

My concern would be why is this some sort of bespoke project rather than just what everyone else uses for the bog-standard business practices (ERP, HR and bank reconciliation? Gosh, if only there were other places who needed those!).

I am of the opinion that government projects should come with a fixed deadline less than 5 years, a fixed budget, six-monthly audits on progress, and the project terminated if it doesn't mean two of those audit's expectation. And all projects should have that requirement. You want to bid for government projects? You better get on board.

If you can't do something in 5 years, or you slip for more than a year, you shouldn't be doing it.

This place actually seems to have a decent handle on things, for a local government project. "This isn't working, we want to know when it will work, how much it will cost, or we'll cancel it" should be the norm.

Singapore's monetary authority advises banks to get busy protecting against quantum decryption

Lee D Silver badge

Re: Easy solution

Even seen The Imitation Game?

Turns out the only German you need to know is...

Known-plain-text attacks combined with quantum computers will decrypt the rest of the message too, by a reasonable probability.

QE doesn't care about your key size (it just makes your QC larger), only whether it can identify the signal in the noise. And it *can* use the tiniest hints to increase the SNR enormously. It probabilistic, so you really don't want to narrow the possibilities at all, and QE may well have more viable known-plain-text attacks that public key encryption.

Also, quantum key exchange algorithms already exist, as well as quantum-safe encryptions that can be performed on an ordinary computer. You probably have them in your browser already, in fact.

Persistent memory to replace DRAM, but it could take a decade

Lee D Silver badge

Re: And security?

The TPM is only ever big enough to store keys and process information with those keys. That's exactly what it's for.

It's not for "storing data", it's for storing enough information that it can encrypt and decrypt your data while being just tough enough to crack to make it not worth the effort to recover those keys.

You're using a TPM now - somewhere along the way. Almost every server or modern Windows client is using the TPM chip for things like Bitlocker, hence the requirement of a TPM for versions of WIndows 10, a stricter requirement for Windows 11, and even stricter ones for server versions and planned for the future.

Basically, if you wanted to encrypt RAM, you already have the tools in your machine, it's just a matter of joining them up so the memory controller portions encrypt/decrypt using the keys in the TPM "for free" without you having to use processor time to do it.

Lee D Silver badge

Re: And security?

All you would need to do is store a security key elsewhere (e.g. a TPM) and use it to encrypt memory data as it streams back and forth.

Otherwise removing a chip and putting it into another machine would, indeed, allow you to modify that RAM and then put it back in the original machine to reveal whatever access/information you wanted it to.

Insider steals 79,000 email addresses at work to promote own business

Lee D Silver badge

I use individual emails for every company I deal with.

So if I'm signing up for one service, I know exactly what email I gave them, and if I get spam, I know exactly where that address came from. And if I don't "create" an address for a company, there's no way to contact me except on a generic account (e.g. my name) which I never give out.

Then I got an email selling furniture for schools (which was quite clearly a new company spamming to drum up business). I wondered how they had got hold of my address as it wasn't anything I'd ever signed up for. Turned out that the email address they were using was the one I had given RM (remember them?). And they seemed to be an entirely unrelated company.

I unsubscribed, and they still spammed me relentlessly, so I called them up. It took a while for them to get what I meant, and then got to someone who I could actually confront, who was instantly red-faced and sheepish.

Turned out that their director was a former employee of RM, who had recently left to set up a company of their own, and in the process had stolen the entire RM address book and used it to spam all their customers.

To say they were shocked I'd managed to expose this in the matter of hours of being sent an email, that they then panicked trying to undo it all, and that they promised rather comprehensively I would never get another email from them ever again (that was my deal that I offered... I don't care where you got the address from, but if I receive a single further email from you, there'll be a nice message winging its way to RM's data protection department) is an understatement. They soiled themselves.

I never did get another email, nor buy anything from them. And I kind of judge RM that their customer address database / CRM / whatever lets you just exfiltrate the entire contents like that.

But it happens all the time, and it just shouldn't be possible. Why does anyone working at RM (or indeed anywhere) need to see my email address, or be able to export the entire address book to a third party device?

Virgin Media to stand up rival network operator to BT Openreach

Lee D Silver badge

Re: IPv6

Ironic, given that it's a requirement of DOCSIS 3.

Google debuts first Android 15 developer preview without a single mention of AI

Lee D Silver badge

Or maybe ding, dong, the fad is dead! Which old fad? The recurring old fad! Ding, dong, the recurring old fad is dead!

Air Canada must pay damages after chatbot lies to grieving passenger about discount

Lee D Silver badge

And what are the chances of that? About a million to one, I reckon.

Lee D Silver badge

That's just standard practice because so many people would just give up and pay rather than fight because "lawyer" is a scary word, that they actually profit by doing so. Their legal team probably handle dozens to hundreds such cases every day and I bet most never get a small claims against them.

More importantly - if it came to it, you would just demand the transcript from the support session. It's up to them to provide it, not you.

In my experience, companies will fight tooth and nail because it takes a LOT of effort to actually bother to argue with them and most people just don't know how to do it. I've had run-ins with Three, I took down a car insurance company entirely, I fought against a letting agent and cost them £10,000+ and many of their landlord customers, etc. and plenty of others. Because to me it's a game and a point of principle. I've been threatened with court many times, and I've never yet once set foot in one. Strange that. Might have something to do with the fact that when they threaten it, I gladly accept their offer and say if there's anything I can do to advance that process to court, they should let me know. I have, though, also initiated actions that literally stopped companies in their tracks and made them realise that I wasn't going to ever go away - and then they actually bother to read the complaint and evidence (which they simply don't bother to do up until that point) and hastily backtrack and settle.

People need a grounding in legal basics, especially contract law and that's what written often isn't cast in stone even if you willingly agreed to it! They also need to drive such complaints past the point where it costs the company more money than it's worth, and do so on a regular basis whenever they see such things.

But, yes, the standard response is "do nothing and deny" and point at terms and conditions that are basically unenforceable in the situation, and not bother to do anything until you're about to cost them money (and then they will make an offer way under the amount of money it's already cost you or them in terms of hassle, and significantly less than it would ever cost them otherwise anyway).

Lee D Silver badge

Even if the bot was a human operator - does that mean they can spout nonsense and then expect the customer to just suck it up when it's wrong?

If anything, a human being in error would hold MORE weight, not less. So why would they think that claiming the bot was some kind of free-thinking independent entity would make it not liable? Their own humans wouldn't be!

I just don't understand why a company would deploy these things on a front-end website. At absolute best, if you believe every bit of hyperbole over AI, it's like putting a small child on the customer service team and then letting it run off and say whatever it wants, unchecked.

Maybe eventually another fad will come along and these places will learn that such bots are absolutely a liability to them and are in fact a pretty damning security hole - I've seen other news of them be manipulated to get prices and discounts not actually available, and to get into conversations that are wholly inappropriate for any agent - automated or not - to get into on a corporate website.

Southern Water cyberattack expected to hit hundreds of thousands of customers

Lee D Silver badge

Re: Open a second bank account...

"Who, in their right mind, would ever let an near uncontactable, unaccountable company to have free and unlimited access to take money from their bank account? Oh yeah, lots of people....."

With an instantaneous right to revoke and refund the last three said payments, cancel all future payments, based only on you contacting your bank and asking them to and not even having to provide a reason why?

Me.

Because I want to live in the 21st century, if they mess up then one phone call to my bank sorts it instantly (proven on at least one occasion which resulted in Three instantly ringing me after I'd tried to get through to them for hours, and threatening all sorts until I actually informed them that they were charging me for a phone they admitted was never delivered, the contract (with the phone) never signed, and that I'd been asking them to report the IMEI as stolen for the last three months) and I'm never "at zero" on my bank account so a payment here or there doesn't matter even if it's incorrect, especially if I can get them refunded and cancelled in seconds.

DD has safeguards that cheque, etc. simply does not have.

I don't trust utilities at all - to the point that since buying a house last year I am literally planning to obsolete them all from my life by the time I retire, and reduce my usage of them as much and as early as I can feasibly do so.

Electricity? Solar and batteries. More expensive, sure, but expense is not my concern, independence from "estimated" bills, outdated meters, no chance of upgrading, etc. are.

Water? Greywater system and can eventually turn that into a full filtered system. Again, not cheap, but the rain collection I have is more than enough throughout the entire winter.

Sewage? I literally investigated incinerator toilets for this purpose - basically an electric kiln that burns all kinds of human waste into a sanitary ash that you can put on the garden.

Internet? I have a plethora of options there, ran my (very tech-heavy) house off 4G alone for 5 years without issue when BT couldn't be bothered to upgrade local lines, and I'm just waiting for any non-Musk satellite network to come along. Having so many options basically gives me complete independence from any one ISP's nonsense.

And even now I'm working that way:

Electricity - every month I pay their overblown "estimate" (which is amazing given that I read the meter regularly for them and know my usage precisely), refund any excess and spend it on solar. 50% savings each month, and growing every month.

Water - I forced them to fit a water meter, literally 90% saving on water and sewage instantly.

Internet - DSL, 4G with several different networks, and Starlink "on hold" if I ever need it (yurk!). They now rent the Starlink equipment/connection on a month-by-month basis, which is my fallback.

But payments? All DD and credit card. Because the guarantees you have are far superior, cheques are long-dead, and cash is just a dumb idea nowadays. Plus if you know how to game them, you can actually profit from doing so... "0% interest pay in 3" gives me 3 months of free interest on money, while putting nothing at risk (I always have the money to pay outright for whatever I Pay in 3), but I get the product now, they pay for 3 months of inflation, I earn 3 months of interest, and no risk. Not to mention things like 24 months 0% interest on credit cards - I do the same and literally earn 2 years of free interest while they absorb 2 years of inflation... then I just pay it off. Even if I have to get a one-off 2% balance transfer deal, I'm still making profit just by shuffling money around that I already have.

Sorry, but you're living in the stone age and if you are untrusting of them then you should want to be independent of the utilities, not causing yourself hassle when the cheque gets lost in the (marvellously reliable) postal system and then you get hit with a fee for late payment, a charge to revoke the cheque and the hassle of sorting it all out to send another.

Cybercriminals are stealing iOS users' face scans to break into mobile banking accounts

Lee D Silver badge

How many times, a biometric is NOT AUTHENTICATION.

It's the "username", not the "password" and does absolutely nothing to verify that someone is who they claim/appear to be.

And, as demonstrated, anyone can get that username from the user - because it's readily-available and not seen to be "the password". Something accesses your front-facing camera that you also use to log into a device? Oh, look, that have all the data they need to now know what you look like. It doesn't matter what fancy obstacles you try to put in the way (e.g. IR camera, etc.), it's there for them to take, replicate and use forever.

And when that's your username? Who cares. When it's your password? That's just dumb, insecure and wrong.

Stop with the biometrics. Just stop. They are absolutely useless past the point where the computer says "Hello, Dave, would you like to log in?"

China's Volt Typhoon spies broke into emergency network of 'large' US city

Lee D Silver badge

There's a big difference between taking everything back to manual labour, and just running a secure, isolated network that's not connected to the Internet.

There's absolutely nothing stopping people designing secure isolated networks, where every device is approved before it's allowed on, where they can connect over leased lines to other sites directly, and where any kind of rogue traffic wouldn't be able to get out even if it could get in.

All it takes is common sense, money, and not routing to the global, public Internet.

Chrome engine devs experiment with automatic browser micropayments

Lee D Silver badge

Watch Granny run up thousands on her card when she doesn't realise that every time she checks her favourite "online bingo" site it's taking 1p payments that she doesn't know what they are but once clicked "OK" just so she could play her game.

"Without user interaction" is literally the dumbest thing ever, limits or not.

Lee D Silver badge

Re: I see a serious issue with the idea

Oh look, I was right:

<link

rel="monetization"

href="https://example.com/pay"

onmonetization="sayThanks(this)"

/>

What a dumb protocol.

Lee D Silver badge

Re: I see a serious issue with the idea

I would imagine it would be the work of moments to demand that a site that wants to comply puts in a DNS entry which specifies the target wallet details. Thus unless someone can completely compromise that site's DNS details, the payments could only go to that site.

I haven't read the protocol, but I bet there's nothing like that in there, or it's in there as HTML that you can modify, etc.

It wouldn't be a bad idea to have, say, the equivalent of a Bitcoin address that you can publish in DNS and thus if someone visiting wants to pay you money, they can click a button and it would pay to the wallet specified in that site's DNS.

But all it would mean is a thousand domain-squatters, Unicode domains, etc. trying to trick you into thinking that they are that same company - the same as any payment page.

Lee D Silver badge

Re: Flip Side

I do find it hilarious that there's a certain cookie-control window that many websites have and it forces you to go through the list of things in order to deny them.

And on that particular dialog there is no "Reject All", you have to turn off all the individual categories one by one.

And, more often than not, SEVERAL HUNDRED companies are listed individually as "Legitimate Interest" users of my data if I proceed (as well as another consent toggle, and the difference isn't explained).

Whenever I see those style of cookie dialogs now, I just close the site immediately. I don't know what they think they're achieving or being compliant with (because they're not) but does nobody working there think "maybe we don't need to have several hundred companies with a legitimate interest in our user's data" or even "is this a legitimate interest to have that many companies using our user's data?" at any point?

Lee D Silver badge

"and no user interaction"

And in true Dragon's Den style... I'm out.

QNAP vulnerability disclosure ends up an utter shambles

Lee D Silver badge

Keep your storage as storage, your servers as servers and your clients as clients.

There's no need for direct access from client to storage, there's no need for servers to provide more than the bare minimum to clients or access storage they don't need, there's no need for storage to offer any services except storage, and servers should be isolated behind a firewall and external access minimised as much as possible.

DMZ etc. goes back as far as any operating system in modern use, but we seem to have forgotten about it entirely.

Just my home setup - A Raspberry Pi running Plex has storage on a NAS, which is only accessible read-only by that local Pi, which runs the Plex services, which are only accessible via reverse-proxy from an external server (mainly to get around dynamic IP limitations, no reason that couldn't be a single port-forward to an isolate VLAN).

If Plex/Pi is compromised, they have read-only access to... my Plex storage. Oh no! They can download 80's sitcoms! Not even the local network.

If the external server is compromised, they can maybe try to compromise the Pi, if they do so before I notice.

If my client is compromised, my Plex/Pi and storage are still safe (and backed up, snapshotted, etc. anyway).

Put barriers between everything, and poke as few holes as possible.

Lee D Silver badge

There's no way you should be allowing anything other than authorised traffic between machines and a NAS etc.

If you have a NAS offering direct storage to users, with web interface, NTP interface, etc. visible to them, then you're doing it wrong.

Least privilege principle. And there's no excuse "at home" for a professional - even the cheapest routers/switches allow VLANs etc. nowadays and have for decades.

Put the NAS in its own VLAN (like your CCTV cameras are in their own VLAN, and your smart devices are in their own VLAN, etc.) and only the ports absolutely necessary for the operations are allowed between them. In the home case, literally only the SMB/CIFS port, for example.

Upstart retrofits an Nvidia GH200 server into a €47,500 workstation

Lee D Silver badge

In a few years, you'll be able to buy an ordinary desktop card that outperforms this.

You'd have to be a nutter to drop €50k on this for any non-business reason.

It's time we add friction to digital experiences and slow them down

Lee D Silver badge

Or users could just follow established best practice, keep their cryptocurrency wallets locked, encrypted and offline, ensure proper password hygiene and implement sensible update practices.

But, no, let's SLOW EVERYTHING DOWN because people are too dumb to follow even basic security practices to secure $90,000 of digital assets.

Imagine if your bank said "Sorry, we lost your $90,000 savings because we don't have doors on our safes, the password to the box with the money in was 1234 and we haven't updated our CCTV since 2000."

You'd be up in arms.

Backblaze's geriatric hard drives kicked the bucket more in 2023

Lee D Silver badge

Re: not trusting my data

What I run active servers on is largely a matter of trust.

This is not a question of backups, that's an entirely different and separate topic (given that you wouldn't generally put backups on the same medium as your active data for a start).

But not having to service a working production server or array regularly means that you have to be able to trust that it's going go hold up well enough so that you're not there replacing 4% of the drives through failure (rather than choice) constantly.

4% of the drives in even a small server setup each year is a drive every few weeks or so.

Lee D Silver badge

Confirming, more than ever, that I've not trusting my data to anything that isn't Western Digital.

Unit4 software's budget bungle leaves schools counting the cost

Lee D Silver badge

Re: if you've got something that works, why do you replace it

And at that point you do the real run on the old system, and a dummy run on the new system, and you give the junior finance assistant both sets of data and ask them to highlight ANY differences.

And if you can't do a dummy run on the new system - bam... you have your first feature demand before you part with any money.

Tesla's Cybertruck may not be so stainless after all

Lee D Silver badge

Or why not just apply a clear coat at the factory?

Lee D Silver badge

Re: until the Cybertruck is scheduled for a full wash

I just drive fast in the rain... problem solved.

Google silences Bard, restrings it as Gemini with optional $20-a-month upgrade

Lee D Silver badge

Remember... Genisys is Skynet...

I mean Gemini...