Re: Apologies to those who've heard this one before
Very suspicious. He walks out without finishing his drink.
16426 posts • joined 16 Jun 2014
"as a professional software developer I feel I have a duty to point out how their crap algorithm is costing them time and money, and they should have an audit immediately with a view to fixing it."
If you did contract work you could offer, as a professional software developer, to fix it for them.
More likely, however, you'll find their algorithm is nothing more than a word search being run by people for whom the words are nothing more than squiggles on a screen, devoid of any meaning.
"In The Good Old Days (tm) we had shelves and shelves full of manuals, with well-thumbed indices."
In the Good Old Days I had a cabinet mounted on my desk partition with the OS & RDBMS manuals in it. I only needed to raise my arm to pick up any of them.
One day some Big Boss came to visit the call centre next door. (It was quite big - the support manager of the database company visited one day so I I gave him the tour and his jaw dropped when we went in there.) Big Boss made some comment about how great it was having everybody able to communicate with the low partitions. Next weekend all our partitions were lowered and my collection of manuals was "over there" beside the window. A few steps away is not the same as within arm's reach; those few steps and the time they take break concentration.
To cap it all there was a bit of a swap around and I also acquired a new team just behind me who, for some reason, had to have a dot-matrix printer on one of their desks.
"I left a small IT company about ten years ago, and went back about three years ago for a short term contract.
My email (username) and password still worked."
Been in a similar situation with old client. Some development tools bought by my company and installed on the PC I used still installed....
This was only after a few months so it might have got cleaned off later.
"but before you can raise the CR to remove it, you first would have to get it added to the CMDB before you can raise the change"
If it's not on the CMDB it doesn't exist so it was never removed when you unplugged it. Just following CR logic.
Following BOFH* logic, just unplug it to see who screams.
Remove the SD, plug it into a Unix/Linux box, edit the shadow password file to ensure you can log in, replace SD, add monitor and keyboard and find out what it's trying to do.
*I'm worried. BOFH not been seen for some time. Did a boss finally get him?
"It would have been better if the ICO also was given the powers to fill some cupboards with porridge for these directors to eat for a few months."
That happens if the fines don't get paid.
If the actual owners stuff someone's aunt into the directorship to try to avoid fines on themselves that's also a porridge earner.
Proceeds to go to
charity recipient of call* (less a small substantial admin charge determined by ofcom)
One of the advantages of this scheme is that the caller's telecoms provider will be left holding the charges if the caller absconds. Their credit control will, in practice, crack down on the whole business.
* If they expect people to take their calls they should be prepared to pay them for their time. Just credit it to the recipient's telephone account.
"blow a whistle very loudly down the phone at them?"
That was the advice that used to be handed out to victims of what were referred to as "heavy breathing" calls. Probably a bit of googling would bring up an old reference to that so your defence, if needed, would be that you were following official advice.
"if the ICO could also go after the companies whose products and services were being promoted."
Maybe they can. A fine can be levied on the officer of a company if the offence "took place with the consent or connivance of the officer". Without delving back into the original regulations it seems reasonable that the calls must have been made with the connivance of the client company and its officer(s).
This might be a strange idea but how about the clients just keep keeping an eye on what's going on? That way they have the knowledge all along and might even be aware that there could be a problem developing. Even stranger idea - if they become aware of a problem developing they may actually be able to take suitable action, either to ward it off or mitigate the consequences for HMG, before things go too far.
The name rang a bell in the headlines - back then it was familiar from the ads in Byte.
S-100 was transformative. Although our 48K box was only about 1/6th of the number of bits on the 1907 at QUB a few years back it was still a table-top box compared to the 6' or thereabouts cabinet holding just the memory of the mainframe. Add in things like an ADC card and there was the capability to build instrumentation that would have cost a fortune to buy from HP or Perkin Elmer even if it had been in their catalogues, which it wasn't.
Not only did the table-top box amount to a sufficient fraction of a mainframe it also had a compiler for the same language, FORTRAN but without the restrictions of punched cards, 100K disk allocations and 3 runs a day. In less than 10 years computing had made a leap forward in accessibility which really hasn't been matched since. The advances in miniaturisation and computing power have all too often been matched by losses in flexibility by way of productisation.
Put me down as another whose life was altered for ever by Bill Godbout and his peers.
"I fully expect a few million 'give me all the data you have on me and then delete it' requests."
That's going to prove interesting as the report makes quite clear that there's no way to get the telemetry stuff back out and the only way to delete it is to cancel the user ID. Even then individual teams within Microsoft in the US could have made their own copies and there's even less means of knowing about that and getting it deleted. And then there are all the sub-processors such as CDNs.
I can't imagine even IBM in its pomp getting away with this sort of stuff. And it's only because customers won't face up to their responsibilities and walk away.
"which do you think are better paid?"
I spent a lot of time in courts early in my career. I never heard a judge asking each side how much they paid their lawyers and deciding the case on that. Given that these cases will be heard in the EU they will be out of range of the finest government money can buy. Sad to think that from next March we'll not have that protection in the UK; that's what happens when you have a Home Sec resident in No 10.
Following the line of Home Secs, what does the panel think about Rudd going to DWP? Isn't that great for them? They really need someone with such technical nous running things there.
"Easy. 5 months of desperate lobbying and Doublespeak ahoy explaining how _customers_ need slurping, they value our privacy and are always out to listen to customers."
Or simply hoping it will get forgotten. Or it will break several bits of functionality and will have to be removed in order to make everything work properly. It's going to take time to ensure enough functionality gets broken.
"The history of Star Office -> Open Office -> Libre Office suggest that it is a mountain of quick fixes, with zero logical integrity."
The early stages of the move from OpenOffice -> LibreOffice involved paying down a lot of that technical debt. No doubt there's still some way to go but then there always is.
The word "compatible" has a special meaning in the computer industry
It means compatible with the current version of the software and no guarantees about past of future versions.
There is, however, an open standard for word processing, spreadsheets etc. which is well defined and ensures that your future self, or your successors, will be able to open those documents. Because it's an open, well defined document it means that even if your current product is discontinued it will be possible for someone else to write equivalent S/W so that your access to your old documents will not be blocked. That should be a fairly important consideration for governments whose documents might will have legal significance in decades or even centuries to come.
Oddly enough that's not Microsoft Office's format, it's the one used by the software you imply has problems when being exchanged.
The risk of future incompatibility wasn't in the terms of reference of this report and hence is only alluded to in passing. If one were to do a full risk analysis it should be one of the highlights.
Not wishing to exonerate MS in the slightest but don't the Dutch Government have any responsibilities in this? AFAICS it's they who required their employees to work with this. It may well be that MS did this sneakily behind their customer's back but I rather think that if it were any other employer it would be the employer who would be facing charges and taking out civil proceedings against their supplier for breach of contract, always providing that the contract said they wouldn't do such things. And if the contract was silent on such issues then the employer might even lose.
"So how do you transfer things too complex for a human to enter into an airgapped device?"
In the context of my reply about epoxy - which I assume is what you're questioning - the immediate reply is learn to read a statement of requirements which in this case was "So, what actions does a user need to take -- a real user, not a Reg reader, mind-- to protect themselves from nasties on the stick when they plug it in?" No mention of Stuxnet there.
The moral you need to take from my reply is that it's a trade-off. If you want to be secure there are things you shouldn't do, sticking random USB devices into a PC is one of them. Self-discipline would be better but if physically preventing yourself or those around you from doing things is the only way of doing that, take the physical route.
As a free-standing question, however, it deserves an answer and the answer, as with so many things in IT is that you have to analyse each situation as you meet it. If you have to make provision for data from random USB devices or the like for a single air-gapped machine a good starting point might be another air-gapped triage machine. You should be prepared to write that one off on that in the event of the sort of nasties you've mentioned elsewhere and, as several of us have said, a Raspberry Pi is cheap enough to make that painless; you can do it out of petty cash. For an air-gapped network LeeD's approach is the way to go. For a stand-alone machine your triage device could have the further level of protection of burning the data onto a write-once optical drive.
In different circumstances there are other options. For instance in the situation I mentioned elsewhere in the thread the main security concern was confidential information in the production side of the business leaking and there they had a factory network separate from the production network. Data incoming to that from customer sources was carefully routed and checked; e.g. incoming XML data was checked against an agreed schema - any file consisting of anything other than a conforming document was dumped.
To reiterate, you analyse the particular requirements and devise a solution that fits. If you need further help my rates are exceedingly immoderate these days.
"You're the exception"
Actually I have the luxury of not working for anyone these days.
But you may be right in that before I retired my last client had the word "Security" as the first word in the company name and meant it so that helped. Directors would have Richter 8 shouting matches in the open office but not about security. At one time they hired a company to try ringing various members of staff - and freelancers - to try to pry out company information and found we were effective at rebuffing them. Prior to that I worked for a large company that had a major, in PR terms at least, security egg-on-face incident and after that they went on a not entirely security theatre kick so at that time at least they became quite security minded. I don't suppose it lasted when their feet were no longer held to the fire.
When security requirement are imposed externally, and the likes of GDPR can do that, it becomes in the top team's interest to take is seriously.
I had an email from someone the other day saying he'd had some IT problems and had I received his previous email because I he hadn't had a reply (I'd received it but hadn't got round to sorting out material for the reply). I didn't stick my head above the parapet by asking what his problems were but I noticed his emails have the sig "Sent from Mail for Windows 10."
"Wasn't this exactly what he said would happen?"
AFAICR this was his excuse for jumping bail despite the fact that he'd been in the UK for some time and no extradition had been filed. And despite the fact that the US would have found it much easier to file while he was in the UK than Sweden and the latter, because of the EAW, would have had first dibs on him. When exactly were these charges filed? We don't know but if this is a recent typo it's likely that it was recently. Back when he first painted himself into a corner he was far more likely to have been punished by being ignored.
The situation now seems to be that Sweden would have to go through the EAW again if he was to emerge and in the meanwhile he'd presumably be doing time for bail jumping giving the US a chance to get its paperwork finalised for an extradition request. He could, of course, stay put for a bit longer providing he avoids giving Ecuador reason to shove him out and just hope that the next POTUS decides to simply treat him as a non-entity.
"My dad once ground down the edge of a SIP memory chip"
My MythTV box is in one of those really low profile mini-ITX boxes you used ot be able to get. There's no provision for the tuner card to sit upright in the box but there's a mounting bracket for one to fit horizontally if you can get the appropriate right angle adapter for the PCI slot. The nearest adapter I could get is still a bit on the tall side. Cue Dremel and a grinding disk. Like old SIP units PCI connectors were simple single layer boards so no problems.
"Of course that would require committing to brexit"
What sort of Brexit? Jumping off the cliff? A Brexit that might salvage something for the economy? Hoping for magic? Whatever your choice was it's unlikely that all those who voted like you actually had the same thing in mind.
You call yourself a code junky. OK, here's a challenge. Your employer tells you to prepare the S/W for a new project. Sorry, we can't tell you what it is because we don't know. Just do it. That's what DEFRA and everyone else has been lumbered with.
Brexit is something Dibert's PHB would have come up with.
Exactly what was the pig that was supposed to have been in the poke at that referendum? Complete Brexit taking down a good chunk of the UK economy and the Good Friday Agreement with it in the hope of eventually building trade agreements with the rest of the world that would rebuild the economy in about a decade's time? More or less what we have now? Some fantasy agreement with the EU in which we keep all the good bits but ditch the bits BoJo etc don't like? Magic happens?
AFAICS the immediate prospect, short of exiting the back stop, is about as good as it was ever likely to get - stay in some sort of customs union without being in the decision making in the name of taking back control. Of the others one would be a disaster and the other two never were going to happen.
Biting the hand that feeds IT © 1998–2019