Re: A rock in the road???
"Maybe the owner didn't want to sell."
16426 posts • joined 16 Jun 2014
"Stick a couple of keep left arrows on it and officially deem it a bollard."
Way back I used to drive between Belfast & the in-laws in Carrick passing the entrance to what was then Jordanstown Poly. Opposite the entrance there was one of those islands with plastic bollards illuminated from below. Almost every time I passed the bollards were squashed flat; I doubt that when they were replaced they ever lasted more than a couple of weeks & usually less.
"After all a higher level of responsibility is what your boss is paid for."
It's not necessarily what they do, however. A very short time into a new job I was given the project of taking an application the boss had written (have you ever seen C dressed up with macros to try to make it look as COBOL-like as possible?) for a specific client and make it into a marketable product. There were a couple of client sites already even though it really wasn't fit to use at that stage. Sales then sold it to a third site promising that it would be an exact equivalent for what they already had. A quick look showed that the way their existing package worked was so different that ours would have had to be rewritten from database schema upwards to make it look anything like the one they had.
I had a vision of being the one in the middle when the writs started flying so I went to the boss and asked for a spec of what I should be producing. I was told that was OK, whatever I produced would be the spec.
"At least on the LHS of the Atlantic..."
And on this side too. In my case what would have passed for HR in my first instance would have been fully part of the "no promotion" approach. To be fair, in the second it may well have been the local HR who got me the good release package - we always considered ourselves a little semi-detached from the big organisation. But on the whole, if there's a serious conflict with HR stuck in the middle they're going to ensure they're on the winning side.
Everyone's circumstances differ but I'd say get out if you can.
I spent the first half of my working life in science, mostly trapped at the top of my pay scale in a place that simply didn't offer promotions and in a job that I'd only taken on as a temporary measure until there was an opening in my preferred field. Eventually I found myself heading into the situation in the article with too many people wanting a piece of me. Things worked out doubly lucky. Firstly I had had some programming training and experience previously; we were early adopters of a RDBMS & Unix in lab management & it was largely my baby so I had a jumping-off point to get into IT. Secondly we'd worked out previously that we were coming up to one of the dates were we could move without too much disruption to schooling. I managed to get a techy IT job and handed in my notice - at which point I was offered a promotion to stay, no board, no formalities at all. Bloody cynics. Or maybe they thought that was what I was really aiming for. Anyway I took up my new job, a complete career switch a few days short of my 42nd birthday. If you've got the right skills to offer age might not be a barrier but more of that below. Actually the schooling bit didn't work out as well as we'd hoped. It took months to sell the house and I spent months in B&B with very little chance to visit back home - somewhat traumatic all round. However, the release from stress was so great that workwise it felt like an extended holiday.
Roll forward another decade and a few job changes in IT (yes job changes in my 40s and also a relocation, spot on the other date we'd identified) and I was fed up with being managed by idiots. By this time I was just short of my 52nd birthday. After failing to suppress disbelief or conceal disgust at a particularly bad [de]motivational event I was made an excellent early retirement offer as from the end of the year. Maybe another permie job would have been too much to expect at that point but freelance was the solution there - age doesn't matter as far as I can see, in fact it's advantage if you have the kids off your hands. Actually, as it happened I had to turn down a permie job offer from a client - it was management and one reason I was freelance was to avoid that sort of crap.
After a further 10 years freelance I was eventually pushed into retirement by sheer annoyance at vacillating micromanagement by a client's development manager. Between his assigning jobs at the end of the day he was leaving on holiday and my getting home he'd reassigned them again at which point I decided I just didn't need to put up with any of this any more.
So, to reiterate, getting out might be feasible and, if you can manage it, could be the best solution as it draws a line under everything that's gone before. And freelance is an age-independent means of doing that.
"Nope. Hospitals are a regulated environment, which means anything that runs there MUST... be approved by the government... The more custom the software, the longer and more costly the vetting process."
Nope? You make an excellent case for the software vendors not relying on an OS whose EOL can be dictated by a 3rd party.
As Thames pointed out the systems are networked to a central control so it's not a matter of air-gapping individual machines.
But the real problem is that it's been all too easy to install a single network, hang everything off it and depend on perimeter security. When you have PoS terminals compromised by laptops plugged into the network by HVAC technicians it should be crystal clear that that doesn't work. For years we've been told to program defensively; network designers should have been told to work on similar principles and connect clusters of machines that need to work together but isolate them from everything else.
There's a difference between air-gapping individual units and segmenting your network so that someone who might open an email containing an alleged invoice or someone servicing the HVAC installation can't affect each other let alone critical systems such as these.
It requires thought and planning. It probably requires more expenditure on H/W as functionality which would otherwise be provided centrally need to be provided separately on each segment. But if you take security seriously it has to be done.
And yes, I have worked in a situation where admin offices and production had separate networks and even different parts of production were subject to extra security. Security was taken very seriously, it was the first word in the business's name and they meant it.
"Well, no-one from Mountain Rescue was actually involved, and no-one other than her was ever in danger."
And have you thought what might actually have been involved if she hadn't been phenomenally lucky? But in some way, according to a lot of people here luck excuses stupidity so we don't have to consider the possible consequences to others of that stupidity.
"Well, no-one from Mountain Rescue was actually involved, and no-one other than her was ever in danger."
AFAICS the only reason Mountain Rescue wasn't involved was that she was rescued before anyone realised she was missing. It's not clear whether she told anyone what she was doing so it might have been a good while before anyone knew she was missing. Had she not been lucky enough to have been found a good many people might have spent a lot of time looking for her in the wrong place. But hey, it turned out OK by sheer good luck so it doesn't matter that she did everything wrong she could have possibly done.
"Pretty lucky really."
Very lucky. Because if she'd not been found there'd have been a big turnout of mountain rescue volunteers. Given that she'd diverted from her previous plans they might even have been turned out in the wrong place and spent even longer than they otherwise might by looking in the wrong place.
"because the Irish company is a subsidiary of Microsoft Corp. USA "
Of course if the US is careless enough to arrange its economy that way Microsoft Corp USA could be just a subsidiary of a Swiss corporation with administrative HQ in Ireland and young US engineers applying for 2 year visas to work at the S/W development centre in India. And the Azure servers? In Germany with a German company as data trustee.
"American tech companies to do global business. Companies like Google, Apple, Facebook, MS, Amazon....But Amazon and Apple rely on physical premises"
Who says they have to remain American?
Apple depend on physical premises in China where stuff is made but they don't even own those premises. They may have a large vanity building in the US but they'd probably find a purchaser for it if it became preferable to move offshore.
Amazon has distribution centres and data centres all over the world. Why should the US ones be more special than those elsewhere?
Global businesses can go where the legislative environment suits them but if they're big enough simply threatening to move is sufficient. HSBC has been mulling over moving out of London for years - it keeps the UK regulators from making any moves that would really upset it.
"only four-and-a-half per cent of the world's population lives in the United States. But technology is global."
Perhaps he didn't need to be explicit about the corollary. If a business wants to address the other ninety-five-and-a-half per cent it will need to base itself where local laws allow it to behave in a manner acceptable to those potential customers. That's something that legislators of each country will need to bear in mind.
"So Apple and Google (and other similar tech companies) could move their unlocking technology to a subsidiary that exists outside of the US - France for example."
France might be a dubious example. They seem very keen on no encryption just now.
"Search warrants have been standard law enforcement tools for a long time, and they generally are issued one or a few at a time, in conjunction with specific investigations"
This is quite true and it's right that they should be case specific. In fact this is one of the problems with bulk interception - it doesn't have the specificity and safeguards of a search warrant; it treats everyone as a suspect and thus tramples on the presumption of innocence; that presumption is one of the safeguards of all those who are innocent.
But this wasn't about a search warrant. It was a warrant issued against a third party to compel them to do something, ostensibly just once but clearly, to anyone with a whit of judgement, as a precedent. And the end point of that precedent-setting trail would likely be a tool usable against any Apple device and corresponding tools against other devices which would treat everyone as a suspect etc.
It's witnesses who give evidence under oath. Lawyers just make unsworn statements to the court. So the question arises whether "just one" was evidence (how much evidence would be presented in a warrant application?), a statement to the court or PR external to the court. Only one of these risks perjury.
"I've said before but if you block ads then you are effectively killing almost all online journalism. Up to you if that's a world you want."
Let's ignore the "bad to piss off potential customer" aspect of advertising, even though the ads that do that are what brought adblocking into existence.
Today's problem is malvertising. Ad blocking is no longer just a matter of aesthetics, it's a matter of basic IT security. It just isn't acceptable to bleat about killing online journalism without a solution. Viewers who've been hit with ransomware from a news site are going to stay away for good so the end effect is much the same for the site but worse for the user.
We've heard some mention some months ago about an initiative but seen nothing. The industry simply winges about adblocking but makes little attempt to see itself as others see it or to recognise that it has brought its problems on itself and does nothing whatsoever about it.
Frankly, I think the online advertising industry is in a death spiral. It has only its arrogant, narcissistic self to blame and, frankly, the sooner it's gone the better. Then online journalism can get on with developing a business model that works.
"Because there are a LOT of embedded systems in hospital equipment. A lot of it can't be reliably updated/patched, either. So, you have a large number of soft targets."
But you can start segmenting the networks so Janice-in-accounts is 2 or 3 hops away from anything embedded that's even mildly critical.
"I propose that DARPA, GCHQ or some other appropriate government agency (or agencies) encourage Western hackers to write and deploy locker software that attacks ONLY computers that ARE Russian."
An alternative. Stop routing traffic to or from Russia one hour a day this month. Next month two hours a day. The month after one day a week...
"they haven't actually complied with the GPL because they have not provided their modified/derived source."
The letter says that they're sending the code "as far as it is required by the OSS licence conditions". They say that there is vehicle code that they haven't sent. There's no indication as to whether this is modified/derived source so there's no basis for assuming that it is.
There seems to be a widespread assumption that because a program runs on some particular platform it must be a derivative of it. It's perfectly possible to write a program which compiles unchanged and runs on multiple platforms so what's the basis for thinking that it's derivative of one of them?
I looks as if we're seeing cargo cult approaches to open source.
There have been a few successful approaches to this:
1. Work for what you see as the common good, expecting and receiving minimal rewards - works as a full-time developer if an essentially hippy lifestyle is OK for you.
2. Work for the common good but produce something which is of sufficient value to business users that they're prepared to fund you.
3. Offer some OS-related service such as support on top of your OS work.
4. Use OS to provide some non-OS related product or service and feed back your own contributions, essentially sharing development costs with others who might even be your competitors.
What appears to have happened is that people have seen OS work for others and joined in as creators or as consumers without understanding what makes these approaches work and indeed, without understanding that OS development really involves contributing to a commons.
Biting the hand that feeds IT © 1998–2019