In this context, what is a reseller?
Posts by John_Ericsson
46 publicly visible posts • joined 4 Aug 2023
Have I Been Pwned likely to ban resellers from buying subs, citing 'sh*tty behavior' and onerous support requests
Already three years late, NHS finance system replacement delayed again
Oracle finance system at Europe's largest city council still falls short 2.5 years later
I often wonder if an off the shelf trusted and established application, with internal support staff can create a better and MORE FLEXIBLE service. My experience ends in 1997 when the benefit agency brought in consultants to look at the IT services, and they scrapped in house solutions and contracted out. The results were as you would expect. I remember we could not ask for bugs to be fixed because it had been signed off and we could only make a handful of “feature requests” per year
Why does the UK keep getting beaten up by IT suppliers?
Lots of reasons. However the primary reason is managers not one taking responsibility/accountability by suggesting something they could be blamed for. Once someone has suggested “X” then X it is, and we know who to blame when it al goes wrong. This attitude runs from top to bottom on the management hierarchy. In my experience poor project management is something the UK excels at.
British Museum says ex-contractor 'shut down' IT systems, wreaked havoc
Xfce 4.20 is out: Wayland support lands, but some pieces are still missing
Watchdog finds AI tools can be used unlawfully to filter candidates by race, gender
Hold your horses. You do know that a hack to allow positive discrimination is to declare a diverse workforce as a requirement of the organisation. The organisation (HR) will produce lots of graphs about the financial benefit of diversity. Points will be awarded to select candidates and at interview based on what they can contribute to the companies diversity.
UK councils bat away DDoS barrage from pro-Russia keyboard warriors
Wanted. Top infosec pros willing to defend Britain on shabby salaries
They have ridiculous job titles to sound impressive when they leave. I must admit an application from a " Lead Cyber Security Expert" at GCHQ would go on top of the interview pile.
My young colleagues tell me that "job cat fishing" (or is it phishing) is also a thing, where employers big up the role that does not reflect what you will be doing.
Penn State pays DoJ $1.25M to settle cybersecurity compliance case
"Penn State abandoned its contract with **government-compliant** cloud host Box in favor of OneDrive, which doesn't meet NIST's CUI security requirements, to save money"
I've been there countless times with UK universities, that get IT to do their Information Governance. IT make a decision without consultation and when it all kicks off when they tell users to move data to the new repository they off the advice "go back to the stakeholder, explain that there is no difference in security". I can guarantee IT would have said "will it be okay if you encrypt the data on one drive?".
UK ponders USB-C as common charging standard
NIST's security flaw database still backlogged with 17K+ unprocessed bugs. Not great
Another OpenAI founder moves to arch-rival Anthropic
How to spot a North Korean agent before they get comfy inside payroll
Keep an eye out on pen testing companies even those based in the UK.
I have audited companies that have employed a third party pen testing company to do their pen test (fair enough), and while the pen testing company is genuine and none malicious, they are often unable to provide meaningful assurance on the contractors they employ.
Admins using Windows Server Update Services up in arms as Microsoft deprecates feature
So more reason to remove the air gapped networks and have all the sensitive information "on the internet". WSUS requires just two ports to be open, what's the betting that the cloud "alternative" requires a whole host of URLs with ever changing IPs and multitudes of ports for our on prem servers to access them.
I will miss typing "wuauclt /reportnow and /detectnow" (although one of them didn't work, but I can never remember which so I used both.
NHS drops another billion on tech in the hope of finally going digital
Microsoft on a roll for terrible rebranding with Windows App
Open source maintainers underpaid, swamped by security, going gray
Re: If that's where we have to go . .
This will become more of an issue as companies get to grip with supply chain security. While you are rightly defending FOSS another groups of people are congratulating you for making an excellent point on the lack of assurance with Open Source and hence why it should not be used in a prod environment.
250 million-plus unused IPv4 addresses should be left alone, argues network boffin
Transport for London confirms 5,000 users' bank data exposed, pulls large chunks of IT infra offline
Re: Motorists will pay
The ICO have acknowledged the issues with fining the public sector (and the same issues apply to not for profit orgs undertaking public services), and will use their "discretion" to reduce fines. I have spent the last 5 mins thinking of alternatives and can not think of any,
EV sales hit speed bump as drivers unplug from the electric dream
What really grates is he smug anti-EV youtubers were right.
My plan was to get an EV when I could charge from home. While that happened this year, I had already witnessed friends describing it as their biggest financial mistake (apart from getting married).One friend waited six months for a "part" before being told they could not source the part and they would buy the car back of her for .... 20% of the purchase price (after two years). This is NOT "eco"!
There is to much kid-ology going on and we all need to admit we were duped (like with 3d TVs)
The Windows Control Panel joins the ranks of the undead
US sues Georgia Tech over alleged cybersecurity failings as a Pentagon contractor
Re: anti-malware?
Hmmm, to me the actions of the organisations demonstrate why tick boxes are necessary.
As for putting antimalware on each server, there is often scope to "risk assess" it, but in my experience I would want to see some controls on each and every device.
I was auditing a UK university that did not put anti-malware on its compute as "data was always uploaded to a fileserver which is scanned". Good reasoning but they also allowed users to download python packages direct from external repositories. we were called in when there annual pentest revealed they were riddled with malware from pypi.
SolarWinds left critical hardcoded credentials in its Web Help Desk product
This uni thought it would be a good idea to do a phishing test with a fake Ebola scare
Not so many years ago at a university in the UK did our first phishing exercise. I can't remember the text but it would have been along the lines of "funding issue with your fees". The following day HR raised complaints at the highest level and were demanding discipline be considered. Time and time again they were telling us that "lying to students is totally unacceptable" and how the damage done will take many many years to repair. No further exercises were ever run.
Deadbeat dad faked his own death by hacking government databases
School gets an F for using facial recognition on kids in canteen
Angry admins share the CrowdStrike outage experience
Life, interrupted: How CrowdStrike's patch failure is messing up the world
RIP: WordPerfect co-founder Bruce Bastian dies at 76
I had a (very) successful career in IT all thanks to WordPerfect. As an office junior for a company of 10,000 users I wrote some automation process (macros?) on WP and shared them amongst other staff. Six months later various people came into the office looking for me, and asking "show me what you did". They went away with a "hmmmmm" . A week later the CEO said "we are creating a PC dept and we need someone who knows about computers". (and yes they did ask me to create their web page, it had music and a flashing banner, it was a site to behold.)
DPD chatbot blasts courier company, swears, and dabbles in awful poetry
Manchester's finest drowning in paperwork as Freedom of Information requests pile up
UK will be HQ for high-flying next-gen fighter jet treaty with Italy, Japan
NASA engineers scratch heads as Voyager 1 starts spouting cosmic gibberish
Rhysida ransomware gang: We attacked the British Library
Inside Denmark’s hell week as critical infrastructure orgs faced cyberattacks
Cybersecurity snafu sends British Library back to the Dark Ages
Microsoft: China stole secret key that unlocked US govt email from crash debug dump
We all scream for ice cream – so why are McDonald's machines always broken?
Re: No sh!t Sherlock
In the 1980s I fixed ice machines in pubs. I soon found out why pub staff never had ice in their drinks. We are only talking water/ice production , but when I removed the cover I would see a dollops of organic slime all along the chiller. McDonalds needs assurance their equipment is safe/clean. They can not get this if local staff are ringing up repair men (not matter how well qualified) to "have a look" at the dodgy machine. Also who can be blamed if a safety part is removed/by passed and several companies have looked at it?