Posts by Dr Who

Re: "Successive outages on this scale show" . .

I take your point, but we take a hybrid approach.

- We develop our systems so that they are completely independent of the proprietary dev tools of the big 3 (Azure, AWS, and Google Cloud). They are therefore completely provider independent and portable.

- We have VMs spread across multiple service providers in multiple geographic locations.

- We mirror systems across multiple service providers and locations

We don't have to build our own redundant hardware infrastructure, but we get all the benefits of being in total control of our systems. No per transaction charges so costs are predictable and considerably less than on prem. Scaling up or down is easy. You don't have to be able to touch metal to have control.

The reason that people use the proprietary dev tools of the big 3 is that it's very quick and very cheap to build a lot of functionality. But you're then completely locked in and over the barrel with your trousers around your ankles. But hey ... nobody ever got fired for using Microsoft (or Google, or AWS).

Re: it's not the internet....

Fair comment. Replace "internet" with "cloud" or whatever term you want to use to describe the internet and everything that is connected to, and depends on, it and the point still stands.

Re: ok, but what do you mean by “artificial intelligence”?

"one has to know just what TO ASK". Hence one of the higher paid IT jobs these days is prompt engineering. "Claude, write me a recursive python function to enumerate a directory tree" is not something your average non-coder would know how to prompt for. Snakes? Trees? What on earth are you on about? And who the hell is Claude?

Re: And this

(Very) High Tea

Re: Promoting Ignorance and Helplessness

"Bulkshit" - possibly a typo but rather effective and I've added it to my vocabulary. Suggested definition for when it gets into the dictionaries "Noun. An inordinately large volume of bullshit". (US spelling : TRUMP).

Re: Layoffs have begun

Very nicely said. For the government to indemnify businesses against cyber risk would create a significant moral hazard. If large financial institutions had not felt they were too big to be allowed to fail, they never would have take the risks that led to the financial crisis. Risk is part of business and it is not for the government to absorb that risk using taxpayer money. Even for small suppliers, although they may in reality have little choice, being reliant on one massive customer is a known risk which they enter into voluntarily.

Support for laid off employees is a different matter and there is much room for improvement there.

To really really screw up, keep your hypersensitive contact details on an unencrypted Excel spreadsheet. Maybe get the absolute basics right before applying Bayesian snake oil to the wound.

Re: Two tier

I hear you, and I've been there - the minnow swimming with sharks.

But hey, like the Guinness, we're not bitter eh?

Re: No financial loss?

That can't be right if this was indeed a credential stuffing attack (and cyberattack it was, whatever HMRC may claim) which depends on a user setting the same password on at least two different systems - so the accounts must have been activated by the users.

Not sure if I agree on all your points, but I can definitely say that definately is a misspelling.

Re: Wait...

It could have been done along the lines of the GP data analytics offering from https://www.opensafely.org/ which is "publicly funded, built by researchers and software developers at the University of Oxford, all IP is shared openly, and the Data Controller is NHS England."

But I do think it's best to stick with one of the big four consultancies plus a software as a service supplier well known to be a serial data abuser run by an extreme right wing nut job. Time and again it's been shown how this delivery model provides quality solutions on time, on budget and with unrivalled levels of end user satisfaction.

Re: Somebody else's computer

(There is no cloud) [really]

.... as a matter of fact, it's all cloud

Re: Sometimes technology is the problem, not the solution.

"spend all that cash on educational resources instead"

Agree entirely with your overall post. That said, IT is an educational resource too - and not just for kids at school. I haven't broken out my old O'Reilly Javascript reference book for quite a few years now ;-)

Re: It's the other eight billion you need to worry about...

Grass fed beef is primarily good for animal welfare. It has a much higher environmental impact than lot reared cattle, albeit the welfare of the latter is considerably lower.

Grass fed beef (which I also buy incidentally) is a rich world hobby. As a means of supplying protein and calories to the world's population at a price they can afford it's a non-starter.

It also takes up a lot of land which could be put to more effective use for carbon capture, for example as woodland.

Finally, (almost) all grass fed animals are "finished" on high protein feed made from soya grown on cleared rainforest.

Thumb up for the reference. "Fargin' iceholes!"

Re: Grease

Is the word

Re: It's not really a cloud specific issue

Couldn't agree more. Subscribing to the proprietary features of one of the cloud platforms can let you build a lot of functionality very quickly, but the vendor then has you well and truly over a barrel. It also takes disaster recovery completely out of your control. We run our cloud infrastructure across multiple cloud vendors and have designed it in such a way that failing over from one cloud to another is straight forward (proved by both testing and recovery from actual failures).

Re: A realisation of what they are

To be fair that's exactly what all sorts of brands do. Coca Cola doesn't make Coke. McDonalds doesn't make burgers.

Re: Shelf life

x -> Threads switchers is something I've noticed too. But .... are they all real? There seem to be too many almost identical "Threads is so friendly and nice. I had 100000 followers on X now I've switched to here and look forward to meeting you all and getting lots of followers.". That message is taking unfair advantage of Threads users' laudable but naïve urge to prove that the platform works as a nice X alternative. Classic click bait technique.

Titter ye not

It's like car model names. Whatever name you choose, there's a country somewhere where people will titter.

Re: "Office 365 connectors within Teams will be cut"

Everything is fine. Until it isn't.

This, Azure functions, Google workflows etc... make it very quick to deliver some functionality. Messy, flaky, undocumented, but quick. That's why in house devs keep using it. They can provide a quick and dirty solution to someone's problem. By the time it inevitably fails, the devs will probably have moved on long ago, leaving others to pick up the pieces.

Doing something really nice, with vendor agnostic technologies that don't lock you into one of the big vendor proprietary stacks, is harder. It has ever been thus and IT developments tend to follow the path of least resistance. There are of course durable, reliable, supportable, portable workflow solutions out there, but none of them were delivered by an in house IT team.

Re: "our IT arrangements are as safe as they possibly can be"

Good analogy. Especially because vaults still get robbed.

Whatever you do and whatever you spend, there will be a sufficiently skilled, well resourced and determined adversary who could defeat you (if you have something that's worth nicking). There is always some limit to the countermeasures you can afford to put in place, so you must always make your plans on the basis of when, not if, you will be compromised. Excellent preparation for a breach is the sign of a well managed business.

Also, not all data has/have equal value. As such, different databases should be secured to different levels.

Re: It is better to avoid a problem than have to fix it.

Even with the biggest budgets and the best security brains, you must still operate on the "When not If" basis. Defend yourself yes, but you can never be certain. Therefore, it's the quality of planning for what to do when the breach happens that is the mark of an organisation that is on top of its cyber-security.

Re: Third time good but ...

I passed a final exam whilst stoned once, but I reckon I too would have failed had I been on speed.

Re: Confusion

Nice. For the analogy to be complete though - Joe would find himself staring in the mirror doubting whether what he could see there was really himself. Mind bending stuff.

Fujitsu - purveyors of the finest gaslights.