* Posts by Dr Who

454 publicly visible posts • joined 25 Oct 2007

Page:

Microsoft confirms Russian spies stole source code, accessed internal systems

Dr Who

Not really. The executive probably does not have access to the source code. But if I can send internal emails as a Microsoft executive, I probably have a better chance than most of wangling such access.

Palantir boss says outfit's software the only reason the 'goose step' has not returned to Europe

Dr Who

What an absolute cock!

In Swiss German there's a brilliant word "Chläpfigring" which has no direct translation to English but roughly means "one whose face you have an overwhelming urge to slap". This man is definitely one of those.

Mamas, don't let your babies grow up to be coders, Jensen Huang warns

Dr Who

The coders are dead! Long live the coders!

Coding is the process of telling the machine what to do. First however you have to understand what and how you want to tell it, and that's the tricky bit.

There is a new IT discipline called Prompt Engineering, which people are making a lot of money out of. Prompt Engineers develop the natural language questions / instructions you enter at the AI/ML prompt. They can even develop template prompt texts which you can vary certain parts of (you might call these variables user input). All of a sudden, Prompt Engineers look rather like software developers.

Multiple billions up for grabs as UK government launches cloud services tenders

Dr Who

This is almost bibilical

Matthew 25:29

For unto every one that hath shall be given, and he shall have abundance: but from him that hath not shall be taken away even that which he hath.

Legal campaigners challenge UK.gov decision to redact NHS-Palantir contract

Dr Who

Home grown, open source, privacy driven, fraction of the cost but without the massive lobbying budget and capability.

https://www.opensafely.org/

Politicos demand full list of Fujitsu's public sector contract wins in wake of Post Office scandal

Dr Who

I think El Reg should launch the Fujitsu Contract Tracker (FuCT).

A Google sheet should do it - listing the contracts, along with value, duration and competition status as the info becomes available.

Maybe crowdsource the info from readers.

Microsoft prices new Copilots for individuals and small biz vastly higher than M365 alone

Dr Who

More guff will spew forth

Personal productivity apps like the Office suite can be powerful tools - in the right hands. For 99 percent of users it just helps them produce mountains of meaningless and pointless guff. Project plans and databases done in Excel. 100 slide Pointless Point presentations. Word documents with no heading levels, headings done with manual bolding and indentation done with the space bar.

The addition of an AI assistant will simply compound the problem for those 99 percent, even if it might help the 1 percent who get the hang of panning the nuggets out of the AI generated silt.

How governments become addicted to suppliers like Fujitsu

Dr Who

Re: Corruption

It's the "Nobody ever got sacked for buying Microsoft" phenomenon.

It was not ever thus though. I think the nails in the coffin for small biz involvement in public sector IT were the introduction of national framework contracts and the EU public procurement rules. Both of these made it prohibitively expensive for smaller suppliers to even tender for public sector work.

AWS rakes in half a billion pounds from UK Home Office

Dr Who

Yes minister that's correct. Their CTO is based in Monaco and their Head of legal in Geneva. You'll need to visit them regularly if we sign this deal, so it's a bloody handy coincidence that you love F1 and skiing.

Rackspace runs short of Cloud Files storage in LON region

Dr Who

Re: Guy I used to work with...

Upvote for clattering bell end

Google Drive misplaces months' worth of customer files

Dr Who

The cloud is not entirely the issue here (trust me as one Doctor to another).

The problem is confusing file sync with file backup whether you're syncing to a cloud drive or to a NAS device in the same room as you which you can see and touch and administrate.

Any user who doesn't know the difference between sync and backup (and there are many) will lose data, however much they value those data, irrespective of whether it's in the cloud or directly attached to their own network.

Palantir bags £330M NHS data bonanza despite privacy fears

Dr Who

Already done.

Home grown, open source, privacy driven, fraction of the cost but without the massive lobbying budget and capability.

https://www.opensafely.org/

Clorox CISO flushes self after multimillion-dollar cyberattack

Dr Who

When not if

In the face of a highly determined, skilled, patient and well resourced adversary it is impossible to defend a complex and distributed IT infrastructure. The notion of "locking down the network" no longer has any meaning. We can't defend against all the known threats, let alone the unknown.

We must therefore do what we can within the resources available to defend against the most common threats, whilst at the same time investing heavily in an effective and rapid alarm and recovery process for when the inevitable breach does happen.

The potential cost of cyber security is limitless in as much as you can never achieve perfection. Given that no organisation has unlimited resources to throw at the problem, choices must always be made between risk and cost.

Pharma boffins sharpen hunt for target molecules using graph DB

Dr Who

Refreshing

With every Tom Dick and Harry labelling everything upwards from and Excel spreadsheet with a formula in it "AI", here's a company that's called its database technology ... a database. Shocker. Their marketing team missed a trick with that one.

Cloudflare dashboard, API service feeling poorly due to datacenter power snafu

Dr Who

Who polices the policeman

Cloudflare provides reliability and continuity services to a *lot* of customers. There is nobody providing those same services to Cloudflare.

As well as these latest incidents, their distributed DNS name services (which are used as the default in a lot of data centre environments, in the same way as Google's name servers are set as defaults in may places) went tits up on the 2nd of October with intermittent fails for the same lookups. Again that was due to a reconfiguration / upgrade snafu.

SolarWinds charged after SEC says biz knew IT was leaky ahead of SUNBURST attack

Dr Who

Brace yourselves for impact ...

The only difference between SolarWinds and the others is that they got compromised and then got caught. We can be certain that there are many, many more supply chain vulnerabilities out there, which the developer has buried their head in the sand about, just waiting to be found and exploited by the bad guys. MOVEit alone was pretty bad.

Microsoft creates a new kind of credential: the 'Applied Skill'

Dr Who

Re: Not certified

I kind of like the idea, especially relating to Excel. You can make them specific, for example =VLOOKUP(), and targeted, for example at Welsh NHS recruitment staff.

CIA exposed to potential intelligence interception due to X's URL bug

Dr Who

Re: Ridiculous!

The Reg article is misleading. Why would you need an X profile impersonating the CIA? All that was needed was for the adversary to set up the Telegram profile that was linked to by the incorrectly shortened URL on the *real* CIA Twitter/X profile. That's why this was so dangerous until the white hat grabbed that Telegram handle and made it clear that it was not the CIA Telegram account.

If you set up a fake CIA X account you could put whatever Telegram handle you wanted in. The whole URL shortening issue would be neither here nor there.

What did the VisiCalc fairy bring you for Spreadsheet Day?

Dr Who

If you could have hung around to gawk at it, it was a Mac or more probably UNIX

Generative AI slashes cloud migration hassles, says McKinsey partner

Dr Who

Re: The use of generative AI

Maybe this is a test by El Reg? Can the readers spot the AI generated articles? If so, I'm calling this one - definitely AI.

However, she recommended not skimping on an API gateway between an organization and the outside world in order to surface some of the "real-time alerts" if developers are accessing non-proprietary models or data they shouldn't be touching.

In no instance of the multiverse does this mean anything to anyone.

CDW data to be leaked next week after negotiations with LockBit break down

Dr Who

Ironically if you search for CDW ransomware attack, along with headlines such as this Reg article, you get a bunch of results from CDW's own blog such as :

- How to Increase Your Ransomware Recovery Capability - Work with an expert partner to learn how your organization can better prepare to recover from a ransomware attack

- Fend Off Ransomware with a Cybersecurity Recovery Program

- The Anatomy of a Ransomware Attack: 7 Steps to Prepare ...

If nothing else, this incident will somewhat dent their credentials as a trusted cyber security partner I would think. In a similar fashion to the way the house robots dent the amateur entries in robot wars ...

NASA taking its time unboxing asteroid sample because it grabbed too much stuff

Dr Who

Too much material my ar*e. In a moment of almost infinite improbability, the cannister turned out to contain an alien time capsule revealing the secrets of an engine enabling instantaneous space travel over any distance. They're just trying to think of a name for it.

Decades-old Home Office asylum system misses EOL deadline, no new timetable in place

Dr Who

Case study

CID “started as a database containing basic details about asylum seekers and was initially expected to be an interim solution."

This is what they should teach Comp Sci and MBA students. How IT happens in the real world.

Cumbrian Police accidentally publish all officers' details online

Dr Who

Good job

EXCELlent work everyone.

Brit healthcare body rapped for WhatsApp chat sharing patient data

Dr Who

Re: Something not quite right here

It's not the app that's the problem. It's the mechanism (or lack of it) for controlling access rights. Who decides who will be a member of the WhatsApp or Signal group? Who decides what each of those members can see or do with the data? There are no mechanisms in place on messaging apps whereby an organisation can maintain control of and audit who accesses what information.

Artificial General Intelligence remains a distant dream despite LLM boom

Dr Who

Effectively saying that something must be true if you can't disprove it. A very theological argument. It doesn't work for all powerful beings or all powerful technology.

TCS bags £234M Teachers' Pensions deal as Capita set to end 29-year run

Dr Who

Alternatively ...

FUBAR-ready, SNAFU enabled, omnishambles platform

Google Cloud's watery Parisian outage enters third week, with no end in sight

Dr Who

A fire incident has occurred

No it hasn't. You're just trying to sound official or technical or something. What has occurred is a fire, not a "fire incident". Just like it's not a "flood event" it's a flood. And when did we move from having a storm to having a "severe weather event"? Anyway, gotta go, I had a curry last night and can feel a catastrophic evacuation event coming on.

Quantum computing: Hype or reality? OVH says businesses would be better off prepared

Dr Who

For most businesses, planning for quantum computing will I suspect be more of a cybersecurity issue. At some point in the not too distant future it will be economically viable to start brute force decrypting what is currently strongly encrypted data using quantum techniques. Crucially it will be possible to do so within a useful timeframe - for example where the target is still in business / alive in order to blackmail or prosecute them.

Crooks and spooks are right now hoovering up encrypted traffic in anticipation of being able to decrypt it quickly whilst it is still useful to them.

Nobody is giving a date for when quantum computing will be able to deliver this, but it is definitely a case of when, not if, and it could be in the next few years. When it happens it will be sudden, and I imagine catastrophic.

Capita IT breach gets worse as Black Basta claims it's now selling off stolen data

Dr Who

So ....

The crap 'it a fan

Curl, the URL fetcher that can, marks 25 years of transfers

Dr Who

Different things

wget and axel are file downloaders.

curl is a way of interacting with a URL in much more complex ways. How are you going to test an API call that requires a POST request, a json encoded payload and basic auth username with wget?

Super Bock says 'cyber' nasty 'disrupting computer services'

Dr Who

Amazing this AI stuff

"The situation causes major restrictions in its supply chain operation to the market of some of its products in the different marketing channels" reported ChatGPT in a translation that is barely distinguishable from one that would be made by any 1st year GCSE Portugese language student.

WAN router IP address change blamed for global Microsoft 365 outage

Dr Who

We all depend on the cloud, whether we like it or not.

The very term cloud software stems from the cloud symbol used from way back when in network diagrams, originally to depict a large private WAN.

These days, practically nobody runs a private network to every geographic location that needs access to central systems, and that applies whether those central systems are on prem, in colo or on some sort of SaaS or PaaS offering.

The cloud in the diagram now depicts the internet, itself a network of many networks, owned and run by many different organisations, any of whom can mess up the world's routing tables. And let's not even mention the DNS root servers.

Whether you like it or not, you depend utterly on the cloud, wherever your mission critical software is running.

Rackspace confirms ransomware attack behind days-long email meltdown

Dr Who

Re: So...

Most small and many medium sized businesses employ service providers for things like accountancy, legal and payroll/HR. They couldn't possibly do it in house, so the problem is identical. You need to find someone you can trust, and until fairly recently Rackspace had a good record. There's nothing to say that the accountancy practice you use won't go bust, or mess up - in fact they often do.

Dr Who

Re: So...

As many have said before, that's all very well if you have an in house IT team and your own geo-redundant hardware infrastructure. Reading various articles about this disaster, most of the hosted Exchange customers are small businesses with 20 or 30 users. They haven't got a cat's chance of running their own mail systems (especially Exchange based). They have no choice but to trust someone else.

We've used Rackspace, amongst others, for dedicated servers and VMs (not email) for a couple of decades and they really were fanatical and technically excellent with their support and services back in the day. Recently we've been steadily reducing what we have with them. The aforementioned job cuts and service centre offshoring have reduced Rackspace to a budget operation of the 1&1 (now Ionos) ilk.

For the average small business, it's very hard to know who to trust with their mission critical stuff. They don't even know what questions to ask of a supplier, let alone what the right answers would be.

Low code is no replacement for software development, say German-speaking SAP users

Dr Who

Low code in essence is just another level of abstraction from machine code - a very high level language if you like.

The art of programming though is a way of thinking, a mental approach more than a particular language. Ask a business person to define the process or problem they need solving or automating, and inevitably you'll get a vague, poorly specified, ill thought through answer. Your next step is to tease of them what they're actually after, and make them aware of the knock on effects of what they're asking for. It's the classic beginners exercise of writing down how to make a cup of tea. Most non-programmers miss several of the crucial steps.

No matter how high level the language, you still need to think like a programmer to make the machines do useful stuff. Putting amateurs and hobbyists in charge will inevitably lead to a mess of a system and most likely the loss or corruption of valuable data.

Automating Excel tasks to come to Windows and Mac

Dr Who

People will die

Indeed. Why use a database management system when you can frig a piece of software, which wasn't designed to manage data, to try and do the same job in a much more complicated and error prone way that can literally kill people. Think losing thousands of safety critical Covid data records whilst using Excel to share the data.

China discovers unknown mineral on the moon, names it Changesite-(Y)

Dr Who

Re: The Genie's out of the Lamp and Exploring the Delights of Pandora's Open Box

amanfrommars never has, and never will, pass the Turing Test. Which is odd for someone whom I believe to be an actual human. Always fun to read though.

Concerns that £360m data platform for NHS England is being set up to fail

Dr Who

Misunderstanding the NHS

The NHS is an umbrella for a myriad different organisations and a million odd staff. Some of these are private (think GP practices, dentists and pharmacists for example) and some public (largely emergency, acute care and chronic care). If the NHS stands for one thing it's that for its users healthcare is free at the point of delivery. In this context, delivering a monolithic national software stack is a complete nonsense.

Each organisation in the NHS should be free to choose from best of breed solutions for their particular area of operation. The national framework should aim instead to set standards for data interchange such as xml schemas for patient records plus possibly some kind of middleware service to ease the integration of systems via their APIs. A central data repository for healthcare analytics requires only anonymised data, the aggregation of which can be automated using the aforementioned schema definitions and APIs.

In this way a competitive software ecosystem is established ensuring best value for money for the tax payer, avoiding a supplier monopoly, denying the government another unjustified opportunity of harvesting personally identifiable data and finally denying politicians and civil servants the opportunity of a lucrative non-exec role in the private sector. These are also the reasons why the NHS always fails to get sensible technology solutions.

OVH blames hour-long global outage on human error during 'routine' network reconfiguration

Dr Who

All talk, no trousers

Ms Thunberg might have a thing or two to say about this and the FB outage :

Change control - blah, blah, blah

No single point of failure - blah, blah, blah

Systems engineering - blah, blah, blah

UK Ministry of Defence apologises – again – after another major email blunder in Afghanistan

Dr Who

Presumably the suspended person is the muppet who included the addresses in the cc field.

It should be people at the very to of the MoD who ultimately get suspended. The system is at fault, not an admin clerk. Being able to paste the addresses into the cc field means they were somehow available on a standard email distribution list or most likely an Excel fu**ing spreadsheet. They should be on a secure list server where nobody can see the addresses and where each recipient receives an individual copy of the email, preferrably with the address in bcc, and the sending of which is logged and stamped with the ID of the user who authorised the sending. Nobody, whether within the MoD or outside it should see these addresses on screen.

Or even better, use a secure portal to communicate.

FFS Mailchimp would be a thousand times more secure than what the MoD is doing, apparently routinely.

These twats have put actual lives of actual people, along with their families in grave danger of death or worse. No fine is big enough - a spell in prison should send the right message.

Ransomware-hit law firm secures High Court judgment against unknown criminals

Dr Who

Re: Sigh...

Propagander : have a good look

Dr Who

Re: Nail, meet hammer!

Exactly what I was thinking. It's like someone trying to shoot down the Death Star with a shotgun.

BOFH: Where there is darkness, let there be a light

Dr Who

Re: Definitely pick which battles you want to fight...

Upvote for "more than a hod of house bricks"

9 years after SpaceX strode into Texas village, Elon Musk floats name change for Boca Chica: 'Starbase'

Dr Who

You've got to Marvel at him

Starship, Starbase. Henceforth Elon shall be known as Starlord and all shall bow before him.

Who knew? Hadoop is over, says former Hortonworks guru Scott Gnau

Dr Who

Re: The future is MUMPS?

Good call ghudson. I remember the InterSystems reps coming to visit us soon after the launch of Cache for a demo. Must have been over 20 years ago. It was very impressive which is why I still remember the demo.

Fusion boffins apply plasma know-how to building thrusters

Dr Who

Impulse drive

The guy clearly has a warped mind.

Spaghetti Junction! Brum hospitals on hunt for new ERP and finance supplier to untangle current systems

Dr Who

Sounds promising

An NHS organisation with a large pot of cash to spend and which "... provided very little details on its requirement for the new software or of the potential challenges that lay ahead". What, as they say in the trade, could possibly go wrong?

Germany prepares to launch COVID-19 contact-tracing app 'this week' while UK version stuck in development hell

Dr Who

Foreign suppliers

Nobody told the American and Swiss developers that much as it is a lovely place to visit, things happen ever so slowly on the Isle of Wight.

Plus ça change plus ç'est la même chose as they say in (some parts of) Switzerland.

City of London Corporation explores options to escape Oracle's clutches

Dr Who

Integrate

SAP - very funny.

Why not pick best of breed SaaS offerings for each of the functions then integrate. That's one thing SaaS services make very easy, either through custom integrations directly via their APIs or more likely pre-built integrations via the likes of Mulesoft of Zapier. The added advantage is that you're not over the contractual barrel for a decade with a single supplier.

The days of the monolithic ERP are surely over, along with the near business death catastrophes that were so often associated with their implementation.

Page: