Scrap HMRC
HMRC is rapidly approaching the point where it costs more to run than the nation raises in taxes. This house proposes that HMRC be eliminated in a massive DOGE win. Those in favour say aye!
484 publicly visible posts • joined 25 Oct 2007
Those that do this, to hospitals, schools, and other organisations that are a soft target but provide critical services, are a bunch of handjob artists who deserve to have their tackle removed with a pair of pruning shears, fried in butter and served to them on toast. Defenders must block every hole, the attacker needs to find just one. At the same time, with systems as numerous and complex as those in healthcare and with no money available, it's not possible to establish meaningful contingency options (other than paper an pen).
Now think of all the state actors who've planted their digital "sleepers" in the systems of every one of our critical services, just waiting to press the big red botton ... like the Israelis did with the pagers (albeit they added a gruesome and unnecessary physical payload).
"spend all that cash on educational resources instead"
Agree entirely with your overall post. That said, IT is an educational resource too - and not just for kids at school. I haven't broken out my old O'Reilly Javascript reference book for quite a few years now ;-)
Grass fed beef is primarily good for animal welfare. It has a much higher environmental impact than lot reared cattle, albeit the welfare of the latter is considerably lower.
Grass fed beef (which I also buy incidentally) is a rich world hobby. As a means of supplying protein and calories to the world's population at a price they can afford it's a non-starter.
It also takes up a lot of land which could be put to more effective use for carbon capture, for example as woodland.
Finally, (almost) all grass fed animals are "finished" on high protein feed made from soya grown on cleared rainforest.
Couldn't agree more.
I would add that although eliminating the ultra-rich (be they industrialists or celebrities) won't have any significant impact on global carbon emissions, it's the example they set that's the problem, because that's what determines the aspirations of the masses and defines what society considers to be success. Most people will never be ultra-rich, but many will get to the point where they have disposable income. As people get more of that they buy a bigger house, a bigger car, another car, more clothes they don't need, eat more meat (especially beef, that brown coal of the food industry), fly somewhere distant and exotic to go on holiday where they stay in a resort that likely has very dubious eco credentials.
In an ideal world, we'd redefine what success looks like. Unfortunately, we don't live in an ideal world.
We're 40 odd years on from the widespread use of mini computers and private networks in the NHS to deliver patient administration systems at a regional level, yet our new prime minister still has to say "We've got to have fully digital patient records." A national electronic patient record is more like 30 years late. The magic IT wand to fix the NHS is waved around with gay abandon by each new government, deliberately avoiding the real problem which is that the NHS is too big and too complex to fix. The way to tackle a hugely complex problem is to break it up into smaller chunks, which can each be solved separately.
Couldn't agree more. Subscribing to the proprietary features of one of the cloud platforms can let you build a lot of functionality very quickly, but the vendor then has you well and truly over a barrel. It also takes disaster recovery completely out of your control. We run our cloud infrastructure across multiple cloud vendors and have designed it in such a way that failing over from one cloud to another is straight forward (proved by both testing and recovery from actual failures).
"I think it goes to show how important but overlooked DNS is in the underpinnings of the internet," the source told us.
This "source" should not be in charge of anybody's IT systems. Bit like when Dominic Raab (then Brexit secretary) said he "hadn't quite understood" how reliant UK trade in goods is on the Dover-Calais crossing.
x -> Threads switchers is something I've noticed too. But .... are they all real? There seem to be too many almost identical "Threads is so friendly and nice. I had 100000 followers on X now I've switched to here and look forward to meeting you all and getting lots of followers.". That message is taking unfair advantage of Threads users' laudable but naïve urge to prove that the platform works as a nice X alternative. Classic click bait technique.
Everything is fine. Until it isn't.
This, Azure functions, Google workflows etc... make it very quick to deliver some functionality. Messy, flaky, undocumented, but quick. That's why in house devs keep using it. They can provide a quick and dirty solution to someone's problem. By the time it inevitably fails, the devs will probably have moved on long ago, leaving others to pick up the pieces.
Doing something really nice, with vendor agnostic technologies that don't lock you into one of the big vendor proprietary stacks, is harder. It has ever been thus and IT developments tend to follow the path of least resistance. There are of course durable, reliable, supportable, portable workflow solutions out there, but none of them were delivered by an in house IT team.
Good analogy. Especially because vaults still get robbed.
Whatever you do and whatever you spend, there will be a sufficiently skilled, well resourced and determined adversary who could defeat you (if you have something that's worth nicking). There is always some limit to the countermeasures you can afford to put in place, so you must always make your plans on the basis of when, not if, you will be compromised. Excellent preparation for a breach is the sign of a well managed business.
Also, not all data has/have equal value. As such, different databases should be secured to different levels.
To regain credibility, Ticketmaster should be transparent about the breach, its impact, and the steps to prevent future incidents ...
Whoa! Just saw some pigs fly past my window.
The British Library have set the gold standard in actually doing this with their recent and catastrophic breach. https://www.bl.uk/home/british-library-cyber-incident-review-8-march-2024.pdf
Even with the biggest budgets and the best security brains, you must still operate on the "When not If" basis. Defend yourself yes, but you can never be certain. Therefore, it's the quality of planning for what to do when the breach happens that is the mark of an organisation that is on top of its cyber-security.
Coding is the process of telling the machine what to do. First however you have to understand what and how you want to tell it, and that's the tricky bit.
There is a new IT discipline called Prompt Engineering, which people are making a lot of money out of. Prompt Engineers develop the natural language questions / instructions you enter at the AI/ML prompt. They can even develop template prompt texts which you can vary certain parts of (you might call these variables user input). All of a sudden, Prompt Engineers look rather like software developers.
Personal productivity apps like the Office suite can be powerful tools - in the right hands. For 99 percent of users it just helps them produce mountains of meaningless and pointless guff. Project plans and databases done in Excel. 100 slide Pointless Point presentations. Word documents with no heading levels, headings done with manual bolding and indentation done with the space bar.
The addition of an AI assistant will simply compound the problem for those 99 percent, even if it might help the 1 percent who get the hang of panning the nuggets out of the AI generated silt.
It's the "Nobody ever got sacked for buying Microsoft" phenomenon.
It was not ever thus though. I think the nails in the coffin for small biz involvement in public sector IT were the introduction of national framework contracts and the EU public procurement rules. Both of these made it prohibitively expensive for smaller suppliers to even tender for public sector work.
The cloud is not entirely the issue here (trust me as one Doctor to another).
The problem is confusing file sync with file backup whether you're syncing to a cloud drive or to a NAS device in the same room as you which you can see and touch and administrate.
Any user who doesn't know the difference between sync and backup (and there are many) will lose data, however much they value those data, irrespective of whether it's in the cloud or directly attached to their own network.
In the face of a highly determined, skilled, patient and well resourced adversary it is impossible to defend a complex and distributed IT infrastructure. The notion of "locking down the network" no longer has any meaning. We can't defend against all the known threats, let alone the unknown.
We must therefore do what we can within the resources available to defend against the most common threats, whilst at the same time investing heavily in an effective and rapid alarm and recovery process for when the inevitable breach does happen.
The potential cost of cyber security is limitless in as much as you can never achieve perfection. Given that no organisation has unlimited resources to throw at the problem, choices must always be made between risk and cost.
Cloudflare provides reliability and continuity services to a *lot* of customers. There is nobody providing those same services to Cloudflare.
As well as these latest incidents, their distributed DNS name services (which are used as the default in a lot of data centre environments, in the same way as Google's name servers are set as defaults in may places) went tits up on the 2nd of October with intermittent fails for the same lookups. Again that was due to a reconfiguration / upgrade snafu.
The only difference between SolarWinds and the others is that they got compromised and then got caught. We can be certain that there are many, many more supply chain vulnerabilities out there, which the developer has buried their head in the sand about, just waiting to be found and exploited by the bad guys. MOVEit alone was pretty bad.
The Reg article is misleading. Why would you need an X profile impersonating the CIA? All that was needed was for the adversary to set up the Telegram profile that was linked to by the incorrectly shortened URL on the *real* CIA Twitter/X profile. That's why this was so dangerous until the white hat grabbed that Telegram handle and made it clear that it was not the CIA Telegram account.
If you set up a fake CIA X account you could put whatever Telegram handle you wanted in. The whole URL shortening issue would be neither here nor there.
Maybe this is a test by El Reg? Can the readers spot the AI generated articles? If so, I'm calling this one - definitely AI.
However, she recommended not skimping on an API gateway between an organization and the outside world in order to surface some of the "real-time alerts" if developers are accessing non-proprietary models or data they shouldn't be touching.
In no instance of the multiverse does this mean anything to anyone.