Posts by Dr Who

Yes minister that's correct. Their CTO is based in Monaco and their Head of legal in Geneva. You'll need to visit them regularly if we sign this deal, so it's a bloody handy coincidence that you love F1 and skiing.

Already done.

Home grown, open source, privacy driven, fraction of the cost but without the massive lobbying budget and capability.

https://www.opensafely.org/

When not if

In the face of a highly determined, skilled, patient and well resourced adversary it is impossible to defend a complex and distributed IT infrastructure. The notion of "locking down the network" no longer has any meaning. We can't defend against all the known threats, let alone the unknown.

We must therefore do what we can within the resources available to defend against the most common threats, whilst at the same time investing heavily in an effective and rapid alarm and recovery process for when the inevitable breach does happen.

The potential cost of cyber security is limitless in as much as you can never achieve perfection. Given that no organisation has unlimited resources to throw at the problem, choices must always be made between risk and cost.

Refreshing

With every Tom Dick and Harry labelling everything upwards from and Excel spreadsheet with a formula in it "AI", here's a company that's called its database technology ... a database. Shocker. Their marketing team missed a trick with that one.

Who polices the policeman

Cloudflare provides reliability and continuity services to a *lot* of customers. There is nobody providing those same services to Cloudflare.

As well as these latest incidents, their distributed DNS name services (which are used as the default in a lot of data centre environments, in the same way as Google's name servers are set as defaults in may places) went tits up on the 2nd of October with intermittent fails for the same lookups. Again that was due to a reconfiguration / upgrade snafu.

Brace yourselves for impact ...

The only difference between SolarWinds and the others is that they got compromised and then got caught. We can be certain that there are many, many more supply chain vulnerabilities out there, which the developer has buried their head in the sand about, just waiting to be found and exploited by the bad guys. MOVEit alone was pretty bad.

Ironically if you search for CDW ransomware attack, along with headlines such as this Reg article, you get a bunch of results from CDW's own blog such as :

- How to Increase Your Ransomware Recovery Capability - Work with an expert partner to learn how your organization can better prepare to recover from a ransomware attack

- Fend Off Ransomware with a Cybersecurity Recovery Program

- The Anatomy of a Ransomware Attack: 7 Steps to Prepare ...

If nothing else, this incident will somewhat dent their credentials as a trusted cyber security partner I would think. In a similar fashion to the way the house robots dent the amateur entries in robot wars ...

Too much material my ar*e. In a moment of almost infinite improbability, the cannister turned out to contain an alien time capsule revealing the secrets of an engine enabling instantaneous space travel over any distance. They're just trying to think of a name for it.

Case study

CID “started as a database containing basic details about asylum seekers and was initially expected to be an interim solution."

This is what they should teach Comp Sci and MBA students. How IT happens in the real world.

Good job

EXCELlent work everyone.

A fire incident has occurred

No it hasn't. You're just trying to sound official or technical or something. What has occurred is a fire, not a "fire incident". Just like it's not a "flood event" it's a flood. And when did we move from having a storm to having a "severe weather event"? Anyway, gotta go, I had a curry last night and can feel a catastrophic evacuation event coming on.

For most businesses, planning for quantum computing will I suspect be more of a cybersecurity issue. At some point in the not too distant future it will be economically viable to start brute force decrypting what is currently strongly encrypted data using quantum techniques. Crucially it will be possible to do so within a useful timeframe - for example where the target is still in business / alive in order to blackmail or prosecute them.

Crooks and spooks are right now hoovering up encrypted traffic in anticipation of being able to decrypt it quickly whilst it is still useful to them.

Nobody is giving a date for when quantum computing will be able to deliver this, but it is definitely a case of when, not if, and it could be in the next few years. When it happens it will be sudden, and I imagine catastrophic.

So ....

The crap 'it a fan

Different things

wget and axel are file downloaders.

curl is a way of interacting with a URL in much more complex ways. How are you going to test an API call that requires a POST request, a json encoded payload and basic auth username with wget?

Amazing this AI stuff

"The situation causes major restrictions in its supply chain operation to the market of some of its products in the different marketing channels" reported ChatGPT in a translation that is barely distinguishable from one that would be made by any 1st year GCSE Portugese language student.

Low code in essence is just another level of abstraction from machine code - a very high level language if you like.

The art of programming though is a way of thinking, a mental approach more than a particular language. Ask a business person to define the process or problem they need solving or automating, and inevitably you'll get a vague, poorly specified, ill thought through answer. Your next step is to tease of them what they're actually after, and make them aware of the knock on effects of what they're asking for. It's the classic beginners exercise of writing down how to make a cup of tea. Most non-programmers miss several of the crucial steps.

No matter how high level the language, you still need to think like a programmer to make the machines do useful stuff. Putting amateurs and hobbyists in charge will inevitably lead to a mess of a system and most likely the loss or corruption of valuable data.

Misunderstanding the NHS

The NHS is an umbrella for a myriad different organisations and a million odd staff. Some of these are private (think GP practices, dentists and pharmacists for example) and some public (largely emergency, acute care and chronic care). If the NHS stands for one thing it's that for its users healthcare is free at the point of delivery. In this context, delivering a monolithic national software stack is a complete nonsense.

Each organisation in the NHS should be free to choose from best of breed solutions for their particular area of operation. The national framework should aim instead to set standards for data interchange such as xml schemas for patient records plus possibly some kind of middleware service to ease the integration of systems via their APIs. A central data repository for healthcare analytics requires only anonymised data, the aggregation of which can be automated using the aforementioned schema definitions and APIs.

In this way a competitive software ecosystem is established ensuring best value for money for the tax payer, avoiding a supplier monopoly, denying the government another unjustified opportunity of harvesting personally identifiable data and finally denying politicians and civil servants the opportunity of a lucrative non-exec role in the private sector. These are also the reasons why the NHS always fails to get sensible technology solutions.

All talk, no trousers

Ms Thunberg might have a thing or two to say about this and the FB outage :

Change control - blah, blah, blah

No single point of failure - blah, blah, blah

Systems engineering - blah, blah, blah

Presumably the suspended person is the muppet who included the addresses in the cc field.

It should be people at the very to of the MoD who ultimately get suspended. The system is at fault, not an admin clerk. Being able to paste the addresses into the cc field means they were somehow available on a standard email distribution list or most likely an Excel fu**ing spreadsheet. They should be on a secure list server where nobody can see the addresses and where each recipient receives an individual copy of the email, preferrably with the address in bcc, and the sending of which is logged and stamped with the ID of the user who authorised the sending. Nobody, whether within the MoD or outside it should see these addresses on screen.

Or even better, use a secure portal to communicate.

FFS Mailchimp would be a thousand times more secure than what the MoD is doing, apparently routinely.

These twats have put actual lives of actual people, along with their families in grave danger of death or worse. No fine is big enough - a spell in prison should send the right message.

You've got to Marvel at him

Starship, Starbase. Henceforth Elon shall be known as Starlord and all shall bow before him.

Impulse drive

The guy clearly has a warped mind.

Sounds promising

An NHS organisation with a large pot of cash to spend and which "... provided very little details on its requirement for the new software or of the potential challenges that lay ahead". What, as they say in the trade, could possibly go wrong?

Foreign suppliers

Nobody told the American and Swiss developers that much as it is a lovely place to visit, things happen ever so slowly on the Isle of Wight.

Plus ça change plus ç'est la même chose as they say in (some parts of) Switzerland.

Integrate

SAP - very funny.

Why not pick best of breed SaaS offerings for each of the functions then integrate. That's one thing SaaS services make very easy, either through custom integrations directly via their APIs or more likely pre-built integrations via the likes of Mulesoft of Zapier. The added advantage is that you're not over the contractual barrel for a decade with a single supplier.

The days of the monolithic ERP are surely over, along with the near business death catastrophes that were so often associated with their implementation.

SuperCalc

I used to know an accounts clerk who typed numbers into Lotus 123 on and IBM AT, added them up on a calculator, then typed in the total. And she kept a paper spreadsheet as a backup.

I preferred SuperCalc myself.

So ... the shit hit E-Fan then

Teams clocks 2.7 billion minutes

Education, education, education

A little bit of Schadenfreude maybe

For years the industry bemoaned the move from in house teams to the big outsourcers. Now, the big outsourcers are getting a taste of their own medicine as they lose work to the big cloud providers. Bitter? Me? Just because my small business lost loads of local work to monolithic national framework contracts with the likes of Capita and Fujitsu? Well, yes actually.

I'm 51 and I've got a so called "old" Sonos speaker (I think it's 3 years old).

I also have an amp and speakers I bought when I was a teenager ... and they still work brilliantly ... even with smart TVs and smartphones.

Nothing to see here

A) Massive cover up to avoid tipping off the Russians that we're on to them.

B) A software upgrade gone wrong.

Drawing on all the experience gained over a long career in IT troubleshooting, on balance, having assessed all the possibilities and even though the client tells me the problem is definitely B, I'd still have to say that the most probable cause is A.

In my view morals started to slip with the introduction of jelly babies, but I don't think Mr Dicks was responsible for that. RIP and thank you.