Posts by Dr Who

Scrap HMRC

HMRC is rapidly approaching the point where it costs more to run than the nation raises in taxes. This house proposes that HMRC be eliminated in a massive DOGE win. Those in favour say aye!

Total Barstewards

Those that do this, to hospitals, schools, and other organisations that are a soft target but provide critical services, are a bunch of handjob artists who deserve to have their tackle removed with a pair of pruning shears, fried in butter and served to them on toast. Defenders must block every hole, the attacker needs to find just one. At the same time, with systems as numerous and complex as those in healthcare and with no money available, it's not possible to establish meaningful contingency options (other than paper an pen).

Now think of all the state actors who've planted their digital "sleepers" in the systems of every one of our critical services, just waiting to press the big red botton ... like the Israelis did with the pagers (albeit they added a gruesome and unnecessary physical payload).

If Trump was President none of this would have happened. Poseidon is a personal friend of his and they have a very very very great relationship. Diverting the storm would have been NO PROBLEM.

9 months late?

We're 40 odd years on from the widespread use of mini computers and private networks in the NHS to deliver patient administration systems at a regional level, yet our new prime minister still has to say "We've got to have fully digital patient records." A national electronic patient record is more like 30 years late. The magic IT wand to fix the NHS is waved around with gay abandon by each new government, deliberately avoiding the real problem which is that the NHS is too big and too complex to fix. The way to tackle a hugely complex problem is to break it up into smaller chunks, which can each be solved separately.

Whatever you make of Elon, and I think he's a monumental fucking nut job, you can't help but be impressed by SpaceX.

DNS

"I think it goes to show how important but overlooked DNS is in the underpinnings of the internet," the source told us.

This "source" should not be in charge of anybody's IT systems. Bit like when Dominic Raab (then Brexit secretary) said he "hadn't quite understood" how reliant UK trade in goods is on the Dover-Calais crossing.

Scrap tax

As the cost of HMRC IT infrastructure approaches the total tax take, the cheapest option may be to scrap taxation.

New initialism

WCPGW?

Guesses in the comments.

The bar is low

When a mitigating factor for huge time and cost overruns is that the project "... has culminated in the delivery of a functioning ERP system".

I think it's a squeaky bum cheek issue

When even astronauts are saying "if it's Boeing I'm not going", the writing's on the wall.

Nothing like nailing down the deliverables

This extra work will not fall foul of the usual gotchas because they've gone to the effort of properly scoping the work. Specifics such as "Agile Core Services" and "a value uplift" will leave Fujitsu no wriggle room when it comes to a dispute.

To regain credibility, Ticketmaster should be transparent about the breach, its impact, and the steps to prevent future incidents ...

Whoa! Just saw some pigs fly past my window.

The British Library have set the gold standard in actually doing this with their recent and catastrophic breach. https://www.bl.uk/home/british-library-cyber-incident-review-8-march-2024.pdf

They could be sulking

Perhaps these lights were made by the Sirius Cybernetics Corporation. They're a bit bored of turning on and off all the time, so are staying on permanently in protest.

Meaningless gobbledegook

" I found [the database] using the API of an IoT search engine"

Can anyone enlighten me?

What an absolute cock!

In Swiss German there's a brilliant word "Chläpfigring" which has no direct translation to English but roughly means "one whose face you have an overwhelming urge to slap". This man is definitely one of those.

The coders are dead! Long live the coders!

Coding is the process of telling the machine what to do. First however you have to understand what and how you want to tell it, and that's the tricky bit.

There is a new IT discipline called Prompt Engineering, which people are making a lot of money out of. Prompt Engineers develop the natural language questions / instructions you enter at the AI/ML prompt. They can even develop template prompt texts which you can vary certain parts of (you might call these variables user input). All of a sudden, Prompt Engineers look rather like software developers.

This is almost bibilical

Matthew 25:29

For unto every one that hath shall be given, and he shall have abundance: but from him that hath not shall be taken away even that which he hath.

I think El Reg should launch the Fujitsu Contract Tracker (FuCT).

A Google sheet should do it - listing the contracts, along with value, duration and competition status as the info becomes available.

Maybe crowdsource the info from readers.

More guff will spew forth

Personal productivity apps like the Office suite can be powerful tools - in the right hands. For 99 percent of users it just helps them produce mountains of meaningless and pointless guff. Project plans and databases done in Excel. 100 slide Pointless Point presentations. Word documents with no heading levels, headings done with manual bolding and indentation done with the space bar.

The addition of an AI assistant will simply compound the problem for those 99 percent, even if it might help the 1 percent who get the hang of panning the nuggets out of the AI generated silt.

Yes minister that's correct. Their CTO is based in Monaco and their Head of legal in Geneva. You'll need to visit them regularly if we sign this deal, so it's a bloody handy coincidence that you love F1 and skiing.

Already done.

Home grown, open source, privacy driven, fraction of the cost but without the massive lobbying budget and capability.

https://www.opensafely.org/

When not if

In the face of a highly determined, skilled, patient and well resourced adversary it is impossible to defend a complex and distributed IT infrastructure. The notion of "locking down the network" no longer has any meaning. We can't defend against all the known threats, let alone the unknown.

We must therefore do what we can within the resources available to defend against the most common threats, whilst at the same time investing heavily in an effective and rapid alarm and recovery process for when the inevitable breach does happen.

The potential cost of cyber security is limitless in as much as you can never achieve perfection. Given that no organisation has unlimited resources to throw at the problem, choices must always be made between risk and cost.

Refreshing

With every Tom Dick and Harry labelling everything upwards from and Excel spreadsheet with a formula in it "AI", here's a company that's called its database technology ... a database. Shocker. Their marketing team missed a trick with that one.

Who polices the policeman

Cloudflare provides reliability and continuity services to a *lot* of customers. There is nobody providing those same services to Cloudflare.

As well as these latest incidents, their distributed DNS name services (which are used as the default in a lot of data centre environments, in the same way as Google's name servers are set as defaults in may places) went tits up on the 2nd of October with intermittent fails for the same lookups. Again that was due to a reconfiguration / upgrade snafu.

Brace yourselves for impact ...

The only difference between SolarWinds and the others is that they got compromised and then got caught. We can be certain that there are many, many more supply chain vulnerabilities out there, which the developer has buried their head in the sand about, just waiting to be found and exploited by the bad guys. MOVEit alone was pretty bad.