If Trump was President none of this would have happened. Poseidon is a personal friend of his and they have a very very very great relationship. Diverting the storm would have been NO PROBLEM.
Posts by Dr Who
477 publicly visible posts • joined 25 Oct 2007
Verizon outages across US as hurricane recovery continues
NHS drops another billion on tech in the hope of finally going digital
9 months late?
We're 40 odd years on from the widespread use of mini computers and private networks in the NHS to deliver patient administration systems at a regional level, yet our new prime minister still has to say "We've got to have fully digital patient records." A national electronic patient record is more like 30 years late. The magic IT wand to fix the NHS is waved around with gay abandon by each new government, deliberately avoiding the real problem which is that the NHS is too big and too complex to fix. The way to tackle a hugely complex problem is to break it up into smaller chunks, which can each be solved separately.
Key aspects of Palantir's Federated Data Platform lack legal basis, lawyers tell NHS England
Admins wonder if the cloud was such a good idea after all
Re: It's not really a cloud specific issue
Couldn't agree more. Subscribing to the proprietary features of one of the cloud platforms can let you build a lot of functionality very quickly, but the vendor then has you well and truly over a barrel. It also takes disaster recovery completely out of your control. We run our cloud infrastructure across multiple cloud vendors and have designed it in such a way that failing over from one cloud to another is straight forward (proved by both testing and recovery from actual failures).
Black horse down: Lloyds online banking services go dark
Starliner's not-so-grand finale is a thump in the desert next week
B2B ISP Fastnet staggers back to feet after VMware incident
DNS
"I think it goes to show how important but overlooked DNS is in the underpinnings of the internet," the source told us.
This "source" should not be in charge of anybody's IT systems. Bit like when Dominic Raab (then Brexit secretary) said he "hadn't quite understood" how reliant UK trade in goods is on the Dover-Calais crossing.
Elon Musk claims live Trump interview on X derailed by DDoS
Re: Shelf life
x -> Threads switchers is something I've noticed too. But .... are they all real? There seem to be too many almost identical "Threads is so friendly and nice. I had 100000 followers on X now I've switched to here and look forward to meeting you all and getting lots of followers.". That message is taking unfair advantage of Threads users' laudable but naïve urge to prove that the platform works as a nice X alternative. Classic click bait technique.
Need to move 1.2 exabytes across the world every day? Just Effingo
SAP system gives UK tax collector a £750B headache as clock ticks on support
Capgemini wins deal with UK tax collector worth up to £574M
Cold comfort to teachers who got paid late, but ERP software rollout had 'unrealistic' timeline
Boeing's Starliner set for extended stay at the ISS as engineers on Earth try to recreate thruster issues
Users rage as Microsoft announces retirement of Office 365 connectors within Teams
Re: "Office 365 connectors within Teams will be cut"
Everything is fine. Until it isn't.
This, Azure functions, Google workflows etc... make it very quick to deliver some functionality. Messy, flaky, undocumented, but quick. That's why in house devs keep using it. They can provide a quick and dirty solution to someone's problem. By the time it inevitably fails, the devs will probably have moved on long ago, leaving others to pick up the pieces.
Doing something really nice, with vendor agnostic technologies that don't lock you into one of the big vendor proprietary stacks, is harder. It has ever been thus and IT developments tend to follow the path of least resistance. There are of course durable, reliable, supportable, portable workflow solutions out there, but none of them were delivered by an in house IT team.
UK education department awards contract uplift to Horizon scandal-plagued Fujitsu
London hospitals left in critical condition after ransomware attack
Re: "our IT arrangements are as safe as they possibly can be"
Good analogy. Especially because vaults still get robbed.
Whatever you do and whatever you spend, there will be a sufficiently skilled, well resourced and determined adversary who could defeat you (if you have something that's worth nicking). There is always some limit to the countermeasures you can afford to put in place, so you must always make your plans on the basis of when, not if, you will be compromised. Excellent preparation for a breach is the sign of a well managed business.
Also, not all data has/have equal value. As such, different databases should be secured to different levels.
Miscreants claim they've snatched 560M people's info from Ticketmaster
To regain credibility, Ticketmaster should be transparent about the breach, its impact, and the steps to prevent future incidents ...
Whoa! Just saw some pigs fly past my window.
The British Library have set the gold standard in actually doing this with their recent and catastrophic breach. https://www.bl.uk/home/british-library-cyber-incident-review-8-march-2024.pdf
Ransomware negotiator weighs in on the extortion payment debate with El Reg
Re: It is better to avoid a problem than have to fix it.
Even with the biggest budgets and the best security brains, you must still operate on the "When not If" basis. Defend yourself yes, but you can never be certain. Therefore, it's the quality of planning for what to do when the breach happens that is the mark of an organisation that is on top of its cyber-security.
Open Source world's Bruce Perens emits draft Post-Open Zero Cost License
Leicester streetlights take ransomware attack personally, shine on 24/7
Global taxi software vendor exposes details of nearly 300K across UK and Ireland
Fujitsu set to be preferred bidder in UK digital ID scheme
Microsoft confirms Russian spies stole source code, accessed internal systems
Palantir boss says outfit's software the only reason the 'goose step' has not returned to Europe
Mamas, don't let your babies grow up to be coders, Jensen Huang warns
The coders are dead! Long live the coders!
Coding is the process of telling the machine what to do. First however you have to understand what and how you want to tell it, and that's the tricky bit.
There is a new IT discipline called Prompt Engineering, which people are making a lot of money out of. Prompt Engineers develop the natural language questions / instructions you enter at the AI/ML prompt. They can even develop template prompt texts which you can vary certain parts of (you might call these variables user input). All of a sudden, Prompt Engineers look rather like software developers.
Multiple billions up for grabs as UK government launches cloud services tenders
Legal campaigners challenge UK.gov decision to redact NHS-Palantir contract
Politicos demand full list of Fujitsu's public sector contract wins in wake of Post Office scandal
Microsoft prices new Copilots for individuals and small biz vastly higher than M365 alone
More guff will spew forth
Personal productivity apps like the Office suite can be powerful tools - in the right hands. For 99 percent of users it just helps them produce mountains of meaningless and pointless guff. Project plans and databases done in Excel. 100 slide Pointless Point presentations. Word documents with no heading levels, headings done with manual bolding and indentation done with the space bar.
The addition of an AI assistant will simply compound the problem for those 99 percent, even if it might help the 1 percent who get the hang of panning the nuggets out of the AI generated silt.
How governments become addicted to suppliers like Fujitsu
Re: Corruption
It's the "Nobody ever got sacked for buying Microsoft" phenomenon.
It was not ever thus though. I think the nails in the coffin for small biz involvement in public sector IT were the introduction of national framework contracts and the EU public procurement rules. Both of these made it prohibitively expensive for smaller suppliers to even tender for public sector work.
AWS rakes in half a billion pounds from UK Home Office
Rackspace runs short of Cloud Files storage in LON region
Google Drive misplaces months' worth of customer files
The cloud is not entirely the issue here (trust me as one Doctor to another).
The problem is confusing file sync with file backup whether you're syncing to a cloud drive or to a NAS device in the same room as you which you can see and touch and administrate.
Any user who doesn't know the difference between sync and backup (and there are many) will lose data, however much they value those data, irrespective of whether it's in the cloud or directly attached to their own network.
Palantir bags £330M NHS data bonanza despite privacy fears
Clorox CISO flushes self after multimillion-dollar cyberattack
When not if
In the face of a highly determined, skilled, patient and well resourced adversary it is impossible to defend a complex and distributed IT infrastructure. The notion of "locking down the network" no longer has any meaning. We can't defend against all the known threats, let alone the unknown.
We must therefore do what we can within the resources available to defend against the most common threats, whilst at the same time investing heavily in an effective and rapid alarm and recovery process for when the inevitable breach does happen.
The potential cost of cyber security is limitless in as much as you can never achieve perfection. Given that no organisation has unlimited resources to throw at the problem, choices must always be made between risk and cost.
Pharma boffins sharpen hunt for target molecules using graph DB
Cloudflare dashboard, API service feeling poorly due to datacenter power snafu
Who polices the policeman
Cloudflare provides reliability and continuity services to a *lot* of customers. There is nobody providing those same services to Cloudflare.
As well as these latest incidents, their distributed DNS name services (which are used as the default in a lot of data centre environments, in the same way as Google's name servers are set as defaults in may places) went tits up on the 2nd of October with intermittent fails for the same lookups. Again that was due to a reconfiguration / upgrade snafu.
SolarWinds charged after SEC says biz knew IT was leaky ahead of SUNBURST attack
Brace yourselves for impact ...
The only difference between SolarWinds and the others is that they got compromised and then got caught. We can be certain that there are many, many more supply chain vulnerabilities out there, which the developer has buried their head in the sand about, just waiting to be found and exploited by the bad guys. MOVEit alone was pretty bad.
Microsoft creates a new kind of credential: the 'Applied Skill'
CIA exposed to potential intelligence interception due to X's URL bug
Re: Ridiculous!
The Reg article is misleading. Why would you need an X profile impersonating the CIA? All that was needed was for the adversary to set up the Telegram profile that was linked to by the incorrectly shortened URL on the *real* CIA Twitter/X profile. That's why this was so dangerous until the white hat grabbed that Telegram handle and made it clear that it was not the CIA Telegram account.
If you set up a fake CIA X account you could put whatever Telegram handle you wanted in. The whole URL shortening issue would be neither here nor there.
What did the VisiCalc fairy bring you for Spreadsheet Day?
Generative AI slashes cloud migration hassles, says McKinsey partner
Re: The use of generative AI
Maybe this is a test by El Reg? Can the readers spot the AI generated articles? If so, I'm calling this one - definitely AI.
However, she recommended not skimping on an API gateway between an organization and the outside world in order to surface some of the "real-time alerts" if developers are accessing non-proprietary models or data they shouldn't be touching.
In no instance of the multiverse does this mean anything to anyone.
CDW data to be leaked next week after negotiations with LockBit break down
Ironically if you search for CDW ransomware attack, along with headlines such as this Reg article, you get a bunch of results from CDW's own blog such as :
- How to Increase Your Ransomware Recovery Capability - Work with an expert partner to learn how your organization can better prepare to recover from a ransomware attack
- Fend Off Ransomware with a Cybersecurity Recovery Program
- The Anatomy of a Ransomware Attack: 7 Steps to Prepare ...
If nothing else, this incident will somewhat dent their credentials as a trusted cyber security partner I would think. In a similar fashion to the way the house robots dent the amateur entries in robot wars ...
NASA taking its time unboxing asteroid sample because it grabbed too much stuff
Decades-old Home Office asylum system misses EOL deadline, no new timetable in place
Cumbrian Police accidentally publish all officers' details online
Brit healthcare body rapped for WhatsApp chat sharing patient data
Re: Something not quite right here
It's not the app that's the problem. It's the mechanism (or lack of it) for controlling access rights. Who decides who will be a member of the WhatsApp or Signal group? Who decides what each of those members can see or do with the data? There are no mechanisms in place on messaging apps whereby an organisation can maintain control of and audit who accesses what information.