Posts by John Riddoch

Re: How the UK system works

£120k is peanuts when they're filling racks with GPUs and DDR5 RAM...

But yeah, that system encourages over-requesting just in case.

Re: I used to own a sports bar/restaurant

I'll be honest, a bunch of typoes in your menu would have given me a bad impression of the place and would likely have turned me off coming back. If you can't even spell things properly, what else is wrong there?

Re: Really makes me sad

It's unlikely any successor to Trump will be able to hold the party in their thrall the way Trump has managed to. Jay Kuo covered off some hypotheticals as to what could happen if Vance had to take over from Trump (either through death or being forced to stand down) at https://thinkbigpicture.substack.com/p/after-trump-gone-vance-maga.

Normal press release. They'll never admit "some script kiddie in his mom's basement with an off-the-shelf piece of ransomware broke our systems because Bob in Accounting clicked on the link in the blatant phishing email", even though that's probably the overall method of most ransomware attacks.

Re: "an unidentified threat actor created a symlink that linked users to the root filesystem"

There was a vulnerability in the OS which was being exploited. Fortinet released a patch which fixed the vulnerability, but didn't clear up the back doors left by the threat actors and left the systems vulnerable. This new patch removes the symlink and prevents symlinks being used as a back door. In essence, the new patch removes the persistence of a previous hack on the system.

Re: With the plummeting stock markets...

Is there anything left of the SEC after the Trump/DOGE cuts?

The rules are published on ICO's website. Key paragraph is probably this one:

"When a personal data breach has occurred, you need to establish the likelihood of the risk to people’s rights and freedoms. If a risk is likely, you must notify the ICO; if a risk is unlikely, you don’t have to report it. However, if you decide you don’t need to report the breach, you need to be able to justify this decision, so you should document it."

I await Oracle's justification for choosing to not report this breach within 72 hours.

Re: But but but...

Once you put Windows on a client box, it needs maintained, patched, supported and that's difficult/expensive when users are prone to buggering about with them. Virtual desktops can save a lot of that pain so it's not a fair comparison.

That said, 349 (pounds or dollars) seems excessive for a desktop terminal, especially one limited to Azure desktops.

Re: childish analysis

Less about what they "appear to have done" and more "what they've told us they've done" - see https://ustr.gov/issue-areas/reciprocal-tariff-calculations for their actual calculations based almost wholly on the trade deficit to that country; the tariffs charged by those countries isn't part of that equation. The assumption is that the other country must have cheated to be able to get a trade surplus with the US and they must be punished for it, as opposed to them being better/more efficient/smarter at it.

Partly, this seems to be part of a negotiating tactic of Trump to try and get what he wants in concessions from other countries; the promises by Mexico and Canada delayed their tariffs for a month, he's probably hoping other countries will be rushing to his door to make promises and concessions for a better deal, but in reality, there's not much wiggle room in many negotiations. The average tariff rate the EU levied against US imports was 1% (https://ec.europa.eu/commission/presscorner/detail/en/qanda_25_541) and for all Trump's bluster about car trade, the fact is that most countries don't want US style cars. Petrol is cheap in the US, so they typically make huge gas guzzlers which aren't viable in countries with expensive fuel.

Yeah, overflowing shared drives - had that at previous job where a lot of JPGs of women not wearing very much was taking a significant portion of the space. Deleted the files, left a README saying something like "Who's been a naughty boy?". Few days later, the README and the folder was gone too. Not a further word was ever said of it.

Weird thing was, the miscreant had a workstation on his desk with a fair chunk of free space and if he'd kept the files there, I'd likely never have found them or cared about it.

TSB migrated out of Lloyds in 2018, although that didn't go well...

You're right about the other three being the same banking group, they probably run different OS instances for the brands, but there will be crunch points somewhere in the chain where they use the same bit of infrastructure. Doesn't explain how Barclays got caught up in it, so could well be some third party service which threw a wobbly and some banks didn't cope as well as others. Or it just some random coincidence, we may find out from the banks' post mortem comms.

Re: He could do well

That's an outrageous accusation. I mean, you'd be suggesting that he'd forcing the head of the FAA who'd suggested fining SpaceX to resign next...

Re: Cat's out of the bag.

John Bolton's comment in an interview probably said it best. "Trump doesn't want Loyalty, he wants Fealty" and that's from someone who worked closely with him.

I think the first post was spot on - "How much?". It gives him time to do some backdoor chat and sell some of his memecoins to line his pockets before accepting the advice of his advisors ("that's about all you can extort from them, sir") and letting TikTok run.

Re: 42% less unix philosophy

The core part of systemd (faster boot times by doing startups in parallel) is a great idea and if it had stuck to that, everyone would love it. Its tendency to spread tendrils into places no-one expects it is the issue and one which Solaris did with SMF. Using a component called "tmpfiles" to create persistent files and folder is always going to ask for trouble. Added to that, the tendency for its author to dismiss any concerns doesn't help its image.

It's possible, but unlikely. The core is that he (allegedly) crossed state lines and committed premeditated murder with an illegal firearm and granting him any kind of leniency on the basis that the victim wasn't a nice person opens the floodgates for people to claim justifiable murder. Whose opinions do we follow when deciding if someone deserves to be gunned down in the street?

Barring something extraordinary, he'll be found guilty in court or he'll make some kind of plea bargain.

Re: Nice gadget?

These devices were never intended to stay in use in the long term. They're shipped out to a customer to load on data to transfer into AWS where that transfer is faster than going over the internet (see also: station wagon full of DLT tapes). They shouldn't stay on prem for longer than it takes to load it up with the data going into AWS.

As for re-use, they're essentially relatively fancy encrypted hard drives with a NAS front end. There's probably limited value in re-use, although the ruggedisation might make them interesting in niche cases.

Was the flicking of the switch a mistake or a "mistake"?

Mostly, I'm surprised that running a ring mains for 25 PCs didn't blow the fuses for the lighting circuit. Certainly doesn't sound like it would pass any electrical inspection.

Probably less "competitors" and more "resellers who sell VMWare and $OTHER_SOLUTION". In that instance, Broadcom could put pressure on their resellers/partners to not sell competitors' products.

Re: It's a little funny, as an outsider...

As far as China goes, Trump has already threatened to (re)introduce tariffs against Chinese imports, so I'd assume they'd prefer Harris.

Re: Obviously this was planned as a two stage attack

BBC was reporting that Israel* had to "pull the trigger" early as they were worried that Hezbollah was onto them. Certainly, timing it just before (or during) an actual assault into Lebanon would have seriously hampered any defensive effort, they will presumably have a short time to regroup while Israel is now moving troops to the North. Whether Israel is reorganising for assault or defence time will tell, but the rhetoric suggests attack. That's an escalation in a volatile region and it's getting messier.

Re: Ouch!!!

I think it's a little harsh to complain to MS about a lack of warnings, given how easily Linux/Unix would have let you delete those accounts. Probably wouldn't even have given you a warning...

That said, it really should have made it clear it was deleting the account rather than just the mailbox.

Re: Reminds me of TV sets

My living room TV is 11 years old and still works fine as a TV. All the smart features are useless, because Netflix, Youtube etc changed their APIs/codecs/whatever and LG stopped updating the firmware to keep track.

Re: Not the flex they think it is

Developer time is expensive and directly attributable to the project manager's budget, timeline and by inference bonus.

Operations time is a cost to be attributed to someone else and at a later time, i.e. not the PM's problem. It's also likely to be lumped into a big pot of looking after other systems, so the pain of one system gets hidden in among the noise. As such, it's fairly easy to see why developers may get the benefit.

There's also a trend over the last 10-20 years where it's cheaper to throw CPU, Memory and faster disk at a problem than it is to develop and code something which runs more efficiently. Why spend £200k on developer time to reduce CPU cycles by 25% when you can just double server capacity for £10k?

Re: Conspiracy Theories

With Chamberlain's death being announced too, I'm sure the conspiracy theorists are going nuts with all this. However, I'm inclined to go with it being a tragic coincidence. We don't have technology capable of summoning the kind of freak storm which sunk the Bayesian and the driver who hit Chamberlain stayed at the scene, making it sound a lot more like an accident than a hit job.

At the heart of all this is a number of people are dead and will be grieving. All the harder for the families of those missing as they don't have body to grieve over.

Re: Kind of a self-answering question ?

"Shotgun pleadings" are absolutely the right thing to do, though. Sue Disney, they claim "not us guv, you need to sue the restaurant". Sue the restaurant, they claim "not us guv, you need to sue Disney". By suing both, you put the onus on the court to decide which party is liable, or if there is shared liability between them.

As to the merits of forcing arbitration, I'll leave that to the lawyers to argue about, but using a Disney+ subscription to avoid a court battle for something unrelated to it seem sleazy.

Re: "We believe this case lacks merit"

The underlying concept of the stock market is fine; it allows people to invest in large companies (too big to exist as sole trader/partnerships) with limited liability (the most you can lose is your investment) and lets the shareholder trade their investments. The issue is how it's been abused over the years by people extracting money from it, between shorting stocks, microsecond transactions, etc, etc.

In terms of "not lying", most of the theory of capitalism and economics relies on "perfect information", which is why in practice it's horribly broken, but restricting the lies is intended to help.

Re: But as Watson might say

ISTR some comment about the money going to suspense accounts in the Post Office. i.e. if a branch showed it was £5k down, there would be £5k in a suspense account in the Post Office which should have balanced everything out. This got raised because it would apparently also increase the PO's profitability and consequently exec bonuses, so they were benefitting from the errors.

Of course, that raises another question about why no-one raised the point said suspense account was massively in credit alongside several branches being out of balance.

Re: Can an AV be effective if not in Ring 0

Anything run in user-space is vulnerable to being hijacked by a virus/malware and is harder to make resilient. Not impossible, but significantly harder and even if you think you've got it right, the bad guys will be continually probing for some kind of a weakness to disable your protection.

The effort on rolling updates is a definite perceptible effort which carries much more weight than a hypothetical effort to recover the systems when it breaks, so people think "meh, it'll be fine" and crack on with immediate rollouts. Doesn't make it right, but that's how people think, particularly if they have to do manual approvals of AV signatures on an almost daily basis.

I expect a lot of companies will be reviewing those processes now, though.