* Posts by Alan Brown

14469 publicly visible posts • joined 8 Feb 2008

Menacing marketeers fined by ICO for 1.9M cold calls

Alan Brown Silver badge

Re: Gum them to death.

"Yes, and how much have they collected from these companies?"

More than it used to. The ICO has been blocking companies from phoenixing and going after directors

This has been happening BECAUSE of questions like yours

Microsoft and Helion's fusion deal has an alternative energy

Alan Brown Silver badge

Re: It's a sure thing

Three mile island has a problem with false alarms when the wind blows the wrong way and brings combustion output (smokestack emissions) from the coal station a few miles away over the nuke plant

Budget satellite drag sail shows space junk how to gracefully exit orbit

Alan Brown Silver badge

Re: makes the medicine go down

Golden Brown sugar? It explains the flying...

Electoral Commission had internet-facing server with unpatched vuln

Alan Brown Silver badge

Re: "highly privileged Active Directory accounts by default"

The absolute irony being that Windows NT is based on VMS (Cutler etc) and that has vastly better security design baked in than Unix does - MS threw it all out

Alan Brown Silver badge

Re: Never. Here is a solution

"Majority of businesses and organizations are not sufficiently secure. This will NEVER change."

Personal legal liability of manglement for breaches would focus attention. One of the biggest problems IT bods face is that the people with the resources don't see the need for improving security until an event has already happened

Concorde? Pffft. NASA wants a Mach 4 passenger jet

Alan Brown Silver badge

Re: Again?

Look at all the scrapes and dings on cars in the average supermarket car park

Would you trust the average driver (or their car) to be airborne?

Alan Brown Silver badge

Major issue in sight

Forgetting all the issues with engines and efficiency, these proposals invariably run into 2 major issues which grounded the Boeing 2707

1: Going much faster than Mach2 requires specialist and very expensive metallurgy due to friction heating.

Stainless steel is doable on Rockets because the heat impulse is short lived (launch and reentry are minutes, not hours)

2: At these speeds, sonic booms are a major problem even if the aircraft is at 60-100,00 feet

XB70 proved this in the 1960s and SR71 operations underscored it - people can put up with a couple of light booms a day but not the kinds of repetition associated with commercial operations

NOISE is a major major issue and it's _already_ limiting speeds on terrestrial high speed trains - Shanghai maglev had to be slowed down most of the day (it only hits max speed on runs for a 2 hour afternoon window on weekdays. slowing down further after dark) and the much-vaunted Japanese maglev Shinkansen is likiely to face similar protests before commercial operation, despite being routed away from occupied areas as much as possible.

Want to pwn a satellite? Turns out it's surprisingly easy

Alan Brown Silver badge

About 25 years late

It's happened already.

In 1998 NASA discovered script kiddies had pwned the computers controlling Mars Pathfinder and Sojourner whilst investigating odd behaviour

In 1999 and 2000 there were more malicious hacks of command/control systems for various LEO birds (although the satellites themselves diodn't seem to be the target)

Military systems aren't much better. In a lot of instances notifying sites about odd behaviour and script kiddies (mostly Eastern European) spotted operating from obviously compromised systems in military IP ranges resulted in denials and threats until DISA stepped in during 1999 to act as intermediary on all issues

The bigger problem is that THE UNDERLAYING ISSUES HAVE NOT CHANGED - NASA and ESA staff frequently regard OpSec as a nuisanmce which slows their jobs and simply bypass it or ignore rules. Just about every compromised system in NASA found when the late Jay (Cancer Omega) Dyson audited networks had had the security disabled by staff before hackers waltzed in through the doors left gaping open.

NASA and military networks were high value targets for script kiddies back in the late 90s as they had high network bandwidth availablity and were easy to launch DoS attacks from

What DARPA wants, DARPA gets: A non-hacky way to fix bugs in legacy binaries

Alan Brown Silver badge

Re: How did they allow themselves to get into this position anyway?

"A side effect of this was that open source software could not be used in the operational systems."

That's..... incredibly counterproductive for government contracts

Alan Brown Silver badge

Re: How did they allow themselves to get into this position anyway?

"lower cost bids that meet the letter but not the spirit of the tender"

Often with the active collusion of those supposed to be in charge of the Tender

The number of times tender requirements have been "rewritten" by procurement is legion. Always go over things with a fine tooth comb before approving what they send out

Alan Brown Silver badge

Re: How did they allow themselves to get into this position anyway?

"I can easily believe they've lost the source (or toolchains) for an awful lot of stuff, too."

I've worked on a number of science cases where the source or toolchain may be available, but is so expensive that RE is preferable in order to work out what it's doing and reimplement it (This is why a lot of places don't like using proprietary software. Opensource means that you can (eventually) rerun tests 30 years later, etc)

I was onboard with the idea of REing old software so it can be updated/replaced but the idea of "patching binaries" will fail anything which is cyptographically signed and is unnecessary if you own the equipment it's running on

This clearly has applications in government-sponsored malware (if it hasn't already happened elsewhere) but I can see a burgeoning use case of much older proprietary software being pulled apart by those wanting to reimplement it (and others wanting to snark the likes of Adobe, etc)

Bad software destroyed my doctor's memory

Alan Brown Silver badge

Re: VV&T

"are we building it right" - should include "are we leaking personal data to 3rd parties?"

EVERY piece of 3rd party javascript is a risk and remains a risk even after being audited, because it may change without notice (as with android APPs being sold off to malware authors, this happens at times to js occasionally)

Alan Brown Silver badge

speaking of software

My GP has just switched to the THIRD vendor of front-facing customer software

It's still using google-analytics and various other 3rd party javascripty things that send data overseas, without disclosing it

THEY may not be leaking data, but that's no guarantee whatsoever that 3rd parties is not - and we know that Google and FaceAche both aggressively harvest whatever they can get their grubby mitts on

Alan Brown Silver badge

" I've had to work with developers who think the code is more important than the functionality of the product"

Plus more than a few developers whose response is "Why would you want to do that?" and refusing to consider it

That kind of attitude resulted in several crashed Airbusses.

Pilots want to do "that" to test the systems are working properly when things go pearshaped. Users frequently want to do "that" to ease their workflow or test worst case scenarios

Alan Brown Silver badge

I can't upvote this enough

Furthermore, if users can't change/customise their view AND SET IT AS DEFAULT, the system is already unfit for purpose

Alan Brown Silver badge

Re: "radically alter the workflow of medical professionals, without their input"

Wordstar predates all of those and its keybindings are STILL in common use today, nearly 50 years later

Alan Brown Silver badge

Re: "radically alter the workflow of medical professionals, without their input"

"trace elements of Genesis that are common with Mesopotamian/Sumerian creation myths"

Erm, like large chunks lifted wholesale from the Gilgamesh Epics (themselves having been written down about 1000 years earlier but dating back at least another 1500 years) and tweaked only slightly from the original

You can see the garden of Eden/apple/serpent story, Flood, Exodus and others in the early poems

Alan Brown Silver badge

Re: "radically alter the workflow of medical professionals, without their input"

In my expereience: They frequently learn nothing anyway, unless threatened with pain (financial is almost as effective as physical, but emotional works best. People HATE being ridiculed in front of their peers but if someone's constantly ignoring what the users want then it's an effective tool)

I think whiffle bats should be mandatory in any development environment

Alan Brown Silver badge

"if you digitise and automate a shit manual process/cottage industry it becomes a shit digital process"

It's ALWAYS worth analying every step along the way anf find out the hostory of why something that doesn't make sense is included in the process.

It's usually a hangover from kludging around something broken that was fixed decades ago. Once you can point that out it's easier to get buy in on changes

Another thing to bear in mind is that apart from management's near patholigical need to see people "busy"(*), people themselves don't like twiddling their thumbs and anything which halves their time to do a task may result in pushback unless there are other ways to keep them occupied

(*) This applies to maintenance staff in partucular. The guys you see sitting around playing cards are "on call" waiting for something to break. If they are able to play cards all shift then something is going right(**) The guys you can't find when you go to their office may be down a hole somewhere clearing out drains or in a roof inspecting for rot. They're seldom skiving off in the bogs as many micromanagers seem to believe

(**) This applies to things like backup systems too. My robots had 6 tape drives and a hundred slots, not to speed up backups but to ensure rapid restores when the shit did hit the fan. The mangler who only sees 2 drives and 8 slots in use on a daily basis overlooks that requirement

Alan Brown Silver badge

OR if what's in use is cumbersome and what replaces it REDUCES effort

One of my pet bugbears has been when I've brought in a system which has XYZ all built in and manglement insist on tasking people to go develop XYZ all over again (usually badly, for all the usual reason expounded here - users are utterly crap at giving a full list of requirements)

Alan Brown Silver badge

Re: Have a hundred upvotes

"I am doing testing on a travel app"

The best tester is the one who constantly breaks things

This is usually the tester that the devs hate the most and don't want to deal with

Given a hard choice of jettisoning the tester or the devs, I'll keep the tester

Alan Brown Silver badge

Re: Have a hundred upvotes

All of what you've said is valid - and very rarely happens

I have to remind my GP that I'm critically allergic to penicillin every time they want to prescribe antibiotics

Alan Brown Silver badge

Re: You're kidding, yes?

"Medical software interfaces are clearly written by disinterested 16-year-olds doing School projects."

"Kids in Bedrooms" is the term used by one old manager I worked with to characterise Open Source software

He didn't like it when I co-opted the term for shitty UIs in "professional" applications and liked it even less when I used the term in a meeting with one vendor

As I pointed out to him, when OpenSource has a shitty interface, someone always fixes it (and if it has a good interface, someone always comes along with an unusable variant), but for commercial wares you're stuck with whatever the vendor supplies

Opensource frequently ends up with a plethora of ways to access the same data, tuned to the requirements of the people using any given interface. This is NOT a disadvantage

Alan Brown Silver badge

One of my constant complaints when trying to turn a project into a frontend for users is that it's virtually impossible to get people to test things (for various reasons, not least of which is "they're too busy" for manglement to spare them)

The result is that devs work in a vacuum and it's extremely harmful, where weeks are spent polishing the graphics on a turd which is difficult to drive and use no matter how shiny the wrapper

NASA, DARPA enlist Lockheed to build nuclear-powered spacecraft

Alan Brown Silver badge

You can extract the hydrogen from water at the energies involved. Most of the proposals use water as reaction mass for this reason

Alan Brown Silver badge

As Everyday Astronaut put it, nuclear thermal rocket propulsion is more or less operating a reactor at prompt criticality (as happened at Chernobyl) - on a continuous basis

That's a VERY fine knife edge to be riding, to say the least and it makes Project Orion look reasonable

Too many bytes and not enough bricks for datacenters

Alan Brown Silver badge

"Remember filament light bulbs?"

Yup, and replacing them with LED made almost zero difference to my power bill(*)

They may draw less, but lighting is a tiny part of the overall equation (especially offpeak - streetlighting switchoff schemes "to save money" have frequently resulted in local authorities being charged MORE for their power as the lighting load was a useful way of shedding excess generation rather than letting burners go cold in CCGT plants)

In any case, things like bigscreen TVs and other electrical kit have vastly outpaced reductions from changing domestic lighting

(*) On the other hand, I haven't had to go up a ladder and change bulbs in a very long time

Alan Brown Silver badge

> Look at ring mains

I'd rather not.

They're not even NEEDED these days (radial mains is perfectly acceptable and tacitly encouraged(*)) but rings save (a very small amount of) money(**) and those who approve the works can't envisage anything else.

(*) I'd like to see a rule change mandating radials for new builds

(**) Mainly because you can put FAR TOO MANY outlets on a single ring whilst radials have strict limits on potential draw

Alan Brown Silver badge

I suspect the best brownfield site would be a steelworks or other heavy industrial site, or adjacent to a substation with incoming overhead 200kV lines

The average industrial estate/factory really didn't pull much power per square metre

Alan Brown Silver badge

I had a beancounter raving at me about cloud costs. We sent him off to a sales presentation he wanted to attend with instructions to enquire about the cost of READING the stored data

That was the last time he ever suggested it - and he approved a budget increase for us too

Alan Brown Silver badge

Re: Smaller, faster

That just results in racks drawing even more power as more can fit into them

Nobody does DR tests to survive lightning striking twice

Alan Brown Silver badge

This is why...

in a BIG 24*7 operation (like say, a global hotel chain), your DR includes an alternate site (and switching between them is TESTED)

Infineon to offer recyclable circuit boards that dissolve in water

Alan Brown Silver badge

Re: High humidity environments?

or even non-hot-sticky climates over a 20-30 year lifespan

There are shades of Mercedes soy-based wiring loom insulation here. Rodents LOVED it

Alan Brown Silver badge

Re: “The collection and recovery process cost itself could be multiple times the component costs”

cats and fuel:air ratio legislation in the USA is a classic example of regulatory capture by entrenched interests

US Domestic makers couldn't compete with Japanese ones on fuel economy and the Japanese were bringing newer (more expensive) cats to market which tackled the NOX issues from lean burn systems.

By mandating 3-way cats and a stociometric fuel ratio, domestic makers weren't at nearly as much of a disadvantage on fuel consumption and they didn't have to spend money to pursue more efficient engine technology (This is also the reason why the USA domestic car industry pushed light trucks, truck-based vans and SUVs so hard during the 1970s-2000s - they weren't subject to strict emissions and crash safety controls, whilst the 25% import tariff on them (2% on cars) made the profits even sweeter in their captive domestic market)

The lawmakers were _extremely_ heavily lobbied (bribed) by Detroit to get legislation placed which claimed to be doing one thing, but whose goal was entirely different (protectionism)

Turning a computer off, then on again, never goes wrong. Right?

Alan Brown Silver badge

Re: Sausage Factory

Kinda hard to force a client to install these at their own site.

If you can get them to do that you can usually convince them to put the equipment in a server room off limits to cleaners

(Unfortunately then you still have the problem of "security guards" who make it their life's mission to switch off aircon in unoccupied rooms - including rooms full of noisy equipment and racks)

Alan Brown Silver badge

Re: 6 weeks

New Zealand's VAT/GST implementation is unusual in that the GST is applied to EVERYTHING except banking(financial) services

The huge mess in Australia and Britain, "where bread was exempt but raisin bread was not" was one of the major drivers of that decision. The government didn't want a system which had been demonstrated to cause expensive court cases over interpretations (Jaffa cakes, anyone?)

The result of that decision was astounding.

GST went in at 10%, income taxes reduced, the hideously complicated system of import duty and sales taxes (which could result in tax being 120% on some items) went away.

The government netted MORE income and within a decade was able to reduce inland revenue staff numbers by 1/3 (nobody in IRD was complaining of overwork either), vs being on track to double staffing numbers on the existing system, within a decade just to keep up

By not having exempt categories, business calculations were easy and it became _very_ hard to cheat the system. In most cases if a rort was going on the government only lost GST income on the MARKUP applied, rather than the entire tax amount (which was a constant feature of a sales tax system only applied at retail sale and required that wholesalers be specially licensed/only allowed to sell to retailers)

Alan Brown Silver badge

Re: 6 weeks

"everyone had hard-coded the original value into their programs, rashly assuming politicians would not change their minds"

I knew people who worked in the vehicle registration system. Management swore black and blue that personalised registration plates would never be deployed in New Zealand and ordered the staff NOT to allow for it in the new system they were developing

About 8 months after the new system came online, personalised registration numbers were announced as a new policy from the Beehive. Thankfully said manager had been ignored and modules written "just in case"

I crossed paths with him myself about a decade later.

He was attempting to do offsite backups

By emailing the database files to an office in another city

Said files were ~90MB

Over a 2400bps dialup modem

Using a mail client which didn't declare the size of the message being sent

Starting at 5:30pm each day

That was when I discovered that SunOs 4.1.3 sendmail uses the swapspace partition (containing /tmp/) to buffer messages too large for memory

About the same time as I discovered WHY the system was running out of swap around 2am Tuesday to Saturday was when he sent a snide mail (dead trees) complaining that our service was unreliable. Pointing out the default 10MB limitation on email size was simply unacceptable to him (the receiving end also had a 10MB limit and had no intention of raising it, so bumping my limit was pointless).

It turned out he'd sold "email backups" to the higherups as a great way of reducing costs and had received a large bonus after demonstrating it - with 100kB files

He left the MOT shortly afterwards and then showed up at another large customer. A friend of mine worked there and whilst technically under him, was aware of the damage he was capable of (more importantly had a good personal relationshop with the company owners) and managed to prevent him making changes which would have impacted a multi-hundred million dollar mail order outfit

About a year after that it was mentioned that this manager had left under a cloud. The owners are conservative religious types (Not American conservative types) and one of them had walked into his office to find him broswing penthouse.com on his work machine, at lunchtime. As 98% of the employees were female it was deemed to be a hostile workplace issue and he was walked to the front door by security within minutes (Did I mention that there was a specific prohibition on accessing unauthorised resources from the workplace network as part of all employment contracts? And a firewall which whould have stopped that website even being visible?)

Alan Brown Silver badge

Re: Big giant CF

"The HP machine is giving to the family member as a premium for getting the work done and not mentioning it to anybody."

In the case of the NHS, that's an ICO investigation waiting to happen

Medical computers are in a class of their own WRT privacy issues and that applies if all they're doing is running the building climate control. Treat EVERYTHING as if it contains sensitive data and ensure everything is erased (not just signed off as erased) before it goes out the door

Alan Brown Silver badge

Re: aaah, NHS IT....

"As is usually the case, the job expanded to cover looking after all the PCs in the department"

without any change in job description, responsibilities or pay

Alan Brown Silver badge

Re: The web server that wasn't

When will the hurting stop?

Alan Brown Silver badge

Re: Service != Server

That's EXACTLY what's happened in a number of cases in one place I worked (A presitgious department in a Russell Group university)

One serious IT cockup happened because the user in question (now deputy director) had done an end-run around the IT group because she was of the opinion her PhD trumped any of our experience

Alan Brown Silver badge

Re: Service != Server

Sounds like the idiot in question needed removing from the position and what you achieved was job security by letting him keep trashing his employer's equipment (or letting him allow his underlings to do so)

There's a risk with such users that they tell porkies to their management which results in your external contract going away

Alan Brown Silver badge

Re: Sausage Factory

I've encountered clients like this a few times. My immediate response has always been to start packing up and head for the door

If they're taking that attitude, then you will be blamed for ANYTHING that goes wrong, even if you weren't there

Alan Brown Silver badge

Re: Sausage Factory

Such a machine is a cleaner with a floor polisher(*) away from disaster

I've had machines on sites with uptimes of YEARS suddenly stop working - in virtually every single case it's becase the cleaners unplugged it to run a floor polisher - despite the DO NOT UNPLUG/DO NOT SWITCH OFF label on the socket and plug itself

At least one of them has stated that unplugging is not switching off, so they're alright jack.

In a lot of other cases it's turned out that they cannot read (these are people handling dangerous chemicals FFS) and often blag their way through life trying to cover it up

Using an _obviously_ incompatible plug/socket system for critical kit doesn't help. They'll unplug it anyway to check

It's worth having penalty clauses in contracts for external organisations making them liable for damage caused by their staff for any reason and then insisting that the managers read/sign off on site rules/safety instructions. That way when the inevitable "nobody told me..." crops up, you can pull up the evidence that they WERE told and failed to pass it on or send their new staff to the safety briefings as required in the contract

Alan Brown Silver badge

"One of the places*. The writer knows what's meant to happen. And what every step does."

In my last job I was expected to write the instructions and inflict them on users with no further in-house testing

I know full well that marking your own work is a deadly mistake, but the manager REFUSED POINT BLANK to assign someone else to handling this part of the job

Unsurprisingly there were lots of user complaints about stuff and documentation issues took years to be addressed

The same problem cropped up with in-group procedures - even worse, after going through instruction scripts, finding the holes (missing steps. assumptions, etc) I was roundly criticised for treading on people's toes (they were having to write their own docs too, but resented suggested edits being handed back and refused to add them to their official versions, believing the instructions were complete enouigh as they were - this also applied to stuff they'd written for the users).

The result (unsurprisingly) was lots of do-overs and support requests

These are the same people who wouldn't document all the user support they were doing ("stopped in hallways" was a common way of users filing issues instead of using the ticketing system and our people woudln't create/close a ticket when they got back to their desk), resulting in manglement coming down hard from on high about the staff supposedly sitting around idle and not doing much - wanting to reduce headcount as a result.

Alan Brown Silver badge

I'm less surprised about Arnie not going back to the site, than I am about the senior manager not getting his marching orders

My experience with NHS (and other state health systems) is that they take unauthorised changes to critical equipment extremely seriously - particularly the installation of unauthorised servers and alterations of sitewide configurations

Even back in the 1990s the privacy and liability ramifications of this kind of issue would have accountants and lawyers blanching

Alan Brown Silver badge

Re: Testing, Testing ...

"I found an error; and they went off to fix it"

My experience was frequently that the error was repeated elsewhere but only fixed where I'd found it. The concept of looking for it across the code seemed foreign to most programmers

Alan Brown Silver badge

Re: Reminds me of an old (early '80s) AI koan ...

"And besides, I wouldn't wear one anyway ... these days, it's hard to find a place where one can not see the time."

I've seen a couple of editorials which point out that the rise of mobile phones (even the humble Nokia 3100) has resulted in near extinction of wristwatches - and if you look around you'll see that's pretty accurate (compare videos of people on the streets in the 80s/early 90s with observations today)

Alan Brown Silver badge

Re: Reminds me of an old (early '80s) AI koan ...

I gave up on mechanical wristwatches very early. As a leftie and wearing it on my RIGHT hand, cheap watches would inevitably self destruct when the winder would snag on something and rip clean out of the case (you'd be amazed how often you brush your wrist against things)

recessed winders solve that, but so do lcd watches and they were MUCH cheaper

Alan Brown Silver badge

Re: Reminds me of an old (early '80s) AI koan ...

Or ignoring a perfectly valid message, saying it doesn't exist, even when it's on the screen in front of them and then - after reading it out loud - saying they don't understand it (file not found)

Having a PhD doesn't imply actual ability to solve problems