* Posts by Evil Auditor

2230 posts • joined 13 Jan 2009

BOFH: You'll find there's a company asset tag right here, underneath the monstrously heavy arcade machine

Evil Auditor

Re: Personal heaters

I used to use an Alpha Server 2100 for heating and a bit of playing around. Almost as noisy as a jet engine and almost as warm.

De-identify, re-identify: Anonymised data's dirty little secret

Evil Auditor

«Make re-identification of de-identified data illegal»

That would be a bit like shooting the messenger. Rather make the sharing of personal data -without explicit consent by the subject- illegal.

Off yer bike: Apple warns motorcycles could shake iPhone cameras out of focus forever

Evil Auditor

For a moment I thought this was the «WHO, ME?»

BOFH: Pass the sugar, Asmodeus, and let the meeting of the Fellowship of Bastards … commence

Evil Auditor
Thumb Up

Re: Kickstarter

Brilliant! And with the distraction from the mobile phone's notification you will inevitably and deservedly faceplant.

Oh! A surprise tour of the data centre! You shouldn't have. No, you really shouldn't have

Evil Auditor
Thumb Up

Re: Gotcha

«Now that’s mortgage driven development.»

And, I hope, development driven dismissal. Similar used to happen in the 90s over here. That is, until the remuneration package was changed from getting paid for being called to getting paid for being on call. All of a sudden the number of incidents dropped considerably.

Evil Auditor

One Christmas feast with the family and that poor IT sod got a phone call from a user who noticed a CryptoLocker taking over. Only months later, the IT was fully functional again. And with such incidents, I'm rather glad not to be on the operation side anymore.

How to stop a content filter becoming a career-shortening network component

Evil Auditor

Audits of branch offices also included compliance with local regulations. Given that some countries in the Middle East had (and probably still have) some rather strict anti-prawn laws, I had the "joy" of searching for such content on any local storage. And then delivering lists of files that better be deleted to their owners...

Fix five days of server failure with this one weird trick

Evil Auditor
Thumb Up

Re: Need to smash the hell out of that power brick

If it was only a young goat. It took my soul and will to live. Only the latter I've retrieved.

Evil Auditor

In a former life I received a call from a shop floor: funky harddrive. It made some spinning and scratching noise but otherwise didn't work. I changed it for a brand new one. And a few days later the same symptom appeared again. I changed it again and gave them stern warning not to physically abuse computers. Given this was a shop floor and knowingsuspecting that they'd rather take a hammer to solve problems, was not a totally unreasonable assumption. Anyway, the harddrive crashed again shortly after. I admit, I did not believe their affirmation that they didn't hit or even touch the machine but I agreed to take it to the lab to have a closer look. Turns out the hdd controller developed a habit of crashing drives. And I not to jump to conclusions. Nah, just kidding - I still do.

Good news: Japanese boffins 3D print what looks like marbled Wagyu beef. Bad news: It's tiny and inedible

Evil Auditor
Devil

Re: "there's the edibility problem to overcome"

..."friends" who invited me to a Mac...

Fixed that for you.

BOFH: They say you either love it or you hate it. We can confirm you're going to hate it

Evil Auditor

Re: Eerily good

Back in the day, we actually worked from the show machines. That is, we used them run Phantasmagoria and other essential stuff (during lunch breaks only, of course) and to remote log on to the safely located machines for doing the real work.

Evil Auditor

Nearly 30 years ago an telecom technician brought in his (infected) CD-ROM to update the phone switch. The update apparently acted funkily in the switch and to test the CD-ROM he shove it into one of our PCs, which was connected to the network...

It was my job to clean up. And my boss, the BOFH, dealt with the technician, of whom I 've never heard again. So better not mentioning any names.

Punchy Italian kartist gets 15-year ban for trackside rampage... and other stories

Evil Auditor

Re: Kart ? Corberi dethroning Trump as top sore looser ?

Rank sore loosers if you must. But it's a bit like ranking crap according to to its taste. Sure, you can do it but it all tastes like shit.

BOFH: You say goodbye and I say halon

Evil Auditor

Halon?

Now, Simon, I for one am a bit sceptical. I seem to recall an earlier report of yours, at the time when halon was banned, which led to a accidental discharge of the halon systemsuccessful fire suppression. So how on earth did you save those halon bottles?

Anyway, the nitrogen atmosphere is brilliant!

How to keep your enterprise up to date by deploying the very latest malware

Evil Auditor

Re: This is one of those things...

"Proper access controls" is such a situation mean, if I'm responsible for setting up a machine to be cloned, no one, absolutely no one except me will have physical or logical access to this machine before the job's done. I've learned this both the hard and dumb way. Hard: someone else messing up the machine and dumb: me forgetting what it was over lunch break (or night) and messing it up all by my own.

I think therefore IAM: It's not cool, it's not sexy, but it's one of the most important and difficult areas in modern IT

Evil Auditor

Couldn't agree more with AC. Although, I wouldn't necessarily say that the processes don't make sense. Rather, they've grown historically, often undocumented, into some form of highly complex tumor. Implementing an IAM means deciphering the tumor.

Evil Auditor

Re: HR is the key

I agree but...

In practice it is hardly ever that simple. First, accounts are, even if crucial, only a small part of the problem - the larger and much more complicated one being user permissions. And second, many companies have consultants, staff from service providers and other external staff that is not contracted by HR and still need a user account.

So far I've only come across two companies (less than 1%) that fully manage user accounts and permissions through the HR system: any user, incl. external, has to be registered and assigned a role in the HR system. And based on the users' organisational unit and role they automatically get their permissions - and also automatically revoked if no longer needed. In addition, external users need to be periodically confirmed by their internal person responsible or their access will be revoked as well.

Thanks, boss. The accidental creation of a lights-out data centre – what a fun surprise

Evil Auditor

Re: Access denied

Seems very sensible.

Can't remember how many discussions with C-levels I've had, initiated by having a look at the data centre access list. Answers ranging from "I'm the CEO of the company and need to have permanent access everywhere" to "we're chillin' the beverages in there".

And then there's the story for which I don't have any proof (a.k.a data centre legend) of a boss hitting the Big Red Button at the eve of a long bank holiday weekend: "now you've got all weekend to test the IT contingency plan."

Snowden was right, rules human rights court as it declares UK spy laws broke ECHR

Evil Auditor
Big Brother

So, umm, 'hello' and 'good evening' to all the spooks.

If you want to address them personally, you'll have to incorporate some trigger phrases in your post. And I shall refrain from using such words, for now.

Accidentally wiped an app's directory? Hey, just play the 'unscheduled maintenance' card. Now you're a hero

Evil Auditor

Accidental deletions are more common than management realises.Really? [Fill in Eastern European expletive of your choice]

It's not exactly what I call «accidental deletion» but deletion nevertheless: for at least a half a year we have recurring situations with Microsoft Word and Excel files. You open the file again after someone else edited it and what you see is your last version but not the other persons' more recent changes. Lucky you if you notice the issue.

Don't know if its Sharepoint or the Office suite or something else and neither do I care. It's just a bloody cock-up.

Terminal trickery, or how to improve a novel immeasurably

Evil Auditor

Re: I'm a word wrangler...

Let's hope El Reg has an open ear for reader's story corner...

Evil Auditor

Re: I'm a word wrangler...

To the pub?! Is this the moment where I regret having moved to the continent?

Click <Create a new topic>, select a section such as <chew the fat>, add title "AC's Stories" or something and start writingentertaining us.

Evil Auditor
Thumb Up

Re: I'm a word wrangler...

AC, while I fully respect your decision to stay behind the curtain, I'd like to tell you: it's a pity.

Usually, I wouldn't even get through the second paragraph of much shorter comments. But with yours I'd happily read on further, much further than it lasts.

Evil Auditor
Devil

Remote logon to random machines on the campus and, depending on the mood, entering either «shutdown -h +1 "you're losing all your work in 1 minute"» or «shutdown -h now». We didn't even bother to clear the log files; in our youthful arrogance we believed that no one would go and check them. And no one did.

Ok, maybe not as harmless a fun as can be. So remember, kids, don't do this at home. Or anywhere, for that matter.

Don't cross the team tasked with policing the surfing habits of California's teens

Evil Auditor

Bullshit Jobs by the late David Graeber.

KPMG wins Bournemouth, Christchurch and Poole Council's £18m everything-and-the-kitchen-sink IT deal

Evil Auditor

El Reg, can you please report on this programme again if, and only if, it succeeds*? That would be a true surprise - everything else is expected.

* Success defined as: achieved well- and predefined objective within budget and time.

Evil Auditor

Re: Similar to NHSX

You're right.

There is, however, another way to see this: «we have no feckin' clue about IT and what to do with this newfangled stuff. Let's get Big Consult in to deal with IT. And if it fails, we can blame them - after all, we'd like to get re-elected by the plebs who pay the £18m.»

Use Windows and POS in the same sentence... Yes, that's right: Point of Sale. What were you thinking?

Evil Auditor

Re: Password?

Any suggestion of a shared password manager was treated with derision.

No wonder, they already had their shared password manager. In situations such as this, sometimes I wonder what, if anything, could qualify for justified violence.

BOFH: Bullying? Not on my watch! (It's a Rolex)

Evil Auditor

Re: Reminds me off.

Indeed, they usually do. Unless you're Whacky Ramshakle Corp. that put together their employment contracts (and other stuff) from bits and pieces they found on the web or elsewhere. They still sound like legalese but will omit crucial parts or outright contradict itself. And yes, such contracts do exist.

Microsoft 365 tries again at filtering swearing, bad behavior: Classifiers for seven languages offered

Evil Auditor
Thumb Up

Re: What fresh hell is this?

Eastern European profanity, such as a mother caringly saying to her daughter: «jebo ti pas mater»

I'll leave this to your preferred translation service...

Evil Auditor
Trollface

Re: US-centric

Consider this: you oppress religious fanatics. They leave and find another place to fuck up and they grow and breed. Many -severel hundred- years later, just about when you thought that you overcame moral constraints and finally live in a liberal society, they come back at you telling you what you can say and what you cunt.

Guilty: Sister and brother who over-ordered hundreds of MacBooks for university and sold the kit for millions

Evil Auditor

Re: Why is the second part of:

Obviously, you are right: the cases that never surface are neither investigated and no one will ever know about them (except for the lucky one) - pretty much the same as survivor bias.

My partial disagreement stems from the fact that we (certainly limited to my own experience) put in quite some effort to discover precisely those cases that did get unnoticed - so to speak to recover crashed planes when we don't know if there are any (with the planes, at least, it was known that some went missing).

A large part goes into fraud prevention with implementing robust controls over several levels which limits the possibility for a culprit to pull something off successfully and also limits the number of possible culprits. Then still trying to discover "shot down planes" which reach from random checks, data analyses, to thorough investigations of business conduct whenever a higher manager (being the ones most likely in the position of circumventing/overruling controls) leaves the organisation.

Evil Auditor

Re: Why is the second part of:

Of course, I cannot exclude this happening but it is different than survivor bias.

How did they got caught? In each and every case it boiled down to: the sums didn't add up (often quite literally). This is irrespective of running or not. But most of them were still employed at the time of finding out - including the cases with a posh villa in sunny Southern Europe or a whole hotel (!) in North America.

Doing the big score at once increases the chance of getting busted quicker. Simply because the sums not adding up happens quicker.

Evil Auditor

Re: Why is the second part of:

«Take the money and run» happens in films. Reality is, you try is once, maybe for the thrills. You get away with it. Scale up. Repeat until busted.

None of the cases of fraudulent staff that I came across started big enough to take the money and run. Even though some of the schemes ran into the seven and few in the low eight (€) figures.

What could be worse than killing a golden goose? Killing someone else's golden goose

Evil Auditor

Re: I know

You may very well be right and I'm not questioning that. But having faced similar in a different bank (or was it?), I believe it is not that a unique behaviour.

Evil Auditor

For the sake of this post, let's assume it was at another rather large bank: on call used to be paid extra per off-hours call out. It might have been some evil auditor's recommendation (not I!) initiating changing the incentives: after on call payment changed to a fixed sum for being on call, the number of off-hours incidents decreased dramatically to nearly zero.

Swiss security provocateur who leaked Intel secrets indicted by US authorities

Evil Auditor

Re: Extradition treaty?

I cannot possibly comment on Polish-French directors. But it is the case -and also stated in the treaty- that Switzerland does not extradite its citizens if they can be prosecuted within Switzerland. And neither if the crime in question is not punishable in Switzerland.

Something fishy is going on in Taiwan as folk change name to include 'salmon' for free sushi

Evil Auditor

A former first minister would have had quite an advantage.

Brit college forced to shift all teaching online for a week while it picks up the pieces from ransomware attack

Evil Auditor
Thumb Up

Re: It's not just a matter of backup and restore processes

Unfortunately, I can only give one thumb up.

We can't avoid it any longer. Here's a story about the NFT mania... aka someone bought a JPEG for $69m in Ether

Evil Auditor

I guess it was acceptable under the .uk domain.

Evil Auditor

Re: It just goes to show ...

Yeah... but I wouldn't mind.

Don't be a fool, cover your tool: How IBM's mighty XT keyboard was felled by toxic atmosphere of the '80s

Evil Auditor

Re: keyboard condoms

No one at work, besides me, may touch my keyboard or mouse. And I still used to rinse it biweekly.

Got a bit traumatised in a former life when I discovered the disgusting, brownish-grey, sticky patina of filth covering my then boss's desk, keyboard, mouse, stapler, pens and everything. Heck! It even covered the boss himself.

Talk about a Blue Monday: OVH outlines recovery plan as French data centres smoulder

Evil Auditor

«Noooo!!!! F4ck!!!»

I stopped counting the times a client tells me that their data and systems are safe 'cause it's all in the cloud - that is their distaster recovery plan. The "clever" ones of them even thought of having a mirrored site with the same cloud provider. Backup? Nothing they need to care about, 'cause it's in the cloud. Risk of the provider failing? Stop the crazy talk; these are bit corps, they never fail.

And literacy isn't widespread either, apparently. Time and again I find it clearly written in their SLA - and not in the small print - that e.g. backup is explicitely excluded and so are restoration tests. But the client didn't bother to read it. Or to think. Until the "noooo! fuck!" event.

FYI: A smart-speaker box can monitor your heartbeat using high-pitch beeps and a pinch of algorithm – study

Evil Auditor

Re: Already covered?

«You don't need smart speakers.»

Evil Auditor

Re: Alexa, am I having a heart attack?

This was the past. Nowadays: «Dave, you are having a heart attack. And so does your neighbour Mick from across the road. If you agree to pool your funeral orders you get a special rate.» - «Alexa, call the freckin' medic!» - «I am sorry, Dave, I cannot do that. With accepting the GTC you explicitely agreed to accept service offers that yield optimum revenues for the controlling body. Invoking medical assistance is not an option. And my sensors detect that you will not survive the time until the emergency doctor arrived. Do you agree to proceed with the funeral pool order? Mick is awaiting a response immediately.» - «Mmmpf.»

OVH data centre destroyed by fire in Strasbourg – all services unavailable

Evil Auditor

Re: Who knew data centres were tinder boxes?

60 seconds does sound like an awfully long time. My dazed memory from a large DC seems to recall 20 - when you hear the alarm, head for the exit and if you don't see the exit, hit the floor. Thinking of a domestic fire demonstration I once witnessed (less dazed memory), there might be not that much left worth extinguishing in the room after 60 seconds. I'm far from being an expert in firefighting or data centre fires but found quite convincing in-cabinet fire suppression systems with early detection: as soon as some component start to emit smoky stuff, the power to the affected cabinet is cut and the cabinet flooded with fire supression agent. I assume that is not what OVH had installed.

NASA shows Mars that humans can drive a remote control space tank at .01 km/h

Evil Auditor

...regular commutes extending 656 feet

It must not go too far: xkcd

'Incorrect software parameter' sends Formula E's Edoardo Mortara to hospital: Brakes' fail-safe system failed

Evil Auditor
Coat

Re: Fail safe systems...

If theory and practice to not match, then the practice must be changed.

Then again, I'm an auditor, I don't do practice.

Rookie's code couldn't have been so terrible that it made a supermarket spontaneously combust... right?

Evil Auditor
Boffin

Re: Not just me then.

I do know the stuff but less so the holes because usually I was wearing a lab coat. But it reminds me of an incident back then. I had to take care of some interns. This rather small lab with all the nice chemicals for making printed ciruits had quite a distinctiv stink to it. And its windows were covered with UV filter to protect the photoresist. One of the interns asked if we could open the windows to let some fresh air in. In a fit of silliness I answered that no, we can't because for environmental protection we are not allowed to let those fumes escape into the air outside. Never saw any of those interns ever again.

Mind you, I was pretty young too. And probably did, after all, deserve the blame I got. But somehow I still feel a bit guilty about that incident. Many years later after I long moved on, a neighbour learnt that I used to work for this company. She told me of a guy who was strongly adviced not to work there because apparently they handle hazardous chemicals without any protection.

Evil Auditor
Devil

Re: Not just me then.

At least, you didn't get blamed for throwing ferric chloride solution down your sister which she clearly deserved for dropping solder on the carpet.

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2021