Posts by Tony S 581 publicly visible posts • joined 10 Jun 2009
"There needs to be a debate as to whether bulk works and whether it really is worth it.
I'd say that there has been a debate; unfortunately, the PTB have not been the ones involved. I'd go further and say that the arguments have been very clear; it doesn't work, is not worth it and would actually have the opposite effect to what the proponents suggest.
But we seem to live in an age rather nicely described by Isaac Asimov; "Democracy; where the belief is that 'my ignorance is just as good as your knowledge'"
Not at all surprised.
I remember seeing a green screen application some years ago at a big company. Most of the staff had access to this, without needing any form of security control. I believe that they had something like 400,000 customer details in that particular system.
That was a system based / managed in India. Used by some call centre staff there, but also by several call centres in the UK.
Why am I not even in the least surprised?
Yes; these are the people that want us to trust them over matters of security. On that basis, why am I not more upset? Anyone that deals with security should be howling for blood.
Please assure me that there will be no-one from this incompetent bunch that gets anything in the Queens Birthday honours list for at least the next couple of years.
The client's PC wasn't working; so after testing several things, I tried a different power lead, at which point it booted OK. Clearly, a problem with the fuse in the plug. I went to change this, but was told off by the office manager. Only an electrician could change a fuse as it was dealing with electricity. No electrician available on site or within an hour's call.
So I went out, bought a new power lead from (I think) PC World. My MD went a bit crazy to begin with when he saw the cost on the job sheet; but after an explanation, happily submitted the bill. The client queried this; we had a snotty note asking why I couldn't change the fuse. Told them to refer to their own office manager.
Much grumbling from the client followed whilst they refused to pay the bill. Then, I hit upon the idea of getting a quote from an electrician for changing a fuse. Submitted that to them as evidence that buying the new lead was still cheaper. They didn't have a choice after that other than to pay the bill.
When in doubt, draw up a parliamentary bill so vague, that it might be interpreted in any way that you choose. Add in amendments to allow it to be expanded to cover situations outside of the immediate descriptions in the original preamble.
If possible, prevent MPs from discussing the bill by forcing it through under a 10 minute rule; ignore calls for it to be scrutinised in committee. Use the Parliamentary Act to prevent any hold ups by the Lords. Then apply the legislation for purposes or in ways that were clearly never considered.
What could possibly go wrong?
There have been suggestions that asteroids are the way to go; not just to be mined, but because they could also be the basis for a suitable vehicle which would save a certain amount of time and effort in construction.
I have a copy of a book by Bill Shatner; it talks about the various technologies that were predicted within the various Star Trek series. During filming for some episodes of ST:TNG, Professor Stephen Hawking was doing a tour of the USA and was invited to do a cameo appearance on the Enterprise. After filming completed, he was invited to tour the various stage sets and one of these was the "engineering" section with the iconic "warp drive". Apparently, he looked at it very carefully, before announcing that "I'm working on that!".
For anyone that might be interested, he was also the guest speaker at the Reith lectures. I believe that these will be available on the BBC website for the next 3 weeks (a transcript is also available). He has a very dry sense of humour; it's well worth listening to the broadcast.
"Customers visiting the Sainsbury’s Bank website can rest assured we don't give a toss about them that they are protected at all times by multiple layers of online security. We continually do as little as possible act to strengthen the protection of our online customer services through security improvement initiatives that we don't understand, achieve bugger all, but sound good.
FTFY.
My grandfather Percy Eastland.
Lied about his age, signed up in '14, sent to France in early '15. Fought in several major battles, including the Somme, where he got his first wound (bullet in the chest) when attacking and taking a machine gun position. Invalided out of the army in late '17 after his leg was blown off. Refused to talk about his experiences; only after his death did any information about his activities come to light. (He occasionally crawled out into no-mans land, usually without a weapon, to spy on the enemy positions.)
During the second world war, he worked as a mechanic in the naval dockyards during the day and a fire warden at night. During the Blitz, he dived into the harbour to rescue someone that had fallen in the water. Despite only having one leg, he was a powerful swimmer; he rescued the man and lifted him out of the harbour on his own. He didn't tell the family; they found out a couple of months later when he received another medal to go with those he received in '19.
My great uncle Ernest Mitchell.
He was a PO in the navy; and assigned to a new submarine, HMS Thetis. Unfortunately, there was a manufacturing flaw on the torpedo tubes, which they didn't know about. He had been designated to a different position during the maiden voyage, so his experience was not available to prevent a tragedy. However, he realised what had gone wrong, made his way to the flooding compartment and somehow managed to lock the water tight door to save the lives of everyone on board. Sadly to no avail; they were stuck on the bottom of the sea and succumbed to carbon dioxide poisoning.
As an aside, 70 years later, I was talking to a member of my then IT team. It turned out that he had a great uncle that served on board the same boat after it had been put back in service as HMS Thunderbolt; and had gone down with her in action in the Med during '43.
Some people did not choose TalkTalk as their ISP; instead, their original ISP was bought out and conditions enforced that made it harder to leave.
Personally, although I hate the though of paying money to these shysters, I would actually pay up, just to get rid of them. Of course, it's easy for me to say that; but sometimes, it's the lesser evil.
" Some people really need to get real and accept that we all need to make some level of sacrifice "
I note that you choose to make that comment anonymously.
Benjamin Franklyn said it best:
Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.
@ A non e-mouse
In my first year of management training, I was told "Turnover is vanity, profit is sanity". It has been true since the dawn of human commerce, but there are still people that refuse to learn this particular lesson.
As for the performance of cloud providers; currently working with one that is doing a pretty poor job, considering how much we are paying them. They seem incapable of providing a secure or stable service; we won't see 99.9% uptime this year (might even be less than 99% uptime).
We could buy our own hardware in two months, software in another two, train staff for the cost of month 5, and then host it ourselves; and save the company a substantial amount after that. Plus, I wouldn't have to have 2 pointless weekly meetings where I raise complaints, they promise to look into it and do nothing.
About 30 years ago, I had to attend a company meeting at a big hotel / convention centre; almost all of the staff from that region were present. The MD got up and did his usual "isn't everything wonderful and exciting" speech at the start, before we then had various other senior managers do their pitches.
Just before lunch, a large group (about 40 ish) were asked to go to a side room. Once inside, they were told rather unceremoniously, "you're fired" and were given 5 minutes to get their luggage from their hotel rooms and leave the premises. They were hustled around to prevent them speaking to anyone else. I managed to catch up with one of them who was in a pretty shocked state; I was sure that he shouldn't have been allowed to drive home.
After lunch, the MD was rather scathing about those people; quite honestly, I thought the way he talked about them and the language he used was appalling and certainly not justified. I stayed the night, but about a week later I quit as I was just so disgusted with the whole bunch; it would probably be no surprise to anyone that the business got taken over a couple of years later, the MD got a massive (multi million) pay off and the staff got SFA before being kicked out in the street.
In Orwell's 1984, we were presented with an established scenario; and there were only minor details on how the political situation he wrote about had actually developed.
What we have been seeing with this and all the other similar schemes, is possibly the prequel to that novel.
I tried a couple of times this morning without joy; finally managed to get access about 30 minutes ago to make sure things are OK. But checked it just now and it's back offline again.
Unfortunately, my pay has not gone into the account yet, but I suspect that's because they were late making the transfer. Fortunately, I left sufficient in the account to ensure that I covered all the SOs and DDs.
I can confirm that having tested it several times this morning in different browsers and via different connections; also tried the app, but that seems to have a problem as well.
Having said that, managed to get money from an ATM; almost everything is paid by SO or DD, so they've got a few weeks to sort it out before it becomes an issue for me. Just inconvenient is all.
But there will be others that could be in much more difficult circumstances; feel sorry for them and hope that HSBC will do the right thing and make sure that no-one gets charged (or gets refunded) if they end up getting slapped with penalties.
Not surprisingly, the telephone banking service line is mega busy; but their staff are doing their best under difficult conditions
I don't "know"; however, I "suspect" that this is an example of some group flexing their collective muscles to test out a number of processes. Who they are and where they come from is unclear.
I also suspect that these are probing operations, designed to tested operational capacity of both sides. Specifically, their ability to conduct the attack and the capacity of companies and agencies to respond appropriately. We may see a few more of these, possibly in the not too distant future; and then possibly even a full scale attack.
I somehow doubt that this is the work of script kiddies; it seems to be too focussed and determined for that. I'm betting that the more senior members of the security community are privately very worried indeed.
"The Government needs to get its house in order"
Most definitely. I'd say that statement should also include the civil service, as it does seem that they are more involved in the actual management of the projects than the MPs.
But I suspect that whilst they continue to use the same old crowd of suppliers, the situation will never improve. Maybe some of the smaller businesses might not do any better, but it seems likely that they wouldn't do much worse.
"I consider myself lucky when my connection goes above 8Mbps (usually around 4.5Mbps) "
I dream of the day that I might actually go above 1.5 Mbps. (Probably the same day that I get 3G at the house.)
Unfortunately, it's all down to the wires in the ground. Not going to be replaced any time soon, so all I can do is dream.
It's been clear skies here for weeks. But get one little slightly interesting astronomical event, and the clouds form up in seconds.
Mind you, being this close to the Equator, probably wouldn't have seen sod all anyway. More likely that we'll see the lights of the firework display in Dubai
https://youtu.be/mxPzjsyspEc
"As I understand it the judge decides and it seems traditionally they normally let anything in."
It might seem that way, but they are bound by the rules.
"Generally, in order for evidence to be admissible it must be relevant, without being prejudicial, and reliable." http://findlaw.co.uk/law/dispute_resolution/litigation/trial/admissible-evidence.html
A considerable number of cases involving digital data have failed, primarily because the evidence submitted did not meet the condition of being reliable, because (normally) the CPS couldn't demonstrate that the chain of evidence was accurate or complete.
"It's worth noting that in Britain if evidence is in front of a court then it's admissible. It doesn't matter if it's been legally acquired or not."
PACE would appear to disagree with you: http://www.inbrief.co.uk/police/pace.htm
Although it is important to note that failure by a police officer to adhere to the codes of practice does not render them liable to criminal or civil proceedings, their failure to adhere to what the codes state can still be introduced as evidence in civil and criminal proceedings (PACE 1984 s.67). Additionally, any evidence obtained by the police in relation to the investigation of any criminal offence where they have failed to adhere to PACE, can be deemed inadmissible in court thus prejudicing the case against the defendant
(My emphasis)
The key item would then appear to be if the court decided that PACE was breached by the use of an unlawful system (not illegal; unlawful)
So, if the database is not legal, then that would make any data it contains not legal; and as such, it could not be used as evidence in a court of law.
If someone is prosecuted and the sole or main evidence is the data from ANPR, then that data should be rejected or at least challenged. If someone has already been successfully prosecuted based upon that data, they could ask for the case to be reviewed and the judgement to be set aside.
Not a lawyer; but based upon a course that focussed on evidence and procedure within court cases, I think that I'm correct. Not doubt in time we will see loads of spam in the manner of PFI, indicating that you could get your money back.
"The big question is, what's the goal? Are they using these attacks to hide something else like a penetration? Or merely trying to drive things off the air, so to speak?"
Just the question I was asking. I did wonder if this was part of a series of tests to check out a process that will then be used as part of a much larger offensive at some time in the near future.
The principle of an attack against critical telecoms infrastructure is one that has been raised before by a lot of people working in security, both as something to be defended against and as a possible attack vector.
I've only once had an issue; and the bank picked up on it almost immediately and contacted me to query if it was me making purchases. Partly because I had used the card at a petrol station the day before, and the subsequent transaction was in the USA less than 20 hours later.
But the agent dealing with the case said that it was primarily because the order was of what he rather coyly described as "an unusual nature" for me. When I pressed for more details, it appeared that it was a purchase of $800 worth of lingerie; and not the kind composed of satin, lace and bows, but rather of vinyl, buckles and belts!
A good job that I didn't have to explain that one to SWMBO!
"I am amazed that we live in an age where a child can see other children being killed on the 6 o'clock news, can walk in to any newsagent and see sexualised images on the cover of magazines, but the parents who would rather the state taught their children right from wrong cry and moan that it's too easy to search "tits" on Google."
My point precisely. Someone else is trying to dictate what is "right" for me to see. And sure as eggs is eggs, that will change when they decide that I should only be allowed to see things that they approve of (whilst probably themselves indulging in the specific acts that they say none of the proletariat should see).
I don't use Sky, so ... Meh.
I also tend not to indulge too much in the "adult" movies, so I wouldn't be that bothered.
But I am grown up; I can make my own decisions. I know that there are people with kids that clearly don't provide the appropriate guidance for their offspring, but that's their problem. What worries me is that this is often just the first step on a slippery slope. When one individual decides that he or she "knows better" than me, I have to question that view and their motives.
I've been in that situation. Company policy was 100% cast iron that no-one could accept gifts of any kind; then I found out that one of the execs had gone away on holiday and when he and his family got back, they had a brand new kitchen. I'm told that it cost about £5,000 and that was in the days that a 2 bedroom house sold for £19,000.
Most recently, I'm in a situation where someone appears to have done a backhand deal that means the place I work at is paying for the licences that are being actually used by another business that the FD has a relationship with. I queried this, but the issue is being swept under the carpet; and I suspect that because I keep querying why they tolerate this, my services may not be required much longer.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
