Posts by David Harper 1

This is Linux ... I know this!

For readers old enough to remember ;-)

OAUTH would like a word

"It is, of course, getting worse. The whole idea of agentic AI is pinned to the donkey by the assumption that your agents need your access rights to act on your behalf. There being no industry-wide best practices, no inherent management principles, or indeed inherent anything, this means giving AI agents your passwords – something that in a sane and godly world you would not do."

No industry-wide best practices? You mean, like OAUTH, which has been around for two decades?

Your weekly reminder ...

... that "the cloud" is just somebody else's computers, over which you have no control.

Let's hope their DBAs are making regular backups

When an AI agent with high-level privileges eventually goes berserk and deletes the corporate database, let's hope that the DBAs have been (a) making regular backups and (b) practising the point-in-time recovery procedure.

Definitely a future case study on how not to do a big IT project

About 20 years ago, the Open University ran an excellent course called "Learning from Information System Failures" as part of its postgraduate computing programme. It examined the different ways in which large IT projects often fail. The course material included several case studies, including the infamous Cambridge University CAPSA project and the Home Office's 1999 Passport Office fiasco. If the OU ever brings back this course, I predict that the Digital ID project will be a prime candidate to become a new case study.

It also took Zoom down

There was a great disturbance in the Force, as if millions of Zoom users cried out in terror and were suddenly silenced.

Reading between the lines ...

It looks like Ray committed a file containing production database login credentials into the company's source code repository. That is shoddy practice on so many levels. If Ray had worked in my organisation, he'd be getting a very severe bollocking from our cybersecurity team *and* our DBA team.

The next Windrush scandal, except that everyone gets to take part

The Home Office is already trying, and failing, to implement a digital ID system for millions of foreign permanent residents living in the UK. It's called the eVisa system, and it is riddled with flaws. The campaign group the3million has recently published a detailed report on the failings of the eVisa system (https://the3million.org.uk/digital-status-crisis) which should be required reading for anyone advocating for a nationwide digital ID system.

On the plus side, given the track record of large, complex government IT projects, this one is never likely to get off the ground.

Why weren't they using a read-only database account?

All major relational database systems allow DBAs to control what each user account can do by granting different levels of privilege, all the way from superuser status down to "you can connect to the database but you can't see or alter any data". So why -- especially after the first incident -- didn't the DBAs severely restrict the reporting account to allow it only to execute SELECT? That's what we do in my organisation. If you have a valid need to view data, but not to alter it, we grant you SELECT privileges only. You can try to execute INSERT or UPDATE or DELETE, but the database will respond with "you don't have the privileges to do that".

And going to the U.S. is no longer an option

Now that Mango Mussolini has slapped a $100,000 price tag on the H1-B visas that so many talented young Indian IT professionals rely on to get jobs in the U.S., it's a double blow to have the Indian IT job sector downsize so drastically.

Digital ID already exists for non-British residents

It's called an eVisa, and the Home Office has been issuing them to foreign students, workers and non-British partners of British citizens since last year. Existing non-British residents with physical immigration documents, such as stamps in passports or biometric residence permits, are now required to exchange them for an eVisa.

Employers and landlords are legally required to verify the eVisa status of anyone they want to hire or rent to. It is also checked by airline staff before boarding a flight to the U.K.

The Open Rights Group published a report last year (https://www.openrightsgroup.org/press-releases/broken-e-visa-scheme-could-lead-to-digital-windrush-scandal/) highlighting serious problems with the Home Office's implementation of the system, and warned that it could lead to another Windrush scandal. Readers of The Register will find the ORG's report both fascinating and alarming, as an example of a major government IT project that has fatal flaws.

On the plus side

When the databases of the age-verification services used by popular pr0n sites get hacked -- as we all know they will -- and the identities of prominent U.K. politicians listed in those databases are leaked to the media, the schadenfreude will be SO satisfying.

My irony meter went SPROING!

Considering the billions of pounds that have been wasted trying to integrate NHS medical records over the years so that Hospital A can view your records from Hospital B or GP Surgery C, it's ironic that at least one hospital in the U.S. appears to have managed it quite by accident.

A future case study in why big IT projects fail

Twenty years ago, the Open University offered an excellent six-month graduate-level course called "Learning from Information System Failures". The course materials included several case studies of large IT projects that had failed. One was the disastrous Cambridge University Capsa project of the late 1990s, which attempted to implement a single accounting system across all the colleges and departments of the university. If the OU ever revives the course, Birmingham City Council's Oracle ERP project will surely be a prime case study.

For high-end bird storage, you want the Superb Lyrebird

Who can forget this jaw-dropping excerpt from David Attenborough's Life on Earth?

https://www.youtube.com/watch?v=mSB71jNq-yQ

It's not only junior developers that commit this type of SNAFU

There's nothing more dangerous than an over-confident senior developer who has write access to the production daatabase.

Fond memories of networking in the days of X.25

As a Ph.D. student at Liverpool University in the mid 1980s, I tried to use the X.25 JANET FTP protocol to transfer a set of data files from a VAX at the Royal Greenwich Observstory (of blessed and glorious memory) at Herstmonceux to the IBM mainframe at Liverpool. It turned out to be a non-trivial task, and even when the head of operations at Liverpool got involved, he was unable to get it to work, and advised me to ask my collaborators at the RGO to put the files on tape and send it by Royal Mail.

Not so much a canary, more a dead parrot

"Not all industries have the tightly integrated function and quality testing regimes of production code generation."

And some titans of the IT sector don't even have that ... https://www.theregister.com/2025/06/16/google_cloud_outage_incident_report/

The ancient Babylonians had the right idea

There are Babylonian clay tablets containing cuneiform text that are almost 4,000 years old and still readable. Some of them contain records of solar eclipses and other astronomical events that are still being used by modern astronomers to investigate how the Earth's rotation rate has changed over the millennia. Now THAT is durable data storage!

Mountains of AI-generated corporate BS!

If I were cynical, I might wonder whether this is simply a case of AI being used to generate greater volumes of the kind of corporate BS that blights the lives of the people who do the real work. I think readers of El Reg will know what I mean: emails, reports and presentations from HR, senior management and consultants, full of buzzwords but oddly devoid of any actual meaning. On the plus side, if I can toss these into Copilot and ask it for a one-line summary in language that a 7-year-old can understand, I'll save myself actually having to read all of the tedious crap and save myself a lot more than 26 minutes each day.

You can easily spot the mathematicians in the audience

We're the ones grinding our teeth in collective fury over yet another incorrect use of "exponential". There are few things that can move mathematicians to kill, but this is one of them.

Have you watched "The Right Stuff" recently?

NASA had plenty of rapid unplanned disassemblies in the early days. In the movie "The Right Stuff", those clips of rockets exploding just seconds after lift-off are real NASA archive footage. The courage of the Mercury astronauts, especially Alan Shepard, cannot be overstated. Those guys watched rockets explode, then went ahead and sat atop one anyway.

"25-year-old Marko Elez, who's now in charge of the US Treasury payment system"

You mean the guy who was forced resign from DOGE after journalists uncovered tweets by him that were so racist that even Elon Musk wasn't willing to defend them? That Marko Elez?

Since we're sharing amusing stories ...

Around 30 years ago, I worked for a while at a large UK university. The HR department had a reputation for leaving people on the payroll after they had moved elsewhere, so in my last month, several memos were sent to HR to remind them to remove David Harper from the payroll. A few months later, I started getting mail forwarded to me from the university, but for a David Harper in a completely different department. I emailed him to let him know that I had his mail and would send it back at once. He wrote back to tell me that after I left, HR had stopped paying *him* too. The poor guy missed two months' salary before it was sorted out. Not funny for him at the time, obviously!