Posts by The Vociferous Time Waster

Cloud is a financial model not a technology

If you can't build well on prem you won't be able to build well in the cloud - and vice versa.

If you are cutting corners on prem you'll try to cut corners in the cloud, only you won't be able to sweat assets in the same way.

If you have legacy and tech debt then you need to sort that out - if you sort it out on prem it will make your life just as easy as if you do it when you move to cloud.

Cloud is great if you have lots of opex but not much Capex. On prem is better if you have access to more Capex and less opex. The last really well justified cloud migration I did was at a startup that had to lease its servers on prem because it didn't have the Capex to buy them. They slotted in very well to the cloud financial model with the backing and blessing of the CFO. The worst cloud migrations I have done have been at companies with constraint on opex who didn't think through the reasons for doing it.

So, er...

1) It'll never happen. Changing BGP is up there with moving off of IPv4 as a lovely pipe dream.

2) BGP isn't meant to be secure. Everyone is responsible for their own house and needs to decide who they trust to peer with and then share their own routing policies with those peers and thoroughly understand the routing policies that they receive. You should be validating your peers using the methods already available and you should be creating a policy that only receives the routes you are prefixes to receive.

3) Trust is about trusting who you trust and also trusting who they trust. See point 2.

4) If you are peering with hostile nations networks then you should expect them to be hostile.

5) Because of the trust model BGP, as with the rest of the internet, is designed to be decentralised. Any attempts to 'fix' it will almost certainly put more of an emphasis on centralised control. We all know that this central control will be in the US.

huh

What an enormous waste of time and money. I expect he'll be back to make a nuisance of himself again soon.

Call the self inflicted burns unit.

"ICQ has tremendous appeal among young, technically sophisticated web users and there is remarkably little overlap with AOL"

This is such a massive self burn. It reminds me of the people who say "The Democrat Party has tremendous appeal among young, politically sophisticated professionals and there is remarkably little overlap with the Republicans"

The porn pioneers

The porn industry can monetise anything so are very forthcoming with the funding to get around technical issues. Without online porn we might not have ecommerce - the porn industry needed a way to take credit cards in a trustworthy manner so they solve the problem and everyone from eBay to amazon still uses it.

Othering

There has been sufficient othering and division in the US now that the hard core supporters on the right think manipulating democracy is justified to keep the left out of power.

Design for failure

Organisations using third parties should always design for failure and assume stuff like this can and indeed will happen. All your eggs in a single vendor basket is a recipe for a CIO on the chopping block.

I guess it depends on the job role

I have worked in various organisations - from payment providers which are extremely secure, to those elsewhere which are achingly insecure. Internet access is given as standard nowadays in most organisations on a default allow basis. This is a massive change from when I started out and most organisations were on a default disallow basis - you had specific sites allowed if they were relevant to your role. Much of this change comes from the massively lower cost of internet transit - no need to be precious about people on YouTube or Netflix if it doesn't cost much or you won't hit your ISDN dialup capacity. The genie is out of the bottle for user systems. For non user systems, servers etc, the default should always be specific allowed flows only.

Only 11Bn?

That's small fry, the current government can waste far more far quicker if it sets its mind to it. Take the 37Bn on the test and trace spreadsheet. My only question is who in government trousered the ill gotten gains from this white elephant? Who is going to get a job handed to them when they are inevitably given their P45 next year?

ADHD

Aderall and other amphetamine based drugs are prescribed for ADHD and other neurodivergence. I wonder what it is about tech that attracts people who have trouble controlling their focus, he asks rhetorically.

Unsurprising

Having worked there this is not surprising at all. I was once told in a performance meeting that I wouldn't get rewarded for doing a good job because they only paid people for an OK job; the reason being that customers only paid for an OK job so Capita only aims to do just enough to avoid being sued.

No blame culture in aviation

Y'all never watched Sully?

Analogue switch off

I am involved in the project to move off analogue lines in a large English city council. Suffice to say that there are a lot of lines that have been billed for quite some time that are not used for anything even remotely useful.

But why?

Why live in London if you work from home?

Teletubbies

I was doing a server and client upgrade at a small automotive company which included a VPN to connect them to their new owner's head office. We had a very busy weekend reimagine PCs and swapping out servers and migrating data - tested everything and got completed by mid afternoon Sunday feeling really good about ourselves.

Come Monday we were on floor walk to make sure users could log on and get started - teaching them the art of the three fingered Microsoft Salute (they had moved from Win98 to XP so had never had to log in with CTRL-ALT-DEL before). All was going well until in walks Maureen from accounts.

She may not have been called Maureen, but you know the type. Been swapping the tapes for decades without ever checking if a backup has actually run.

She looked at the teletubby desktop background and the green start button and immediately announced that she couldn't use it because she hadn't been trained on it so we would have to put it all back to how it was. She marched off to speak to her boss. At this point I had the bright idea to switch the desktop theme to "windows classic" and put the picture of her grandchildren back on her desktop and told her that we had downgraded her machine so it was how it used to be. She mastered the three finger salute to 'get past the new security software' and was logged in and working in minutes. She even bragged that she had special treatment because she was so important as accounts needed to be able to run 'special applications'.

assessments

For fear of getting them wrong and either being challenged by HMRC or Contractors it seems that most companies are taking the loophole of not working with PSCs and only engaging through umbrella as a standard policy. This means there is no assessment to challenge.

This is about risk and cost.

This is not something that will help contractors. The main disadvantage of the current rules is that the risk sits with the client, not the contractor as it used to. This means that previously companies could pay someone a rate and offer a contract that suggested outside IR35 but then if HMRC disagreed it was the contractor on the hook. Now the client is on the hook if they haven't done the assessment correctly. Their only way to mitigate this risk is to move away from PSCs and go umbrella but that has proven to be expensive - I don't pay more tax in an umbrella, the client does because my rate went up to reflect their choice so I take home the same amount each month.

Gov.uk has already started to erode this a bit by discretely changing the rules so the risk can be shoved back onto the contractor if it is found that they misled the client on the IR35 assessment. Any review will be a further erosion of the responsibility of the client as those risks are shifted back onto the contractor. As for how HMRC interprets things, they have proven to be a law unto themselves when it comes to how the rules are interpreted. I can imagine they would be happiest if the contractor paid taxes like an employee and had all the risk while the clients would like to pay rates that are more in line with permies.

Sadly missed

My current contract has scheduled tasks and processes that still run under the user account of a guy who died two years ago at the start of the pandemic. His user account has gradually and very carefully had privileges removed so it's basically a service account now it can't be deactivated because nobody really knows how many important things run under that user account.

I am reminded of GNU Terry Pratchett.

get-aduser | set-aduser

I spent some time at a well known retail client a few years ago and we got a similarly unplanned lunch break when one of the service desk guys wrote a small script to change user passwords using powershell. As he was not a developer he completely bypassed user input sanitisation and error handling and basically strung the get-aduser commandlet (which gets user objects) and the set-aduser commandlet (which changes attributes, for example the password) together with a variable instead of a pipe.

At some time before lunch he ran his script and, as it was taking a bit of time to run, scuttled off to lunch. Over his hour lunch break those of us who ate at our desks started getting the 'windows needs your current credentials' message pop up on our computers inviting us to lock and unlock our desktops.

What had transpired, it seems, is that he had fallen victim to a classic faux pas - the get-aduser commandlet will assume, if you do not specify a filter, that you want every user object. "get-aduser jsmith" will return the object matching that name whereas "get-aduser" on its own will return an object containing every user object in the director (unless the command is scoped in another way). Fortunately for our hero he had scoped the command to an OU that was UK head office only and didn't extend to international users, store users, or more importantly the service accounts upon which the business ran. Around 3000 people had their passwords reset and it took quite a while to fix the issue. As everyone had their password set the same they couldn't just tell people that the password was "ChangeMe123" because that meant that anyone could access any account. The passwords had to all be reset again to something unique to the user (DoB and NI number I recall) so that it could be communicated widely. There was then the 2 day password retention rule that prevented anyone changing their password for a couple of days afterwards.

Two options

Companies should either hire people directly (fixed term or permie contracts) or use contractors that are proper contractors and treat them as such (not disguised employees/umbrella/inside IR35). If you are a contractor you provide a service and don’t have a manager or go to team meetings or have your hours and location of work dictated to you. Fixed term and perm get the benefits. If companies hire a contractor and then treat them like an employee they should be liable for the tax and benefits of an employee.

I for one...

I for one can't help but laugh.

wrong model

If you want to get your data out then AWS is the wrong model. It's great for ingesting data, processing it and then returning targeted information based on that data (reporting and visualisation etc) but just as somewhere to store it for repeated access it sucks ass.

right

it's not like anyone would abuse emergency powers...

Too late for many

The deplorable conduct by many companies will leave them struggling to recruit now no matter what the terms. I will be checking offpayroll.org.uk before any contract from now on.

Wise?

Is it wise to give Crapita anything given that they are circling the train with a share price falling through the floor?

Offset his holiday pay

Surely if gov.uk have declared this person an employee then there are large amounts of holiday pay and other benefits, not to mention a hefty redundancy payment.

Can't have it both ways - or employees might soon find that they too are being taxed as an employee but treated like a contractor.

No probs

I’ll just have to put my day rate up a bit.

Never attribute to malice what can be explained by incompetence.

Site has been up and down like Boris' Y fronts.

Further advice...

Don’t use dell network kit anywhere important.

Duh

People who are usually not that great with critical thinking found to be not that great with technology, bears also found to do their business in the woods.

They are...

They are Dyson with trouble.

Coat etc.

Powershell is dangerous in the hands of some...

At a place I worked as a contractor there was a low level server ops guy, let's call him John Smith, and he wrote a very simple script to change passwords. I don't quite know how his script was more efficient that the one line of powershell that it ran but then he was a very low level person, the type who tend to do the stuff that nobody can be bothered to script because they can't script clicking on the next box.

So the script that "John" wrote basically took a username and changed the password. I would hazard a guess that it basically did:

Get-ADUser $user | Set-ADAccountPassword -NewPassword "Changeme123!"

OK, so there were some other options in there as well but you get the gist.

Anyway, "John' runs this script using his privileged account (let's him do desktop stuff like change passwords) and it seems to hang. He goes off to lunch.

At this point it's worth noting that in the line of powershell above if $user is null then Get-ADUser will get every user object in the domain and pipe all of them to the password change applet. It hadn't hung, it was just a little busy.

While "John" was off at lunch the rest of the IT department realised that they were unable to reach stuff, many had locked their desktops while eating their own supermarket "own brand" sandwiches at their desk and when they tried to unlock their desktops found that their passwords were no longer valid.

Later in the incident room it became apparent that "John" was responsible however he not only managed to retain his job but eventually managed to move sideways (and slightly down) into the desktop team.

Painter's 2nd Law of IT

If an IT organisation has to manage something that can expire and must be renewed then it follows that it shall, at some point expire without having been renewed.

SNMP

Many organisations use the same set of SNMP strings across the business. If you manage to compromise it for one device then you stand to compromise it for everything.