Posts by david willis 104 publicly visible posts • joined 29 Jun 2009
I'm minded of a conversation at university (early 90's) in a lecture about systems design.
We need a shoulder launched anti aircraft missile (late 70's early 80's), it needs to
1. be a reasonable weight
2. be effective against enemy aircraft
3. have decent range
2 & 3 cause conflict.
To be effective against enemy aircraft your best hope is a decent sized warhead (mix of bang and ballbearings) which when detonated near the enemy aircraft (this is how they work) will shred said aircraft.
As your warhead size increases you have to consider the amount of propellent needed to move it, big warhead needs more fuel to move it, particularly if you are looking for decent range.
2 & 3 added together are dead weight.
Within three months of the conversation starting about this "shoulder launched system", it had morphed into something that needed a 30 ton tracked vehicle to carry it round.
"Tech pros chosen to be part of the Tech Force don't need a traditional degree or a minimum amount of work experience"
So what are we looking at here? - gardeners, cleaners, counter staff at McDonalds ?
I'm sure they will find some surprising able people, but I have no doubt that will be the minority of those hired.
Eventually I'm sure IT will fail, and then we will hit a cycle of "remember the good old days with pen and paper?" -
Many years ago I worked for a UK breakdown company who had a base in Leeds.
Big posh glass building had been SYSTIMES UK HQ, (Google it).
On the first day there the head of IT proudly showed me the server room, a glass box in the middle of a glass building, with a big green push button to open the electrically operated door.
On the way out of the glass box he asked me to open the door, but be careful to press the big green button, not the big red one right next to it.
The big rid one cut all power to the computers and flooded the room with halon gas...
(yes the red one had been hit several times in the past)
As a celebration of the individual, and as a nod to his comments about privacy/data sharing, could I suggest in addition to using the Smoot as a measure of distance, we use it as a measure of time, as used in the sentence - "it took us x Smoots to be in the position we are now with regards privacy & data sharing". Obviously I would bow to the individual to define a time based metric for "the Smoot"
On the 13th Feb I got two emails from Draytek, one listing 8 vulnerabilities. One highlighting two critical vulnerabilities that were listed in the previous email.
The critical vulnerabilities;
CVE number CVSS
CVE-2024-51138 9.8
CVE-2024-51139 9.8
Both led to buffer overflow.
Guidance about the update stated the following;
3. If remote access is enabled:
Disable it unless absolutely necessary.
Use an access control list (ACL) and enable 2FA if possible.
For unpatched routers, disable both remote access (admin) and SSL VPN.
Note: ACL doesn't apply to SSL VPN (Port 443), so temporarily disable SSL VPN until upgraded.
As has been previously commented, recommended minimum firmware was listed differently in the emails.
Fortunately I do not use VPN or remote access, both are disabled. I updated the firmware, to the most recent, the following day and have had no issues.
I was fortunate. I have easy access, on site, to this equipment. I really feel for those that support this stuff remotely.
I would suggest however that many people buy Draytek because it is reliable SME level kit that plays well as an ecosystem.
Some of the users of such kit may leave it on a shelf or in a cupboard a little neglected as Draytek doesn’t seem to get attacked as much as other larger providers.
If anything this story should give us an idea of how much kit is out there and perhaps prod us all to make sure we maintain it?
Honestly I sleep better at night knowing my Draytek kit is maintained rather than other stuff that “auto updates” but doesn’t offer you the ability to check/force an update,
The are potential option with the approach that are positive.
Remember the garages that do MOT’s all sit somewhere on the Goldilocks scale, as do the punters that take their cars in and the cars themselves.
Daddy bear garages will fail more cars, but that doesn’t mean to say they are better at an MOT than anyone else, quite frankly they may be ripping off their customers.
Baby bear garages will pass nearly everything, that doesn’t mean they are allowing unsafe cars on the road, it may be that the cars they examine are maintained better during their service cycle.
Where cars move between garages you will begin to see patterns, looking at the difference between the number and type of “advisories” you will see patterns, How you scale these patterns remains to be seen, but if somebody could dip into vehicle service details (even the tiny garages now use online recording systems, which also help them with billing and accounts) you may suddenly be onto a really good thing.
Obviously this won’t all happen on day one. Worryingly somebody may decide they are happy with a partial view and accept the road accident because of faulty vehicle statistics as being cost effective, but we can but hope that the approach provides better visibility than the existing MOT of MOT stations that seems to have its own Goldilocks problems.
The gulf of mexico has had a lot of names.
Its currently international designation “gulf of mexico” first appeared in 1550.
Its current US designation occurred within 24 hours of one deluded man, becoming president. Nobody was crying out for it, nobody was at war about it, he just thought it was a good idea that would make him look good in front of his supporters (which to be fair it does)
The worry isn’t even the rush of companies (traditionally against the man) to support him. The reason for this as far as I can see is fear.
An elected president, above any law, ruling by dictat. It’s almost like Naxi Germany or The CCCP/Russia.
People should be scared. Very scared. this trivial start may not end well.
Lots of comments about Trump (no surprise)
Not a lot of comments about google, the company you could trust (stop laughing at the back), a company that has committed to “Transform teaching and learning with products built for education”, then bent over hard to ignore reality in order to appease a delinquent.
PS if you own an Apple device, any Apple device capable of running safari, your default web search engine is google. Remember how google makes its money, and if you don’t like what google has done change the default search engine. It’s really easy to do.
For those supporting all this delinquent rubbish, feel free to gather round google, raise the American flag, with its potential for 52 stars (Canada and Greenland) and sing that song about America, “land of the free’, unless of course you are transgender, lgbt, have a skin colour that isn’t white or are a woman.
People are perhaps fretting a bit much.
Lots of extreme presidential orders, sowing confusion and uncertainty. Meets the expectations of voters. He said, he did, tick the box.
When stuff starts happening (or not) then it will be somebody else’s fault for not doing what the president said, or alternatively misinterpreting what the president said. Obviously that sits well with the ‘blame’ others for the problem, something else the voters love, tick the box.
Now whilst the confusion is occurring… off to the golf course?.. and if anyone questions this, look at all the work done above, blame leftist radicals and loony democrats for undermining the hard working president. The voters will love this, tick the box.
I thought "Star Wars" project was an elaborate hoax, designed to start a very expensive arms race with the then CCCP looking at lasers, particle beams, high performance computers and high energy physics. In many ways it was a very effective project announcement, it helped lead to the downfall of the CCCP, but also got sued by Lucasfilm for trade mark infringement.
You go out and buy a car from a major manufacturer, you pay £30-60k for it, depending on model (assume a family saloon if such a thing still exists). It WILL be tested by the manufacturer, it will be road safe, it will last 3 years before it needs an MOT and it will be supported for three years (maybe longer) if it has faults.It doesn't mean to say it won't break down, but you are offloading your risk to the supplier at a price.
Alternatively you might want to build your own car ! - it will most likely be substantially cheaper, you can source your parts from almost anywhere. However it will still need to meet basic rules of the road to be safe, and there is a cost to meeting these rules. It must not spin off the motorway at the first corner and kill 5 people on the other side of the crash barrier.
Same goes for software - buy from supplier and have support
or
Build it yourself, get it tested and be responsible for the risk.
Do we need a testing and review system for open source ? - funded at cost by those wanting to use their build ?
yup!
https://www.engadget.com/2019-12-16-fartier-glitter-bomb-2-feat-macaulay-culkin.html?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAAAMnP_y_fb5MIpitHLpxePFuiH84vrjnX-y4GhowSonCA0wRTQy1OlNEf_RJNg-ZVyqO9bUFKd1DEjTqIvSa7v6e0NeXXb1Eb5PJO_M3k3QvNeDaUrn2TzjwipduCtDvpxjLn-GMykf1BEdBOUIo416W94NsA0Yh7g4fJH_9npuvZ
Options.
1. The AI's do not integrate, do not talk to each other correctly, create a million and one individual problems they all disagree on... Good new's?, average board meeting, public service ?
2. The Ai do integrate, they do talk to each other correctly, the identify a million and one problems, and they all agree on the way of dealing with it .. Bad news ? Skynet ?
There is an awful lot of hard work going on to implement new technology into healthcare, large amounts of money being invested to pay for that technology. The real challenge is that the legacy process and procedures within the NHS do not necessarily lend themselves to be implemented in IT solutions. Attempts to change the process or procedure has historically led to resistance that has either led to failure or compromise of IT systems. Add to this complex procurement, dodgy suppliers and local IT infrastructures that simply do not meet modern standards and you have the perfect environment for systems that simply do not work in the way people would like.
stop looking at tech to fix all the problems. look at the jobs that have to be done, the validly of the jobs, how they link into other jobs. Get rid of the stupid jobs and look at ways to change processes to improve workflow, then look at tech that can support this workflow. SSADM.. bit of an old method I know.. but maybe teachers can make it work?
I guess the only way people will start taking cybersecurity seriously is when somebody does slam a full passenger airliner into the ground.
My guess is they will not have been trying to crash it, in the same way it is unlikely somebody planned wannacry to take out the NHS.
It will most likely be collateral damage caused by some other well meaning piece off software - think of the problems being caused by Stuxnet variants.
That doesn't mean to say that there are not people who would crash the NHS or an airliner.
I have to admit I’ve been waiting for the single slim block of aluminium, that is not tarnished by holes, keyboard or screen. With its illuminated Apple logo, which isn’t bright enough to be used as a lamp, meaning the whole thingis just an expensive paperweight. It seems Apple have almost managed to achieve with the 2017 MacBook Pro.
I’m from Yorkshire. The pudding can be served sweet or savoury. Hot or cold. Warm with strawberry jam and whipped cream is just as nice as hot with beef and gravy (obviously not on the same plate at the same time).
https://www.thespruce.com/ways-to-serve-yorkshire-puddings-435911
I do feel however that chocolate cake filled with cream egg filling, topped with cream eggs served in a Yorkshire pudding may be a bit “dry”... perhaps add some vanilla ice cream and some of the Cadbury’s mini eggs (for texture).. it might just work Grommit.
With all the follow people, identify people technology deployed surely somebody will need to cover the costs of the tech and this will fall back on giving external companies access to the data. So here is a thought. Have you ever been annoyed by the targeted adverts that pop up curtesy of cookies, you know .. you've browsed amazon, and the next thing you are getting popups for similar stuff for sale?, imagine the intelligent city, your face is known, your eating habits are known, you are going to lunch and bingo the sign next to you lights up with an advert from whoever pays the most money to point you at food source x/y.. maybe not a bad thing?.. but could it get worse ?
Dear Sir / Madam,
I note you wish to change the terms and conditions of use of my procured SONOS equipment.
Please note that I object to my information being processed in the manner laid out by yourselves in your new privacy policy.
(By object I refer you to the European Data Protection Regulation due into action in May 2018), as a registered data processor in the UK (ZA207909) you are required to record my objection and justify your use of information, this information includes Person Identifiable Information which is being processed without my explicit consent.
Note your response may be forwarded to the Information Commissioners Office for their comment. If they judge that your processing is inappropriate they may make comment.
I would refer you to the monetary penalties section of the GDPR, up to 4% of global turnover or 20M euros (whichever is the larger) for penalties should you be in breach of this legislation.
You privacy policy is imposing a change in the contract between customer and supplier.
One that I as the customer do not believe appropriate.
As this is a unilateral change in contract and something I would not have agreed to when I originally procured my SONOS equipment, could I suggest you either make your processing optional (ask my consent and allow me an opt out) or alternatively arrange refund for the equipment I currently own and deletion of my information from your databases in line with the “right to be forgotten” as outlined by the GDPR.
Sounds like a lot of money? To be split between 27 organisations (the major trauma centres)
As for the other 206 secondary care NHS organisations, Acutes with A&E's, Mental Health Trusts, AMBULANCE TRUSTS... they will have to bid for part of the £50M allocated to the ENTIRE NHS to be released over the next 2.5 years, when in reality they will all have to meet strict standards by April 2018.
Rock and a hard place? -
Do they do a version that can turn a key ?
I'm sure the new US president would be interested in a way to cut costs in the US Military whilst maintaining control over the nuclear arsenal. Four of these in each missile bunker would be a massive cost saving.
Obviously device security might be an issue.
Let's start here with the digital millennium act, designed to stop you copying video cassettes and computer games.
The issue with IOT (regardless of scale) is the act allows security by obscurity. It has bugger all effect on the bad guys that WANT to exploit and hurts those that are just curios.
Forget tractors for a minute and look at DD-WRT. It has been permitted by the hardware manufacturer to hack a routers firmware and produce something that may be better than their home made software. Good stuff?, bad stuff?.. It depends, the bad guys could equally produce something nasty, which without some kind of certification might break your home network.. Hey ho..
Now look at Tractors;
“Vehicle software will be subject to contamination from the repair or modification efforts of individual vehicle owners, the vast majority of whom do not have the programming or technical competence in the full range of applicable federal regulations and industry standards,”
Vast majority - agreed..
But by refusing to accept people looking at your software all you are doing is trying to achieve security by obscurity. It's exactly the same as the home routers. Your software may be (pick your expletive), but there's a chance that somebody else's could be worse.
The issue here is that if you do have the skills and the time and he energy to try and make things work you'll get your ass sued off by somebody using legislation designed to protect video games and VCR tapes.
There is no easy answer to this, but discussion on how we secure the IOT is important. Research to show that there is a problem is desperately needed. A piece of legislation that allows ANY manufacturer to refuse you permission to look under the bonnet is dangerous.
OK, I'm a huge Apple fan, too much kit and use a MacBook Pro as my work computer. I appreciate the CPU performance increase, however overall I am disappointed. The touchbar is an interesting idea, but does strike me as a "square steering wheel".
What is more interesting is that the analogy is much more worrying when you wiki the vehicle with the "square steering wheel", "The key factor that British Leyland can now be seen to have missed is that a much more useful and popular form of car, the hatchback, was emerging in Europe" -
I guess my message - Apple you have some of the prettiest, most reliable, ergonomic, powerful and EXPENSIVE IT kit out there. But where is the innovation?, where are the regular power boosts?, where is the 64Gb of ram ?, where is the new interface?, where is the excitement? -
https://en.wikipedia.org/wiki/Austin_Allegro
The problem is that most end users either do not understand the risk, or do not care about the risks, as obviously "the security types are shroud waving again".
Even if users are provided with standards, if the standard involves effort (sliding the bolt on the door) there is no guarantee that the standard will be followed.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2026
