* Posts by Stu J

192 publicly visible posts • joined 5 Aug 2009

Page:

Meta says risk of account theft after phone number recycling isn't its problem to solve

Stu J

I don't think that broadcasting which numbers have changed hands is a particularly safe or sensible approach.

However, there should be an API which companies with legitimate requirements can query - they send a phone number and the last date/time they validated it, and the API responds with a simple "valid", "invalid", or "unknown" depending on whether the number has migrated to a different SIM since they last verified it.

Jenkins jitters as 45,000 servers still vulnerable to RCE attacks after patch released

Stu J

Why the hell...

...would you have a Jenkins server accessible on a public IP, rather than behind a VPN or a Zero Trust Load Balancer?

That's like having your car keys hanging in a flimsy glass box outside your front door...

Former Post Office boss returns CBE to sender over computer system scandal

Stu J

I've been saying for years that there needs to be proper personal accountability at an individual and board level for systems implementation and integration.

You wouldn't let someone that had watched a few YouTube videos and previously built a garden shed, design and build a skyscraper. There are Chartered Architects and Chartered Engineers that have to sign off on things, have to be properly qualified and experienced to do so, and suffer personally if they are negligent, especially if they knew about problems and didn't whistleblow.

So why do we deem it acceptable that literally any bunch of muppets can be trusted to implement and run secure and fit-for-purpose software-heavy systems, without any kind of formal oversight? When these badly-designed systems have real consequences on people's finances, personal data, and their lives? Why shouldn't there be the same sort of oversight required for all major IT projects, public and private sector, with suitably qualified people empowered to say "no" to non-technical stakeholders wanting to cut corners, or to consultancies wanting to do a shit job while maximising profit?

You can become a Chartered Engineer within the IT Industry - but there's no real point people attaining that status at the minute, because it's not required by anyone, even though it probably should be.

Microsoft confirms Smart App issue renaming everyone's printers to HP

Stu J

Re: If you don't want bloatware you cannot uininstall

I'm so so glad I barely ever have to deal with Windows any more.

Bank boss hated IT, loved the beach, was clueless about ports and politeness

Stu J

Re: Every single time

I'm not sure laptops with RJ11 modem ports necessarily even had USB ports - sure there might have been a brief overlap, but I suspect this may have been in the days of PS/2 connectors

Mid-contract telco price hikes must end, Ofcom told

Stu J

Try IDNet - they're not the cheapest but their customer service is excellent. I've been with them for over 6 years, on a rolling monthly contract; paid £36/month with no increases until this year, when they very apologetically put it up to £41.40 - which is still less in real terms than it was when I first signed up back in 2017.

Stu J

Inflation driver

This kind of contract clause not only persists current inflation, it actively drives inflation higher.

Given the BoE and government have a desire to keep inflation at 2%, surely it would be sensible to have a legal limit of 2% on in-contract price rises, if you're going to permit them at all. Same for insurance renewal quotes (subject to you not having made a claim in that policy year).

'Corrupt' cop jailed for tipping off pal to EncroChat dragnet

Stu J

Inadequate sentence

She should have been sent down for far longer as a much stronger deterrent for unilaterally endangering a multi-national investigation into some of the worst scumbags in Europe. Prize idiot.

So this one time, at Bandcamp, half the staff were laid off

Stu J

* TREAT their employees well

Bloody Autocarrot

Stu J

Naked capitalism sucks.

It's about time directors of a company had not just a responsibility to enrich their shareholders, but also:

* a responsibility to test their employees well

* a responsibility to treat their customers fairly

* a responsibility to protect and consider the environment

* and a responsibility to the viability of the communities they operate in

In other words, real corporate social responsibility where the execs can end up in jail if they screw it up - not just the lip service most companies pay to the concept at present.

SpaceX accused of paying less to women and minority engineers

Stu J

"Nice work if you can get it!"

I mean, it's literally rocket science. Also the median house price in that area's $750,000 so they have to pay a reasonable amount so people can afford to live within an hour or two's commute.

Scripted shortcut caused double-click disaster of sysadmin's own making

Stu J

Re: Amiga hard disk partitioning

...and these days you'd be prosecuted under terror offences for even downloading a copy. Sad times.

Blockchain biz goes nuclear: Standard Power wants to use NuScale reactors for DCs

Stu J

100%

Figure out some way of taxing Proof-of-Work energy usage so punitively that they just won't bother. And if they try to get around it by generating their own energy from polluting sources, hit them with some kind of even more punitive emissions tax. Kill Bitcoin and all similar Proof-of-Work crypto-bullshit already.

AI girlfriend encouraged man to attempt crossbow assassination of Queen

Stu J

In fairness, Magic 8 Ball would - on balance of probabilities - select someone who would do no worse a job, and in the process expose the public to far less divisive political bile, waste far less money on campaigning, and be far more immune to bribery and corruption.

Infosys launches aviation cloud it claims can halve lost luggage

Stu J

Re: Unique Serial Numbers

A massive problem. Bearing in mind that bag tag numbers are used for interline transfers between different flights between any pair of airports in the world.

Every single airline would have to update their backend software, and if necessary their mobile apps used by customers and crew/dispatchers.

Every single service provider would have to update their messaging and systems integration platforms.

Every single bag tag printer and self bag drop kiosk would have to be flashed with updated firmware (the printers as it stands can be told "print 3 tags starting with 001234567" and are 100% expecting something numeric)

Every single baggage handling system would have to be updated to handle new barcode types, in every single airport.

Every single baggage reconciliation and tracking system would have to be updated.

There's a buttload of stakeholders, a ton of testing, lots of dependencies and a massive dash of politics. And it would be a massive struggle to ever prove that there's a solid business case for getting the industry as a whole to agree to fund it. Not least because some airlines stand to benefit from it significantly more than others, but they'd all need to do it to maintain interoperability.

Stu J

That already happens at most major airports. They even get told not to load bags if you've not yet cleared security. For containerised holds (i.e. anything bigger than a 737, or any Airbus) they get told which container to load it into to optimise transfers. None of this is new.

Generally speaking if a bag arrives on the right baggage makeup belt (think of a baggage reclaim equivalent temporarily dedicated for a specific flight where baggage handlers take bags and put them onto a cart or into a ULD container) there's a very high chance it ends up on the right aircraft.

Problems happen if the tags fall off, or don't get read properly, or if the software integration from the airline host systems to the baggage handling system in each airport falls over and stuff gets dumped for manual sortation instead of onto the correct makeup belt. Or the bag hasn't been carefully loaded on the belt and gets snagged and falls off.

The other problem is if there's a delay unloading a late-arriving connecting flight - generally speaking it's orders of magnitude cheaper to let connecting passengers make the connection and let it depart on time without their bags, than it is to delay the connection for everyone and cause a domino effect of delays.

Stu J

Most bag tags still aren't RFID-capable (unless you're flying with an airline that has spent 10s of millions and gone all-in on RFID - like Delta). They're old-school barcodes that have to be manually scanned.

Also the cost of delaying an aircraft so that one missing bag makes it is so high that it's unrealistic to expect perfection. Shit happens, bags fall off conveyor belts, tags that weren't put on properly fall off, equipment malfunctions, software malfunctions.

Repatriating a couple of bags and providing compensation is expensive, but not as expensive as delaying hundreds of passengers can be for 20-30 minutes while you find a missing bag - that delay can lead to missed connections (which increases likelihood of mishandled bags), people having to be put up in hotels overnight, aircraft getting later and later throughout the day...

Trust me if airlines could wave a magic wand and get perfection, they would. The reality is they could spend all their profit every single year on it and still not get close. Think of it like a giant logistics operation like UPS or FedEx run, except you're additionally having to try to co-ordinate the route the package takes with a person on a journey, and unlike UPS or FedEx you don't own the infrastructure at most of the airports you fly into. A lot of the times it works fine, but sometimes things go wrong. There's too much wetware involved,

Stu J

Re: Eh.....

Yeah the barcodes aren't unique, they get reused. Industry standard problem - 10 numeric digits, 1 for the bag type (usually '0' 95% of the time), 3 for the airline (e.g. 001 for AA, 125 for BA), leaving only 6 for unique bag identifier.

Large carriers get through 1,000,000 bags in a matter of days - which means if your bag hasn't made it to it's destination as planned by the time the number is reused, the chances of it ever getting back to you start diminishing ever further.

Stu J

Marketing BS

All of these types of systems have already existed for years, produced by companies whose entire existence is tied to their deep knowledge and expertise of the operational complexity of the commercial aviation industry.

I've no doubt that introducing this kind of software system at an airport delivers benefits. What stops it from happening at every airport - or makes it more difficult - is the cost of implementing and integrating with existing infrastructure, and training staff who just don't have time in their day allocated for training.

Terraform fork OpenTF renamed and relocated as OpenTofu

Stu J

Re: Really?

How is that _anything_ to do with the Linux Foundation?

37 Signals says cloud repatriation plan has already saved it $1 million

Stu J

Re: Do we really have to...

He always seems to have some kind of agenda. Nothing he writes is ever particularly balanced or sufficiently nuanced. And he doesn't give a toss what anyone thinks - see the latest mess with removal of Typescript from Turbo. He's a narcissistic asshole, it's his way or the highway.

That's why I start from the default position of assuming he's talking crap, and see if he can persuade me otherwise (and he rarely does). The problem is too many people seem to lap up his preachings as some kind of gospel and don't question any of it.

Is his company spending less money than they were? Yes, apparently so.

But is their solution less resilient and less capable of scaling? Probably. Does that actually matter to them or their customers? Probably not.

Cloud isn't inherently bad or expensive - but there's far too little Systems Analysis and Systems Engineering that goes on these days, and far too much "agile" lobbing stuff at a wall and seeing what sticks, so it's not surprising that people end up building stuff that's over- or under-engineered, with cost impacts.

Stu J

Do we really have to...

...give this narcissistic moron any more oxygen of publicity?

Airbus takes its long, thin, plane on a ten-day test campaign

Stu J

Re: One step above a regional jet

AA's A321T is a great way to travel

Stu J

Re: in a 3-3 economy class configuration.

Honestly I'd far rather fly long haul in a 3-3 A321 layout than either:

* 3-3-3 that most airlines (excluding JAL on their international routes) have adopted on the 787 instead of the 2-4-2 it was originally envisaged as

* 3-4-3 that several airlines have refit their 777s with, as opposed to the 3-3-3 they used to be.

At least the A321 was designed to be 3-3 rather than having extra seats squeezed in to every single row later on.

I've flown A32x Neo aircraft on flights over 5 hours, and they're absolutely fine - comparable (if not slightly better than) 757s being used on medium-long haul routes.

UK air traffic woes caused by 'invalid flight plan data'

Stu J

Validating the input...

...is all well and good until your validation code crashes for some reason that wasn't anticipated, and your error handling fails to DLQ the message for a related reason, and instead crashes causing the message to stay on the head of the queue to be processed.

Having seen this very issue, also in an aviation environment, I'd have expected that they should have a way to manually junk messages off the head of the processing queue - will be interesting if we ever find out if that's the case.

I do wonder if their decision to "go manual" may have actually made it harder to recover, if they then had to manually filter out messages which had already been manually processed, before turning the automation back on...?

Lock-in to legacy code is a thing. Being locked in by legacy code is another thing entirely

Stu J

A place I used to work at had several free parking spaces in a courtyard right in the city centre which tended to be unused on evenings and weekends - you needed a pass or code to get the bollards to drop on the way in (which wasn't always available) but just had to trip the induction loop to get the bollards down on the way out.

Someone figured out - and shared with a select bunch of people - that if you put a mobile phone on the corner of the induction loop and phoned someone from it, that was enough to get it to trigger. Your milage these days may vary, but I'd always give it a try if desperate!

HashiCorp's new license is still open source-ish, just with less free lunch

Stu J

Poor business model

Unfortunately they massively over-priced Terraform Cloud and their Enterprise/licensable products.

I expect if it was 1/10th of the price, they'd get way more than 10x users, and make considerably more profit.

I don't know a single company that actually pays to use Terraform Cloud, and I've consulted for at least 20 organisations using Terraform over the past 5 years. Everyone's that's seen the demo of it seems to have the same answer:

"Sure, it looks really nice, but I can write my own pipelines and get 80% of the functionality I want for a bit of elbow grease and no subscription/licensing costs over and above what I already pay to GitLab / GitHub / BitBucket - the extra 20% isn't worth what Hashicorp wants to charge"

Now I guess the sweet spot might be if Hashicorp integrate and partner more tightly with GitHub / GitLab, improving those offerings, charge a few dollars a month per user on top of existing subscriptions and effectively get a revenue stream directly from them - I could see that being a move that works.

Co-founder of Yandex – Russia's Google clone – denounces war on Ukraine

Stu J

How long before...

...he accidentally falls out of an open window on a high floor of a tall building?

Clingy Virgin Media won't let us leave, customers complain

Stu J

It's about time...

...that companies were obligated to make sure that consumers can cancel contracts/recurring arrangements/subscriptions using the same means by which they signed up.

i.e. if you let people sign up to a service online, you have to provide functionality to let them cancel online

It's not a big ask.

Airline puts international passengers on the scales pre-flight

Stu J

Re: optional?

You don't have to track every single seat - anonymising to blocks of 9 or 10 seats would be more than sufficient, and would definitely still prevent issues like this one:

https://www.theguardian.com/world/2014/sep/03/qantas-flight-struggles-to-take-off-as-child-passengers-tip-balance

Stu J

Rather than using the security scanner (where you don't have your hand luggage on you) it would make more sense to do it at automated barriers into the security area.

You scan your boarding pass (which contains flight number and seat allocation) then go through the barrier - just stick scales under the pad you're standing on when you're scanning your boarding pass.

Capture the total weight of passenger and their hand luggage (which is typically going in the overhead bin above their seat, or under the seat in front) and that gives you more accurate figures for the actual weight in the cabin, and makes it less "personal".

Then if you want to further anonymise it, depending on the aircraft type you just aggregate the data over blocks of seats - a couple of rows and delineated by the aisles - and you end up with a series of point weights that would still give a much more accurate weight and balance sheet than the current assumption-based model, without explicitly identifying people.

Google's $100b bad day demo may be worth the price

Stu J

Re: In fairness

It'd probably do a less shit job than Truss/Kwarteng did...

Twitter stiffed us on $2m bill, claim consultants in lawsuit

Stu J

Re: In the circumstances...

Well, yes, I know that's how the real world works; but as you say, you're dealing with Elon Musk, who was already trying to get out of it - chances are he was going to try to get out of as much stuff as he possibly could.

Stu J

In the circumstances...

It might have been wise to demand payment up-front, given the guy you're providing evidence against is going to be the one signing the cheques if you "win"...

Basecamp details 'obscene' $3.2 million bill that caused it to quit the cloud

Stu J

Exactly - this very much reads like he's not comparing apples with apples, and that seems to be the issue I see frequently with these Cloud cost comparison arguments that end up in favour of on-prem.

If you put the level of resilience in place that e.g. AWS have, and implement something akin to Multi-AZ and Multi-Region, then it's going to cost a lot of money, whether it's on-prem or in the cloud.

And if you skimp on the resilience on-prem, it can really come back to bite you hard - ask Channel 4 and Red Bee Media: https://www.theregister.com/2021/10/19/c4_subtitles/

Some CTOs just like to make noise to build their profile, this guy's absolutely no different.

UK arrests five for selling 'dodgy' point of sale software

Stu J

Interesting

Anyone know what offence the developers of the software are suspected of having committed? I'm a bit out of touch with the latest legal situation, but I'd have thought that selling software that can be used by other people to do naughty things wasn't in itself illegal?

Otherwise you'd think Microsoft would be on the hook for all the shenanigans that has doubtless been facilitated via MS Office over the past 25 years?

IBM sues Micro Focus, claims it copied Big Blue mainframe software

Stu J

UK Case Law

If this was in the UK, I doubt IBM would win given this precedent:

https://en.m.wikipedia.org/wiki/Navitaire_Inc_v_Easyjet_Airline_Co._and_BulletProof_Technologies,_Inc.

However, as it's being heard in the US, who knows what will happen - the only certainty is enriched lawyers.

Firefox points the way to eradicating one of the rudest words online: PDF

Stu J

I'd rather have PDFs than not...

When my kids' schools send letter attachments in .docx format, it makes me stabby.

My mail client - both my on computer and phone - will preview PDFs so I can decide very quickly whether it's one for the bin or not, or if it's actually worth printing off and sticking to the fridge as a physical reminder/prompt.

Other formats I have to jump through hoops to get it to do that, inevitably either installing Microsoft bloatware or some 3rd party bloatware that I don't frigging want.

Mastercard moves to protect 'risky and frisky' crypto transactions

Stu J

Re: helps lenders to understand if their customers' crypto purchases are dangerous

I could provide a service to do that, free of charge.

Is this crypto exchange dodgy?

Yes.

Should I approve this transaction?

No.

Easy!

Don't mind Facebook, just putting its own browser in its Android app

Stu J

Re: We found a large attack surface area, so we increased it...

Just use m.facebook.com and www.messenger.com (in Desktop mode) in DuckDuckGo... I've not had the Facebook App enabled on my phone for years now.

Apple tells suppliers to use 'Taiwan, China' or 'Chinese Taipei' to appease Beijing

Stu J

Re: Can anyone answer the question, logically...

If the British (English) government could come up with a politically acceptable way of getting rid of Northern Ireland, I suspect they would, it's very much a thorn in the side of their Brexity plans.

Stu J

Re: Can anyone answer the question, logically...

But is it, really? Taiwan has zero chance of taking back the mainland by force or otherwise...

Stu J

Can anyone answer the question, logically...

...why don't China just leave Taiwan the fuck alone and stop causing trouble. If they try and take Taiwan by force it'll end in tears for everyone, so what's the point? Is the existence of Taiwan really a credible threat to Beijing?

AWS sales boss claims Microsoft's softened cloud licensing regime is a sham

Stu J

Re: Cloud Desktops

100% this - Microsoft has always artificially restricted innovation and shut down competition when it came to virtual desktop licensing on shared infrastructure, even as far back as XP. Their sharp practices have only become further entrenched as Azure gained enough traction.

Ditching VMware over the Broadcom buy? Here are some of your options

Stu J

Re: Oracle?

FTFY

Why would anyone someone concerned about uncertainty in pricing move to Oracle?

Startup rattles tin for e-paper monitor with display fast enough to play video

Stu J

MicroUSB

......WHY!?

Micron aims 1.5TB microSD card at video surveillance market

Stu J

Amazing

That means microSD cards have now reached roughly a 180,000,000 fold data density improvement compared to 3.5" floppy disks

Oracle plans US database for electronic health records

Stu J

Three words

Fuck. Right. Off.

Don't hate on cryptomining, hate the power stations, say Bitcoin super-fans

Stu J

Just ban it already

If the major economies basically decided that any attempt to trade cryptocurrency or to convert them into tangible assets was done with the intent of tax evasion and/or money laundering, the value would crash, people would stop "mining" and wasting valuable electricity and killing the planet in this particularly obscene manner.

Azure pulls in front of AWS in public cloud adoption

Stu J
Unhappy

Azure is a sack of shit

The inconsistency of the tooling around it is an absolute joke, and the amount of time it takes for anything to happen is commensurate with a company who push out monthly updates to desktops and servers that can regularly take upwards of 30 minutes to apply.

Want to tweak a rule on an App Gateway? A good 5-10 minute wait after issuing a command. What the fuck is it actually doing under the hood? Are they printing off an instruction for an ommpa-loompa to collect, and run the length of a building to a specific bit of hardware to manually update it? Because that's what it feels like.

I wish it was illegal on an anti-trust/monopoly basis to cross-sell and subsidise cloud services based on existing licensing/service agreements, because that's how many of the companies I've worked with have ended up on Azure, and it's very rarely fit for purpose. Fortunately I've yet to come across anyone stupid enough to fall for the Oracle Cloud bait-and-switch, but it's only a matter of time.

Azure doesn't really deserve to be mentioned in the same breath as AWS and GCP, so much of it is shite barely-better-than-vapourware that barely delivers anything useful, and even when it does it takes 5x longer to accomplish the same tasks as when using AWS/GCP, for absolutely no good reason whatsoever.

Oh, and if you want to apply some sensible security, then forget using the cheap SKUs, you need the more expensive Premium or Enterprise SKUs. What a load of horseshit, using secure features shouldn't be more difficult and more expensive, thus encouraging people to do a shit job - it should be the default!

Screw Azure, and screw Microsoft. I used to be a multiple-certified M$ Fanboi earlier in my career, but now if I ever have to use any of their products or services, it makes me want to cry into my coffee.

Page: