* Posts by Andyb@B5

30 publicly visible posts • joined 25 Jun 2010

Been bugging the boss for a raise? Now's the time to go into infosec

Andyb@B5

pretty obvious really.

The more indispensable you make your self ( to management eyes ) the less chance you have of promotion. The better you are, the less chance of finding someone else to slot into your space. And of course to fit into pay structures you'll be limited to that which your job title states, not what you really deliver. Recognition raises expectations so well... limit that too.

Most of those I've seen rise up through the ranks tend to have teflon shoulders and a tech lobotomy and generally middling at the work they've done but they sure know the political landscape.

Oracle ordered to admit on its website that it lost the plot on Java security

Andyb@B5

Oracle expertise

Having dealt with many DBAs waiving around the "install guidelines" for Oracle DB and pointing out why unlimited anything is a bad thing (tm) there was never ever a chance of me allowing an Oracle supplied Java installer to run on any machine I owned, regardless of whether its wrapped in a .deb or a .rpm.

I have very little trust in them and absolutely no faith they can get it right. The tar balls and two soft-links are all I've ever needed to get a running Java environment and as it is that easy I keep some of the older tar balls by in case of any compatibility issues.

PlayStation Network blasted offline AGAIN. Just not Sony's decade

Andyb@B5

Re: Hang on

That or they don't yet realise they've been hacked though with this lot it seems headlines are their bag so its likely they were not.

At least by the lizard squad. Thats the problem with security, its an always fluid war zone.

All a company can do is state that they have either been hacked or have no indication of a hack being or having been perpetrated. Any company which states categorically that it has not been hacked is one I'll view with suspicion when it comes to security.

FCC boss says he'll SHAME broadband firms for fibbing on speeds

Andyb@B5

Because of Marketing the whole speed thing is back to front. Instead of "up to" it should be "at least"

Give us a SLA with a minimum guaranteed speed and recompense when it drops below that speed.

If I was given the choice of up to 24Mb/s with a guaranteed 2Mb/s vs up to 16Mb/s with a guaranteed 8Mb/s I know I'd choose the latter.

Hidden 'Windigo' UNIX ZOMBIES are EVERYWHERE

Andyb@B5

seems simple enough to check for

looks like it dumps a modified ssh client on your server, at the bottom of the article the test they use is

ssh -G 2>&1 | grep -e illegal -e unknown >/dev/null && echo "system clean" || echo "system infected"

Investors throw cash at affordable 3D scanner

Andyb@B5

I've got one of the Matterform scanners on order which suits my needs perfectly but I can see the appeal of this one too. It may end up being a purchase later down the line. Its always nice to have more options.

Is your IT department too tough on users?

Andyb@B5

Of course the users understand the risks.

For example, compliance means that IT should do as they say..............

I've lost count of the times I've had to deal with that blank expression when you mention compliance or security. Its then quite amazing how often a request just fades away when you ask them to put everything in writing and to accept accountability for their request.

Confiding to them that you need the audit trail so that the IT department can remain in the clear when the problems start and the auditors come checking also helps a lot too.

Doesn't stop everything but whatever is left can be looked at seriously as either its something thats needed or the requester is really stubborn, or both..

Hey Linux newbie: If you've never had a taste, try perfect Petra ... mmm, smells like Mint 16

Andyb@B5

Re: going for record downvotes... deep breath...

Why feed the trolls when they ask, no down vote from me!

If someone asks me what to get, I tell them whatever best fits your needs, if its Windows, go Windows, if its OSX go OSX, if its a *NIX Desktop, then go that way.

I've been using Debian for my desktop right from the beginning and in the early days what you've said was pretty accurate, except you'd not get them in cyber cafes and the competing products were never that competent.

Well the competitors are more competent now and polished too, but so is the Linux desktop. Its all about needs and frankly neither OSX or Windows are up to the task of meeting mine. If they could meet my needs better then I'd seriously consider them for my next upgrade. More choice is always nice.

MS Word deserves DEATH says Brit SciFi author Charles Stross

Andyb@B5

Horse before the cart

If I'm working on my own stuff I always use Vim for the writing and Subversion for the change control. When I have finished adding the *content* then I load into Scribe to set the presentation.

Always content before presentation.

This was something I hated about the WYSIWYG word processors. I saw people spend more time trying to format their documents as they went along than they did putting effort into the actual content. It always showed in the final document quality.

These days if I'm doing something collaborative I tend to create a MediaWiki instance and give out accounts. Gets the job done quickly and no issues about compatibility.

Building big data? Are you building a security headache too?

Andyb@B5
Alert

"At least the NSA is well trained in keeping it all under lock and key."

Optimism, I like that occasionally in articles.

No distro diva drama here: Penguinista favourite Debian turns 20

Andyb@B5
Thumb Up

The only one for me

Started with NetBSD on my Amiga4000 and tried Linux for the M68K when it became available in the development kernels in '98. At that time I only had two choices, Watchtower or Debian. Debian was simple enough and I really appreciated the main / contrib / non-free structure.

It also made me lazy, I found over time that I was downloading less and less .tar.gz files and instead just installing and using software, I actually started spending more time doing things on my machines rather then just prepare them to do things.

I've used SunOS/Solaris and AIX for longer as part of my job but they are proprietary and I'm at the mercy of their support processes/bug fix teams. With Debian Main I know I have access to everything, every last bit of source code and that has been useful.

So fifteen years on and multiple architectures later and it just keeps on delivering and I expect it to do so for many more to come.

NSA gets burned by a sysadmin, decides to burn 90% of its sysadmins

Andyb@B5

Re: He didn't really just *say* that did he?

"There were no mistakes like that at all."

so what were the mistakes like then?

Obama cancels meeting Putin in Russia, says Snowden 'a factor'

Andyb@B5

I always thought

Time is your friend in any war with the merkins.

They'll whittle themselves away with friendly fire............

Microsoft talks up devices, Windows 8.1 at developer shindig

Andyb@B5
Happy

Re: Question for you enterprise chaps

Well I for one would be interested in a power 7+ tablet

always wanted a command line tablet :)

IT mercenaries and buy-to-let landlords are my HEROES - here's why

Andyb@B5

IT workers + relocations issues == Tele-working? (at least in roles where it is appropriate)

Perhaps its time for the government to actively promote teleworking offering tax breaks to corporations who do more than pay lip service to the idea.

Mobes' pay-by-bonk just isn't cool enough, sniffs Tesco bod

Andyb@B5

NFC free

I've no problem with phones having NFC capability so long as I can disable it 100% This is a technology I simply do not want. Had it foisted on me by HSBC but at least they were quick enough to send me a debit card replacement without it quickly enough once I complained.

US national vulnerability database hacked

Andyb@B5

Re: "Locking the stable door after the horse ... " gets a malware?

AC @ 09:26

Either you are experiencing some difficulties with comprehension here or just like trolling.

7th March IIS

8th March Firewall activity notified site taken down

9th March Apache place-holder installed

Tick-tock, TalkTalk: Users face fourth day of titsup broadband

Andyb@B5

ahead of the wave

Another mostly satisfied talk talk customer.

Had an unrelated problem caused by the heavy rains, crackling line and al the trimmings. Went through their system and it has improved. Automated initial testing and then the process with the scripted drone (be nice to them and they get you through it quicker.....). Time elapsed to get an engineer, about eight hours, time I actually spent on it, maybe 30 mins. I found that acceptable. The checks they asked for were sensible ones.

Got told engineer assigned and then it went quiet, guess I know why now if they were all-hands-to-the-deck. Before the weekend problem I had poor internets, while its going on things have been much more stable and speedy... go figure....

If you get a problem with your line, hope there is some (any) crackle on the line, they seem to always prioritise this higher than a pure broadband issue.

Troll sues Apple for daring to plug headphones into iPhone

Andyb@B5

@BigAndos

Probably not, plenty of prior art for that....

Now patenting them actually listening to each other, could be some mileage in that!

IBM insider: How I caught my wife while bug-hunting on OS/2

Andyb@B5

GDDM

I remember that on the System/370 mainframes running TSO and using a 3279 terminal, I never realised it had been ported to OS/2!

I was one of the lucky ones who on desktops had to deal with the Amiga/OS API calls which to this day still remains my favourite OS to have coded for.

A nice read, thanks.

Virgin Media STILL working on fix for SuperHub corrupt downloads glitch

Andyb@B5
FAIL

Re: As Luke (above)

So for the average Joe, their hub is working poorly at best and then VM apply an upgrade and wipe the most important security setting? Mr average is sitting there cheering for a more reliable connection and any malware which uses say, DNS hijacking will certainly have the default super hub password to test with.

I see this working out splendidly, shame its not in Joe's favour!

Half the team at the heart of the RBS disaster WERE in India

Andyb@B5

They always have, traditionally IT department heads have not been good at communicating with the main business, especially at the higher levels. A few times when I've seen good communication the main board did *not* want to hear the message....... go figure.

Sadly proven competence and relevant business experience and knowledge don't appear on balance sheets anywhere.

Battlefield Earth ruled worst film EVER

Andyb@B5

Re: I can't hold back

I actually liked Starship Troopers so long as you didn't compare it the Heinlein source material. Then it sucked reaaaaaal bad. I was happily surprised when the the producers of the kiddies CGI version nailed the spirit of the book beautifully. Excellent DVD purchase there.

Kiddie version 1 - Adults 0 go figure...

Ofcom: ISPs can cripple the web as much as they please

Andyb@B5
Trollface

From the other side

For me its not about how fast my connection is numerically but whether it meets my needs. If I can play online games with minimal/no lag I'm happy, if I stream something via the BBC IPlayer and not be subject to buffering then I'm happy., what I want is a 'good enough' service.

Instead of the providers saying we offer 12Mb 24MB 50MB oodlesofMB and then stating that your actual experience may "vary" I would rather they offer me a service which says we guarantee this *minimum* speed level, if it goes faster then lucky you.

Oh yeah and if its a guaranteed minimum level then slap an SLA on it by which they can be penalised.

'Up to' broadband claims out of control, says Ofcom

Andyb@B5

how about an SLA?

I would sooner pay for a service where I have a guarantee that the minimum level will always be met and an SLA in place with my provider. Thus if (when?) they fail to meet said SLA they then have to pay me for their inadequacies and the inconvenience I have had to suffer. Oh and the pipe is clean, no packet shapers/qos/filters/whatever by the ISP to make their lives better and not mine.

I don't care if on a good day I can down load 12Mb/sec if when I really need it I'm unable to get 2Mb/s For me anything over 2Mb/s is just gravy and most the time I'm unlikely to use that capacity. Besides if the reason its a good day is because everyone else went out to enjoy it then I'm likely doing the same.....

Wireless HD video sticks demoed

Andyb@B5
Thumb Up

A nice option.

From their website "The 3.2x1.18x.61 inch (81.3x29.9x15.5 mm) transmitter plugs in directly to the HDMI port of the notebook and is powered by the USB port." So I guess an extension lead into the USB port, it just doesn't look hot to show it in the advertising blurb.

I already have wireless keyboard and mouse and getting one of these means I can park the desktop box anywhere I want, keeping my work area clearer. I'll have to give this some serious consideration!

Oz bank meltdown due to file corruption cock-up

Andyb@B5
FAIL

Live upgrades?

This was an OS upgrade? I'd expect them to take each mainframe image out of service in turn, upgrade, validate and when signed off, bring back in. Actually the same would go for an application upgrade, *especially* an application upgrade. Unless they signed off and then realised they had problems then this kind of problem should be completely avoidable.

Save us from our users

Andyb@B5

just normal practises?

My usual method is when moving between boxes to copy the existing passwords and then expiring them immediately. That way the user knows their existing password and has to set a new one of their choice.

If users are complaining that they have to change passwords then there is a user expectation issue which needs managing. I have to admit though its easier in the finance industry. You just make sure that this is tagged as a compliancy issue and that the FSA will frown down on anyone not obeying and most just do it.

You can't know it all

Andyb@B5

Sounds very familiar

Yep, been there and have the t-shirt ( and the dunce's cap too) many times over. While I enjoy learning and technology for their own sakes I no longer feel I *have* to try and keep up with everything thats going on.

Instead of how and what and where, I try to make sure I understand "why" as well as I possibly can. Details I can look up as necessary but the principles have to be applied at all times.