* Posts by BagOfSpanners

23 posts • joined 8 Feb 2011

UK comms firm Gradwell quits cloud land after 'strategic review'


I had a developer account with them for years, but recently closed it because AWS and Azure had made it irrelevant. The bewildering changes to their customer portal(s) in the past few years didn't help either.

SAP Anywhere is gonna be absolutely nowhere: We're 'sunsetting' this service, biz tells punters


Re: "SQL Anywhere - another product that nobody can see the point of."

I've been using it for 15 years, and I can see the point of it.

SQLAnywhere fills a niche that no other product seems to address - a mainstream, low maintenance semi-embedded database engine with transparent whole-database encryption, that can be deployed to thousands of remote devices with low support costs.

I haven't found any other product with these features, particularly the easy, transparent whole-database encryption. The main problem is the licence cost, which has caused me to move to SQL Server 2016 Express SP1 LocalDB, which only meets some of the requirements, but is "free".

DXC spills AWS private keys on public GitHub


Re: AWS has no billing controls...

And somewhat ironically, they charge you for sending you email alerts about the amount they are charging you.

As others have said, DXC got off lightly. It's likely that large numbers of their staff will have learned useful security lessons from this, which would otherwise have required expensive training.

How much for that Belkin cable? Margin of 1,992%?


Maybe I'm doing it wrong, but I find fitting RJ45 connectors to be a very time consuming faff. I much prefer buying pre-made cables.

User worked with wrong app for two weeks, then complained to IT that data had gone missing


Changing the colour scheme is not enough

Using a different colour scheme between test and production is not enough.

There should have been text on every screen saying "TEST".

The configuration file that controls all this should be encrypted, to stop power-users trying to convert test installations to production installations.

There should also be a set of test logins that won't work at all in production.

Even then, sooner or later test users will find a way to insert embarrassing test data eg. "Mr Mickey Mouse, 69 Big Bottom Road" into production. It's one of the things that keeps me awake at night.

At least in this case, the production data was being entered into a test environment, which is less likely to result in newpaper headlines than test data going in to a production environment.

Yet another AWS config fumble: Time Warner Cable exposes 4 million subscriber records


Has S3 replaced USB keys?

Does this mean that leaving USB keys in pub car parks is now an outdated method of distributing data?

Want to kill your IT security team? Put the top hacker in charge


Re: Best advice

But don't make the worst team member the boss either, just to stop them causing problems, however much they want to be boss.

BA IT systems failure: Uninterruptible Power Supply was interrupted


Re: If it got interrupted...

In my office the button to open the exit door is right next to the Fire Alarm button (which has no guard). There are also light switches and other visual clutter nearby. At the end of a long tiring day I've sometimes come close to pressing the wrong button.

74 countries hit by NSA-powered WannaCrypt ransomware backdoor: Emergency fixes emitted by Microsoft for WinXP+


Re: And we'd sure appreciate it if you could stop clicking on attachments

I've never opened a hostile email attachment, but in the last 15 years, I've seen 2 of my software developer colleagues do it. Prior to the incidents, I would have rated them as average in terms of intelligence and security awareness. Sooner or later I'm going to get tired or careless and do it myself.

UK hospital meltdown after ransomware worm uses NSA vuln to raid IT


Why did it take so long for someone to combine a worm with ransomware?

I'm surprised this hasn't happened before. Most of the ransomware I've read about seems content just to encrypt the local disks in the PC of the person unwise enough to open a dodgy email attachment. Is this the first time a virulent worm has been combined with ransomware?

When one of my colleagues' PC was obviously infected with ransomware, the off-shored out-sourced IT helpdesk insisted it remain connected to the network for several hours while they tried to remotely connect and diagnose the problem. Fortunately that ransomware didn't seem interested in spreading itself.

This is where UK's Navy will park its 65,000-tonne aircraft carriers


Re: sea power

The closest Wickes branch is in Fareham, so the concrete probably didn't qualify for free delivery, particularly if they wanted it delivered on a Saturday.

AWS's S3 outage was so bad Amazon couldn't get into its own dashboard to warn the world


Re: Rule 1

Most of the status pages I've seen seem to be run by the marketing department rather than directly linked to the service they claim to be monitoring. They generally don't admit there's a problem until several hours after it started, and use weasel words to minimise the apparent size of the problem. I don't trust them.


I thought S3 was a worry-free storage option

Having recently emerged from an AWS exam, I thought that one of the selling points of S3 was that data is automatically replicated across multiple availability zones within a region without the customer needing to worry about the details. I also thought that the availability zones within a region were highly isolated from each other (e.g. separate data centres in different cities). I guess I'm wrong about at least one of those things.

At least the problem was largely fixed the same day. When problems occur within my employer's on-premises infrastructure, it usually takes several days to get it fixed, including a phase during which even the existence of the problem is denied.

NHS IT bod sends test email to 850k users – and then responses are sent 'reply all'


A valuable insight into human nature

I work for a big company that recently had a reply all storm. The people who replied-all seemed to fall into a number of categories:

1. I'm really important, why are you bothering me with this. (Don't understand what's going on.)

2. Oh no, help! I don't know what's going on, will somebody please tell me whether this email is relevant to me. (Don't understand what's going on.)

3. Please fill in form A34/FD and follow procedure 3004/R4 if you want this email to be actioned. (Don't understand what's going on.)

4. Ha ha this is fun! (Understand what's going on.)

5. Please don't reply all. (Understand what's going on.)

Why we should learn to stop worrying and love legacy – Fujitsu's UK head


Working on legacy systems is a career dead-end

I work for an out-sourcing company doing support and development of "legacy" systems for various customers. The most modern technology used is 15 years old. When the customers finally decide to replace the whole thing with something agile and "Digital", I could be a bit stuffed. The customers think me and my employer are slow-moving dinosaurs. Because I work for multiple customers, it's unlikely TUPE would be applicable. I spend at least 10 hours a week of my own time self-training in modern technologies, which are almost completely unrelated to the stuff I use at work, and this is likely to continue. I don't see how this is sustainable.

Scary RAM-gobbling bug in SQL Server 2014 exposed by Visual Studio online outage


Yes, it's good that Microsoft have published the technical details and given us the opportunity to discuss and learn from this problem.

HSBC online customers still in the cold after hours-long lockout


Re: Just say ...

I still think of them sometimes as the Midland Bank, although I threw away my free Griffin Savers school bag some time ago.

BBC News website takes New Year's Eve break


Re: Auntie Beeb's 500 moment of hell?

I agree it's a nice 500 page, but the HTML alone is 61KBytes, mostly CSS. If they are being DDOSed, should they really be trying to serve such a bulky error page?

Juniper's VPN security hole is proof that govt backdoors are bonkers


Why didn't co-workers notice?

I'm slightly surprised that someone was able to slip in a code change without co-workers noticing.

In my workplace, although we co-operate most of the time, people tend to take an active interest in code-changes to "their" systems, and are often keen to highlight any mistakes or questionable behavior by their colleagues.

Don't Juniper have a version-control system that records who made each code change, or maybe that was hacked as well? What about peer-review of code changes?

Over 50? Out of work? Watch out because IT is about to eat itself


I'm a 45 year old developer, and while the company I work for is as full of stupidity as any other, at least it doesn't expect everyone to manage staff like some organisations. I know from experience that I don't have the people skills to be a good manager, but I also know I'm pretty good at gaining and using technical knowledge. My plan is to keep my technical skills up to date, and pour enough money into my pensions that I can retire at 50 if necessary.

Card skimmers targeting more than ATMs, says EU


Why are ATM fascias so complicated and intricate?

I think the design of ATM machines makes it easier to attach card-skimming devices. They have lots of joints, recesses, protrusions, badges, unnecessary styling features and so on. Even genuine ones look like they've been assembled from various mismatched components over a period of years.

If the entire ATM facia was a single large moulded piece of smooth curved plastic, preferably flush with the wall of the building, it would be easier to spot at a glance recently attached card-skimming devices.

TDK ST-700 High Fidelity headphones


Do they block the noise of co-workers?

I'm still looking for a pair of headphones that can block the noise of my shouting, yawning, sneezing, coughing, farting, burping, coin-sorting office-mates, while I'm trying to concentrate on coding.

Are these any good for that?

DEC founder Ken Olsen is dead


I was a MicroVAX man

My memories of DEC's products:

- VMS was rock-solid, and made MS-DOS look like a toy in the early nineties.

- The reliable, well-documented compilers for Fortran, C and Ada, and the way in which it was easy to write programs that mixed languages.

- The excitement of receiving several large cardboard boxes full of tapes and manuals each time a new version of VMS was released.

- TK50 tape drives that sounded like a dentist's drill.


Biting the hand that feeds IT © 1998–2020