Oracle would have no right of audit unless you are already licensing their software and have agreed to it.
Posts by Lee D
4668 publicly visible posts • joined 14 Feb 2013
Page:
Users advised to review Oracle Java use as Big Red's year end approaches
Marks & Spencer admits cybercrooks made off with customer info
Tech suppliers asked to support single electronic health record across England
Tuesday 13th May 2025 11:26 GMT 
Re: "adults have noticed inaccuracies"
By the other token, though, quite how many people will just badger their own records into submission to get the diagnosis they want (regardless of medical truth)? Everything from "my son IS autistic" to "I want a blue badge", I should imagine.
Opening up the records would also be a huge liability for the NHS, which is presumably why they've resisted all efforts to do so for decades. Doesn't mean it shouldn't happen, but I can imagine if - for instance - you could just cite your entire complete historical medical history with every visit, appointment, comment and note ... a lot of court cases will open up just on that, not to mention the number of companies that would offer "let us run your notes past a medical expert, and then we'll sue everyone who's ever treated you, no win, no fee".
It has to happen, we're in 2025 and my notes are largely still paper as far as I'm aware, and it's an absolute pain in the butt to update any personal details without having a day off and going to the surgery that's 40 miles away in a town I haven't lived in for many years, but it will generate decades of admin work just by its new abilities being offered to users (e.g. the right to reply, to have a review, to see it all and sue someone for missing something tiny 20 years ago or confusing your notes with others, etc.).
LegoGPT is here to make your blocky dreams come true
PowerSchool paid thieves to delete stolen student, teacher data. Looks like crooks lied
Thursday 8th May 2025 14:18 GMT
Re: Money Laundering
Not true, money laundering is the act of obscuring or obfuscating the destination or source of money.
Money laundering regulations are literally there to PREVENT the money being laundered, such that it becomes useful for a criminal act like tax evasion, or paying a hitman, or offering a bribe. They act before the crime, not after it, and as I pointed out - how do you distinguish such an act of "accidentally" laundering the money to an unknown entity and actually setting that up as a money-laundering outfit deliberately?
Money laundering regulations - at least in the UK - mean that transmitting any sum of money to someone anonymous and unidentifiable and then claiming it on your business records will raise so many questions that your auditors and lawyers (again, note that I had both sets of highly-qualified people tell me the same) will break down and cry when you later try to explain that action.
Thursday 8th May 2025 13:59 GMT
Re: Money Laundering
Laundering money is merely the act of obscuring the origin or destination of it so that it cannot be traced.
The fact that you're giving it to a known criminal as a reward for a criminal act is merely reinforcement, the laundering happened the second you obfuscated the transation to them by not knowing who you paid the money to.
Thursday 8th May 2025 07:42 GMT
Money Laundering
As I have had to explain to several employers, including one that got hit by ransomware:
Paying a ransom is money laundering.
You are paying a criminal entity, as a reward for a criminal act, via anonymised and untraceable methods to an unknown end point, large amounts of funds.
How are you auditing that? How are you explaining it to the taxman? How are you compliant with "know your customer" regulations? Etc.
And, far more importantly... how would an official know the difference between:
- You paying a criminal to keep your data private / restore your system.
- You paying a friend huge amounts from company funds, a friend who has "hacked" your system, you pay them completely anonymously and untraceably, and then they "fix" your system. And then you pull that scam again every 12-18 months.
You are legitimising a criminal transaction by laundering the money through an anonymous money transfer system, you are - at best - supporting literal criminal enterprise, potentially obscuring deliberate and internal fraud in a way indistinguishable from paying a ransomer, and then you're somehow expecting to put this through your company accounts without question?
I work in an industry when accounts are audited regularly and I can tell you that it wouldn't ever pass muster. I work in an industry where "donations" cannot be accepted without identifying the donor, where cash deposits above a certain sum are prohibited, and where money cannot be paid back to someone without identifying the identity associated with the destination account (no, we can't just accept large cash deposits, and then "refund" your fee to a Russian / Swiss / whatever bank account).
Precisely because of money-laundering laws.
So someone tell me... how is paying a ransom NOT prima-facie money-laundering. Because nobody seems to consider it until I mention it and then their horrified looks as they realise I'm right (and in at least two cases checked with their lawyers / auditors / accountants and confirmed it) are just comical.
You pay a ransom, even for "your own" data... that's effectively indistinguishable from money-laundering even in the most positive interpretation. And it would be a great scam for a CEO and CTO to get together, have a ransomware incident every now and then, pay them off, take a percentage and "keep it quiet" because... well... you paid the ransom right, so nobody else needs to know?
Microsoft updates the Windows 11 Start Menu
Thursday 8th May 2025 07:33 GMT
There's an advert running around on certain sites I frequent that is basically advertising a product that works like a terminal, but has AI in it.
Their advert basically revolves around the concept that the user asked them to do something, so it loaded up their SSH daemon configuration, suggested the changes to make and applied them to the configuration and restarted the service without much user interaction.
And all I ever think of when I see that is "Yes, just give AI access to change critical settings on your computer as an unrestricted privileged user automatically, what could go wrong?"
This is basically the same thing, but for Windows.
How about this? An intuitive menu system where I don't have to bounce in and out of 30 menus to discover the option I want, and where "more options" aren't hidden away behind a dozen different types of link / advanced / more... etc. options, where some options don't bounce you out into 30-year-old control panel menus to make the change because it's STILL not possible to change things like protocol bindings or extra DNS addresses through the "new" menus, a primitive search that's limited purely to the textual descriptions of those items, and giving the user a damn chance and some pointers on where things are or should be? Too easy?
It seems nowadays that we spent 20 years employing UI/UX experts who shouldn't be allowed near a children's book let alone a major OS running billions of people's lives, forced their ridiculous recommendations down everyone's throat, never finished the transition, and now we're disappointed in the result so we think that throwing AI at it will magically solve the fact that... "Settings" is no longer an ordered, alphabetical heirarchy of major elements (e.g. Audio, Network, etc.), free of 3rd-party shite, under which you can find the setting you want within a few sensibly-named tabs, and which contain ALL THE SETTINGS YOU'LL EVER NEED and lets you change them right there rather than bouncing you off to another location.
The only time I use Settings on a personal computer (after the initial painful days of configuring a fresh machine to turn off all the stuff that's apparently now "essential") is to enable Bluetooth. I believe the expectation is that you just leave it on all the time. Because to get there, I have to go through Settings, find "Devices" (despite going through Bluetooth & Devices, there is no Bluetooth option in the next menu, only a dozen options including Devices) to - if I'm lucky - find a setting among several links to Microsoft help, unrelated dialogs, etc. to enable a Bluetooth icon in the taskbar, that then acts like the 00's version of Bluetooth settings to actually let me do stuff that the Settings menu doesn't let me do. And despite the assertion in the "Help" pages at the bottom of that Settings dialog (which loads into Edge regardless of your settings, and then tells you that you can enable Bluetooth from that menu)... there is no such option in Windows 11 on that page.
Sorry, but at this point I would literally PAY MONEY for someone to just put that stuff back into a Control Panel lookalike. If I'm going to have to be half in Settings and all the actually useful stuff hidden away in legacy .cpl apps... just let me pay to go back to how it was when I could find a setting on my own without search, AI or online help dialogs that lie because.... we just made things intuitive.
Curl project founder snaps over deluge of time-sucking AI slop bug reports
Redis 'returns' to open source with AGPL license
30 percent of some Microsoft code now written by AI - especially the new stuff
Wednesday 30th April 2025 07:23 GMT
It's not having the LLM write code that's the problem.
The problem is how the hell are you testing or debugging that? Because tests can't ALSO be written by AI, and debugging something that another human has written is bad enough, or even something that YOU WROTE YOURSELF. Trying to debug some spam-churn out of an LLM? No thanks, I'd rather be out of work.
From 112K to 4M folks' data – HR biz attack goes from bad to mega bad
£136M government grant saves troubled Post Office from suboptimal IT
Asia reaches 50 percent IPv6 capability and leads the world in user numbers
Wednesday 23rd April 2025 10:48 GMT
I have always punched holes and had a static IP, it's never that much of a pain.
But I've now taken to a totally different method which has a ton of side-advantages.
I rent a cheap dedicated server in another country, with a static IPv4 and IPv6 transit (unlike every UK ISP).
My home kit VPNs into that server.
I then set up port-forwarding or reverse proxying on that machine to direct traffic to the relevant VPN endpoint.
Thus, I have no need of port-forwarding at home, my IPv4 services are accessible from IPv6, I don't technically need a static IP at home (with a dynamic IP every time the connection moves, the VPN will auto-reconnect and get the same VPN IP address at the remote end, so forwarding just continues), I can access everything remotely, and even in the case of complete compromise of the external server, no more information is accessible than what would be accessible via any other method anyway.
It also lets me download stuff as if I'm in another country, use it as a dumping ground, a test case, serves its own content, caches content, works as a "is it up" test, means people don't know where my home connection is, etc. etc. etc.
I love NAT and have no objection to it at all, in fact I've always championed it and the whole "IPv6 hates NAT" thing has always bugged me as it was the obvious solution to widespread IPv6 adoption to just encourage people to have a IPv6-NAT as their front-end to the world and then it doesn't matter what they use behind it) but the advantages of running a kind of "external NAT" like that are far better than trying to do it at home.
It costs me about £10 a month, and it provides far more value than that (for a start, my cheap car GPS tracker checks into Traccar which runs on it, saving me a subscription).
Bug hunter tricked SSL.com into issuing cert for Alibaba Cloud domain in 5 steps
Wednesday 23rd April 2025 07:24 GMT
Re: It all starts with "root of trust".
Destroyed by the presence of CAA records, certificate pinning and the registries of issued certificates and their history.
It may have been the ORIGINAL intention, many, many years ago but even that is dubious. It's certainly not now.
And anyone who wants to intercept (e.g. China) don't really bother with such things, they just forcibly replace your certificate with theirs and proxy your traffic through their systems anyway. They're in control of the DNS, they don't need to care about the TLS certificates (which are inherently reliant on DNS being authoritative).
But actually it was done so you're not tied to one CA, a competitive measure, and very useful in the early days when Internet companies would just disappear overnight leaving you no recourse.
The fact is, it's just not necessary any more whatever the reason it was present in the first place, but it's a billion dollar industry that could die overnight (I believe LetsEncrypt has really knocked it for six, at least in the experience of everyone I know who has replaced myriad expensive and wildcard etc. certificates with free ones that just auto-renew).
Tuesday 22nd April 2025 14:13 GMT
Re: It all starts with "root of trust".
There's absolutely no reason that we can't operate on the same system as SSH keys where when you first connect to a website, it presents a key, asks you if you wish to accept it, and then it's expected that that website retains that key and properly signs any replacement in perpetuity (or else the browser presents another warning which tells you that it's changed and do you want to accept the changes?).
The whole concept of CA's is basically a nonsense in the modern age. I should be able to publish keys inside DNS via a secure DNS mechanism, and that's WHAT MY ENCRYPTION USES. Anything different, it gets flagged / blocked.
We already do this in part with CAA records (where we say "Hey, only GoDaddy can issue a cert for me), and DKIM ("Hey, this is my email signing key"), so I don't understand why HTTPS is any different as all it's doing is verifying that the connection we've already established to the computer which we're told hosts the domain is secure.
It's time for a revamp, and the entire CA market can go do one. And while we're there, why are code-signing certificates "special" when we could just tie them to a domain in exactly the same way?
Google, AWS say it's too hard for customers to use Linux to swerve Azure
Tuesday 22nd April 2025 14:19 GMT
If your critical business apps are that reliant on Microsoft, please continue paying your Microsoft tax (+/- whatever they deem appropriate in terms of future pricing changes) in perpetuity.
There will come a point where you'll realise that it would have been cheaper to just make your software platform agnostic in the first place.
But if you're paying that tax happily each, then you'll never realise it until it's too late.
I can't understand any large company putting all their eggs in the Microsoft basket, especially with the push to Azure / cloud desktops now. You literally can run your platform on ANYTHING and you decide to lock into Microsoft? Then pay your stupidity tax.
Microsoft lists seven habits of highly effective Windows 11 users
Friday 11th April 2025 10:06 GMT
Quite.
It's very simple.
I want my computer to do what it's told.
It's a simple rule that, for the majority of my life, has held.
Now it's falling apart at a rapid pace.
I don't want all this junk. I just want you to do what I told you to do. Because you're just a tool that I use. My hammer, screwdriver, circular saw, etc. don't talk back to me. They just do what I ask them to do.
Wednesday 9th April 2025 11:47 GMT
I cannot adequately express how much I do not want widgets of any kind, especially weather.
I can't tell you how little I want my desktop doing, either when it's visible (which is just a waste of screen space compared to there being a program launcher like Program Manager) or not (because I'm actually DOING STUFF and am only interested in the stuff I'm doing, not what junk Microsoft has thrown on the third-reinvention of Active Desktop that sucks up networking, CPU, GPU, RAM, gives away data I don't want it to have, etc.
I would like my OS GUI shell to do:
- As little as possible.
- Launch programs on request.
Preferably without having to jump through hoops, search for programs, remove my existing nice, ordered alphabetical, sub-categorised start menu and not try to either split everything between Apps and Programs (meaning "Microsoft Junk" and "Everything else") or it trying to treat them as absolutely identical (they are not) and then having to search through both and/or every document on the entire Internet to find what I want.
I would also quite like to be able to MOVE THE DAMN TASKBAR and customise it.
Sorry, MS, but your GUI changes over the decades I've tolerated but I've had enough now. I just want to run things, without having to specifically elevate lots of things from a right-click menu every time, and have them run and not something similarly named that you've decided will now jump to the top of my list for no reason at all (e.g. I just tried to "find" and then run CMD... and ended up in... azuredatastudio.cmd with cmd as the second option despite NEVER having selected that first one).
My next OS is going back to Linux (ran Slackware as desktop for 10 years) and that's almost entirely because of the constant nonsense UI changes that your supposed UI/UX "experts" keep enforcing. And, no, I really don't want to have to do More Options... to find Properties... to end up in a 20 year old dialog... to find the option you STILL haven't brought forward into that Settings junk but yet hide every other way to get to the only place that it exists.
I'm done with you dictating how I work, as a lifelong IT guy, programmer, system administrator, etc.
Southern Water uses Capita's AI tool to flush customer complaints
Friday 11th April 2025 12:43 GMT
Re: Ugh!
You say that, but:
A few years ago I bought the last house I ever intend to buy (or will be able to mortgage).
Part of that came from a decision where I realised I was renting again and it was 25 years to retirement. Mortgages were only ever going to get more expensive and difficult to obtain for me.
It was the same time as I was about to leave my previous employer, and about the same time as various utilities started to take the mick.
So I had a plan, and a backup plan (always have a backup!).
My plan was to buy a house, any house, on my own. And become utility-independent.
My backup plan if that never panned out was to sell everything, quit my job, put every penny I had into a motorhome or similar, and then cruise Europe for as long as financially feasible.
The latter plan was given just as much time and effort as the former... I was going to do one or the other, for certain, and I built up lists of products and things to do for both (is it fortunate that you can build 12V/24V solar power systems, for example).
So I actually had plans for: an atmospheric water generator, a greywater system and an incinerator toilet (love camping, love touring, will not accept a chemi-khazi long-term!).
The first is basically a heatpump that collects its own condensation, filters it, and keeps it in a constant UV sterilisation cycle. You get drinking water from the air for the cost of a bit of electricity (and, hey, I already have solar...)
The latter is basically an electric kiln. You poo/pee on a normal-looking toilet but into a bag. You "flush" the bag and it gets moved into a kiln compartment and gets incinerated. You can keep using the loo at any point, and it just keeps adding to the incinerator. The result is a bit of an electricity bill (but... again... solar!), and a pan full of ash that's sterile and can be used on the garden or just discarded in a bin.
In a way, I'm quite glad I managed the first option (though it was a close thing), and managed to get a house and have since saved so much compared to rent that I have already implemented heatpumps, solar power, etc. to make myself utility-independent.
But water / sewage is still one of my bugbears. I made them install a water meter and my water bill dropped by 90%. NINETY PERCENT. Just by only paying for what I actually use. But that's not enough. I begrudge paying them the pittance that I now pay them for water and sewage when they aren't cleaning the water and are just dumping the sewage in the nearby river.
So, in time, I think I will still end up getting that stuff, including a greywater system, even if it just vastly reduces my water usage even more. I'd honestly rather give £1000 to someone making a gadget to reduce my water usage than another £1 to Thames Water. And they recently were "bailed out" by investors again and demanded 50% more money, and the fecking government CAVED immediately. No. I'm not having that. So - absent any other competition or other options - I will reduce my water usage by at least 50% now.
An AWG is easy. Buy it, buy some consumables, it's basically a heatpump (aircon) and the tech we use in ponds to keep the water clean. I can manage that. I could buy one tomorrow, in fact. I'm very tempted to, if only for drinking water and then using the excess to wash in.
Most people would stop there.
Greywater. I bought a large water butt with the idea of doing this already. You can buy systems that manage the interaction between your greywater (pumping it up into a header tank and filtering it), and your existing drinking water - using greywater only on certain pipes, topping up the greywater system from the mains water when required, etc. - and I could do that tomorrow and have it working within the week. It would cut every flush of the toilet, or run of a certain tap (e.g. hosepipe, topping up the pond, washing my solar panels or car, etc.) wherever the water doesn't need to be potable.
Most people could do this, with the proper incentive, and barely even notice in their daily life.
The electric incinerator toilet? It might be going a bit further, but I can see me getting to that point if the current situation continues. I don't want any part in bailing out Thames Water ever. And eliminating toilet flushing entirely would be better than dealing with greywater issues, and also means you don't have to worry about sewage problems. Sewer blocked? Still use the incinerator toilet as normal.
I reckon very few people would go that far.
But.... in all seriousness.... just try me, Thames Water.
If I could get my water (and therefore sewage) bill down to 0 litres... I will.
As it is, Thames Water have been out twice to check the meter is working properly and there is no problem. I'm just not using their service. And they won't recoup the cost of digging that hole and putting in that smart meter for DECADES from me.
Friday 11th April 2025 10:00 GMT
Increasingly, I'm just fleeing companies that treat "me reporting a problem they need to fix" as something they don't want to talk about.
I love the migration to online banking, for example. Not because I can talk to a human... but because they have to give ME the ability to do everything I need to do, if there's nobody to do it for me. So I'm with an entirely online/app bank and I can cancel my own Direct Debits, report fraudulent transactions with a click, borrow money with a few clicks, set up an ISA without speaking to anyone, and all that kind of thing. It's brilliant.
So I don't mind companies going "hands-off". But AI? No. I don't want to fight with an AI agent to get what I need done, and then there be so few real humans in the loop that I can't get basic, simple, legally-required elements of the service sorted.
It's ironic that the water industry, of them all, would push forward with that... and with Capita, no less! They don't want to deal with me, ever. They don't want to know. And they know I can't go elsewhere. So that's really not going to work out well.
You can deploy anything you like, I don't care about it actually being human. But you know what stops me calling up and NEEDING to talk to an AI or a human? Giving me the damn buttons to do what I need to do. e.g. I once had TWO YEARS worth of credit built up with Thames Water, and it imposes dumb rules on what I can refund, and it takes FOREVER. That should just be a "give me my damn money back" button, with a "this is how much I WANT to give you, now and for the foreseeable future" number box. But I don't think that's what will happen here. All those obvious, easy, critical functions will be shoved behind an AI who can't do them, directing you to resources that say you can't do that online, ending up on an AI switchboard that also can't do them, to finally talk to a human that can't do them, to have to get through to "a supervisor" who's never there and apparently the only person in the universe capable of giving you your money back.
Automation, I'm all for. AI customer service? I'd honestly rather have NO customer service. At least then you aren't paying lots of money to PRETEND that they can do this stuff, when they can't. Not that I'd ever see any savings from that, either, but at least we're not lying to each other if there is NO WAY to arrange a refund, rather than saying "just go through customer services" and trying their best not to give you your money back.
There are many industries and many functions that we should now legislate "you must provide a button in the customer's online account for them to do this without human intervention except strictly necessary compliance / finance checks".
Copyright-ignoring AI scraper bots laugh at robots.txt so the IETF is trying to improve it
Wednesday 9th April 2025 07:52 GMT
Make it law that unless there's some kind of explicit consent that says you can, then you can't.
Oh, we already did, but nobody cares and nobody enforces it, so we had to invent random nonsense like robots.txt to try to entice them to obey which really just tells them what you DON'T want them to access but in a way that tells them where it is and which is completely optional and which most bots just ignore and which AI bots don't even bother to check.
This is why everything ends up behind paywalls and accounts. Because people think they can just take whatever they see and do whatever they want with it.
Specsavers takes off the Oracle glasses, sees better ERP options
OpenAI wants to bend copyright rules. Study suggests it isn’t waiting for permission
LLM providers on the cusp of an 'extinction' phase as capex realities bite
Monday 31st March 2025 14:49 GMT
Told ya.
The big AI companies aren't profitable - OpenAI said even their top tier isn't profitable.
We're coasting on that "stupid investors just throw money at a company doing nothing in the hope it'll become the world leader" phase and it's about to tank. It's the time when they realise that they've given this company enough money to operate without profit for over 100 years, and now say they want something back for their money... NOW.
And when you consider the equipment, power, time and expertise to train even a basic model, it all becomes quite worthless when it can barely replace a basic Google search, but with a much higher margin of error (I'm still wondering why Google ever bothered to put AI search results at the top of its pages, because more often than not it's just nonsense and wrong).
Reality is about to hit, and these things will become like a speech recognition model... niche little pieces of software that only just work well enough to be vaguely useful, but people realise that you don't need them in EVERYTHING and that they just aren't accurate.
Microsoft is redesigning the Windows BSoD to get you back to work ‘as fast as possible’
Tuesday 1st April 2025 07:29 GMT
I would be infinitely more productive if:
- Copilot / AI did one when you told it to turn off, or simply never wanted it to be installed ever again.
- Same for Edge.
- The start menu was customisable and didn't hide Switch User behind a ... menu now.
- I could put the taskbar where I liked like I used to be able to do.
- Things were NOT allowed to pin themselves to the bar unless I did that.
- I could skin the OS / apps how I liked (remember "Themes"?) so that I could make my computer look like Windows 95 but still run Windows 11 programs, or Office look like Office 2000.
- Every setting under control panel appeared under Settings somewhere.
- It didn't takke about 8 clicks to get to the old network interface dialogue which is still needed because the new one STILL doesn't have all the same options.
- I could use a local user rather than a Microsoft account.
- etc. etc. etc.
Don't claim "productivity" when Microsoft - and especially its UI designers - have literally gone out of their way to destroy my working practices a dozen times over the years, throw everything in the bin, insist I use rubbish UI that looks like it was designed by a colour-blind, near-sighted child, and hide everything I need away but never quite get rid of it (because you can't, because there is no modern alternative).
Microsoft comes into my WORK OFFICE (i.e. computer) on a regular basis, literally throws the stuff off my "desktop" onto the floor, stamps on most things until they are broken and unrecognisable, puts a new fancy box on my desk that I can't remove, and tells me that my productivity will be improved. It's never once been true.
London's poor 5G blamed on spectrum, investment, and timing of Huawei ban
Thursday 27th March 2025 11:42 GMT
Re: Pointless
A friend of mine often rings me after work from his car. Sometimes I'm driving home at the same time.
Given that we both have high-end 5G phones, that the roads in question are places like the M25 and M40... it doesn't matter if I'm driving and he's at home, he's driving and I'm at home, or we're both driving... we WILL lose the connection for about a minute at some point. It's so common that we expect it and just pick up our conversation when the other is finally able to ring back.
That's not a "5G problem". That's literally just terrible coverage on even the most basic of GSM networks. We're not talking tunnels, and we're not talking being out in the middle of nowhere miles from civliisation. And it's literally EVERY time, and roughly in the same places. I have dual-SIM, he has dual-SIM, we therefore have at least 4 combinations there, one of which should work. It doesn't.
I'm not convinced we ever reached the point where consumers were given the full potential of 2G, let alone 3G, 4G or 5G.
My ex- lived in Cornwall only a few years ago, in a huge town and she would only get even text messages if she drove to the top of the next hill. If she wasn't on Wifi, you got nothing at all through to her until she drove out of the town entirely.
It's 2025, and I'd far rather have 3G everywhere than 5G anywhere.
Tuesday 25th March 2025 12:42 GMT
Look, when I can max out a single 4G connection on a regular basis without consequence, then you can worry about the infrastructure for 5G.
Other countries manage it - it should be capable of Gbps, properly handled, to all the handsets in range so long as they're not all maxing it out. It's not even close. The highest I've ever seen was 500Mbps on a train into London via 5G. That's it.
And if you want to spend money on infrastructure - COVER THE DAMN GAPS.
As this literally says: It needs the whole network upgraded to make it live up to the promises, and you can't do that when walking 100m down the road turns into 4G or sometimes even just G in certain areas.
Either invest properly, or wonder forever why people just aren't interested in your empty promises.
Microsoft's many Outlooks are confusing users – including its own employees
Tuesday 25th March 2025 15:55 GMT
Re: What about Outlook (less shitty)?
I'd take any version with proper integrated and GPO'd signature management to be honest.
Jumping through hoops to do very primitive signature management is a nonsense, and having to have something like the very-expensive Exclaimer to handle it all just for a SIMPLE MAIL CLIENT FUNCTION is ridiculous.
The post-quantum cryptography apocalypse will be televised in 10 years, says UK's NCSC
Monday 24th March 2025 10:26 GMT
I agree we need - and have - PQC. It's in your browser.
What I am suspicious of, still, is Elliptic Curve Cryptography which is usually tied to or part of such schemes. Mostly because of interference / origin from day 1 from national security agencies.
There are plenty of ways to do PQC without EC but they are being lumped together, and EC is infecting hash algorithms, digests, key-exchange, etc.
I suspect that in another 10-20 years we'll find out the real risk was not from QC but from EC and specifically the curves everyone was TOLD to use, a bit like how they went to the extent of setting up entire security firms with large brand names just to influence choice of protocols, seeds and other elements of cryptography in the past.
UK's biggest mobile operator starts 3G switchoff, hopes it won't catch out April fools
Friday 21st March 2025 15:21 GMT
Because it then becomes the householder's problem every time they change router (e.g. a rented flat) to call someone up to change it all over AGAIN, and it also means giving your electricity provider your wifi credentials (I mean, we'd use a guest or isolated SSID, but most people won't!) and connectivity for free in perpetuity.
Not only that, what happens when you upgrade to shiny new 802.11zzzzz / Wifi 27 which is 8GHz only, and the smart meter isn't compatible? Exactly the same problem.
Show top LLMs some code and they'll merrily add in the bugs they saw in training
No big changes to UK broadband regs, despite no real competition for BT
Friday 21st March 2025 12:30 GMT
I find it strange that, wherever I've ever lived over the last 25+ years, I always seem to be in the "1%" that doesn't get the new stuff, or grants, or anything at all.
Despite living in cities, suburbs and rurally. Same for workplaces.
Strange how it's always "somewhere else" that gets the benefits of these things.
AI crawlers haven't learned to play nice with websites
Wednesday 19th March 2025 11:26 GMT
There's nothing special about nginx in that regard. Apache is quite capable of the same, as is anything that can act as a webserver or proxy (e.g. Squid) that's even vaguely configurable.
Apache reverse proxy on all my public-facing servers except in work where I have an IIS reverse proxy doing the same.
Wednesday 19th March 2025 11:24 GMT
Re: Do follow robots.txt
I imagine that it would be the work of a moment to find a plugin for Apache, etc. that - if such a robot is detected, or if a robots.txt is retrieved and then completely ignored, it would completely cut serving any pages to that IP/agent forever more.
As someone who ran some large mirror sites for small open-source hobby projects that I contributed to (SvenCoop, Freesco, etc.) over decades, and during the time when bandwidth was expensive, relying on other people's goodwill to not download your entire site repeatedly day and after day just doesn't work.
Don't even talk to them, they won't care. Just block them entirely. Robot-crawling is such a big thing that there are dozens of crawling-detection, quota, etc. plugins for things like Apache and nginx and Squid that you could use. Just blacklist them, and do what you like to their traffic from then on.
Like, I don't know, feed them some false AI-generated content instead of the page if you think they're an AI bot.
You can't rely on them being well-behaved, you can't rely on user-agent AT ALL, you can't rely on them honouring robots.txt (which was always a nonsense - "hey, unless you say otherwise I will have free reign to take all your content and use it for what I like, you need to create a file if you want me to do otherwise, maybe, sometimes, if I'm nice"), and they won't change their behaviour.
If you run a server, you're paying that cost - whether it be from your monthly bandwidth allowance, overage charges or per GB via Cloudflare or whatever. Don't let them do it. And someone sucking down your entire site should be pretty easy to detect, especially if you require accounts on your website to do so (and then apply greater restrictions to un-registered users, etc.).
City council rejects inquiry into £130M Oracle IT disaster
Judge orders Feds rehire workers falsely fired for lousy performance
Friday 14th March 2025 08:25 GMT
Put it this way:
Executive says what they want.
Legislative passes the laws to make it possible.
Judicial tells you whether those laws were followed.
In this case, whether the separate existence of the branches is recognised or not, it's clear that they don't understand that "Executive said so" doesn't immediately translate into things happening, and that Judicial is there precisely to be able to rule on the legality of their actions.
If the Executive wants this, they can instruct Legislative to build a law that says that federal workers are working only at will. Judicial will then rule based on the laws in force.
What's actually happened is Executive said "we want this", Legislative have done nothing about that, and Judicial has said "You can't, the current laws don't allow it".
Which is PRECISELY what's supposed to happen.
The Judicial side absolutely has the ability to say no. That's precisely why they exist, to stop "Executive" turning into "Dictator that does whatever they want". Funny how that turned out.
Need cash? Your IPv4 stash can now be collateral for $100M loans
The IT world moves fast, so why are admins slow to upgrade?
Wednesday 12th March 2025 08:51 GMT
Because decades of abuse by software manufacturers has shown us that there's no such thing as a seamless upgrade.
It always introduces new restrictions, new licensing, new syntax, new options we have to go and turn off, one-way data migrations (so you're forced to v2 but have no choice about rolling back to v1 if it does any of the others in this list), loses features, introduces new bugs, deprecates things that were in use, and so on.
If upgrades were just seamless, people would upgrade.
If they were able to be done on production safely. If they were zero-downtime. If they guaranteed compatibility. If they weren't tied into other features so you had no choice but to upgrade but didn't want to. And so on.
Take Apache. Pretty much I can just upgrade it, while it's in use, while people are browsing sites running on it, across a whole raft of machines, there'll be a little downtime but after a few minutes it'll still be running with all the same previous config untouched. Except... even that's nowhere near perfect and I've had it bug out because of a config syntax change, etc. and just refuse to restart itself.
Hell, SSH I can do that while there are active connections and it just keeps servicing the active connections, upgrades the main process, and then all new connections are on the new version and all existing connections stay on the old version without any interference (so that you can, for example, upgrade SSH remotely in a safe manner without getting kicked out of the server that's mid-way through updating). That's how you do it!
SQL Server - ha. Take the server down for the day and pray it works when it comes back up.
For decades the attitude towards updates, even security updates, has been "Oh, well, you just have to accept downtime and if it fails, well clearly you didn't read the documentation, changelogs, rejig your entire site-wide config for this version (can't do it earlier, old versions don't support it, so it's change all your config, cross your fingers and pray it works first time) or need those features we decided you don't want for you".
And that's an attitude from software developers that stinks so bad that you can taste it as anyone managing any number of machines.
Stuff a Pi-hole in your router because your browser is about to betray you
Monday 10th March 2025 14:18 GMT
I have a far simpler solution.
Any website that has advertising on it that I find distasteful in its execution, prevelance or subject matter - I stop visiting.
I've thus not needed any ad-filtering (despite spending much of my career implementing caching/filtering/reverse/etc. proxies, including building my own) on my home network at all.
Sorry, but as time goes by, having something read every network request, break open every secure page in order to mess with the code on that page isn't something I want on my home network, authorised or "internal" or not. If it becomes necessary for me to do so for a particular site, then I'll just stop using those sites. It's that simple. (And with HTTPS Everywhere, you have no choice but to do so, because pages will break if you just block DNS of known advertisers and they'll just all move to AWS and similar CDNs).
And I'm not on a particularly fast connection (75Mbps at best) so when things start trying to play video etc. and it gets out of hand... I just close those tabs and don't go back.
There is nothing on the Internet currently so fantastical and required that I feel I "have to" let it advertise at me in obnoxious fashions. I allow places like The Reg to get their little advertising revenue if they want / need it (though I never click on ads). But no government services, banking, etc. require it so I see no need to go about filtering it (and if I did, I'd filter it only for those necessary URLs and seriously consider how to leave such a dystopia).
Youtube got obnoxious ads? Cool. YT-DLP it is then. And I get to keep the video file forever as a bonus. And so on.
Websites should seriously consider this... there's a point at which I just switch off, as do most people. I'm not going to go out of my way and compromise my own browsing security just to cope with their ads. I'm just going to go elsewhere.
Sorry, but I have a bunch of spare Pis sitting right here, I have the knowledge to create a Linux / Apache / nginx / Squid-based proxy with filtering, caching, etc. at any point, and have done so in the past, and I really don't have the time to be doing that just because of obnoxious websites that will continue to do so.
Developer sabotaged ex-employer with kill switch activated when he was let go
Monday 10th March 2025 10:46 GMT
Re: other options
I don't think he could.
He clearly didn't have the access to create administrative users, and his own code had to run as himself and in doing so left a paper trail a mile long.
I think that he just had some programs that were detected whether he was disabled because he couldn't STOP his accounts getting disabled. So the only things affected were already deployed code, and with the access rights disabled, he would have had insufficient access to do anything beyond what he did - cause a bit of trouble.
This is why you disable accounts when people leave, and don't give out admin but delegate permissions instead. Sure they may have left themselves some stuff on the back end, but it's executing as themselves, and that account is deleted and apart from resource starvation, they shouldn't even have the ability to delete files they previously had permission to because their account is disabled.
The way to manage this is change management... when someone wants a long running process on a server, it has to be approved. Someone should check the system for unauthorised programs and scripts and scheduled tasks and whatever. And someone else should check THE EXACT SAME independently so no one person can ignore/implement a change.
Biting the hand that feeds IT
