* Posts by chrismeggs

34 publicly visible posts • joined 27 Mar 2013

Just when you thought it was safe to go ahead with microservices... along comes serverless


Re: Is it just me ?

I am old and not ashamed. To me, an API is the process by which information or requests for action is conducted over an interface. Usually, the interface is defined by an Interface Control Definition. ICDs are not as rigorously defined as they are meant to be and should exist at all (seven) ISO levels. They should not dictate the behaviour of the systems at each end, in fact one of the ICDs virtues is its ability to isolate one system's changes from another. I am old and not ashamed and have forgotten the question.

That microchipped e-passport you've got? US border cops still can't verify the data in it


Re: Does not confuse

Of course it's useless- the possession of a document is and always has been only one of the three authentication requirements. Even so, this relies on the border officer comparing the photograph with the person in front of him. This is an action that is not proved as having been done. How do we identify an individual? Name or appearance? How about an intrinsic biometrics? In which case, we don't need a piece of paper issued by an authority based on a series of easily forged breeder documents.

Nest's slick IoT burglar alarm catches crooks... while it eyes your wallet


Trojan Nest

Slowly marching to the abyss, yes, bring it in, switch it on, hook up your appliances, let it connect to wi-Fi, improve interface by installing a microphone, I mean speaker interface.

Just how are HMRC’s IT systems going to cope with Brexit?


Re: Simplify?

Of course!

A bit like, er, well.....

Universal credits.

SAP point-of-sale systems were totally hackable with $25 kit


Foot: shooting of one's own

Stepping back and scanning the horizon - what can we see? Precious little onion approach to layering security and the obvious ones : using a bank account number or any other extrinsic part of the "what he knows" information or requiring persistent and continuous authentication.

Ubuntu 'weaponised' to cure NHS of its addiction to Microsoft Windows


Smart? Cards

Educate me please!

Since when has the possession of a token proved the continuous identity of the holder? Surely we should be heading towards a biometric possession that continuously identifies the holder?

RBS and Natwest online banking goes titsup


Bank on this

As far as I can recall, none of the recent stream of operational features involves an actual bug with a real financial service, mortgage, debit payment, savings account. The features seem to reside in the bulk move or access to large splurges of data. This points much more to data management than it does to financial execution.

I will reiterate my call to remove bulk data management from the banks. Allow them access still, but take care of storage in an operation that has consistently demonstrated its ability to handle this kind of stuff. Expertly. Without failure. Cheaply.

Junk your IT. Now. Before it drags you under


Another symptom of the IT-embracing "user" is that their requirements are versed in as much of a system specification as a requirement. Compounded by the tendency of lazy requirements analysts and solution architects to readily grab work done for them. Example conversation would go like this:

User - a need a report.

Analyst - showing what?

User - sales by region by week.

And so it is born. The User consumes the report, scans it to find the average sales and those entries showing sales by region that are more than two standard deviations away from the average. It then lies on the floor to prop open the door. What went wrong here? You will all have your pet theories. Here's mine: the User wanted to appear IT-savvy; the analyst recognised the language and copied the "requirement" down verbatim. What should have happened? Well, maybe the Analyst should have asked WHY the User needed the report. The Solution Analyst should have posited that an exception report may be more consumer-friendly, that it may be useful for salesmen to be able to interrogate their performance DURING an accounting...... Etc etc ad nauseum.

Insurance companies must start buying security companies


And now, Banks!

It is to be applauded that the insurers of this world have at least a decade or so to claw desperately back from the cataclysmic edge of total systems failure, and even more so if, in the process, they recognise that they MAY not be the country experts in IT.

Now, is it too late to get the banking fraternity to make the same self discovery?

We hope not.

Here's your Linux-booting PS4, says fail0verflow



I am personally incensed that I am unable to boot this on my Hollerith! V M? I don't think so!

NatWest and RBS' mobile banking apps go TITSUP


It's not just that banks shouldn't do IT. They shouldn't do half the application stuff either. There is no reason that a bank should follow basic accountancy, the keeping of several general ledgers that we call accounts. They shouldn't do the accountancy, they shouldn't hold the databases. They should offer banking as a service.


Banks should do bank stuff. There are other providers of IT services, who incidentally do not offer financial services.

Microsoft comes right out and says backup software is dead


Cloud, schmo id

Excuse my ignorance and general lack of awareness. This Cloud business has me confused. For a start, I believe that the cloud is really all the internet was supposed to be in the first place, but has been a long time coming to the show.

Granted, the entangled mess of backup systems today only serves to decrease the appetite to use them - a one click backup to storage no matter what the medium is certainly an attractive alternative. But the one thing a cloud solution will NOT address is the willingness of operations management to exercise their backup/restore on a regular and frequent basis. Try scheduling a cold metal restart anywhere right now. You will be laughed out of court and demoted by revenue earning projects. Even a token exercise in wiper-production is a virtual impossibility these days, yes, even virtual.

What would be needed for any tight and comprehensive set of requirements would be a demonstration of restart capability, but I suspect blood runs cold when this is suggested. It simply is not on for one or more of our major financial line-of-business applications to be out for days and recovered over the course of a month, running crippled in the interim.

A usual, the technology is bent to provide for a user deficiency. Let's get, the cart before the horse, shall we and state what we want when we are asked. Expensive? Maybe, how expensive is the reputation all risk that associates failure?

Whitehall at war: Govt’s webocrats trash vital digital VAT site



It would be a cynical whistleblower who asked which major consultancy promotes GDS and uses it to horn in on other suppliers projects.

'Identity skills shortage' will be problematic for Verify ID. (So not the TECH FAILS, then?)


Re: Centralisation?

To allow the service to which you are connected access yo a database soloed by another service.


Re: Centralisation?

I believe the objective is for the service to which you have logged on could gain access to information held in another service's soloed database, thus obviating the need for you yo continually log out and in to complete your task, or remember a whole raft go login information.



Man and machines

While I accept the main thrust of this argument, I believe that we are gazing down the wrong end of the telescope.

It is arguable that machines will get or develop the initiative to start the governing process going, although here set Chasm Management we have developed apps that fire up on machine start and "discover" their role in a network and register themselves accordingly.

My major concern is the nibbling away that is being done on the intimate man/machine boundary closer to home.

We now have a digital music system that is comparable, and often beats, it's analogue competitor. Similarly with photographs and movies. It is then relatively easy to modify or create from scratch, these digital files and then present them to the human who cannot detect them from objects captured from real life. Google glass allows us to interrupt the channel between objects and their reception or analysis in the human brain.

We could, could, end up simply being carbon-based analogue processors of whatever "facts" the machine wishes us to.

Now, of course, if you link this scenario with the one expressed above, where those wishes are decided by arbitrary sets of rules or constraints we have imposed on the decision makers then I can go all the way to support the main thrust of the article.

Ask not for whom the bit flips.

Pitchforks at dawn! UK gov's Verify ID service fail to verify ID


*rs* About face

I really don't want or need this service.

I can envisage one corporation wanting to verify the "correctness" of anothe corporation wanting to communicate with them. I can equally envisage the requirement for the identity exchange to allow rich data to be exchanged, such as credit rating or the organisation's compliance with various standards, eg ISO270001.

What I Do want is not to have to identify myself to an organisation calling me at an inconvenient time, asking me to confirm shared secret information - to whom am I divulging this "secret" information? The corporation has my phone number and has called me, of course i concede there may more than me at the house they have found.

More to the point, how do I know that they are who they say they are? Why cant my phone have a display to indicatethe corporations verified identity?

Dead pilot named in tragic Virgin Galactic spaceship crash



I expect that the theorists are champing at the bit with this one!

What will any self respecting theory include?

NASAs lack of credible power units for ISS support and maintenance

USs lack of power to deliver warfare ordinance

Virgins use of Russian power units that it may be able to "give"to the US and NASA.

Prospect of the US relying on Russian technology to fight its war against, er, Russia

Too much money and too big outcomes to allow anything normal to happen without someone lining their trousers.

Cynical? Moi?

Greedy datagrabs, crap security will KILL the Internet of Thingies


Sounds good to me

I see nothing wrong here. We already have pictures and movies that are not analogue but digital, with sufficient precision that we cannot tell that they are binary - the human eye/brain is fooled by those 12 frames a second. Audio is the same, except for those self-delusional so who rate CD records as less "real" than vinyl. I believe that we will soon live in a world divorced from reality and provided by digital I/O.

Now, if we configure each "Thing"in our IoT with a set of limit values for certain actions, then in a while we will end up surprised when the internet decides that we need to do action a rather than action b based on previous experience, bid data analysis of recent trends or how many beers I have extracted from that fridge. Do I want? No way. Not my circus, not my monkeys.

Pixel mania: Apple 27-inch iMac with 5K Retina display


Well, 'Nuff said.....,

Except, of course, the detestable use of the phrase "value for money"!

Define value. I would it as satisfaction per unit cost.

In which case, we end up with satisfaction per unit cost per money. Not the English what I wrote.

More Home Office and MoJ jobs could move abroad, union warns



As a contractor, I am used to havng my CV inspected. References are taken.

Who on earth in the government did the same with this supplier and actually inspected their track record? And, if they did, how could they on earth reappoint them?

Programming Office 365: Hands On with Microsoft's new APIs


Straight out of the box, all this and more....

Memories from an old Notes user.

Microsoft fitness bands slapped on wrists: All YOUR HEALTH DATA are BELONG TO US


Big brother?

Oh, I know, but someone has yo say it.

How long would it be before life insurance schemes, credit agents and the like demand so many months wearable monitoring history before they advance services?

Not a government Big Brother, that's for sure, but an effective barrier to the great British public.

What could possibly go wrong? Banks could provide ID assurance for Gov.UK – report


Difficulty in obtaining....

A bank account is, IMHO, nearly as difficult as getting a passport, but it is also a prerequisite. The breeder document for all this is the birth certificate and even that is less prone to fraud since the inclusion of the Elvis database to eliminate Day of the Jackal type occurrences.

As far as trusting the banks, this falls into two spheres for me, one the process - do I trust their KYC? - and their processing security - do I trust their operations? I do trust the process and now that the majority of their processing is or can be outsourced, I am beginning to trust their security.

Any trust model built on multiple sources, the federated model do instance, will be inherently more secure than a stand alone model, but difficult to establish and operate unless the banks and other financial institutions have a joint regulation construct, perhaps like the Payment Council for example.

Apple, FBI: YES we're, er, looking into the NAKED CELEBRITY PICS. Aren't you?


Re: @big_D

Used extensively on Lotus Notes logins I believe.

Distributed Linux OS wizards CoreOS release first commercial product



Certainly ticks my boxes, if not for this initial release, but for the implied direction. One to watch.

Snowden to warn Brits on Xmas telly: Your children will NEVER have privacy


I am new to this group. I joined to enlarge my comprehension, scope and depth of the problems at hand.

This conversation thread has done none of those things, it has in fact made me wonder whether I could ever get that from a group with people like these contributors as it's members.

Please stop.


We'll build Elon Musk's Hyperloop ... if you lob us ONE-MEELLION dollars


Re: @Pierre Castille - No Chance in Hell

@Pierre: right on the money about getting to the terminal and so on.

When will people step back and look at the whole picture, from the consumers point of view.

Years ago, I used to have to travel beTween Toronto and Montreal for a day, getting in early and returning late at night. Did I want to cab it to the out of town airport, fly or overnight in an expensive hotel and red eye in the neXt morning?

NO WAY! I used to take the overnight train, an old fashioned transport device that even pulled over to let frIeght trains pass, snug in my bed center down town to centre downtown complete with a cocktail bar!

Cheaper, more convenient and so, so old fashioned and low tech.

Lessons need to be learned here.

The Raspberry Pi: Is it REALLY the saviour of British computing?


Re: Mind your language

I don't believe the language is the issue. My offspring now flip readily between Python, C, C++ and Java. But they have struggled with database concepts, OO constructs and so on, these are the real lessons.

I set my youngest a few "tests" which he struggled with but then aced a bubble sort in a few seconds flat! -How?, he admitted copying it off the net, and I knew my job was finally done! Yes, he had to Explain it to me line by line, but that was an exercise that taught us both a lot.

Next up we are building a four-Pi network with a db server, DNS server, Sharepoint server and so on - a lot of Unix scripts and more reboots than a Windows install, but what a sense of satisfaction.

It's NOT an iPad - but that's FINE: I learned to LOVE Microsoft's Surface 2


Re: vexabibulus is a word

Good Lord!

Thank you so much for naming my condition. This won't stop me annoying guests and hosts as I rearrange their intimate bathroom setups, but now I can excuse it as a (perhaps medically?) recognised feature.

Send dosh (insecurely) via email, Jack Dorsey's Square tells punters


Oh Dear!

Now we have confused the transport mechanism with the security model.

Everything the article says and implies about SMTP security may be true, but what IS true is that a person's e-mail address may be as unique as their mobile number. If this is the case, then it can indeed be used as a to ken key to their bank account sort and account number. Of course, an e-mail address is more open and accessible in the public domain than a mobile number, but the required security may have to be introduced at the KYC point, in this case, as usual, the bank or account holder's issuer.

This conversation probably leads to one about LIABILITY, about which I have strong and controversial views, published elsewhere.

IBM socialises Notes mail to stop your yammering


Build it and they will come...

Many years ago in Canada, I was leading a move off mainframe to Windows Client/Server and they wanted an e-mail in the target platform. against stiff competition, we installed BeyondMail and made its application the default desktop. When firing up the machine, Notes came alive and did a quick run round the email folders, each housing a piece of work in a certain flow state. Clicking each "to-do" mail item launched an app to deal with it - a simple mail enabled workflow.

The client was delighted with it and, until Banyan Vines bought BeyondMail and ruined it the same way as IBM did with Notes, they stuck with it.

Plus ca change....

iPads in education: Not actually evil, but pretty close


ipads in edukashun

Sounds like a long preamble to a Pi-based plug. which is cheap and programmable and british and small and grey or black or any other colour you want.