* Posts by Warm Braw

3354 publicly visible posts • joined 6 Sep 2013

Give put-upon infosec bods professional recognition to keep them working for you, says chartered institute

Warm Braw

I worked with plenty of people who have loads of certifications

I still get phoned up by some of them asking questions which are often quite spectacularly disconnected from How Things WorkTM. I've also accompanied a number on jobs to help translate actual technology into concepts they recognise.

But I'd hate to spend most of my life writing volumes of procedures and policies or auditing firewall rules or whatever most of these people have to do to earn a crust. If they want a few letters after their names in exchange for slogging on, then it's hard to begrudge them it, because, in reality, these things have to be done.

Netflix sued by South Korean ISP after Squid Game fans swell traffic to '1.2Tbps'

Warm Braw

Re: Looks like the ISP wants 2 bites of the cherry

It's more like the on-line retail model: use your scale to create attractive headline prices for product while screwing the delivery chain.

Although it's easier to feel sorry for Amazon delivery drivers than it is for ISP businesses, the same forces are at work. In the end, it isn't going to be great for the consumer because if competitive pressure makes it difficult for ISPs to provide the necessary investment, you'll simply end up with fewer ISPs with a greater ability to push back. And higher prices.

Xero, Slack suffer outages just as Let's Encrypt root cert expiry downs other websites, services

Warm Braw

However, it has neatly highlighted yet another now-vital part of the infrastructure of the Internet that is both poorly understood by many of its users and entirely dependant on corporate sponsorship for its continued operation.

It's all a bit precarious.

Got enterprise workstations and hope to run Windows 11? Survey says: You lose. Over half the gear's not fit for it

Warm Braw

Re: "well over half of surveyed workstations didn't make the cut"

Do I hear a massive sigh of relief?

AWS Lambda was already serverless, now it can be x86-less too

Warm Braw

Re: Serverless?

Use cases have even been documented on this very site.

As have abuse cases.

UK government isn't keeping track of the risk posed by legacy systems, says Central Digital and Data Office

Warm Braw

Systems implicated in an underpayment of state pensions

The problem here is not the existence of "legacy systems", it's the disconnect between policy-making and implementation.

Governments are constantly changing the "business rules" for cases going forward, whilst grandfathering existing cases, without giving any thought as to how they will be administered. This typically means it's uneconomic to reimplement systems (because you'd have to duplicate all the existing rules despite them being phased out) and there isn't really a business case for future cases because the initial numbers will be dwarfed by legacy cases. Give it a couple of parliaments and most of the calculations are being done manually.

There could well be several dozen ministers passing through office during the lifetime of a computer system and unfortunately they don't really seem to want to face their transience and plan accordingly.

Metro Bank techies placed at risk of redundancy, severance terms criticised

Warm Braw

Re: Agile isn't nebulous

it is a term very often used incorrectly

Never a good sign that your manifesto is gaining traction.

Agile, as widely practised (relatively short development cycle, only high-level design, small and discrete functional units) is fine for projects that are susceptible to that way of working - for example incrementally-changing UIs that are basically shuffling data between the screen and JSON talking to incrementally-changing back-ends shuffling JSON over an API in and out of a data store. It's probably fine for your average online banking system.

The trouble is that average online banking systems are ten-a-penny. There are loads of "disruptive" fin-tech outfits with very similar online platforms desperate to get their customers to pay over the odds for "premium" features they don't actually seem to want. It would probably make more sense for Metro just to buy one of them.

Though, in truth, they have other problems.

CutefishOS: Unix-y development model? Check. macOS aesthetic? Check (if you like that sort of thing)

Warm Braw

Re: Which do you choose a hard or soft option?

The other great thing about Linux is that you can be sure that, if some developer had just run afoul of Apple or Google's App Store rules, there'd be a post praising the lack of a Walled Garden and the benefits of your absolute freedom to install the software of your choice.

So many distributions, so many opinions, so many rough edges...

Having said that, the Linux desktop has come a long way and Windows seems to be regressing at ever-increasing speed and, even for the casual user, there's probably not a lot to choose between them on an actual desktop. The Linux laptop experience is still rather vendor-dependent - I put up with tearing video and a lack of support for the inbuilt microphone array and finger-print reader on mine. And the fact that the workarounds for the buggy WiFi hardware aren't quite as slick as the Windows workarounds. I can imagine others might not be as accommodating.

Nothing works any more. Who decided that redundant systems should become redundant?

Warm Braw

One surplus slash

You should probably keep those to a minimum until you've got your nether regions under better control.

DORA explorers see pandemic boost in numbers of 'elite' DevOps performers

Warm Braw

Re: Dup?

Just wait until El Reg adopts JournOps - they'll be reposting each article 50 times a day - with no indication of what has changed...

An easier way to Flutter? Custom functions improve visual code builder but devs may still be frustrated

Warm Braw

It is easy to pick holes in the platform

$30 per month for the additional ability to download code and APKs; and $70 per month to add custom APIs, GitHub integration, which updates a repository when code is modified, iOS deployment, and management of Firebase content.

It would be churlish to pick holes given that it already seems to have shot itself in the foot.

Apps are extremely expensive to build, the median cost is I believe $100,000.

If that were true (and "I believe" seems to be doing a lot of work in that sentence), the proportion of the $100k that involves work that can be substituted by dragging and dropping some components in a browser-based IDE will be relatively small. I believe.

This is your final warning to re-certify, Red Hat tells tardy sysadmins

Warm Braw

Re: If and only if ...

There's another issue here, too, which is that expensive certification is a barrier to competition: if people are heavily invested in a particular manufacturer, there's a strong incentive to stick with them and you get to the point where businesses are buying Product X because it's easy to find staff with X knowledge.

It also adds to a myth of sophistication: if Product X requires a training course, but product Y requires only that you read some documentation, it can be used to imply that Product X must therefore be more capable.

If you can get away with it, though, it's a great way to get your customers to pay you to write your documentation.

Clegg on its face: Facebook turns to former UK deputy PM to fend off damaging headlines

Warm Braw

Re: Incapable or unwilling?

In that respect, I'd be interested to know if Clegg even knows what research has been conducted or is simply attaching his face to a statement prepared by the press office.

Apple's M1 MacBook screens are stunning – stunningly fragile and defective, that is, lawsuits allege

Warm Braw

Re: Relative fragility

Seems like there's sufficient bezel for the problem to be solved by sticking a couple of small rubber furniture feet either side of the display. Should only add £99.99 or so to the RRP.

Turing Award winner Barbara Liskov on CLU and why programming is still cool

Warm Braw

Re: mumbo jumbo

With default methods having now shown up in both Java and C# interfaces, the distinction is becoming increasingly difficult to discern.

I'm old enough for my early career to significantly pre-date C++, but I'm struck by the extent to which people who've been through college long after the advent of OOP can struggle with the basic concepts. I worry that programming has become "cool" in the same way as modern jazz: while many people acknowledge its intellectual rigour, few people actually understand it or want to listen to its practitioners.

Warm Braw

Re: mumbo jumbo

what you gonna do if you have an operation on several types that are hierarchically unrelated to each other

That's why C++ has multiple inheritance - and languages like java and C# have interfaces.

Most decent programmers were largely implementing the principles of object-oriented programming before it was a thing - the language features are just supposed to facilitate it. Unfortunately, it seems to have become radically theologised - though, as you imply, a number of its former adherents are now proselytes to FP: and there's no-one as devout as a convert...

Punchy Biden-lookalike grandad goes viral for fighting boxing gadget

Warm Braw

If you don't get your timing right you get whacked round the back of the head

I wonder who, in the middle of a game of swingball, got a tennis ball in the face and concluded there was too little jeopardy.

Microsoft does and doesn't require VMs to meet hardware requirements for Windows 11

Warm Braw

Re: Interesting link to the Photos App...

Microsoft appears to have positioned (consumer) Windows as a desktop substitute for Android/iOS and to have decided that the future of its development tools is on Linux.

Given that consumers in those circumstances will probably prefer iOS and that there's no obvious rationale for Windows Server in this picture, you do have to wonder if they've thought this through.

Sir Clive Sinclair: Personal computing pioneer missed out on being Britain's Steve Jobs

Warm Braw

Mine was an Acorn System 1 and I remember visiting their office while it was being finalised.

There was a clear difference in approach between Acorn (which had close ties to the University) and Sinclair: Acorn were very much the academic purists and Sinclair was very much aiming at the consumer market.

While Sinclair (I think rightly) gets credit for kick-starting the UK games market, Acorn morphed into ARM and I think it's interesting that Acorn's founders never quite captured the public imagination in the same way despite an arguably more enduring legacy.

Perhaps we all need to give more consideration to our wardrobe interiors...

How long till some drunkard puts a foot through one of BT's 'iconic, digital smart city communication hubs'?

Warm Braw

This is why you should never proofread your own work!

Warm Braw

The ones round my way are generally identifiable by a homeless person scrunched next to them in a sleeping bag charging his/her phone

Glad the drug dealers and hookers in your area are so public-spirited.

Forget that Loon's balloon burst, we just fired 700TB of laser broadband between two cities, says Alphabet

Warm Braw

Re: X

Probably fair to say, though, that this is as much of a fix for a political issue as a technical one. There have been plans for a bridge for at least 30 years which could carry comms as well as road and rail traffic.

While it's tempting to use technical fixes to work around such issues, politicians don't always like being cut out of the deal so it will be interesting to see whether/how this becomes commercialised.

RIP Sir Clive Sinclair: British home computer trailblazer dies aged 81

Warm Braw

Re: A one off

There's a great deal of information about his various products here.

I remember the hi-fi adverts, they were very slick.

He did have a genius for finding cheap solutions, though there were regrettably few occasions - the ZX80 being one - when the corner-cutting produced something that lived up to the publicity

I fear his passing marks the end of the 'British boffin'.

Computer and data scientists should be as highly regarded as 'warriors' says top UK cybergeneral

Warm Braw

More window dressing as specialist personnel get pushed out of posts

When the labour party recently made a bunch of people redundant, they asserted they could regroup with a product-mindset using agile ceremonies, be empowered to make decisions and encouraged to focus on rapid prototyping, deployment and iteration.

I imagine the same kind of "thinking" applies here. If we just replace the military with those IT types, we can strategise our "Epic" campaigns using our class-responsibility-collaboration cards and progress across the plains of Germany in weekly sprints, fuelled by an endless supply of free fruit and coffee.

I'm not sure it will really help if their advanced intelligence can tell them in great detail exactly when and where they're going to be blown to atoms.

BT Wholesale wants the channel to give SMBs a nudge before copper sunset in 2025

Warm Braw

Re: The reality is that it's happening now

It has nothing to do with the physical connection

It does when the existing physical connection is incapable of delivering a digital service of any kind. The end of analogue voice would in this location mean the end of voice.

Warm Braw

The reality is that it's happening now

The reality is that it isn't.

Around three months ago, I recounted the tale of a relative struggling to get FTTP installed and being thwarted by the suspect safety of a single pole that had recently been climbed by contractors. Most of the intervening time has consisted of further contractors being booked to remove a small amount of vegetation to enable a closer inspection of the said pole and the said contractors not appearing. The current position is that a "meaningful" status update might be forthcoming in 4 weeks. Whatever that means.

And since no end-user is a client of OpenReach, no-one awaiting an installation can speak to them, even to explain that the supposedly-complete job has not been done, and no-one can complain to them. And, of course, neither, directly, can BT - Chinese walls.

BT's clients can't be ready for 2025 if BT can't actually connect them even when an order has been accepted - and, frankly, it seems institutionally incompetent to do so.

It's all very well hailing their success of their hollow-core fibre trials, but it's no compensation for the hollow core at the heart of its service delivery.

It's now an interesting question as to whether 5G will arrive before the issue is resolved: it's going to be close.

Thousands of internet-connected databases contain high or critical CVEs, says report by cloud security biz

Warm Braw

On-premises databases tend to be more vulnerable

They seem to have a Cloud Data Security product nevertheless.

Bring back the good old days when a basement, a filing cabinet and a leopard (or threat thereof) was all you needed.

Linus Torvalds admits to 'self-inflicted damage' with -Werror as Linux 5.15 rc1 debuts

Warm Braw

Re: The warnings aren't always bad code

The issue (as has been alluded to above) is that we don't have a strong semantic definition of what constitutes a "warning". Warnings live in an ambiguous space between supplementary "information" and actual "error" and, depending on circumstances, could be either. Or both.

If you've simply written something that's ambiguous or confusing, clearly the correct thing to do is fix it to eliminate the message - but, more importantly, to clarify your intent for others.

But what about "Warning, Feature X is deprecated"? You know it's deprecated, but you know it's still supported. Rewriting the code may require further changes you don't want to make now, but turning the warning off would perhaps mean a future developer fails to make the change - this is a scenario that I've come up against in practice (though not with gcc).

Perhaps, in an ideal world, you would be able digitally to sign-off certain lines of code as being acceptable for a certain length of time so you could have clean builds for the lifetime of the waiver without losing the longer-term tripwire.

This is not the tech unicorn you are looking for... and other stories

Warm Braw

Unnervingly dystopian vision of the future

Wait until they ship their first robotic child.

UK.gov is launching an anti-Facebook encryption push. Don't think of the children: Think of the nuances and edge cases instead

Warm Braw

Re: FB doesn't need encryption

I would imagine there's a sufficiently deep sewer of widely-shared plaintext material on FB to keep all the available investigators busy for the rest of their lives without adding to their burden.

Right to contest automated AI decision under review as part of UK government data protection consultation

Warm Braw

Re: Data economy?

Regrettably, the most serious consequence of Brexit has been that it the consequences of Brexit have to be denied or dismissed.

Brexit was a necessary part of a wider project to reshape Britain in the mould of recent US capitalism (the increasing concentration of wealth and power in small number of hands). It wasn't an end in itself, but it removed the external constraints on such a policy.

It's perfectly reasonable to regard the Brexit event as a watershed moment because pre-Brexit and post-Brexit Britain are two very different places - not because of the economic consequences, but because it has allowed the executive branch of government to "take back control" entirely unfettered by the British constitution or by external obligations. That means there are no defences against a feral government such as the UK currently enjoys.

With respect to this article, it's worth reading the blog from Mariano delli Santi of the Open Rights Group and this from openDemocracy on the new Information Commissioner. It's pretty plain there's been a sea-change in terms of government accountability.

This wouldn't matter so much if it were simply the ebb and flow of the electoral cycle. However, boundary changes and the new laws on voter suppression that would simultaneously extend the ability of rich non-doms to fund one party and suppress the ability of Unions to fund another and put the regulation of election conduct in the direct charge of the cabinet office put democracy itself at threat. And the sinister "war on woke", equally imported from the US, is deliberately undermining the concept of truth because the state those who support the current government want to build can only be built on lies. And of course by undermining other sources of power, whether that be the devolved governments of the nations or local councils.

Brexit never meant Brexit, it was always a proxy for a culture war. And while these aren't the consequences of Brexit, per-se, they're the consequences of the vote for Brexit and the legitimacy it gave the former "fruitcakes and loons". It may not be what Brexiters intended to vote for, but it is what their vote delivered.

Add in the economic consequences - and the apparent unwillingness of the government to even acknowledge them let alone have a plan to deal with them - and the picture is thoroughly depressing. But it's depressing enough without them.

Warm Braw

Re: Data economy?

If you drop the legal requirement to treat people fairly, of course it may, in future, not be practicable or proportionate, because you've dropped the penalties for failing to comply with basic human decency.

If there were any doubt about the post-Brexit future off the UK, then this really ought to remove it. The economy is not there to serve the citizens, the citizens are merely the servants of the economy. Except those chosen few who are appointed to be its masters.

Each time I wonder if it was proportionate to escape the UK in the short post-Brexit window, some new shade of its future awfulness reminds me I was right.

You walk in with a plan. You leave with GPS-tracking Nordic hiking poles. The same old story, eh?

Warm Braw

My current set of hexes

If you need advice on replacements, I can recommend Witch? magazine.

Microsoft adds hybrid meeting features to Teams, including interruption-detecting AI

Warm Braw

Their own video pane even when in a physically shared meeting space

It will be interesting to see whether that gets to be known as the "Scumbag College" or the "GB News" effect. Regardless, much hilarity will do doubt ensue.

Boffins unveil SSD-Insider++, promise ransomware detection and recovery right in your storage

Warm Braw

Re: "Unfortunately, this new feature may not be foolproof"

rapid escalation of the threat

That was my initial take, too. It's unlikely you'd put all the functionality in the firmware - there'd presumably have to be some external interface through which suspected corruption could be reported and recovery attempted. And as soon as you have an external interface that allows the reassignment of data blocks between files, you have another potential exploit path.

Having said that, one of the big hazards of ransomware is not noticing until your entire backup cycle has also been corrupted. If you can come up with an early alert, that would be incredibly valuable. And presumably you could apply the same principles of detection to any storage medium that avoids rewriting blocks in place - either at the device level (like shingled magnetic recording) or at the filesystem level (journalling file systems).

If your storage admin is a bit excitable today, be kind: 45TB LTO-9 tape media and drives just debuted

Warm Braw

Re: Old IT guy, niche?

A disk drive in a removable caddy is also offline backup.

It's more expensive than a tape of equivalent capacity - until you factor in the cost of the tape drive. And the fact it takes about 12 hours to write a single tape which does tend to limit your archival "depth".

And given LTO is (generally) only backwards-compatible one generation, the longevity of the tapes is somewhat invalidated by the duration of support for the drives.

Warm Braw

Re: Old IT guy

Unfortunately, the venerable RP02 has evolved further and more quickly...

The niche for tape storage seems to get narrower with every new generation.

Snyk: 50% of security jobs unfilled… any solution predicated on devs 'becoming security experts is doomed'

Warm Braw

Closely following an article about the funding challenges for Docker, an article about the recently free of charge Snyk Code.

We seem constantly to be promoting a software-development methodology based on an ever-increasing set of services that no-one is prepared to pay for. I'm old enough to find that a concern, though it's clearly no longer considered an issue.

Docker’s cash conundrum is becoming a bet on a very different future

Warm Braw

if it vanished there'd be a load of work to do

So I assume you have a contingency plan ready to go?

All this CI/CD stuff is supposed to deliver reliable, scalable and constantly-evolving business-critical services. That its foundations* are quite so precarious is... ironic. Let's go with ironic.

*of which Docker Hub is merely one - we're looking at a whole ecosystem of potential fail in the dark depths protected by impenetrable acronyms.

Warm Braw

Once a contribution is written, it stays useful with no further input

If only that were true.

Even if the software itself doesn't decay, it becomes further distant from its evolving environment. One of the biggest problems with Open Source software is maintenance. As it is with any other software.

Facebook apologises after its AI system branded Black people as primates

Warm Braw

Re: Staples insists that these algorithms don't have racial biases baked into them

If it's based on machine learning, it's not an algorithm and it's impossible to know what's "baked into" the process.

We have a series of complex algorithms that basically look at a variety of vacuous potential responses when asked for a press statement and pick one that matches at least 3 keywords in the request said spokesdroid, Eliza Turingbot.

Spraying a boot error up the bathroom wall

Warm Braw

Re: Translated

I once spotted a handwritten sign on the emergency exit doors of a restaurant in Montpellier:

Sortie Cuisine: Prière de ne pas uriner.

I ate elsewhere.

GitHub merges 'useless garbage' says Linus Torvalds as new NTFS support added to Linux kernel 5.15

Warm Braw

the git command-line interface is... not exactly easy to learn

If only we could identify who was responsible...

However, there's quite a serious point here. Given the shortage of Linux maintainers it would presumably help if otherwise competent developers aren't being avoidably tripped up.

Virginia school board learns a hard lesson... and other stories

Warm Braw

If the sea level rises sufficiently far, they'll repurpose themselves.

Component shortages: HPE pushes up some hardware prices and as if by magic, reports 'record' gross margin in Q3

Warm Braw

Re: Voodoo, er, supply side economics in action!

ALWAYS raise prices

Higher Prices Eternally

Can we talk about Kevin McCarthy promising revenge if Big Tech aids probe into January insurrection?

Warm Braw

Re: Let me remember who started the largest gathering of personal data to "combat terror"....

What's scaring Republicans is that demographics mean their democratic route to national power is essentially over (unless Biden really and truly screws up, which seems increasingly possible...).

There are basically two other routes to national power: persuading the electorate to abandon democracy voluntarily (because "fraud") or by violence (in defence of American white voters traditions).

Failing that, their only other option is to split the Union.

Since some absurdly wealthy and powerful people are really keen to have their privileges preserved at practically any cost (to other people), all outcomes are possible.

Volkswagen to stop making its best-selling product for Wolfsburg workers: VW-branded sausages

Warm Braw

corporate knee-jerk reactionism

It could almost be an executive Fiat...

Docker Desktop no longer free for large companies: New 'Business' subscription is here

Warm Braw

Docker hub must be *really* expensive to run

Being a bit behind the container curve, I struggle to see why it exists, at least in the form it does.

Given that we have this Internet thing and hyperlinks and search engines, it shouldn't be necessary to bring everything into one place - a bit of agreement on metadata and Google* could point you at the source of your desired image.

In fact it's quite the antithesis of the concepts containers notionally deliver - scaling and robustness.

Of course it isn't just Docker (npm, GitHub, ...) but the idea that you can create some sort of centralised quasi-monopolistic dependency in the hope you can turn a profit seems fundamentally misconceived.

*Other search engines are temporarily available.

NHS England's release of 'details' on access to Palantir COVID-19 data store: Good enough? We're in a 'dialogue' says national data watchdog

Warm Braw

Re: 'my panel and I will continue our ongoing dialogue with NHS England and NHS Improvement'

Unfortunately, the legislation says that the Guardian "may" give advice and that the relevant care providers should "have regard" to the guidance given.

Also The Secretary of State may remove the Data Guardian from office if satisfied that he or she is unable, unwilling or unfit to perform the functions of the Data Guardian.

The Data Guardian does not appear to have any specific enforcement powers directly over the bodies concerned.

SCO v. IBM settlement deal is done, but zombie case shuffles on elsewhere

Warm Braw

Re: The case that never was

Regrettably, their bots will live on after them.