Posts by Doctor Syntax

Re: The US employment hellscape

Bacharach and David, actually.

"The inevitable need for some sort of Guaranteed Minimum Income in the civilized nations of the world is becoming increasingly necessary"

How does it get financed?

Re: Revenge is the best revenge

You could have asked them to agree that anything that woas true couldn't have been disparaging.

Re: The bubble isn't bursting...

"customers are taking a long time figuring out how to use the tools in a way they can trust."

Perhaps that's because they are intrinsically untrustworthy.

"their customers expect Ai to create cost savings."

Either their expectations are of further ensittification or they're wearing rose-tinted AI-enhanced glasses.

"we are looking at using one of the big enterprise AI offerings to reduce time take on certain tasks"

Axe you prepared to pay what it actually costs to run the AI DCs instead of loss-leader rates?

"only slowly expand their use"

This may save you if you're only partly committed before the price goes up or your supplier goes bust (depending on which happens first.

Re: The US employment hellscape

Don't get frisky.

Re: kind of gross

It could be that they don't want to present a negative image to potential employers. "I'n a model employee who'd never say a bad word about an employer even if they dumped me by email."

Re: I dont doubt the story...

"I suspect much of this stuff like the coffee machine uses a ubiquitous SOC and runs Linux for cheapness rather than using an ASIC. The SOC system invariably provides wifi, ethernet, usb etc hardware and Linux the drivers so adding network/internet support is often a low cost marketing ploy"

There's still a gap between having a networked coffee machine with a default password and the same being programmed to become a trojan. Was it running Windows rather than Linux in which case it could have become part of the viral epidemic? If not, who and how was it got at? Was it supplied like that and got at in transit? Was the manufacturer installing [possibly innocently] a trojanised version of Linux on all the machines of that model?

Re: I dont doubt the story...

I cannot think of a single use case for an internet connected Coffee Machine in a business environment.

It's a very common one - being expensive "This is a very important business with very important people in it. We have to have very important surroundings. We need a very important [i.e. expensive, the two are often confused by the confused] coffee machine to go with the very important [ditto] furniture."

Literally not one that makes actual sense.

Manglement thinking doesn't make actual sense, especially when prestige is taken into account.

Re: Well, I don't know

You really shouldn't have said that. You're on borrowed time now.

Re: AIbola backwash

Don't drive until it wears off.

Re: Time to move on?

"Oh, why is the man still working for such a bunch of arseholes?"

Maybe it increases his expectations from the legal process. Something like the commission that should be paid plus exemplary damages, then walk.

Left hand is picking the right hand's pocket.

Re: ServiceNow have achieved the impossible

Came here to say the same thing. Found it said better.

Re: So, a panel composed of random-ish people who don't understand tech or privacy issues?

"not-random": Invitations may be random. In-person participation definitely isn't.

"people who don't understand privacy or tech": That's most people. The vast majority of people.

The second means they have a reasonable chance of avoiding anyone with understanding. The first holds out a bit of hope that someone who gets does understand will be motivated to accept should they be invited but it would still be an uphill task against the procedures. If anyone here is in that situation perhaps careful study of "Twelve Angry Men" would be good preparation.

Re: Buy way into Irelands

"as theirs is nearly finished"

How much heavy lifting is "nearly" doing? And, as we know from the CS pension portal, "finished" is capable of very heavy lifting indeed.

Re: A process as bent as a paperclip.

"It is a classic uniparty policy, that can be started by one regime and concluded by the next, each blaming the other, whilst waving it through, like the OSA."

That happened with OSA. However this was tried by the previous Labour govt and got dumped after the next election although maybe the fact that the next govt was a coalition with the Lib Dems might have affected that.

Re: Flaming the fans

The entire PC market was built on what generally gets termed hobbyist use. The reality, I think, was wider than this. I was far from the only one to realise that here was an opportunity to introduce computing into situations where the price of a mini would have been impossible*. In fact another lab was using a PET in the same application area where I was using an S100-Z80 system in the late 70s Education was another area and this was something Pis were aimed at right from the start. "Enthusiast" would be a more general, hence better, word.

Once the possibility of wider sales was visible shareholders were able to finance development and production so that value for money and real prices fell. If that hadn't been the case the power that you can have on your desk on your lap, in your pocket and even on your wrist would have been prohibitively expensive for most of us. That's the real world with all computing, including the Pi.

* As a private individual the price of the micro-kit would have also been impossible for a Hobby.

Re: Nothing new

"Shareholders will not support an increase in opex for inforsec."

Is this because they're being kept in the dark about the risks to which they're exposed? If so, are boards are fulfilling their fiduciary responsibilities? Shareholders should be prepared to sue boards for such failures. Not sue the company which is only themselves, but the actual, named board members.

Perhaps this is an opportunity for class action lawyers to get involved although I suppose there's not the same money available from the the board as from the company.

Re: Stop using Microsoft desktops?

What about a little risk analysis

Which unsupported Microsoft desktop is the £300k machine tool tied to? And the niche ERP system - is it even the same unsupported desktop as the £300k machine tool?

Would even have bought those particular products if you'd known what you were getting into long term? Do you have a safety plan that's more than keeping your fingers crossed?

Re: Tis a Puzzlement

Multiple sites? That's what private networks were for or, in the internet age, private virtual networks - they weren't originally for anonymous access to porn, you know.

But that would be part of your secure internal network, even if it does run between multiple sites on a VPN.

Externally, if you're taking orders then you need to look carefully at how orders get passed from the web site to your internal order processing. Whatever it is it needs to be something that only allows orders through and maybe stock levels the other way.

Placing orders? You probably will have to use the supplier's web site for that if you're doing it manually. but as has already been said, you keep your office network separate and do it from that. If you're more closely integrated then why not set up a VPN with the suppliers and, again, filter the messages that pass to and fro so that only expected messages are allowed. We were doing this years ago except it was actual dedicated fibre links and the messages were in XML which is maybe not looked on as trendy - presumably these days it's JSON or something newer. XML, however, allowed for testing for being well-formed (is it really XML and nothing else) and valid (is it structured exactly how it's supposed to be).

Internally, back in the day we used to use serial coms and VDUs for operations. ERP, sales counter, industry specific packages, bespoke applications - it could all be done via character-based screens. It still could be provided you don't actually need images - and do you really actually need images? That cuts out a whole lot of options for anyone to spread within your systems.

Not only is this stuff possible, it used to be done. It meant doing procession on prem. It meant designing networking to be partitioned. Now the whole shooting match is spilled out onto somebody else's computer and you scope for building in the partitioning is restricted to what's available. What's worse, from the reports we see here it also seems that it requires a whole lot of external suppliers to handle different aspects of it which enlarges the attack surface further.

Maybe it's more expensive to take proper precautions. Maybe it's less convenient. You have a couple of choices: you put up with that or you sit and wait to be taken. Which do you want.

And if it's a matter of budget, remember it's just a matter of timing. Lots of people couldn't find a budget upfront but they always found a bigger one when they'd been hacked (providing, of course, they survived).

Re: Stop using Microsoft desktops?

Although I agree with the sentiment the common thread to many is some IT supplier of an IT supplier whose access control product is so much better than a simple, local username/password combination gets breached by having their own helpdesk blagged into resetting a password.

As per article, it's not so much that the manufacturers are exposing themselves directly, as the fact that they are outsourcing aspects of their IT to suppliers who in turn outsource aspects of their IT ...

In consequence the manufacturer is dependent on a chain and may not even know the extent of it. As we know a chain is no stronger than its weakest link. What makes it worse is that these links are common to a lot of end users so are worth far more spending effort on breaking than any particular end user company. "Hollowed out" does not seem adequate to describe the situation.

Re: What concerns me...

You may be over pessimistic. People become deep experts because of curiosity. They'll always want to dig a little deeper.

Re: Fedora vs Debian

I used it for a while but then discovered that "ItJustWorks" was really "ItOnlyJustWorks" when it stopped recognising my digital camera which turned out to be someone had carelessly left something out of a config somewhere. Debian was much better for "ItJustWorks" and, as I also prefer prefer stability over bleeding edge on the desktop. I moved on to Devuan, of course, when Debian got mobbed by systemd lot.

Re: Dead man walking

"Nobody is making any profits from AI."

nVidia. Construction companies making data centres. Power companies feeding them.

"Well, now, incompetent managers have an excuse: they can fire all the other incompetents who were just pretending and replace them with bots who just pretend. It will stumble on for a while."

They'll also fire the components along with them. In fact they may well fire them first because they've always appeared to be the awkward squad and they've just become even more awkward. No wonder it stumbles.

If you can't work it out for yourself you might have difficulty in understanding the explanation but here goes:

I fails to follow the principle of "do one thing and do it well".

I also momentarily read "Dunning-Krugers" in a post a little way up-thread as Dunning-Kluges" which also seemed to fit nicely.

Re: Debian expert here

Debian means exposure to Red Hat via systemd. You need to retreat a bit further away than that. You need Devuan.

Re: IMHO, "Usage Pricing" is...

Your chatbot of choice will summarise it for you at the cost of only a few months' worth of tokens.