* Posts by plunet

50 publicly visible posts • joined 14 Aug 2015

Yolk's on you – eggs break less when they land sideways

plunet

No doubt eggcellent news for all the egg heads that have been pondering egg dynamics

British govt agents step in as Harrods becomes third mega retailer under cyberattack

plunet

Re: We can't continue to regard these simply as "IT Problems"

On the substation fire, I think you're mistaken that it was a 400kV National Grid grid transformer, although it is very close to the St John's Wood 400kV substation.

Aberdeen Place A is actually one of three colocated 132kV distribution network substations operated by UKPN. In this instance there was no disruption to electricity supply. It was an impressive fire and cause some collateral damage to adjacent property and oil pollution into the canal underneath it was seemingly well handled.

£136M government grant saves troubled Post Office from suboptimal IT

plunet

Re: But, but, but...

The Post Office is owned by the UK Government, it was never sold.

You might be getting confused with the Royal Mail which was privatised and is about to be bought by a foreign investor.

Staff at UK's massive health service still have interoperability issues with electronic records

plunet

Re: Money

The common API already exists. At least in England. It's called the NHS Spine

plunet

Re: Brownfield

This really isn't the big deal you probably think it is. Contact the secretary at your GP surgery and ask for it to be updated, they are the authoritative source. Most systems should pick up that data change from the NHS Spine.

plunet

Re: Brownfield

There is an overall architecture for the data - in England it's called the NHS Spine. A common standard and secure infrastructure for the exchange of patient data between trusts and systems. The problem is the capability of the systems that trusts procure to fully leverage the Spine.

Some of the EPRs, for example Apollo's Epic, can facilitate data exchange between other trusts with Epic quiet well. But to other trusts using something other than Epic, good luck.

plunet

Re: Business as usual

The problem here is the MVP minimum viable product. Get the new EPR or system implemented with the minimum of kerfuffle. But there's then no finding available to take it to the next stage, sitting down with each ward or clinic team and working out how to exploit the new system to automate stuff they have to do manually within the guardrails of the organisational capabilities.

Medusa ransomware group claims attack on UK's Gateshead Council

plunet

The fact that a council is faced with some crumbling 1960s infrastructure is not a surprise. There are going to be many many more examples. In Gateshead, England, UK and beyond the western world.

Ryanair faces GDPR turbulence over customer ID checks

plunet

API data can be collected in advance for convenience but is only required at check in and is often tweaked/corrected at check in with a passport scan. Absolutely no requirement for it to be submitted ahead of travel for the kinds of places Ryanair fly to.

Big brands among thousands infected by payment-card-stealing CosmicSting crooks

plunet

Re: Matroshka Dolls

Ah, but the monolithic off the shelf e-commerce package is probably just as bad as it's either been knitted together using all the usual third party software and you're blind to it, or if they really have written it all themselves from the ground up just just gotta hope their own testing really stands up to muster.

'Hyperscale customer' to take massive datacenter site near London

plunet

The embargo in West London is broadly due to constraints on the lower voltage distribution network which in West London is broadly operated by SSE. New bit barns are now being sited where they can pick up power from the national grid substations eliminating the need to bother the distribution network.

Previous policy rumours for siting of bit barns suggested harnessing former heavy industrial sites with existing high capacity grid feeds, usually in areas where the economic situation is depressed due to the loss of those former industries, and people who need jobs and retraining. Whatever happened to this relatively sensible idea....? Teesport might not meet latency requirements for some workloads but would be a site ripe for redevelopment and retraining, and has good connections to the national grid

Malaysia's plan to block overseas DNS dies after a day

plunet

Re: A different take on "its always DNS" ;)

They're not going to block roaming cellular traffic being tunnelled back to the subscribers home network. Even China doesn't do that.

They're mainly looking to inconvenience/protect residents of Malaysia when using domestic internet access. Roaming access on foreign SIM cards isn't going to be a priority.

Japan stops measuring train crowding by ease of newspaper readership

plunet

Re: Fishy

There's no plaice even for sardines

Administrators have update lessons to learn from the CrowdStrike outage

plunet

Let's face it, all of the AV and anti malware vendors have had their dodgy and duff updates in the past, with varying impacts. Crowdstrike's duff update was more spectacular than most but most of the vendors could face the same issue one day.

So what is the industry to do? It's a constant battle to keep the baddies out of our systems and services, and keeping signatures up to date multiple times a day along with a dose of behavioural analysis (recently renamed to AI) so far has been the thing to do. We currently have a dose of whataboutery, we could do some update rings on signatures, but that seems to defeat the point somewhat. So what are the practical options to do something different?

London council accuses watchdog of 'exaggerating' danger of 2020 raid on residents' data

plunet

What would make more sense is if the ICO could impose auditable improvement plans maybe with the compromised entity committing to certain outcomes including capital and operational investment.

It's similar to off the shelf SLA statements where supplier commits to pay customer 2 shillings in the event of a SLA failure provider that you claim on the right form etc. A service improvement plan that ensures that whatever went wrong can't happen again is surely more value to both supplier and customer.

Selfie-based authentication raises eyebrows among infosec experts

plunet

Payment providers have been using facial recognition for payment authorisation at checkouts in China for several years already.

Google Translate now fluent in 110 additional languages from Abkhaz to Zulu

plunet

Bring back the babelfish

Whilst I think it was always a bit fishy that the THHGTGG suggested it caused a lot of wars, when altavista came up with the babelfish branding for (I think) one of the first online translation engines, it was a stroke of genius.

British Airways blames T5 luggage chaos on fault 'outside of our control'

plunet

Re: Baggage ops

BA's "under the wing" ground handing operations at LHR are run in-house and are not outsourced.

Google password resets not enough to stop these info-stealing malware strains

plunet

Re: Session cookie stealing is not an unknown thing

Perhaps it should be an option on the password change page, with perhaps the default to invalidate all sessions and an explainer to help users choose the right thing to do.

If you're just changing your password because you want to and not because any any specific risk, then forcing all sessions to reset might a sledgehammer to crack a nut in terms of user experience.

Driverless cars swerve traffic tickets in California even if they break the law

plunet

Re: How to improve AI training in one easy step

No you don't start with the owner in the UK. You start with the registered keeper which is the name or entity on the V5C.

The registered keeper is quite often different to who the owner might be (eg. leasing or finance company).

Suits ignored IT's warnings, so the tech team went for the neck

plunet

Seems like you missed out on a field trip to the errant laptop in Majorca to retrieve the so important missing emails.

Nobody would ever work on the live server, right? Not intentionally, anyway

plunet

The way that ntl:hell was sticky plastered together back in the day, I would imagine that the web server shutdown it also shut down all the transparent web proxies that ntl: never wanted to admit that they were using and caused a broadband duvet day.

Microsoft’s Dublin DC power plant gets the, er, green light

plunet

Re: more than 150 diesel generators

Surely the point is that they have both gas and diesel generators. They will have the option to mix and match between both to not only keep the bit barn going but also get paid for supplying power to the grid at considerable profit when needed.

Microsoft's Azure West Europe region blew away in freak summer storm

plunet

Re: Fibre underground is not effected by storms they strung it on poles...

Would not necessarily need to be an arial fibre run for bad weather and assoicated power failures to still cause impacts to fibre below ground.

plunet

Re: Never noticed

But as the article says, traffic to/from the front door of the region wasn't impacted. Only traffic being synced between DCs within the region for availability purposes was impacted. Perhaps you don't have any availability services, or you failed to notice that background syncs of data were failing.

WeChat makes facial recog payment systems talk to the hand

plunet

Re: I wonder who asked for this

Have you been to China? Using facial recognition for payment authorisation is not uncommon in shops kitted out with the relevent point of sale equipment.

They might not have asked for it, but its there, and it does get used, although I think it hit considerable problems with the masks the mandate for which were not removed earlier this year.

QR codes are still the main way to pay, but biometrics are there and are being used for day to day payments.

Britain's largest private pension scheme reveals scale of Capita break-in

plunet

It's the humans that are insecure here

It seems that it's not the actual pensions system/database that was compromised but some fileserver used by Crapita to do admin tasks on the pensions system. It appears this fileserver had various dump/export files from the pensions database for various clients probably used for massaging data and bulk updates, the problem is that they were left lying around and were not encrypted...

Microsoft breaks geolocation, locking users out of Azure and M365

plunet

IPv6 still the poor relation chez Microsoft

"Making matters worse, the IP addresses in question appear to be IPv4. Shame, Microsoft, get thee to IPv6!"

That's because last time I checked Microsoft offered no geolocation on IPv6. If you don't offer it you can't break it.

OneDrive back on its feet, but ongoing Skype credit problem hasn't gone away

plunet

Re: "international roaming is a lot more affordable"

Teams can absolutely make phone calls but maybe not at a sensible cost for the occasional outbound phone call.

plunet

"The Skype for Business product – once used by such venerables as particle accelerator boffins at CERN, which swapped it with softphone client CERNphone in June – was replaced by Teams in 2019 and reached end-of-life last year."

Errr, the author has conflated SfB with SfB Online.

SfB Online was retired back in 2019 in favour of Teams. But SfB as an onprem or hosted solution is still very much a thing and supported by M$.

Programming error created billion-dollar mistake that made the coder ... a hero?

plunet

Re: Worst code I ever saw...

Here in Switzerland, kids are being taught touch typing starting in 4th grade (approx 9-10 yrs)...

Factor in the options of QWERTY, AZERTY (French) or QWERTZ (German) keyboards and those yoofs must have a a bunch of fun.

Cloudflare finds a way through China's network defences

plunet

And the elephant in the room

Unfortunately this article is fairly useless as it fails to specify whether to make content available in China with this new cloudflare agreement needs the usual ICP licence. There are plenty of CDN providers that have reach into China, including Cloudflare even before this 'announcement'. The main issue for most is whether it's worth the effort and hoop jumping to get and probably more importantly maintain an ICP licence.

India seeks verified IDs to register email accounts

plunet

"with China's centralized virtual currencies WeChat pay and Alipay processing 294.6 trillion won"

Is that the won / wrong currency, it doesn't seem very Korea / clear to me...

Google Translate dropped in mainland China

plunet

It's my understanding that they would have had to maintain a registration / licence with the Chinese authorities to be able to operate that service with a .cn domain name presumably also hosted within China. The registration and licence needs a named individual in China to be legally responsible for the service and be answerable for its content. With the increasing scrutiny of online services in China perhaps there was no appetite for the paperwork and personal risk.

Outlook email users alerted to suspicious activity from Microsoft-owned IP address

plunet

I think you will find that an Azure AD P1 licence is sufficient for enabling Conditional Access.

Vital UK customs system outage contributes to travel chaos at its borders

plunet
FAIL

Re: Sounds about right

"Updated to add at 16:00 on April 18, 2022"

Just after Easter weekend.... so maybe they discovered the Easter Egg that was left in GVMS by some contractors that got shafted by IR35.

Nottingham University awards cloud finance and HR deal in £29.75m deal 2.5 years after Unit4 upgrade

plunet

They do have CS courses and students. But I struggle to understand how getting the students to program up this requirement would make any sense? Assuming the students can pull it off, after they have graduated who would be keeping the product up to date to meet changing business and regulatory requirements, fix bugs, patch components they have used, and generally support the end to end solution. And you have also got the complication that you have student data subjects probably requiring admin access to the very backend systems that govern their fees, rent payments for halls, and all manner of other key business data. Yeh...

BT Wholesale wants the channel to give SMBs a nudge before copper sunset in 2025

plunet

South Korea?

Impromptu game of Robot Wars sparks fire in warehouse at UK e-tailer Ocado

plunet

Self-check out...

Unexpected hot bot in bagging area. Please extinguish bot and sell investments in Ocado before continuing.

Anyone still using cash? British £50 banknote honouring Alan Turing arrives

plunet

"note is due to become available in bank branches and ATMs over the coming days"

ATMs dispensing £50 notes? They must be in a parallel universe. Maybe in the lobby of Coutts & Co, and other wealth management instutitions.

If you can't log into Azure, Teams or Xbox Live right now: Microsoft cloud services in worldwide outage

plunet

As it was a DNS based outage, it's not entirely surprising that DNS is a separate infrastructure for Azure in China. DNS is one of the methods the motherland imposes at a technical to limit access to some internet resources outside the country. Other methods are also in use.

It's 2020, so let's just go ahead and let Amazon have everyone's handprints so it can process payments

plunet

So last decade...

Biometrics for payments.... Amazon just trialing this?

Try going to China where Alipay has been doing facial recognition for payment for quite some time now. When you realise that between then Alipay and WeChat pay now account for something like 90% of payments for most retail transactions in China, and you realise just how far ahead payments tech is in China and how the rest of the world is in serious catch up mode. No one forces you to use it, but most retails over there now frown on needing to handle cash - even the subsistence farmer selling their goods by the side of the road have their AliPay and WeChatPay QR codes printed out to take payment.

Breaching China's Great Firewall is hard. Pushing packets faster than 1Mbps once through is the Boss Fight

plunet

Re: 404

It's available on his Uni homepage at https://www.cs.ucr.edu/~zhiyunq/

https://www.cs.ucr.edu/~zhiyunq/pub/sigmetrics20_slowdown.pdf

Uni of London loses attempt to block mobe mast surveyors from Paddington rooftop

plunet

The Hilton Metropole just a few hundred meters up the road already has Vodafone (well, it was Clueless and Witless back in the day) assets on the roof - I had a microwave link from there for many years. I would imagine that could target Vodafone HQ as well. So I also guess it's to provide more coverage for the station and Sussex Gardens.

WeWork filed its IPO homework. So we had a look at its small print and... yowser. What has El Reg got itself into?

plunet

Re: TANSTAAFL

WeWork do apply for a premises licence for the sale and supply of alcohol at their premises in the UK. The fact that they give it away they still need one for supply.

March 2020: When you lucky, lucky Brits will have a legal right to a minimum of... 10Mbps

plunet

Re: Unfair comparison

And significant parts of central London would fail the new pledge. Openreach cabling from some of the older central london exchanges is directly cabled so no green cabinets. And no green cabinets = no FTTC. So a ADSL connection at Oxford Circus will be around 8-12M down and under 1M up. So it's pony up for a proper circuit, consider using 4G or a WISP, or wait around on a sub-optimal ADSL2+ service

UK chip and PIN readers fall ill: Don't switch off that terminal!

plunet

Seems like verifone have put up a statement but details are very sparse.

https://www.vfne.co/vfi-update

BT will HATE us for this one weird 5G trick

plunet

Take a look at China

The principle of using lamp posts for overlay networks is already well established in China, somewhere where the sheer density of devices and demand for bandwidth already outstrips the capacity of the spectrum.

In urban areas and some highways you can see that the two main networks - China Mobile and China Unicom have a box of tricks on alternate lamp posts that offer Wifi with 802.1x network auth or other picocell technology as an alternative backhaul for each networks subscribers.

Govt: Citizens, we know you want 10Mbps. This is the last broadband scheme for that

plunet

Re: All well and good but....

All is not well in the metropolis either.

Swathes of Mayfair have the peril of "Exchange Only" lines. This is where cabling from the Exchange to the premise doesn't pass via Green cabinets. And of course this cabling as been around since the early days of PO Telephones and isn't the best. Result: around Oxford Circus and Oxford Street you can either get normal ADSL or a leased line unless there is VM in the street. A small business owner located 50m from Oxford Circus is "enjoying" 6mbps ADSL with no plans for infinity.

So although it's probably not as bad as it might be for those rural hill farmers, it's not exactly great in the places where the general population think it must be great.

Ofcom coverage map: 7/10 – must try harder next time

plunet
FAIL

Coverage? Cover up.

I tend to agree that these OFCOM coverage maps don't bear any relation to what happens in reality.

If they want to do this it really seems that they need to tap into something like rootmetrics, or slap some equipment onto a fleet of delivery vans / Google Streetview cars to actually monitor what the reality is.