* Posts by Glad Im Done with IT

20 publicly visible posts • joined 15 Nov 2017

IBM to GTS: We want you to 'rotate' clients every two years

Glad Im Done with IT
FAIL

Making the same mistake the Banks did.

We used to have good relations with our bank manager before they brought 'manager rotation' in. The guy knew our industry, knew the cyclical nature of our business etc. First replacement was a wet around the ears graduate who had little enough knowledge of banking never mind our industry. But did know a lot about products they wanted to try to sell to us.

Luckily we were in the black at that point and switched banks. Their loss, but I presume they only reported manager wage savings to the board and the churn rate was hidden.

Nadella tells worried GitHub devs: Judge us by our actions

Glad Im Done with IT

A short play

Scene: MS head office meeting room

Cast:

Sat_Nad: needs no introduction.

K_B_A : Visionary level Business Analyst AKA Knows Bugger All.

L_B : Public Relations officer AKA Lying Bastard

D_A : Only person in MS identified has having some independent thoughts AKA Devils Advocate.

Sat_Nad :

We need more developers what are we going to do about it?

[Silence]

Sat_Nad : (aimed at L_B )

We are always telling developers how great they are why are they still leaving en mass.

[L_B Opens mouth]

D_A : (interjects)

Cos we keep shitting on them!

Sat_Nad :

Ok, Ok, lets move on. Where are the greatest concentration of developers now? (looks at K_B_A)

K_B_A :

From our months of extensive research and analysis we have identified the following organisations which seem to have favour with today's developers...

Sat_Nad : (interjects)

Cut the waffle and give me names!

[Pause as K_B_A rifles through the ream of paper in front of him]

K_B_A :

Stackoverflow, SourceForge, GitHub are the top three.

D_A : (rolls his eyes )

I could have written that list on a beer mat over a beer.

L_B :

Forget Sourceforge, they got tainted a few years back no amount of PR would work if we got involved with them.

As for Stack that would diminish our MS Knowledge base brand.

Sat_Nad :

Ok lets explore GitHub, how are they financially?

K_B_A : ( looking pleased with himself as he is already on the right page )

VC backed, looking to IPO, with projected burn out rate of four years without.

D_A :

So looking like a cheap buy then.

Sat_Nad :

Can't be too cheap otherwise those VCs may retaliate on our share price. So how many devs would come with this package.

K_B_A : (glancing down at his papers )

Approximately 20 million.

Sat_Nad :

I am liking that number.

D_A :

You'll be lucky to keep 20% of them.

K_B_A : (looks up from his notes )

We have already been active in this area, we are committing to git and have already muddied the waters with the linux grey beards with our GVFS, this could consolidate this.

D_A :

What about the private repos, where the money comes in?

K_B_A :

We do not have full lists of large scale users at present but this could be ascertained during due diligence without

any risk to us and we would be able to identify those who are not in the MS fold for targeted marketing.

Sat_Nad : (smiling)

Ahhh, opportunities!

Sat_Nad : (at K_B_A)

Work out how much this is going to cost.

(at L_B)

This is going to be a rough one get the machinery moving and ready

[Sat_Nad rises to leave]

Sat_Nad :

Oh and don't forget to lock D_A up again, can't have that level of negativity just floating around the company!

OK, deep breath, relax... Let's have a sober look at these 'ere annoying AMD chip security flaws

Glad Im Done with IT

Re: Maybe this will backfire.

Ok looking at Nasdaq there was notable trading reported on Tuesday.

"Especially high volume was seen for the $11.50 strike put option expiring March 16, 2018 , with 38,495 contracts trading so far today, representing approximately 3.8 million underlying shares of AMD. Below is a chart showing AMD's trailing twelve month trading history, with the $11.50 strike highlighted in orange:

So if share price remains above $11.50 for two days then these dumpers have lost their premium. I suspect the markets have already taken note and no doubt will keep these options worthless.

Glad Im Done with IT

Re: Pot and Kettle

The reg reported on facts already in the public domain, Linux kernel sources, and did a bit of putting two and two together.

Glad Im Done with IT

Re: Maybe this will backfire.

At the moment these parts of your hardware ,PSP etc are black boxes which are not accessible to the end user. If these 'exploits' allows a root user to view, check and record the contents at least there is a level of certainty for the administrator that the hardware has not been compromised. Any changes in these black boxes could be logged, diffs made, and if unhappy potentially rolled back to a state that the end user is happy with.

Security belongs to the owner of the hardware not the manufacturer.

Glad Im Done with IT

Maybe this will backfire.

If this is primarily a securities ploy to weaken AMD then this may backfire massively.

This sound like a processor where the user gets full control of their hardware back. If you don't want to use the increasingly irrelevant windows 10 and are annoyed at lock down of the hardware you own, this sounds like maybe the last chance to get a CPU where you will have full control of the hardware you own.

I was looking for an upgrade path to my aging hardware and now I want one of these CPUs because of these 'vulnerabilities'.

Spectre haunts Intel's SGX defense: CPU flaws can be exploited to snoop on enclaves

Glad Im Done with IT

Death of DRM on PC platforms??

It finally comes to light as I predicted a couple of months back that trusted zone memory would be up for grabs, see:

https://forums.theregister.co.uk/forum/2/2018/01/04/intel_meltdown_spectre_bugs_the_registers_annotations/

It has taken the white hats a couple of months ( maybe a little longer as it was known about before we , the great unwashed, got to know about it), Historically they have always trailed the black hats in exploit finding. though maybe not so far behind now there are bug bounties.

All stored key protection schemes are now totally insecure. By this I mean just about every DRM scheme which is in place up to now. I reiterate, watch the sue-balls fly from the fallout of this.

Software shortcuts: Pay down your tech debt. It's time to fix a price

Glad Im Done with IT

Full steam reversal?

“Let’s not wait till we’re 10 spins into the cycle,” he continues. “Let’s make sure the dev team, the ops team and the biz team are in the room saying this is what we need to build on day one.”

So back to proper requirements and throw out the devops??

Unlucky Linux boxes trampled by NPM code update, patch zapped

Glad Im Done with IT

One Consolation in this.

At least it only affected those stupid enough to develop with it. Just awaiting the next cock up that pushes crap out generally.

Bright idea: Make H when the Sun shines, and H when it doesn't

Glad Im Done with IT

carbon monoxide as byproduct???

Is the article missing something or what do they expect to do with this highly toxic gas?

Hate to ruin your day, but... Boffins cook up fresh Meltdown, Spectre CPU design flaw exploits

Glad Im Done with IT

Just kill ALL code in a browser.

The way things are going in this arena recently the only sane thing you can do now is to disable anything that is capable of running code in a browser.

I said goodbye to Java and Flash years ago, now time to say goodbye permanently to Javascript and never let web assembly anywhere near my browser when that tries to become flavour of the day.

Icahn't get right Xerox Fuji merger spoils, cries activist investor Carl

Glad Im Done with IT

One way of effectivly dealing with Icahn

Looks like the board of Xerox managed to deal with him before he stuffed the business up and inserted his cronies.

OpenWall unveils kernel protection project

Glad Im Done with IT

Re: I am skeptical

So who is going to write the kernel module to monitor the activity of this thing then?

LKRGG, LKRGG2 this is a silly idea.

Azure Event Grid goes live, gives world cloudy publish-subscribe model

Glad Im Done with IT

This sounds more like Tibco Rendevous, MQTT et al. Have had lots of experience with this style of pub sub in the past, and the many problems that can occur, I would give anything from MS a miss on this, their last attempt into this area was MSMQ a performant dog!

As to the points everyone forgets about with this stuff.

How does the central broker handle lost clients subbed to guaranteed delivery, I have seen many servers fill disks with queued message from a network outage somewhere else in the world. As throughput gets higher whats the effect of pings times on any nagling used at network layer. Can you or someone else manage to introduce loops in the dist system of remote gateway brokers used.

The list goes on and on and on. Is MS capable of delivering something as stable as the venerable Tibco? I seriously doubt it.

Firefox to emit ‘occasional sponsored story’ in ads test

Glad Im Done with IT

Pocket? Whats pocket? Since I installed WaterFox I have never seen that POS. Mo$illa is slowly digging its own grave.

Digital mortgage service sounds handy, right? Oh, it's through UK.gov's Verify

Glad Im Done with IT

Fundementaly Flawed

What HMG have failed to realise is that to trust in Verify you first have to trust the companies who are supposed to be the 'guardians' of your online identity. I for one would not trust a single one of the shysters who are signed up for this!

We translated Intel's crap attempt to spin its way out of CPU security bug PR nightmare

Glad Im Done with IT

Re: Questions

"If you patch your hypervisor and guest OS, do you take a double hit on performance?"

As the bug is all about preemtive execution which happens at the microcode level you should only have to patch the hypervisor. Linux at least is allowing you to turn off the patch, presumably so guest OS does not have to take the hit as well.

As for Windows that is anyones guess atm!

Glad Im Done with IT

"Funnily enough, no one said the security flaws could be used to directly alter data. Instead of talking about what these exploits don't do, let's focus on what they make possible."

Get access to keys stored in trusted zone? I am sure pirates will not be patching so they can try to wander around areas of the security system not previously accessible by tricking kernel to load pages they want.

Would the litigious media industry use 'operating by design' as an admission of fault?

Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign

Glad Im Done with IT

Lots of testing work to be done then?

As it is .Not spends about 30% in kernel according to TaskManager when loaded and working hard, how much will this cripple .Not, M$ pushes the fact that the code is secure, and this security is done in the kernel.

It is certainly going to be amusing to watch the fallout from this,

The Quantum of Firefox: Why is this one unlike any other Firefox?

Glad Im Done with IT

"For the others, see what 'Find a replacement' comes up with."

I looked and found Waterfox, killer features for my privacy

Removed Pocket

Removed Telemetry

Removed data collection

Removed startup profiling

Allow running of all 64-Bit NPAPI plugins

Allow running of unsigned extensions

Removal of Sponsored Tiles on New Tab Page

Did the usual in about:config and for the first time in years a 'fox' that is network quiet when not actively in use. All sockets time out and no activity during keypresses, plus I get to keep the extension I want. Win-win all round.