* Posts by TechnicalVault

25 posts • joined 8 Apr 2019

If you fire someone, don't let them hang around a month to finish code

TechnicalVault

When firing yes, when quitting probably not

I've heard of people trying to do the same to people who voluntarily resign. Just a quick reminder that doing this is pointless and stupid. If someone is quitting they will obviously know before you do and if you have a regular habit of escorting quitters out the same way you kick out fired people then you can guarantee they already know how you will behave. Save yourself some organisational memory and don't burn that bridge. If someone tells you they are quitting then lock them out on their last day not before.

NASA in 'serious jeopardy' due to big black hole in security

TechnicalVault

Silly metric based premise in the report

"The report also mentions that in the last three years, NASA users have made over 12,000 requests for elevated privileges – just the sort of thing that could lead to more information reaching the wrong eyes."

Or, it could be because they've locked everything down so inappropriately tight that people cannot do their jobs without requesting elevated privs. If these kind of broad brush metrics are high, it doesn't mean users shouldn't be asking for these privs it means you designed your system badly. A good security system is inobtrusive to normal users fulfilling their normal job role, and should only become a regular feature of people's jobs when they start to deviate from that or to an attacker.

Also most elevated privs requests shouldn't be decided by IT, usually it's managers of the area or of the data that should be deciding (and if you've done it right actioning) whether or not an exception to policy should be made.

Amazon cuts credit for charities to access web services

TechnicalVault

The ethics is about budgets and not telling people you've changed what you're giving

It's the same as publicly announcing to a small charity you were going to give them £2000 a year and then turning around and only transferring £1000 one year without telling them you'd changed your mind. The charity is going to make their budget based on having £1000 more than they had and the deficit is going to come as a surprise. This means you've caused them to then make promises they now can't keep. Likely that deficit is going to come out of grants they cannot now make, and which if you had told the charity in advance, they would not have promised.

Yeah it's your money, but there's right and a wrong way of going about things once you've made a commitment. The right thing to do is to be as public about changes to your donation as you were about the initial donation. All it will cost you is kudos but at least you can still have a good conscience.

Users sound off as new Google Workspace for Education storage limits near

TechnicalVault

Modelling is fun

We faced similar challenges at the Sanger Institute same data, but much larger scale. We had to implement a few policies to make people behave:

- No legacy BAM files for archiving. Same data 100GB BAM or 30GB CRAM, lossless compression, easy choice.

- All sequence data is archived to ENA/EGA public archiving at the point of creation, policy is added later (it's not visible until that is added). Funder requirement that happens to ensure there's a separate copy with another organisation that is unlikely to be deleted.

- No going off on your own with a cloud service. Clouds usually give you an unlimited spend allowance, and make it hard to watch how you spend, we have a limited budget. We have a cloud budget, you put in a light weight budget proposal before you go dancing off. You blow the budget? You're going to be explaining it to the rest of the scientific faculty not us.

- Models built to show the costs over time of various storage options before we make big decisions. It's amazing how many people miss the lil gotchas, like "big fee for taking more than 10% of the data out of storage".

Google sours on legacy G Suite freeloaders, demands fee or flee

TechnicalVault

It's a confidence thing

Yep, a fair number of the people with these domains are decision makers myself included. For me this is a final nail in the coffin, personally I am pretty much likely to banish any chance of GSuite ever being a supported thing in my workplace. They make good software but they seem to have the attention span of a kitten. Time and again they have taken a perfectly good stable service and depreciated it because seemingly it's not exciting enough for them. I need a nice boring service provider who is not going to force me to do a massive migration for thousands of users because they've decided they wanted to change tack again.

Wifinity hands customers bills for Wi-Fi services they didn't want but used by accident after software 'glitch' let 'fixed term' subs continue

TechnicalVault

It's off the shelf these days and if uni's can do it...

I'm not sure I buy the it's too hard/expensive argument. Not when Cambridge University has been covering large portions of Cambridge town centre with Eduroam WiFi for years. Incidentally, the Wellcome Genome Campus not far down the road from Duxford is has some excellent demonstrations of how easy it is to do outdoor Wifi where it's needed. It's just a matter of having the right antenna and base station.

Yes this all requires moderately sophisticated Wifi kit but these days that is off the shelf enterprise stuff and most other government departments already have procurement contracts in place for this. There is even GovRoam https://www.jisc.ac.uk/govroam to help you provide your unclassified wifi to staff. If uni's can do it for the network mess that is students then squadies should be easy.

Feds charge two men with claiming ownership of others' songs to steal YouTube royalty payments

TechnicalVault

And thus has innovated in ways the legacy content industry never could

The legacy content industry is too tied up in petty IP conflicts and repetitive formulas to thrive and innovate. Look what has happened to the History Channel, now all about how aliens built the pyramids and then sank Atlantis.

This is where YouTube (and TikTok) has thrived, where else can you find:

- blokes repairing Apollo AGCs

- teaching you how to build log cabins

- numerous makeup tutorials

- guitar and magic lessons

- wilderness shows that aren’t OH NOES a beer every 5 minutes

They filled a hole they aren’t going away:

Russia: It isn't just us – a bit of an old US rocket might get as close as 5.4km to the ISS

TechnicalVault

One advantage of bigger debris

One advantage of bigger debris is it's a lot easier to observe and thus predict (plus there tends to be a lot less of it). Given the laws of physics haven't changed lately, those estimates should be pretty good.

The one detail that might complicate estimates is that larger debris in LEO has more atmospheric drag and this means it's orbit will change (decay) a lot quicker than something smaller. I suspect that's probably only significant over a timescale of months rather than hours though.

I'm diabetic. I'd rather risk my shared health data being stolen than a double amputation

TechnicalVault

Re: False choice

Unfortunately you are wrong, someone might use them for marketing in aggregate (how much demand is there for this drug) but they really are useful to researchers.

I have already worked with EHR in scientific research and they are a treasure trove because they allow us to reduce the amount of confounding variables people don't know to tell us about when we're researching. You can recruit patients with rare diseases without knowing who they are by sending a message to their GP asking them to pass on the invite. You can perform longitudinal studies of huge groups of patients without the recruitment ascertainment bias you get from regular studies. Basically don't knock it till you've tried it.

TechnicalVault

Give me a better alternative

What those doctors were doing in Italy was standard triage, when resources are limited, prioritise the patient most likely to survive. Healthy 30 year old gets the ventilator over the 20 year old with CF lung scarring because one is much more likely to survive than the other. Given the limited time to make the decision and lack of resources to carry out deep health assessments the best option is to use existing data. It's brutal but given you implicitly condemned it, I would like you to present a fairer alternative?

Teen turned away from roller rink after AI wrongly identifies her as banned troublemaker

TechnicalVault

The first mistake is UI

A big problem here is the software foolishly exposing the 97% number in the UI. Your average layperson does not understand that does not necessarily mean that it is a match. In this case it probably means your training data is woefully deficient in non-matching black people, so your algorithm has learnt the wrong thing. Honestly they should not be selling this kind of thing with this naïve a UI.

What software aimed at minimum wage staff should be doing is telling the staff what they should do next (customisable per company). It should be saying something like: "I think this is this person, please manually compare the images and check the person's ID to confirm the match".

Tech contractor loses IR35 tribunal appeal: 'Right' to substitute didn't mean he could, say judges

TechnicalVault

Do it like the trades do

Looking at the facts of this case, it looks like if they had done it on a true project basis it seems it would be fine. A real project based contract would specify the project, a delivery time and a fee scheme based on the job not the hours worked. The building industry does this all the time.

That way if you get it done in less hours than estimated it is none of their business, they contracted you to provide a service, you provided it. Instead they are specifying how many hours a week he should work, that's employee territory. If you want to work that way it is fine, it is not that hard to employ someone on a temporary basis, retail does it all the time.

Up to £80m on the table in University of Nottingham's search for service provider to lace together IT support

TechnicalVault

It's the "agile" bit that will suffer

When you write an IT services contract you write it for what you are doing now and what you can foresee. Once the contract is signed your contractor is a fool if they do anything other than what is broadly stated on the contract, otherwise they go broke.

This works okay if your business is likely to carry on doing the same thing. Unfortunately for the administrators of universities their means of research production is academics, whose requirements change with the field they are studying. I am not convinced they can write a flexible enough contract to deal with that.

EE and Three mobe mast surveyors might 'upload some virus' to London Tube control centre, TfL told judge

TechnicalVault

Does that building even have an "out of hours"?

There is likely to pretty much no time when that building doesn't have at least a skeleton crew running the place. Tube runs 24 hours on 5 underground lines on Friday and Saturday and even when the tube is shut down there will be a team in coordinating engineering work out of there. It's not like they're going to leave the place unguarded either, there's always going to be security bods hanging around.

Chairman, CEO of Nominet ousted as member rebellion drives .uk registry back to non-commercial roots

TechnicalVault

Re: Employment law still applies

Citation needed, If for example a firm fails to follow the articles of association when dismissing a director then they may have a claim for unfair dismissal. Google and see how many solicitors are happy to sue for this.

TechnicalVault

Employment law still applies

The problem is executive directors are also employees with management responsibilities and thus cannot be as easily dismissed as a non-executive director. Employment law applies and that means any dismissal will take time and negotiation. I suspect that long term their positions will be untenable as it is clear from the vote that they have lost the confidence of members, but it will take a while to unwind matters.

UK's Health Department desperately seeking service provider to run IT after 'cloud-first' shift

TechnicalVault

It's not that they're buying IT services from other people, they've had that outsourced for years. It's that they are doing it badly. Whilst IT might not be a core competency of the NHS, Information is and must remain so.

There is a reason why practically every hospital has a different patient records database and the links to GPs are poor or in some cases non-existent. They need the people who understand the IT + the information flows to be in the position to make the decisions rather than the bean counters if they want to achieve "transformation". Until they do they are going to keep failing and blowing money.

Fujitsu scrapping fuel card benefit to cut costs, threatens dissenters with fire and rehire

TechnicalVault

Re: El Reg Trolling?

If I had to bet I'd say it's mostly engineers (and in previous years sales staff) who were travelling to customer sites. In the end it will mostly be just a credit shift, the employees will be effectively giving Fujitsu a short term interest free loan for the fuel until they claim the expenses. Most of those staff do regular expense claims already so I suspect they are quite likely to find that savings are nowhere near what was predicted.

UK tax dept's IT savings created 'significant risk', technical debt as it faces difficult conversation with Chancellor

TechnicalVault

Re: Defer (or cost-cut) regular Tech Refresh at your peril!

The problem is the bean counting way does not accurately measure costs and risks. Regardless of whether the risk materialises if you are exposing the business to a risk that will cost £100m at 20% likelihood to save £10m then you are an idiot, especially if you do not recognise that the risk is not really 20% but a rising curve. Often you get lucky, but eventually in the words of Susan Ivanova: "No boom today. Boom tomorrow. There's always a boom tomorrow."

Business needs to get better at weeding managers that are gamblers out.

OpenStack at 10 years old: A failure on its own terms, a success in its own niche

TechnicalVault

Work with someone who knows what they're doing

At my place we are running 2 OpenStack installations and they are quite happy little private clouds. If I had one thing to say about it, it is that we were early adopters but Openstack is a lot more mature than when we first started. There are still a few more features we would like but it has finally reached the point where it can run happily without choking everytime RabbitMQ dies.

You can go it alone and try and put something together directly from Openstack but you are probably better off working with someone who knows where all the bumps in the road are. We have just switched Openstack distributions from Redhat to StackHPC on our primary and so far so good.

Brit tax collector HMRC wants fireside chat with suppliers to discuss ways to spend the annual £900m IT budget

TechnicalVault

When will they learn?

If you are spending £900m on it and it is pretty much your "means of production", IT is a core competency. You cannot afford to palm it off to some third party as if it is workaday stuff like desktop support or cleaning. It's not like you're going to be using that much off the shelf software because having a monopoly on tax collection is pretty much the definition of a national tax agency. HMRC is a software company, they should embrace that.

Amazon spies on staff, fires them by text for not hitting secretive targets, workers 'feel forced to work through pain, injuries' – report

TechnicalVault

Easy solution to this, profits tax based on externalities created

If they are burning employees out like this then they need to pay for the damage done, it is the only way to achieve desired corporate behaviour. A nice little tax on net profits (gross is too easy to do Hollywood accounting on) proportional to the number of current employees below SNAP level (prorated by the number of hours they do, no cliff edges) + long term unemployed after working there +disability claims in the 1st 6 months after leaving employment there.

I'm still not that Gary, says US email mixup bloke who hasn't even seen Dartford Crossing

TechnicalVault

Re: Can I get you to do Morrisons as well?

Actually it's a breach of the data protection act/GDPR for them to knowingly hold incorrect information too.

"(d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);"

Also given that it is your personal data (the mobile number) that they are processing without either consent or in fulfilment of a contract it is illegal for them to process that data too.

Your best bet to get this things resolved is to write an email reminding them they are processing your data illegally to dataprotection@morrisonsplc.co.uk

Tearoff of Nottingham: University to lose chunk of IT dept to outsourcing

TechnicalVault

The peril of getting your wish granted by a very exact genie

The brutal truth of outsourcing is that you will get exactly what you specified in the contract and nothing more. Everything else carries a fee and unless you have robust discipline and have planned really well (which few organisations do, especially in the first year) you will frequently find yourself dipping into contingency money just to carry on normal operations.

The reason is that same as why when requiring people to keep timesheets you often experience productivity drops; there were all those little extras people were doing. Someone who was staying on that extra half hour suddenly doesn't when watching the clock. Sadly this is a lesson which is mostly taught by experience.

Scare-bnb: Family finds creeper cams hidden in their weekend rental by scanning Wi-Fi

TechnicalVault

Firstly you've let it out for a commercial purpose and you're in breach of your contract with AirBnB, and that's just some of your civil law problems.

For criminal law south of the Border it's a bit more murky but there are some new laws on Voyeurism, as well as the data protection act which actually comes with some really fierce fines since the passage of GDPR. Up until recently it was hard to even prosecute someone for putting a hiding cam in a public toilet.

If you pull the same stunt north of the border however it's much clearer, the offense is voyeurism. If you film anyone in a state of undress without their knowledge in a place where they would have a reasonable expectation of privacy (it doesn't matter who owns it) you commit an offense. If you think about it, the law being indifferent to ownership makes sense otherwise for example a stepdad could secretly film his stepdaughter in the bathroom without repercussions.

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2022