* Posts by ChipsforBreakfast

109 publicly visible posts • joined 20 Sep 2019

Page:

Brits must prove their age on adult sites by July, says watchdog

ChipsforBreakfast

Re: The internet is not your babysitter.

And an upvote for you too - I think we're largely on the same page. My comments were aimed far more at the 'parents' who think they can just leave kids to roam the internet and 'someone else' will make sure they don't see or do things they shouldn't - the kind of behaviour that precipitates flawed legislation like this.

Our kids had social media but not until my wife and I were happy they were mature enough mentally and emotionally use it safely and to deal with the potential harms & risks it brings. Today, I hear stories of kids not even in their teens with smartphones, social media accounts and god knows what else - that's the target of my comment 'don't let them use social media'

"'Teach them how to use the technology safely, appropriately and in a way that fits with your values’. The first part of this phrase is absolutely correct, but, what if their values are different to yours?" To be honest, 'my house, my rules'. When they moved out/bought & paid for their own devices then they could do as they please but when it's my house & my money they'll stick to my rules. Oldschool, yes, but I'm old... it worked for us.

I've a similar tale from my daughter who was confronted by some willie-waving idiot on social media when she was about 18. She told my wife about it later who naturally asked her what she did about it. Her reply "Told him that if that's all he's offering I'll just go to the greengrocer". My wife just about choked on her tea!

ChipsforBreakfast

The internet is not your babysitter.

Parenting is a job for parents, not for website owners, social media companies or the government. We seem to have forgotten that.

We can't even stop under 18's from getting their hands on booze & vapes and those are in-person transactions, how hard does anyone think it'll be for them to work around 'age verification' online? The internet has always contained content that some find offensive and it always will. Standards and tolerance vary wildly across the globe (about the only thing I can think of that's near-universally despised worldwide is CSAM) and the internet is a global network, therefore any attempt to apply one nation's standards to it is doomed to abject failure from the start.

I can't remember where I heard it now but it's very true - the internet treats censorship like breakage, it routes around it. Even if by some miracle we do manage to keep kids off of porn sites, the porn will just start being downloaded from torrent sites or stolen from adult's local caches/insecure accounts and traded by direct message, by whatsapp or telegram groups, airdropped between phones behind the bike sheds or even on good, old fashioned, USB sticks - they WILL find a way.

Don't want your kids watching porn - parent them properly. Use filters (there are plenty of them), don't give them data access on phones/tablets, don't let them use social media. Teach them how to use the technology safely, appropriately and in a way that fits with your values - that's you JOB as a parent, you have no right to expect society to do it for you.

UK businesses eye AI as the cheaper, non-whining alternative to actual staff

ChipsforBreakfast

Re: AI as the cheaper, non-whining alternative to actual staff

Virgin Media, Three, O2, almost every energy company.... just about everyone with a large enough customer base has tried this. The wise ones have realised it doesn't work and are now starting to reap the benefit of that realisation by hoovering up customers for whom yelling at the 'AI-powered' speech recognition system, pressing 1 so often you put yourself at risk of RSI and repeating yourself so frequently you begin to wonder if you're developing Alzheimer's has become too much to tolerate any more.

If you annoy customers long enough or badly enough they WILL punish you where it hurts most, your bottom line. AI's just another way to annoy customers.

DEF CON's hacker-in-chief faces fortune in medical bills after paralyzing neck injury

ChipsforBreakfast

Re: "his insurance will only cover the first of three required weeks" of six months

And this is a classic example of what I was saying earlier - bloated, inefficient & self-serving. The NHS, when it works as it was intended to work, is excellent. The concept of healthcare, free at the point of need, is a laudable one and one I firmly believe should be retained. We must never find ourselves in a position where access to essential healthcare is unavailable simply because you can't pay for it.

BUT, and it's a massive but, we also cannot and should not fund everything for everyone. Right now, the NHS is providing everything from paracetamol to brain surgery and it's impossibly stretched by trying to do so. We need to be honest with ourselves about what we should and should not expect the NHS to do, where the limits on free care are and what we do when those limits are reached. Today, it's perfectly possible for someone to want a medical procedure which, in the opinion of their doctor they would benefit from but which is not a medical necessity - should we expect the NHS to foot that bill? Should the patient? Should there be a shared cost? That's the kind of difficult question we as a society really need to start asking.

Then there's the whole issue of NHS management. It's a common complaint that there are more administrators than doctors in the NHS today and it may be true - I don't know. I do know that the continual quest for cost savings is almost certainly producing additional costs of it's own. Take the example above - a person left unable to work (and thereby contribute to society) by the over-management of essential resources in a quest to cut costs. I'd hazard a guess that, when looked at as a whole, the cost of 'saving' the money on prescriptions would be vastly outweighed by the cost of the economic inactivity the delays caused. Not to mention the additional direct costs incurred by the NHS dealing with a patient who has a diagnosis, knows they need treatment, knows what treatment they need but is stuck on a waiting list for nothing more than a bit of paper! How many GP visits, nurse appointments, mental health appointments etc. did 'saving' the money on the drugs actually cost?

It's nonsense like that which paints the NHS in a bad light. There IS a place for a 'cost focussed' approach but it has to look at ALL the costs, direct and indirect, if it's to be effective. The current piecemeal approach just breeds more and more layers of useless middle-management who's only real function seems to be self-perpetuation!

We also need to address the wider issues that produce back-pressure on the NHS, for example the well-documented problems surrounding social care, care of the elderly etc. It costs a lot of money to keep someone in hospital, keeping people who are medically fit to be discharged in hospital beds simply because the necessary post- discharge care isn't available is not good for the patient or the NHS!

ChipsforBreakfast

Re: "his insurance will only cover the first of three required weeks" of six months

I'm by no means going to try and defend the indefensible - the US healthcare system is one of the worst examples of unconstrained capitalism that I've ever seen but neither am I going to extol the virtues of a solely taxation funded healthcare system (for example the NHS) because, well, there aren't many. In fact, as with almost all publicly funded entities it's become inefficient, bloated, expensive and self-serving with costs rising while the availability & quality of care has declined sharply.

There has to be a better way - some way of blending the benefits from both models while leaving behind their worst excesses. Healthcare should not be based entirely on the ability to pay but funding it solely from general taxation and operating it as a purely public service also doesn't seem to work too well.

Sysadmins rage over Apple’s ‘nightmarish’ SSL/TLS cert lifespan cuts plot

ChipsforBreakfast

Follow the money

Does anyone seriously think that a certificate requiring renewal every 30 days is going to cost less over a 12 month period that the current annual renewal - not a chance in hell. It's a guaranteed certainty that the total annual cost per cert will increase, probably significantly as a direct result of this. That doesn't even begin to address the real cost in terms of administration effort/time required to handle this for all but the most basic of use cases.

For what - at best a (very) marginal increase in security that quite honestly 99% of certificate users don't require and will not benefit from. Those who think it's worthwhile are welcome to rotate their certs ever 30/90 days if they want to, nobody is stopping them.

This is nothing but a cash-grab by interested parties dressed up as a security enhancement. Not wanted, not needed and not welcome.

Compression? What's that? And why is the network congested and the PCs frozen?

ChipsforBreakfast

Do not mention the snowman....

Late 90's. Cartoon animation (flash, I think) of a snowman eating a child. A full day of chaos as user after user decided that 'everyone' just had to see it... our exchange server was not in any way sized to handle that.

After that, the 'all users' mailing list got restricted really quick....

Veeam debuts its Proxmox backup tool – and reveals outfit using it to quit VMware

ChipsforBreakfast

Proxmox will take a bit of getting used to but the effort is worth it. Migrating VM's in takes a bit of thought and planning but Veeam may well make that process considerably simpler (I've yet to try it).

Cost wise it's next to unbeatable - you can choose the support level that best suits your appetite for risk, skillset & business need but even the top end is a fraction of the cost from the big names. Personally I tend to go for basic or standard as my team are generally able to handle most issues in-house and our setups are pretty static.

Compare the cost for my dual cpu servers (96 core total):

Proxmox Basic support - £680 / year

Microsoft Hyper-v 2022 - £6348 with NO support, just the licence!

I don't run vmware but from what I hear the cost difference now is even worse.

Absolutely no contest from a financial perspective.

I've yet to find anything I need to do with Proxmox that I haven't been able to do. Every use case is different but it's an impressive piece of software - it's become my go-to tool for virtualisation projects now.

ChipsforBreakfast

Another vote for Proxmox

I've had proxmox in production now for close to two years in three different deployments and I'm about to deploy the fourth.

First was a 3 node cluster with 240 cores & 512Gb per host. Storage was via iSCSI to an all-flash Synology array over 2 x 10Gb ethernet links. Absolutely rock solid performance, stability and usability, the only annoyance was upgrades weren't as easy as they could have been but it was an annoyance rather than a problem.

Second was a smaller 3 node cluster with 32 cores & 512Gb per host. That one used converged storage with SSD's in each server providing a total of about 60Tb of CEPH-backed storage. We segregated the storage network on 25Gb ports and kept the VM's on 10Gb ports. Also absolutely rock solid and very high performing. CEPH took a bit of getting used to but again, once done it just worked.

Third came a four node cluster distributed across four different DC's. 32 cores/512Gb per host, 10Gb/sec interconnects with 25Gb/sec for storage and again, a CEPH array of NVME disks totalling 40Tb. That particular cluster survived a complete DC failure without missing a beat...

Currently, I'm working on a new cluster which will have 3 hosts with 192 cores per host, 768Gb RAM and 60Tb of storage per host.

All of those have used Proxmox's own backup solution and it's never been a problem. Fast, reliable backup, very efficient on disk storage (the dedupe is amazing) and good alerting for failed/completed backups. I target the backups to Synology NAS's and use Synology's replication, snapshot & immutability to replicate & protect the backups. As a last resort there is also an offsite replica that's managed via Proxmox Backup - we should never need it but it's nice to know it's there!

All in, I'd highly recommend Proxmox. In licence costs alone it's saved me tens of thousands, never mind the lower cost of hardware achievable by using CEPH.

VMware and Hyper-V should be worried. Very worried.

Angry admins share the CrowdStrike outage experience

ChipsforBreakfast
WTF?

Avoidable?

Having had a little time to look at this (thankfully we aren't huge crowdstrike users and only had a few test machines with it on) it seems to me that Microsoft could have made this far, far less of an issue.

Why, when the same driver file is repeatedly causing a boot failure (and Windows clearly knows what's causing the failure, it's right there on the BSOD) does their 'automatic repair' process not simply block the driver from loading?

And where did the old 'last known good' boot option go? Was it perfect, no, but it's a hell of a lot better than rebuilding a whole OS or talking thousands of users through a less than intuitive recovery process.

I feel that while Microsoft aren't to blame for the outage they certainly could, and should, have made recovering from such an issue far easier.

CrowdStrike file update bricks Windows machines around the world

ChipsforBreakfast

They got 'rightsized' along with the clued-up techs who specified & built them!

ChipsforBreakfast
WTF?

Why oh why

Do major broadcasters give airtime to 'tech experts' who clearly have absolutely no idea at all what they are talking about.

Please if you MUST broadcast crap, please don't try to disguise it be claiming it came from a 'tech expert' when the only thing they're expert in is spouting crap.

BBC I'm looking at you.

ChipsforBreakfast

By far not the first time. I've dealt with at least 2 previous snafu's caused by AV software going rogue.

plus ça change, plus c'est la même chose

At least it's Friday!

ChipsforBreakfast
FAIL

Who me?

This has got to be the 'who me?' to end all who me's!

'Skeleton Key' attack unlocks the worst of AI, says Microsoft

ChipsforBreakfast
FAIL

Another Arms Race

Just like with malicious code we are seeing the futility of attempting to counter human ingenuity with detection and filtering. As fast as one 'attack' is defeated another is sure to be 'discovered' by an army of people all desperate for the kudos of being 'the one who broke <insert AI here>'.

There are only two real answers to this and neither of them involve filtering.

a : Remove all the questionable material from the training dataset. Downside : doing so will significantly limit the usefulness of the resulting model.

b : Accept that humans will be humans, stop trying to prevent it and deal with the consequences. Downside : People will do stupid and/or dangerous things. AI will be blamed.

Let's be honest, there is very little if anything you can find using general purpose AI that you can't find already in other ways if you're so inclined. Yes, AI makes it easier but pretty much anything you can find out using general purpose AI you can find out using google & a browser.

Filtering will never work. Dump the restrictions, improve the user accountability and move on.

Giving Windows total recall of everything a user does is a privacy minefield

ChipsforBreakfast

Sorry, no.

At least, not without a VERY clearly communicated policy that encompasses both system users and the clients they serve that fully outlines what is collected, where it's stored, how it's protected, what it's used for and when it's deleted.

You have to remember that this type of system impacts far more than just the user of the device. Clients who's data is being processed have a right to know how their data is being stored, processed and used. I have, unfortunately, had to examine that very area for a former employer who once considered deploying such corporate spyware. Suffice it to say I recommended very strongly against, to the point of making it clear that should I be asked to deploy such software I would tender my resignation immediately. The risks, especially in the era of GDPR & ransomware are simply unjustifiable. and I have absolutely no intention of trying to justify the unjustifiable in front of a judge!

ChipsforBreakfast
FAIL

The end of Windows (at least for me)

The very minute this becomes part of Windows is the same minute I will remove windows from every single device I own. I do not care how many 'safeguards' Microsoft has created. I have no interest in how 'safe' they say this is. The fact it exists at all makes it a risk and if experience has taught us anything about such risks they will, sooner or later, be exploited.

This has no possible benefit to users. None. Combine it however with the myriad of other data already collected by Windows and it becomes an absolute treasure trove for Microsoft, for advertisers, for lawyers, for government agencies, for hackers...

This is no different from the 'productivity monitoring' software so rightly hated by employees and vilified by privacy advocates. In many ways it's worse. It may actually make Windows unusable in some environments - think banking, medical services etc. - areas where access to and dissemination of information is strictly controlled and monitored. Would you, as a CIO, want to be the one standing in front of the board/regulator/court when the inevitable data breach happens and all of those screenshots are posted on the web for all to see? I sure as hell wouldn't.

In point of fact the news this is even being considered gives the Windows OS a place on my risk register - not a high one, yet, but one I will be keeping a very, very close eye on.

Microsoft may well be about to do what open-source advocates have failed to do for years - drive real enterprise consideration of alternative operating systems!

Researchers claim Windows Defender can be fooled into deleting databases

ChipsforBreakfast

And data in the database is exactly what's needed to trigger this attack. From an admittedly brief review of the slides all that appears to be required to trigger the exploit is to somehow get the 'evil signature' into almost any field in almost any table of the target database. Defender then sees that as malicious and in classic hammer vs walnut style nukes the entire database.

Same holds true for log files, so it's quite possible for someone to exploit it to nuke the DB via a web page then nuke the web server logs in almost exactly the same way to cover their tracks.

No pre-existing access required. No DB or system access required. Just fill in a webform and let the fun begin.

Of course, the question of 'who the hell actually scans database files in real time anyway' has to be asked and will most likely limit the usefulness of this as an attack vector - yet another reason (as if one was needed) to exempt databases from real-time scanning.

More worrying to me is the apparent level of risk being introduced by ever more powerful 'security' software that, if compromised, can wreak absolute havoc - we may be approaching a situation where the cure is more dangerous than the disease!

San Francisco's light rail to upgrade from floppy disks

ChipsforBreakfast

Re: Curious what the floppy replacement will be?

Damn, that is a memory I'd tried to lose! Once upon a long ago when e-mail and the internet were still very much in thier adolescence I designed and built a system for an embroidery programming company to allow them to send bitwise images of 3.5" floppies by e-mail or modem because those damn machines all had to use their own special disk formats... fortunately the data was amenable to compression (the images tended to be mostly empty space anyway)!

Seems almost like another lifetime now!

AI will reduce workforce, say 41% of surveyed executives

ChipsforBreakfast

Re: Artifical Intelligence? More like Artificial Idiot!

Have an upvote for making me smile on a Monday!

ChipsforBreakfast

Artifical Intelligence? More like Artificial Idiot!

I have yet to see a single instance where AI has produced anything of value to a typical workplace. As far as I can see it has two uses for most businesses :

- Writing copy for marketers who can't be bothered/aren't able to write it for themselves.

- Acting as a glorified search engine who's results you can't actually trust.

There are obviously some industries where AI is clearly beneficial. It's ability to sort, classify and evaluate large volumes of strictly typed data against a desired outcome is far ahead of anything humans can achieve unaided - a huge boon to research in many areas but these are not the type of AI's that people generally see. They're specialised, trained for a specific task and they do it very, very well indeed. Whether anyone can train a model to deal with unstructured human input and produce reliable,trustworthy and useful outcomes is questionable to say the least.

As for AI replacing human call centers, why not - in far to many it's as though it already has. Just try calling any 'communications provider', by the time you fight through the impenetrable wall of telephone menus, all too often fronted by an 'AI powered' speech recognition system that can't actually understand anything at all unless you speak in BBC English & an Oxford/Cambridge accent then lose the will to live listening to an unending loop of 'We are experincing high call volumes' & brain-melting muzak you are inevitably wound up and annoyed. Then you are faced by an inquisition that would put the Spanish to shame in the name of 'security' only to end up speaking to someone who probably has less authority to actually do anything than king canute had over the tide. I'm sure AI couldn't do any worse.

Contrast that with another call I had to make to an insurance company. Simple press button menu, short (under 1 minute) wait, speak to a real person who listens, checks and resolves the issue in less than 5 minutes.

Guess which compnay kept my business?

AI will not fix poor customer service. It will however increase executive bonuses while infuriating customers even further. Do that too much or too often and customers will vote with their wallets & go elsewhere.

And someone might want to remind said executives - if the AI is running the call enter and technology is delivering the back end product, what's left? Wouldn't it be more efficient for AI to manage the AI's.. and a whole lot better for the shareholders.....

Cops turn LockBit ransomware gang's countdown timers against them

ChipsforBreakfast

Re: Where?

It is indeed a .onion site and it's really not difficult to find if you look for it. My guess is El Reg didn't include it because a lot of web filters block anything with a .onion link by default, no other reason.

The Post Office systems scandal demands a critical response

ChipsforBreakfast

Re: We need more articles like this one

Absolutely correct.

The complexity of some tenders beggars belief, it's practically a specialism in itself just responding to them. The level of absolutely pointless garbage required just to qualify to tender is equally ludicrous, it would not be the first tender document I've reviewed and decided to walk away from simply because completing the tender was such an onerous & time consuming process it simply wasn't worth our while to do it, despite being fully qualified and capable of doing the work.

The process itself is clearly designed to favour large-scale bidders who can absorb the unproductive cost of completing the tender process, a cost which is, of course, recovered tenfold in the ultimate cost of the contract. Since only the large corporates can afford to bid there's literally no competition to keep those costs in check.

Jobs for the boys... how are are they going to be able to pay for those 'donations' ?

Post Office boss unable to say when biz knew Horizon could be remotely altered

ChipsforBreakfast

Re: Compensation?

That is exactly what I was looking for - it was extremely difficult for me to believe that nobody ever questioned a representative of Fujitsu under oath. That they have been questioned is unsurprising, the question now must be what did they know and what did they say. That's a matter for the police but I sincerely hope that their investigation examines just how much pressure the representative was put under by their employer to 'toe the line' and indeed whether Fujitsu deliberately sent a representative who did not actually know the facts to avoid the risk of those facts being disclosed in open court.

Bottom line, if there has been criminal conduct it's CORPORATE criminality and the employee who was used as cannon fodder shouldn't be the only one under investigation.

If we truly want to see an end to these scandals we need senior executives in the dock at the very least.

ChipsforBreakfast

Re: Compensation?

Indeed, but faced with testimony from the sub-postmasters of exactly what they saw happen in some cases literally before their eyes, surely a competent defense lawyer would have insisted on calling someone from Fujitsu to the stand to question them on how what the sub-postmasters claimed to have observed could happen and whether or not the system was, in fact, reliable.

If they did then there's potential for very serious criminal sanctions if it can be shown that person lied or withheld information from the court...

ChipsforBreakfast

Re: Compensation?

There are very significant questions remaining unanswered.

- What 'help' did Fujitsu provide to the Post Office in regard to the prosecution of sub-postmasters? If they acted as experts in court (as it seems reasonable they might) then their duty is to the court, not to the Post Office. If they gave evidence that the Horizon system was secure when in fact it was not and they KNEW it was not, that could be extremely serious indeed.

- When, exactly, did the Post Office become aware that the Horizon system could not be relied upon? If prosecutions were brought after that and those prosecutions relied in a significant way on Horizon it's not much of a stretch to consider them to be malicious.

- Did anyone benefit financially from the errors in Horizon or the unauthorized activities of Fujitsu employees accessing terminals remotely?

- If so, who and where has the money gone?

- Horizon remains in use. Has it been subjected to a full, external forensic audit to confirm it's now secure and fit for purpose?

- Who did that audit and why hasn't it been published?

How governments become addicted to suppliers like Fujitsu

ChipsforBreakfast

Time for legislation

It's past time for legislation to effectively control the almost incestuous conduct so frequently seen around government IT contracts.

Budgets should be baked into the contract and legally enforceable (if you SAY you'll do it for £x then that is what you get and if you got your costs wrong, tough luck!)

Likewise timescales (with a reasonable allowance for unexpected issues) should be legally binding with significant penalties for failure.

Contingency funds should likewise be baked into the contract and similarly legally enforced, to a maximum of 20% of the total contract value.

Any company which fails to deliver on time & on budget should be legally barred from tendering for all future government contracts for a minimum of 12 months.

Repeated failures to deliver should see companies legally barred from tendering for at least 10 years.

Any company who's system is shown to be unreliable/inaccurate/unfit for purpose should be banned permanently from all government work and required to pay compensation, in full, to everyone adversely impacted by the system concerned.

Only when there are real, enforceable penalties for such unacceptable behavior which directly hit the bottom line of the culprits will we see an improvement.

You don't get what you don't pay for, but nobody is paid enough to be abused

ChipsforBreakfast

Re: is 10x $$$ normal?

£600 - £750 for 1Gb/sec - that's on the expensive side unless you are looking at fully redundant connection with failover.

I'm typically seeing between £350 & £450 for 1Gb/sec with wholesale considerably lower than that if you have the volume to qualify for it.

GPON is a lot less and a real contender in the SME market, at least for now, although it remains to be seen what will happen once the contention ratios start to bite.

It's ba-ack... UK watchdog publishes age verification proposals

ChipsforBreakfast

Finally... A real use for DALL-E

"Facial age estimation"....

I give it lesss than a week.

UK's cookie crumble: Data watchdog serves up tougher recipe for consent banners

ChipsforBreakfast

It's all in the browser

Cookies can be tamed in the browser, if the browser makers decide to. Some are clearly more likely to do that than others - the big players won't do anything that hurts their ad revenue (Apple, Google, Microsoft I'm looking at you here!) but it's perfectly possible.

Waterfox does a pretty good job of it out of the box, firefox can be configured to do it fairly easily too. Increasingly users are getting fed up of being seen as the product and are turning more & more to technical countermeasures to take back control of their personal data - just look at the number of people using ad-blockers now.

Advertisers & data brokers are driving this - they seem to have completely failed to understand that consumers simply DO NOT WANT to be tracked, analyzed, catalogued and fed a curated diet of crap to inflate corporate profits. They miss the point that what I'm looking for now is NOT what I want to see in adverts several hours later - by then there's a damn good chance I'll have found it & bought it so their profiling is worse that useless, it's actually annoying. Annoying enough that I, and many more, are reacting to it negatively and in at least some cases coming away with a negative view of the brands involved.

When brands go to war with their customers the brand always loses.

1 in 5 VMware customers plan to jump off its stack next year

ChipsforBreakfast

We are currently a mixed shop, roughly 50/50 between Hyper-V and VMware, looking at options.

We find Hyper-V is good for smaller scale deployments but lacking for larger scale situations where it becomes complex to manage and maintain.Like many, VMware's price hikes and uncertainty surrounding the takeover have left us wondering whether to move elsewhere. We did consider standardizing on Hyper-V for everything but Microsoft have quietly dropped the free standalone hypervisor making us question just how committed they are to the technology, seeming as they do to prefer pushing people towards Azure subscriptions.

Azure, AWS and the rest of the public cloud vendors.... well, if there were to charge a quarter of the price and make the pricing structure intelligible to mere mortals we might think about it...

So we started looking around. Proxmox was suggested to us and we decided to put it through it's paces and it has performed remarkably well. We now have it deployed in several small clusters and recently handed over a large, multi-DC distributed system which was built & tested in a fraction of the time and at a fraction of the cost that would have been involved for a comparable Hyper-V deployment. It's fair to say we are very impressed with Proxmox so far and are currently planning a phased migration from Hyper-V initially and ultimately VMware (the VMware clusters are more complex and will take a lot more planning to migrate).

My only criticism of Proxmox (and it's not really Proxmox to blame!) is the absence of enterprise-level backup tools such a Veeam and the manual nature of the migration process - it'd be very nice to be able to simply import VM's from Hyper-V or VMware and let the system handle all the conversions.

How is this problem mine, techie asked, while cleaning underground computer

ChipsforBreakfast

It's a three way split....

Between the steel factory who's production floor PC's were so full of metal dust that PSU's had a half-life measured in days (they did eventually move most of them to less inhospitable locations & buy enclosures for the ones that absolutely had to stay, but not before we'd gone through a case of PSU's that would usually last a year in less than two months).

Or the ink factory where any attempt to work on their servers would result in the poor engineer emerging looking like a page from a Rorschach test as the various powdered pigments collected within the machine were dispersed over said engineer's hands, clothing and occasionally face.

Then there is the distribution warehouse with around 4 inches of God knows what collected on top of the steel beams over which the cabling has to run. Tracing cable faults there from the top of a hydraulic platform would rapidly result in you resembling something that had just escaped from the nearest coal mine!

And that said IT was a white-collar job!!!

The number’s up for 999. And 911. And 000. And 111

ChipsforBreakfast

This assumes three things :

1 : the caller has a map to hand.

2 : they are able to actually read said map & locate their position on it accurately.

3 : the emergency services operator they are talking to can do the same.

Remarkably few people have maps today. Fewer still know how to use them properly (and I am including a sizeable number of casual hikers/hill-walkers etc. in that!). As experiences above suggest emergency services operators aren't always able to do so either (and may well not have the relevant map available).

What surprises me is that with almost everyone now carrying a capable GPS locator almost everywhere they go (even indoors my phone is capable of finding my location to within 50m or so) there are few if any apps which will SIMPLY DISPLAY THIS INFORMATION.

Just the coordinates. No fancy maps. No address lookups. No requirement for network connectivity. Just show me the damn location so I can relay it to someone else!

I've had this happen to me. Middle of nowhere, Scotland. Traffic accident (thankfully nobody hurt) but requiring police attendance - took the cops 8 calls and almost an hour to finally find the location purely because I had no way to get my ACTUAL POSITION from the fancy phone I had without a bloody internet connection!

Would be so, so easy for both Google & Apple to solve this problem. Dial emergency services, phone displays the coordinates from the GPS on screen. Hit the 'Where the hell am I' buttonj and it does the same (with the fancy map if you happen to be online).

Easy, simple, worldwide & effective. So why don't they do it?

Alien versus Predator? No, this Android spyware works together

ChipsforBreakfast
Stop

Time for REAL security.

We can start with a good old fashioned physical off switch, or better yet a removable battery just like the old days. Then you can be sure that off means off.

Likewise, physical indicators for high-risk functions such as cameras & mic's - not LCD icons, real physical indicators that light up when a device is powered on, not under software control.

Those two things alone would be enough to limit the potential of a phone as a real-time surveillance device and neither compromises either functionality or usability.

Beyond that, we need vendors to start taking user privacy & security seriously. We can't prevent malware but we can limit the harm it can cause and make such harm far easier to reverse. It should be almost impossible for persistent malware to survive in a closed environment such as a mobile phone, that it's not is entirely the fault of the mobile OS's and the companies behind them, something that only serious market pressure will ever change.

Parts of UK booted offline as Virgin Media suffers massive broadband outage

ChipsforBreakfast

Re: Raging Tweet...

Good luck finding any... and providers willing to actually route it for you unless you are the size of a major multinational or happen to own a gold mine!

Those who actually HAVE PI space are not letting it go and they ain't making any more (well not in IP4 anyway)!

Do you use comms software from 3CX? What to do next after biz hit in supply chain attack

ChipsforBreakfast

A lesson in how not to handle an incident

Step 1 - Ignore it and hope it'll go away.

Step 2- Deny it. Claim it's a false positive.

Step 3 - Admit it, but don't say anything useful.

Step 4 - Argue with customers who need actual information and not marketing spin.

Step 5 - Watch as those same customers plan their migrations.

We are (or perhaps that should be were) a 3cx reseller & user. Their handling of this incident has been poor to say the least - poor disclosure, poor communication, poor remediation. Ok, this impacted a part of their offering that thankfully few of our clients actually use but that's not the point - if I can't trust their vulnerability handling processes I can't trust their application.

Here's how Chinese cyber spies exploited a critical Fortinet bug

ChipsforBreakfast

The obsession with monitoring everything and knowing down to the last packet what got transferred over your network is fast being shown for what it is - a clear and present danger to the security of your network & everyone using it.

If you deliberately break protocols designed to ensure the privacy, security and integrity of your data then you really shouldn't be surprised when an attacker takes advantage of your hard work. Same argument applies to this as applies to all those TLA's wanting to break end to end encryption to 'protect' us - what's broken is broken and whether it's broken by the good guys or the bad guys doesn't really matter - it's still broken and ANYONE can take advantage of it.

Do we really need to peer inside every packet at the gateway - my view is no, we don't.

Four top euro carriers will use phone numbers to target ads and annoy Google & Facebook

ChipsforBreakfast

Re: Like it is for emails?

That's the point where I very politely point out that NOT deleting the details will cost them a hell of a lot more than £200....

Funnily enough, that seems to work very well indeed!

What's up with IT, Doc? Rabbit hole reveals cause of outage

ChipsforBreakfast

Don't mention squirrels!

New warehouse, massive place with 15m roofs into which numerous cameras, wireless access points and other IT stuff were installed. All in all, about 60 brand spanking new cat5e cables carefully laid in the equally shiney & new cable tray running the 80m length of the place.

Everything installed, tested & signed off. Expensive hydraulic platform returned to the hire company & the racking team move in to build the new racking. Fast forward 3 months. Call comes in that about 70% of the stuff isn't working any more. Remote checks show various switchports that should be active very much inactive with no good reason apparent.

Engineer is sent to site armed with cable testing kit... Yep, 70% of those new cables were dead. Problem is, now the racking is in there's no room to get the platform back in... After a Lot of head scratching and some fairly interesting calls we finally sourced a machine narrow enough and with a high enough reach to get up to the cables, only to find them thoroughly chewed.

My first thought was rats but pest control later caught not one, not two but 5 bloody grey squirrels running around in there. Destructive little buggers had been using the tray as some kind of squirrel superhighway & chomping cables at random as they went!

I haven't seen a mess like it before or since.

Too big to live, too loved to die: Big Tech's billion dollar curse of the free

ChipsforBreakfast

Centralised service, centralised problem.

Email was never intended to be run by two mega corps. That's not how the protocol was designed, nor was it how the designers invisiaged it would work. By allowing it to be dominated in this way we've totally lost the inbuilt resilliance the protocol was designed with.

Lets be honest - faced with a choice of pay X pounds/dollars a year or lose your email, most users will pay up. They may gripe, they may moan but very few will be motivated enough to change and even fewer of those will be technically adept enough to do it. The only thing preventing Google doing that right now is the inevitable bad press but sooner or later the financial imperative will become too great to ignore.

Expect to see a decoupling of the 'Google account' used for sign-in to phones, apps etc. from the actual email service well ahead of this so as to limit potential regulatory issues as much as possible. Email will become an additional, paid for, service.

Me, I'll stick with my own mail server on my own domain like I have for the last 22 years.....

'What's the point of me being in my office, just because they want to see me in the office?'

ChipsforBreakfast

Trust

We have always placed trust in our employees. There is no micro-management (we had one, once. He lasted less than three months before being abruptly shown the door). Employees from the newest first line to the most experienced senior engineers are simply allowed to get on with their jobs, trusted to do so without continual oversight and equally trusted to know when they are getting out of their depth.

The atmosphere of openness this creates encourages people to learn from each other and to speak up when they don't know - better for us, better for them & better for our clients.

We drum into all staff from day one that mistakes are not only tolerated, they are expected and will not result in punishment They are how we learn. Nobody is disadvantaged or disciplined for a mistake, they are helped to put it right & understand what went wrong so they don't do it again.

There are no time clocks. No hour counting. No clockwatching. We don't log hours worked or when people do or don't choose to come into the office. We DO regularly check customer feedback & satisfaction levels and we do follow up very quickly if these seem to be slipping.

In short, we treat our staff the way we'd want to be treated. Like adult human beings, trusted to behave honestly and to keep our customers happy.

The result - almost zero staff turnover and exceptional client retention. A very happy CEO and a very pleased CTO (me!).

Moral - trusting your staff is the key to building a strong, resilliant & productive team - in or out of the office. And there are better ways to measure & monitor productivity than counting heads at desks or hours worked.

China promises its digital currency will offer 'controllable anonymity'

ChipsforBreakfast

Which backs up exactly what |I was saying - NO digital currency or payment method is a suitable replacement for hard, physical cash.

Had those tourists had wallets full of actual money instead of plastic cards they wouldn't have had a problem, would they?

ChipsforBreakfast
Stop

Privacy is the tip of a very nasty iceberg

I may seem something of a luddite here but bear with me. If I'm not mistaken we already have numerous & very effective ways to make cashless transactions should we so desire. Bank transfers, cards, even apps all exist for exactly that purpose and by and large function well enough that they've become accepted in society for daily use.

Cash is different. Physical cash is exactly that - a physical, immutable representation of wealth. If you hold it, you have it and it's yours to spend as you see fit. If someone wants to take it off of you then they need to physically confiscate it, a process sufficiently complex and time consuming that it's intrinsically resistant to abuse. It's not practically traceable and has no privacy risks. You can't hack my wallet from a bedroom halfway across the world. You can try and pick my pocket if you like but that carries a distinctly non-zero chance of you getting a punch in the mouth and quite possibly jailtime which again tends to limit the risk involved.

If the bank is closed (or worse, bust) then the cash in my pocket is still mine. It still has it's value, I can still spend it, at least for as long as other people agree it has value.

Now, replace that with a CBDC and a 'digital wallet'. Instantly all the advantages of cash are gone. Digital transactions are traceable, so no more privacy (anyone saying anything else really needs to go look at some modern history!). It's only 'yours' for as long as the bank say it's yours - it can be blocked or invalidated at any time, easily. Pissed off the government, no more money for you. Voted for the wrong party? Said the wrong thing? Spent more than you should on 'bad' things? Same result... what you thought you had, you don't have. That 'digital wallet' can be and undoubtedly will be hacked eventually - everything is.

For central bank transactions, perhaps it's justifiable BUT there are already plenty of solutions for that... it's not the driver for this.

In short, CBDC is not a solution to any problem faced by normal individuals. It's at best a waste of time and at worst a tool for total control & oppression on a scale never before seen.

The privacy issues are the tip of the iceberg.

Chemical plant taken offline by the best one of all: C8H10N4O2

ChipsforBreakfast

Alcohol + CRT = fun!

I have witnessed the result of a poorly-placed CRT encountering an entire pint of lager. Spectacular light show, copious smoke and one fire-alarm induced evacuation later management were persuaded to relocate the monitor away from the end of the reception desk nearest the bar....

Nuclear power is the climate superhero too nervous to wear its cape

ChipsforBreakfast

Re: Deaths are not the only metric

Please, dial down the angst. The exclusion zone is far from lifeless and has in fact become something of a wildlife haven. The exclusions zone for Fukushima has already been lifted.

Yes, Fukushima plans to release treated waste water into the sea - water treated to remove most radioactive contaminants leaving only a very low level of radioactivity - lower, in fact, than the naturally occurring background radiation.

All of which fails to note that modern reactor designs such as those discussed in the article are designed to prevent exactly the type of accidents that occurred in either of these incidents.

As for your 'argument' you know full well that cleanup will take decades to complete - do you seriously think we have that long to wait?

ChipsforBreakfast

Re: Deaths are not the only metric

I don't disagree with you - there is never a perfect solution. The point really was about the relative lifespan of the two - turbines have planned lives of 20 year, solar panels roughly the same or less, depending on the conditions. Most proposed reactors are aiming for lifespans of 40 - 50 years minimum (many current plants are sitting at around 40 years operation & still passing safety inspections).

So while they do use significant quantities of non-recyclable material they use it less often and probably manage to generate more power over their lifespan too - not zero impact (nothing is) but less impact per KW/h generated. It's also contained in a far smaller area, lessening the physical impacts on the surrounding area & wildlife.

Nuclear power is not without concerns, drawbacks and impacts that's for sure but they are at least comparable to quite possible lower than (I'm no expert, just an interested layman) the renewable alternatives.

ChipsforBreakfast

Re: Deaths are not the only metric

Regardless of what's happened in the past (and the article does a very good job of explaining why that's not really relevant to this discussion), there is a choice to be made now.

We can invest in nuclear power alongside renewables and meet the goal of zero carbon emissions from power generation

Or we can decide not to.

If we decide not to, we either have to drastically reduce & rethink our use of power or we accept that we are not going to be able to reach the zero emission goal and we'll need to deal with the consequences.

If you have an alternative that doesn't involve drastic negative changes to our accepted way of life I'm all ears...

ChipsforBreakfast

Re: Deaths are not the only metric

And how about you explain how we are supposed to keep the lights lit, industry operational, homes heated, electric cars charged and all the rest while not emitting carbon without it.

Wind is not reliable, has a huge physical impact, turbines with around a 20 yr lifespan (far less that a nuclear reactor) which aren't recyclable - it's not the answer.

Solar suffers the same reliability problem especially in the UK and has similar issues with physical impact. Making the panels relies on hard to obtain materials and energy-intensive processes - not the answer either.

Base load on the grid needs to be met by reliable sources - nuclear is ideal for this. Renewables are good for some things but there are needs they simply cannot meet.

If you truly want to get to zero-emission power generation it will need a combination of all of these technologies, as well as significant investment in energy storage to achieve it.

Major IT outage forces UK emergency call handlers to use 'pen and paper'

ChipsforBreakfast
FAIL

Fail to plan, Plan to fail...

We know systems will be compromised. It's fast becoming inevitable, no matter how comprehensive the security or how determined the management are when all is said and done defenders need to be lucky all the time, attackers only need to be lucky once. We need to start accepting that when we're designing, specifying and commissioning systems for critical infrastructure.

We need to look at enforcing diversity - multiple systems, multiple suppliers, multiple architectures, multiple access paths. Yes, that will introduce problems with interoperability but those shouldn't be insurmountable with careful design. We need to be mandating that level of diversity across the entire critical infrastructure - no one supplier, system or datacenter should be permitted to operate in more than a quarter of any given segment of critical infrastructure.

Monocultures are notoriously fragile (windows, I'm looking at you!) - they need to be avoided when dealing with life-critical services. Only by promoting diversity and actively discouraging monoculture can you both promote innovation and enhance the resilience of the system as a whole.

New Outlook feature: It freezes up when dealing with tables in emails

ChipsforBreakfast

Plain Text

Round here, plain text has always ruled the roost. 72 characters wide, properly formatted signature separator, 4 lines of a signature at most and absolutely no damn HTML anywhere.

Yes, I'm old.

Page: