* Posts by DevOpsTimothyC

18 posts • joined 3 Apr 2020

BT cutting contractors' rates by a fifth and halving notice period because 'coronavirus'

DevOpsTimothyC

Re: What's the point of a "contract"

They are not changing in the middle without recourse. They are exercising the termination clause in the existing contract. They are then offering a new contract at worse rates. That's one of the risks of contracting and the the contractors are free to refuse the new contract or to try and negotiate alternate terms.

People reguarly do the same thing with mobile phone "contracts". Once they are out of the lock in period they can terminate the old contract in favor of a new contract with "better" terms, aka more free minutes, texts, data. It's exactly the same thing.

To the "contractors" at BT "4 weeks is not a contract, it's employment. Most contracts have at most a 2 week break clause. Typically 1 week, sometimes less."

Disclaimer: I'm a contractor (not with BT) and I have been contracting for many years.

Snowden was right: US court deems NSA bulk phone-call snooping illegal, possibly unconstitutional, and probably pointless anyway

DevOpsTimothyC

Re: Offshoring bulk surveillance

Actually there are laws on both sides that essentially say "If it's illegal for you to do you're not allowed to ask anyone else to AND It's illegal accept their information if it would have been illegal for you to gather that information.

Community Fibre to splash £400m on FTTP connections as it races to cover a million London properties by 2023

DevOpsTimothyC

Re: Is it really worth it?

While I agree with your point of "at some point in the connection path there is going to be contention" I trust alot of these companies ALOT more in resolving those issues than BT pointing at other parts of BT when there are issues.

Now if we could only require them to resell connectivity to each other, so as an end user could buy connectivity through Hyperoptic even if Community Fibre had the infrastructure

Data-stealing, password-harvesting, backdoor-opening QNAP NAS malware cruises along at 62,000 infections

DevOpsTimothyC

Re: IPv6 Security Question

Devices can self assign routable IP's with just IPv6 RA's (Route Announcements). All DHCPv6 does is extend the RA's to provide additional information eg DNS, Domain etc. You can do IP allocation over DHCPv6, but that's only if you want specific IP's that are not related to the mac address

DevOpsTimothyC

Re: IPv6 Security Question

As I disagree with the other answers.

"Qnap would effectively be on the internet because there is no NAT function in IPv6" - Essentially correct

"My only protection would be obscurity due the quantity of addresses available in IPv6 and I would just have to hope that my Qnap didn't advertise itself or a hacker didn't get lucky?" yes. If there was any malware that phoned home then that obscurity is completely out the window.

If you have a working IPv6 connection then you probably have a /64 block routed to you. Go to https://www.ripe.net (Don't worry, it's the place that hands out IP addresses to all the ISP's in Europe) In the top right of the screen you should see an IP address. If it's an IPv6 address (has colons in it) can you find that address one on one of the network interfaces on your computer.

Unless your router (which may also be an IPv4 NAT gateway) has an obvious IPv6 firewall, then you have an open & unfiltered connection that is globally routable. If you have someone that you can trust get them to to try and connect to your ip address. If they can then you're probably not secure

"Is there an off the shelf IPv6 box that would protect local network devices?" Depends on your internet connection. Does your router / modem have an IPv6 firewall. It would then allow you to restricted what traffic origionated from outside your local network (/64).

Ex-boss of ICANN shifts from 'advisor' to co-CEO of private equity biz that tried to buy .org for $1bn+

DevOpsTimothyC

Re: "Ethos Capital refused to divulge who all the directors of those companies actually were"

I hate to burst your bubble there, but the USA learn that from the UK. Just look at places like the Cayman Islands, Isle of Mann, Gibraltar (almost every British Over Seas territory) have quite favourable company laws from either 0% corporate tax to hidden ownership.

Trump gloats, telcos weep, and China is furious: How things stand following UK's decision to rip out Huawei

DevOpsTimothyC

Re: What about Huawei's 5G Patents...

Is that then more or less meaningless than what America is doing?

Remember when we warned in February Apple will crack down on long-life HTTPS certs? It's happening: Chrome, Firefox ready to join in, too

DevOpsTimothyC

Re: Will this be a problem for embedded device certs?

I think you've hit the issue, just in the wrong way.

Many of the devices you are talking about will NOT support the latest TLS standards. They are precisely the sort of devices that this is trying to remove

DevOpsTimothyC

Re: Some sense for the web, disaster for internal

I've worked at a number of places that purchased the cheapest (trusted) wildcard cert they could find to secure internal servers,. It was cheaper to buy a real cert than manage an internal CA

DevOpsTimothyC

Re: Is there any advantage left by using commercial certs?

Anyone who can hijack the DNS can get a lets encrypt cert.

It then prompts the question of why not just admit that SSL has nothing to do with trust and it is there solely to confirm that the data hasn't been tampered with in transit.

DevOpsTimothyC

Re: That kinda sucks...

No. The CA would be issuing a cert with a 15 month life or about 455 days. 3 months left on the existing + 12 months for the renewal. That would then breach the 398 days

Never knowingly under-digitally transformed: Retailer John Lewis outsources tech function to Wipro

DevOpsTimothyC

Re: Madness

haven't they experienced that continual going through the outsoucing / insourcing cycle, plus all the failed IT projects being run by external consultancies.

FTFY

PS running EVERYTHING in IT as a project is also a stupid idea.

DevOpsTimothyC

Re: So. Farewell then John Lewis

I imagine that I'm not the only one who isn't too put out about the price promise and saw it as keeping the both the country and the high street working.

The other two ... :(

IR35 tax reforms for UK freelancers glide through committee stage: D-Day set for 6 April 2021

DevOpsTimothyC

Re: Who is paying the right tax ?

The "consultants" will mostly be PAYE to the contaltancies.

"if they were doing the same but working for a large company they would have this paid for them by the company which would claim it against income"

A consultant is not a contractor and this is aimed at getting rid of contractors so consultancies can mop up the work with mostly over priced and unverskilled foreign nationals who are here on short term (up to 2 years) employment visa's. Yes they have to advertise the job, but there's nothing to say that they have to advertise the job at fair market rates.

'5G for Five Eyes!' US senator tells Parliamentarians the world would be better without Huawei

DevOpsTimothyC

Re: Where is the American Tech Leading in 5G ?

And that's exactly why they keep on about the economic security of it and how Huawei is such a threat to their economic security.

For some reason my auto correct keeps replacing "national security" with "economic security" as I was writing the above. I'll have to get an MP to look into it :D

Microsoft hogs limelight at virtual Docker event as friends with benefits get even cosier

DevOpsTimothyC

Embrace, Extend, Extinguish

Is it just me, or is anyoen else feeling the "Look at all the cool stuff tht is only available on a Microsoft product", In this case Azure. it reads like a challenger to Kubernetes

Tales from the crypt-oh: Nvidia accused of concealing $1bn in coin-mining GPU sales as gaming revenue

DevOpsTimothyC

Of the card design does not include any video out it's pretty obvious. Additionally If you've got a couple of places (that aren't your typical wholesalers) buying more than 2 or 3 cards at a time, you can be pretty sure it's not a gamer.

The most graphics cards I've seen in a PC are 3. Most gamers will not have multiple multiple high spec PC's. Keep in mind that at the time this is covering a GeForce GTX 1080 or GeForce GTX 1080 Ti was in the $900-1200 range.

Zoom vows to spend next 90 days thinking hard about its security and privacy after rough week, meeting ID war-dialing tool emerges

DevOpsTimothyC

Reversible Encryption

So the news website of a major public UK Broadcaster has picked up on this to highlight the potential encryption issues.

Considering how the UK Government have both used it, and are also making the same calls as the US that they should have a back door for all encryption. I find it more than a little ironic and funny

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020