* Posts by DevOpsTimothyC

175 posts • joined 3 Apr 2020


EU digital rules must consider anti-competitive licensing terms, say cloud sellers

DevOpsTimothyC Bronze badge

For third parties, the charge could be for every CPU "that could 'potentially' use its software"

I've seen that extend beyond "How many CPU core's have you got in that hypervisor" to "Oh the database is on NAS/SAN.... How many CPU cores in that cloud"

Unvaccinated and working at Apple? Prepare for COVID-19 testing 'every time' you step in the office

DevOpsTimothyC Bronze badge

Re: I would.

Your response / attitude justifies persecution of minorities by majorities the world over.

DevOpsTimothyC Bronze badge

The anti-vax statements that I've heard have all focused on either "There have been deaths directly linked to being jabbed" or "Don't know the long term consequences of getting jabbed. There have been plenty of other vaccines in the past which have been withdrawn after 5 to 10 years when some quite serious side effects have turned up" I think they are referring to ones form the 1960's and 1970's.

There's also "Why are they considered unsafe for people 16 or younger in most countries, but fine for adults?", and I've even heard "Why do the people making the vaccines not have to have the vaccines". I think that last one is starting to get into the same 'perhaps they should be locked up in a nice padded room' territory as "But they might be putting chips or who knows what else into the vaccines"

DevOpsTimothyC Bronze badge

people are NOT vaccinated. THEY put other people (inclusing me) at risk.

That part has puzzled me but I see that response / attitude quite a bit. When I'm double (soon to be triple?) vaxxed how are non-vaxxed people putting me at direct risk by being in their presence?

In a wider stance, Yes un-vaxxed people provide a better pool for the virus to grow and mutate, but from the information I've seen the reason it looks like we'll all need to get regular top-up's is because of mutations.

In my mind having been vaxxed you're mostly "safe" around anyone (vaxxed or not) against the current strains, and you have mild resistance to new strains with unvaxxed people who haven't previously had COVID-19 being the highest risk group, people who have been vaxxed or have had COVID-19 some time ago being a relatively medium risk and the lowest risk coming from those who have had COVID-19 in the last 1-3 month time frame. From what I've seen the doctors are saying that natural immunity having had COVID-19 is better than vaccination.

US consumer watchdog starts sniffing around tech giants' use of your spending data

DevOpsTimothyC Bronze badge

Secure transactions, insecure meta ?

From encryption to tokenization, we devote enormous resources to keeping digital transactions secure

Well that make a nice sound bite if it wasn't such obvious deflection. If you were busy losing my credit/debit card data we'd be having a much different conversation.

As the question is "Who gets to see the meta data of that transaction, eg What my IP was, what bank/credit card provider I use, how much I'm spending each month, what categories of things am I spending money on, am I buying things through the same handful of websites or is my purchase pattern more fluid?", then the response saying that the transaction is secure has no relevance.

Not just deprecated, but deleted: Google finally strips File Transfer Protocol code from Chrome browser

DevOpsTimothyC Bronze badge

Re: You can't sell Advertising

The problem is that it's not google doing the selling

Facebook fined £50m in UK for 'conscious' refusal to report info and 'deliberate failure to comply' during Giphy acquisition probe

DevOpsTimothyC Bronze badge

Concious decision / deliberate failure

Perhaps if the fine was a noticeable percentage of the parent companies turnover (in this case 10 to 100 times the fine) with failure to pay the fine (for any reason within 28 days, even disputing the fine) being an instruction to ISP's etc to balckhole their traffic until the issue is resolved, then these sorts of companies would pay attention.

I doubt £50m is more than a minor cost of doing business and a sizeable portion of the £50m would have been how much it would have cost to comply with the conditions in the first place

Give us your biometric data to get your lunch in 5 seconds, UK schools tell children

DevOpsTimothyC Bronze badge

enhances the pupil experience

enhances the pupil experience using innovative technology

That rolls off the tongue soo much better than "Introducing a police state by normalizing it at a young age while most children cannot understand the consequences of these sort of actions"

Client-side content scanning as an unworkable, insecure disaster for democracy

DevOpsTimothyC Bronze badge

Re: What worries me

Imagine I have monkey selfie picture and I whitened the teeth a little or changed the eye colour from yellow to be more orange or more brown. From an MD5/SHA256 hash point of view it's a completely different image. If I simply cropped the image or added a border it would also generate a different MD5/SHA256 hash, however I think everyone would agree that it's essentially the same image.

If I added clothes and hat to the image I think we'd all agree that it's altered enough to be a different image.

While I don't know how such content type fingerprints are made (for images, video / audio) I think we'd all agree that with sufficient effort algorithms could identify the first set of changes above as the same image, but the second set of changes as a different image. After all we can do fingerprint, facial and iris recognition and you're not going to get the same pictures for them.

Chinese developers rebel against long working hours with crowdsourced tell-all on employers

DevOpsTimothyC Bronze badge

Re: Perhaps we could have a version of this for the west as well

You are aware of GlassDoor right?

The problem with most of the common review sites is that they allow the businesses quite a degree of curation.

US gov claims ransomware 'earned' $590m in the first half of 2021 alone – mostly in Bitcoin

DevOpsTimothyC Bronze badge

Accessory to Extortion ?

Why aren't the exchanges that process the crypto transactions being charged with Extortion related crimes, at the very least Money Laundering ? After all while the owner of a wallet may be anonymous the whole point of crypto currencies is that they are a ledger of transactions.

FTC carpet bombs industry with letters warning that fake reviews will be punished

DevOpsTimothyC Bronze badge

They should also fine those that benefitted from the reviews

There are other companies which are purely review sites where it's obvious they allow their customers (the shop / website owners) to flood positive reviews. Both groups should be fined

Boeing 737 Max chief technical pilot charged with deceiving US aviation regulators over MCAS

DevOpsTimothyC Bronze badge

Re: Some extra info

And imagine how few people will be on your "side" when it can be shown that your actions contributed to the death of hundreds

Opt-out is the right approach for sharing your medical records with researchers

DevOpsTimothyC Bronze badge

Re: Shirley there must be an acceptable third option

Then they don't understand capitalism.

That's really the elephant in the room isn't it? The question being put to people is allowing access for medical research. The question is being put forward in a "Think of the children" tone. In reality it's just naked capitalism and how much your information is worth to anyone they can sell it to.

Facebook far too consumed by greed to make itself less harmful to society, whistleblower tells Congress

DevOpsTimothyC Bronze badge

Re: "US senators are the only ones who are going to feel a revelation here."

Bribing officials IS illegal. The US government understands that and addressed it many decades ago by creating a system of allowing campaign contributions.

Bribery is something that happens without any records etc. If it's all public knowledge it cannot be bribery right ?

DevOpsTimothyC Bronze badge

Re: "Facebook’s algorithms [..] put immense profit before safety and society"

Users? You mean products.

No "users" as in drug addicts

EU readies 'antitrust charges' against Apple Pay for locking rivals out of iPhone NFC chip

DevOpsTimothyC Bronze badge

Re: I agree

and costs me absolutely nada

You might want to re-visit that part. Alot of companies have put up costs to cover the fees. They do this to all customers so while you think it's costing you nada you're not looking at all the reasons for the price increases

Supply chain pain: Cisco's base price structure moving north from November

DevOpsTimothyC Bronze badge

Why do longer wait times cause higher cost

semiconductor lead times were 60 weeks – double pre-pandemic norms – and campus, routing, switching and data centre products were all hit

Can someone explain why longer lead times causes prices to go up? Are the chip makers charging more or is this just profiteering by a supply shortage ?

Got enterprise workstations and hope to run Windows 11? Survey says: You lose. Over half the gear's not fit for it

DevOpsTimothyC Bronze badge

Re: Immutable OS’s are the answer

I can compile openwrt onto a SD card, flip the write enable toggle and then run it on my laptop or desktop with a USB to SD converter.

We've had live OS installer CD's, so yes, why not ?

DevOpsTimothyC Bronze badge

Re: Compatibility tool fail

Well the compatibility tool only goes so far, from my experience you still need to research

Why should most users be expected to perform that sort of research ? The tool should run, after all it is on a supported OS.

Perhaps it should come with a warning "If this tool doesn't run then your PC is not compatible with Windows 11"

YouTube expands vaccine misinfo crackdown, nukes anti-vax channels for good

DevOpsTimothyC Bronze badge

Now Texas will sue YouTube under their new silly law demanding social media companies allow all content.

While I would have preferred that Texas taken the same position as Australia, I'm probably the odd one out here but I completely support both Australia & Texas's decisions to remove the ability for these companies to have their cake and eat it too.

Either a company is a common carrier who cannot and NEVER filters content, OR they have a duty to filter their content and run legal risks for failing in their duty to filter. They should not be allowed their current ability of claiming common carrier protections while still filtering content.

Fake 'BT' caller fleeces elderly victim of £30k in APP app scam

DevOpsTimothyC Bronze badge

Re: "security" questions

It should be a criminal offence to phone someone up and ask them "security" questions.

I cannot upvote that enough. The same should apply to the gov. "Hi I'm from test & trace, before we can proceed can you confirm your personal details.... Sure, but only after you can prove to my satisfaction you really are from where you claim"

Metro Bank techies placed at risk of redundancy, severance terms criticised

DevOpsTimothyC Bronze badge

Re: Industry standard redundancy terms?

They are common in industries with persistent skills shortages.

Perhaps like switching the tech stack ?

Microsoft adds hybrid meeting features to Teams, including interruption-detecting AI

DevOpsTimothyC Bronze badge

If only they could add something useful

Like not crashing regularly, entering login loops, consuming large amount of ram and CPU cycles, prompting "Do you want to replace the version of the file you sent to team A with the version you're sending to team B or do you want additional (#) in the file name

McDonald's email blunder broadcasts database creds to comedy competition winners

DevOpsTimothyC Bronze badge

Re: "We take data privacy very seriously"

I also fail to see "And we have reported this to the ICO"

AWS EKS Anywhere (as long as it's VMware) hits full release

DevOpsTimothyC Bronze badge

Forget EKS Anywhere, use EKS Connector

So EKS Anywhere allows AWS to deploy into your environment OR use EKS Connector to connect your nodes to an EKS cluster.

For anyone who's had more than just eksctl experience the EKS Connector looks like the more flexible option

ProtonMail deletes 'we don't log your IP' boast from website after French climate activist reportedly arrested

DevOpsTimothyC Bronze badge

The Protonmail statement says they can be compelled to log a user’s IP when Swiss law has been broken.

Exactly which SWISS law was broken? French ones, yes sure, but the statement says Swiss.

They got a court order and started logging IP addresses and user-agent strings for this particular user, after being presented with the order.

AFAIK A court order cannot force you to log that sort of thing if you never logged any of that information in the first place. That was effectively Apple's defence about getting into phones. There was no mechanism, they would have to create one.

A defence here is "We do not log produce web server logs. We have no infrastructure to retain those logs. To comply with this court order would cost ......"

DevOpsTimothyC Bronze badge

Re: More misdirection......

6. Use peer-to-peer messaging (see Ricochet. So no servers, no "cloud")

You haven't really thought that one through have you? It's a little difficult to use P2P when both ends are behind a NAT

DevOpsTimothyC Bronze badge


That news article is clickbait. The title implies FB is able to read any message and that it does this routinely while the content has words to the effect of "The messages have been forwarded to our abuse team".

DevOpsTimothyC Bronze badge

I wonder what'll happen, when they get served a valid court order demanding they issue a trojaned javascript file to targets-of-interest

Is that legal under Swiss law? Wouldn't that fall under hacking laws and AFAIK most countries prohibit hacking (even for law enforcement purposes). The only times hacking is typically allowed is for national security by the intelligence services.

DevOpsTimothyC Bronze badge

Proton's public statement is still lying

The firm's privacy policy, which was updated yesterday, now says: "If you are breaking Swiss law, ProtonMail can be legally compelled to log your IP address as part of a Swiss criminal investigation."

So exactly which SWISS law was this user breaking? A French Europol order which is confirmed by a Swiss judge implies to me that a FRENCH law was broken, bit a Swiss one.

I see it in the same way as the Assange extradition, the US used the fact that the UK has an espionage law, aka this activity would have been illegal if it had happened in your country. I assume that's why the Swiss judge confirmed the warrant. Note there's also no details of a "Swiss criminal investigation.", just that the Swiss are aiding the French

Docker’s cash conundrum is becoming a bet on a very different future

DevOpsTimothyC Bronze badge

Re: Missing Features

My entire point is that there are alot of alternatives and those alternatives have a richer feature set.

Businesses will pay for things when they have to but as soon as they start paying most demand value for money and Docker is not currently providing that.

DevOpsTimothyC Bronze badge

Missing Features

Last time I looked at Dockerhub (in a professional setting) it lacked critical features like security scanning. Everywhere else I look I get a CVE report for my containers. I'm sure there are other features that people consider critical for commercial adoption.

It's all well and good to be the first to market, but when your competitors overtake you you need to evolve.

Can WhatsApp moderators really read your encrypted texts? Yes ... if you forward them to the abuse dept

DevOpsTimothyC Bronze badge

Poor El-Reg reporting

Adding the proton mail element isn't really relevant to WhatsApp. In WhatApp you have users reporting abuse in proton mail there is a court order.

Of course in the proton case their (French) T&C's denied that the court order could get the information that was handed over. The user was French.

Updated Python support in VS Code brings browser editing and ditches open-source language server for Pylance

DevOpsTimothyC Bronze badge

Can't change it's spots

Embrace, Extend, Extinguish. As we really surprised that Microsoft is doing this?

US Air Force chief software officer quits after launching Hellfire missile of a LinkedIn post at his former bosses

DevOpsTimothyC Bronze badge

Re: To be fair ?

The advantage is that they know their prior area of IT, the disadvantage is that they will often only listen to people who have a similar background but are otherwise clueless as someone who has no IT background.



DevOpsTimothyC Bronze badge

I was hired to do X because I had enough knowledge / skill to do X, but I was prevented by (corporate) policies generally causes alot of sour grapes.

When you've got organizations this sort of size that has serious systemic issues often the only way to make the organization better is to throw the toys out of the pram. When you're too far down the food chain it's either don't care and walk away or make this sort of noise.

Google admits Kubernetes container tech is so complex, it's had to roll out an Autopilot feature to do it all for you

DevOpsTimothyC Bronze badge

Re: The problem is ... people like me

And security is (as always) removed for cost and productivity reasons until after the breach.



Apple extends live-at-work to at least January 2022

DevOpsTimothyC Bronze badge
Big Brother

You must get the iJab!

Is this mis-reporting by El-Reg, or have Apple dropped the "You must have the job before you come back into the office" or are they using this as another facet to distance themselves from google

Refs https://9to5mac.com/2021/07/29/apple-reportedly-asking-employees-for-their-vaccination-status-in-some-locations/ and https://9to5mac.com/2021/07/28/apple-considering-requiring-employee-vaccinations/

DevOpsTimothyC Bronze badge

Isn't OnlyFans British ?

A man spent a year in jail on a murder charge that hinged on disputed AI evidence. Now the case has been dropped

DevOpsTimothyC Bronze badge

Re: Supprise

How this thing detecting a gun shot put the driver in the frame for doing it is somewhat of a puzzle to me.

That is the easy part. If you have CCTV that is good enough to see a person getting in the car, or even people around the car, you can make the statements

a) There were only person A and person B in the car at the time

b) Due to the position and angle of the wounds person A could not have shot themselves

c) Our amazing microphone system placed the gunshot at this place and time, which happens to be where the car is.

It's all circumstantial and it's quite the house of cards. If they are all correct everything is fine. When you have documents which routinely has people massaging one or more of the facts then it all falls over like the house of cards it is.

Apple's bright idea for CSAM scanning could start 'persecution on a global basis' – 90+ civil rights groups

DevOpsTimothyC Bronze badge

Most of the big names on the internet do some sort of "Against our T&C for content we don't like". Apple are just pushing that onto people's phone / tablets etc

DevOpsTimothyC Bronze badge

Is the default option to sync to iCloud ?

DevOpsTimothyC Bronze badge

Not an iWhatever user, but doesn't almost every image you take / receive automatically get uploaded to the iCloud account in case you break your iThing?

Fancy joining the SAS's secret hacker squad in Hereford as an electronics engineer for £33k?

DevOpsTimothyC Bronze badge

Re: No comment

I'm sure they just missed out stating that this is a part time role, 1 day a week

Apple is about to start scanning iPhone users' devices for banned content, professor warns

DevOpsTimothyC Bronze badge

Re: So Apple have solved the problem of what to do with that pile of cash?

give you control over your information

Your information, not your content :(

Looks like Apple is the first big company to openly state it's starting down the thought police route. While the other companies might monitor and profile you I wasn't aware they also informed the authorities if they didn't like something you did (unless it was to steal their IP)

Compsci student walks off with $50,000 after bug bounty report blows gaping hole in Shopify software repos

DevOpsTimothyC Bronze badge

It's something GitHub really need to address. There are a lot of tokens out there, it's pure luck that there haven't been more incidents.

It's really easy to address in GH. Require your dev's to access GH via corporate SSO and not via their personal logins.

Granted it will annoy alot of developers having to auth to github via their org rather than with personal credentials, but it's not GH's fault that many org's allow access via accounts they do not control and have not locked down

Rackspace literally decimates workforce: One in ten staffers let go this week

DevOpsTimothyC Bronze badge

Re: I hope people flee RackSpace

I've seen offshoring work well for a number of companies. Offshoring can be great if you already have presence in those other markets and and can simply grow a presence instead of having to expand into a new geography.

The thing that doesn't work well is outsourcing to an off shore company.

UK and chums call out Chinese Ministry of State Security for Hafnium Microsoft Exchange Server attacks

DevOpsTimothyC Bronze badge

Who's really at fault ?

I've really got to ask who's at fault here? It really seems that Microsoft have done a great job on shifting blame from "Our software continues to have major security holes" to "It's their fault for exploiting the holes in our software"

This is the data watchdog! Surrender your Matt Hancock smoochy-kiss pics right now!

DevOpsTimothyC Bronze badge

Open Season on the ICO

Putting aside the "Shoot the messenger", and just how heavy handed this is, Doesn't it open the door against the ICO for not applying the same amount of diligence to EVERYONE else's data? Not to mention how promptly they have acted on this.

I know I've made complaints to the ICO about companies that have harvested my data and then continued to use after GDPR requests from myself. They will typically take 6-12 months before even looking at most issues.



Biting the hand that feeds IT © 1998–2021