Posts by DevOpsTimothyC 401 publicly visible posts • joined 3 Apr 2020
The problem is still with Seagate.
Their RMA process should cover this OR they should be providing the RMA within the UK.
The simple answer is one of
Enough people will get stung by this and stop buying Seagate drives in the UK
People who have RMA's or will refuse to pay the import costs of a RMA then take Seagate to the small claims court for failing to abide by their warranty policies
@DS999
While your statements make sense, how do you justify the different daughter boards being ID locked, eg face recognition being turned off if you replace screen or camera ?
I can appreciate things like RAM and CPU being soldered on for the thinner / lighter models, but why are no models sold where these CAN be swapped, just in a slightly larger form factor?
https://www.theregister.com/2021/02/24/surface_pro_7_plus_ssd/ is an example of the lock in issues people really don't like
It's not just the web developers. Most of the time they are NOT the ones DECIDING to pull in page assets from specific location.
Typically it is someone higher up saying "I want to see stats via tag manager, Make it happen or get another job" Rinse and repeat for Ad's, page optimization tools (marketing departments wanting to make content / layout change without involving dev teams), ratings sites etc
"And the software tried to warn them that money was leaving the bank."
That statement is a little disingenuous. It's not really a warning if it's an expected outcome now is it ? If you're making a payment to anyone then you expect some money is going to be leaving the bank.
If the software had tried to warn them that more than##% of the principal was leaving the bank then I'd agree that it was a warning
"When an organisation buys in products or services that will be involved in the processing, they need to ensure that they choose ones that are designed with data protection in mind. This is part of a data protection by design approach and can help them to protect children's personal information. Organisations should consider these issues when doing their risk assessment."
What a deplorable cop-out by the ICO. While I agree that any place employing such a system should do it's due diligence the ICO should be giving heavy fines to any company that is targeting that market and failing so badly.
Trading Standards goes after companies which make dangerously faulty products, it seems like the ICO would be going after the customers for purchasing such faulty products.
I work in IT.
Sounds similar to some of the issues I encountered when all of this began. My SO's view was "If you're at home you're available for home stuff".
We agreed that when I'm at my desk or obviously engaged in work stuff during normal hours then I should be thought of as "In the office", eg contact me if there is a fire, pipe has burst etc. After each of our finish for the day we go out for our daily exercise as "commuting time". It's not until after the commuting time are we into the "home" stuff. It's made both of us happier.
In terms of the office side of things that was primarily my co-workers saying that they didn't understand or needed help with something else. It was generally easier for them to ask me than to think about the problem and work it out for themselves. Being in the office it would have been quite rude to ignore the person or to tell them to go away and think about it a little first. Being at the end of slack has meant those sorts of questions can stand a 20-30 min delay in responding and most of the time I received "I've figured it out now".
A year on I'm able to deliver more of the stuff I'm required to deliver and the interruptions I receive show that my peers have through about the problem and it's at the point where a second pair of eyes would really help. The "We need to male a decision on X" is always going to be there, so there's still plenty of adhoc meetings / comms
Would I go back to the office, only when forced, about the only thing that I find harder in the WFH is the lack of whiteboard for adhoc diagrams, but that is a good thing because those diagrams are produced and in known locations rather than in someone's head.
The only problem with the "reason to suspect naughtiness" is that their reason to suspect naughtiness includes "You've switched from outside IR35 to Inside IR35".
When you add that to the law changing meaning many clients who have been happy that you were outside, but now that the liability is switching to them they are only offering inside IR35 contract to protect their liability.
There's still a bunch of issues involved with that, think NPM's left pad. What a number of places do is proxy ALL requests through the internal archive. That way you keep a copy of public libraries so you maintain buisiness continuity and avoid left pad type issues.
The problem is that it does not protect from thos sort of attack as you're still querrying one repo and because most dev's don't want to deal with security issues they will just set the deps to be the latest version, or the latest within a specific release eg 2.x is fine.
> People who think "I barely care about OS updates since I do not use it for financial or other sensitive work." are the reason we have botnets.
Why should end users care at all about OS (security) updates? OS (security) updates SHOULD be a thing that the end users are completely oblivious of because they "just happen" without interrupting the end user, possibly with the exception of a nagging "you need to restart your device"
The real problem is that manufacturers can decided to EoL a perfectly viable product so they can sell something else. If manufacturers were liable for all security issues resulting from their lack of patching and had to deal with any remaining devices as e-waste, possibly having to buy back any outstanding devices things would be quite different.
Their role (in the security team) is to limit (clean up) or prevent any breach. By instructing the employee to remove the files from the dropbox account they are preventing further dessemination of the files.
Going through the legal route leaves those files in place to be copied out of a place where they can be tracked.
What destruction of evidance? They have the logs of the source so can prove the content, if needed they can subpeona (from dropbox) the source and destination. They do not need the files to stay in a personal dropbox account for an unknown period of time. Most video confrencing software allows for the meeting to be recorded (I haven't used teams so don't know on that one) if Teams does not nativly they could be using other screen capturing software to record the call.
Putting a tinfoil hat on, is this a case of plausable denability or maybe just too much conspiricy theory?
Either someone in UK Gov is incompetant for giving out comprimised machines OR They are not comprimised and instead contain UK gov approved malware pre-installed with the target being in Russia (rather than GCHQ or similar) for plausable denability purposes.
> You are a startup, you need an expert on CRISPR or Z-ray crystallography from outside the USA - you have to pay more than Wall St pays for high frequency trading or Google pays for self-driving car devs?
"from outside the USA" should have no place in that in that statement. If you need an expert in a field you should always look at local markets. Only if you cannot get one in the local market then look abroad. Too many businesses want an expert but they are unwilling to pay local market rates.
He doesn't need to be extradited to the US to be pardoned. A pardon is essentially an executive order stating that a action (or actions between time periods etc) have no legal consequence.
In short there is nothing to stop Trump (before he leaves office) from pardoning Assange without it ever going to trial. It would also stop the extradition as there would no need for the extradition.
Take a look at the Nixon Pardon as an example of how vague the wording can be. https://en.wikipedia.org/wiki/Pardon_of_Richard_Nixon
The whole point / purpose of blob storage (initially) was so it could be used as a static web page and similar. It was initially there as the backend of a CDN.
The whole "Lets put other stuff into blob storage" was because it was cheap.
A few years ago blob storage defaulted to accessible and you had to secure it. Yes that has changed, but older blob store still has it's initial config.
If this has records back to 2013 it would put it quite squarely into the "blob storage is open, you need to lock it down"
> Fine the customers - they cancel contracts, and scrutinise the next provider more carefully.
Perhaps you'd like to explain how as a customer I would investigate that sort of thing ?
"I'm looking to buy your CRM (or other AAS product) which comes with various contractual obligations on both sides. I want to see all the IP that is used to build it and all of the config (except usernames)" ?
> I've seen RAID6 die catastrophically as well. (single drive failure, no hot spare, second drive dies due to increased load on the array having to re-build from the first failure.)
So what was the problem ? You've described 2 disks dieing at the same time in a RAID array designed to handle 2 disks dieing at the same time. "single drive failure, no hot spare" Sounds like a RAID5+1 (without the +1) rather than RAID6.
RAID6 array can most easily be described as the +1 of a RAID5+1 being an active part of the RAID array rather than a warm (+1) standby just waiting to put the array under load at a time when it's best to remove any load. From memory the smallest RAID 6 array you can create has 4 disks (2 data + 2 parity). Yes you can create an array in a degraded state if you REALLY want, but then you're just asking for problems
I don't care that it's Facebook and in this case, and in this case it was under a different name. I cannot see "F" "B" or "K" in "Onavo Protect VPN". I'm just disappointed that ACCC aren't forcing Facebook to delete all data collected through "Onavo Protect VPN" It seems that "All that sweet sweet profiling data" is what Facebook really care about, so make them delete it.
Well this one has hit a number of gov agencies so hopefully it makes a country introduce a law that makes the CEO personally accountable (with jail time for computer hacking type offences).
I imaging that many of these problems would go away very quickly with many CEO's taking a paranoid level of care around security.
"maximum fine of £2m" may sound good, it wasn't clear if that's why Ofcom can impose or that what I individually could get. If it's everyone covered by a data breach then doesn't Ofcom already already have the much stiffer penalties available to it (£18m or 4% of global turnover which ever is greater, under DPA 2018)?
NO company has any right to ANY of my Data for any purpose...
But in the terms of service that you agree to when purchasing something from them, or signing up to their accounts you enter into a contract giving them that right. You're then listing where you have legally given those tech companies that right.
Have you at any time closed those accounts? Did you ever send the various companies GDPR notices stating that you withdrew your consent ?
> "Kubernetes is not cheap to run," said Singh
What a great throw away statement completely without context or explanation. While Kubernetes or to be more specific containerization is not virtualisation a large number of places will put K8s onto the tin without the virtualisation layer. In effect they are running containers as very light weight VM's. As soon as you remove the visualization layer from a significant number of servers you have just cut a significant cost out of your IT budget.
Perhaps they are talking staffing costs. If you're doing K8s at any scale that staffing cost increase is going to be tiny.
Perhaps he was really meaning "EKS Anywhere will not be cheap to run"
The documentation didn't refer to any copyrighted content. The project can download from a bunch of places, not just youtube. It has modules for each place (eg dailmotion) it can download from.
The unit tests referenced songs from well known artists. In all cases the unit tests downloaded the first few seconds / packets before discarding them. The downloaded content was never saved to disk.
The unit tests in question were for age restricted content, special characters ($ in particular), and I cannot remember the 3rd one.
There have also been various reports that youtube-dl (intentionally) cannot download content with specific licence types. I didn't get all the details there, however it does raise the question "Were the video's uploaded with a licence which allowed them to be shared / embedded etc"
The 3 identified tests as well as 3 others were patched out within hours
They are not changing in the middle without recourse. They are exercising the termination clause in the existing contract. They are then offering a new contract at worse rates. That's one of the risks of contracting and the the contractors are free to refuse the new contract or to try and negotiate alternate terms.
People reguarly do the same thing with mobile phone "contracts". Once they are out of the lock in period they can terminate the old contract in favor of a new contract with "better" terms, aka more free minutes, texts, data. It's exactly the same thing.
To the "contractors" at BT "4 weeks is not a contract, it's employment. Most contracts have at most a 2 week break clause. Typically 1 week, sometimes less."
Disclaimer: I'm a contractor (not with BT) and I have been contracting for many years.
While I agree with your point of "at some point in the connection path there is going to be contention" I trust alot of these companies ALOT more in resolving those issues than BT pointing at other parts of BT when there are issues.
Now if we could only require them to resell connectivity to each other, so as an end user could buy connectivity through Hyperoptic even if Community Fibre had the infrastructure
Devices can self assign routable IP's with just IPv6 RA's (Route Announcements). All DHCPv6 does is extend the RA's to provide additional information eg DNS, Domain etc. You can do IP allocation over DHCPv6, but that's only if you want specific IP's that are not related to the mac address
As I disagree with the other answers.
"Qnap would effectively be on the internet because there is no NAT function in IPv6" - Essentially correct
"My only protection would be obscurity due the quantity of addresses available in IPv6 and I would just have to hope that my Qnap didn't advertise itself or a hacker didn't get lucky?" yes. If there was any malware that phoned home then that obscurity is completely out the window.
If you have a working IPv6 connection then you probably have a /64 block routed to you. Go to https://www.ripe.net (Don't worry, it's the place that hands out IP addresses to all the ISP's in Europe) In the top right of the screen you should see an IP address. If it's an IPv6 address (has colons in it) can you find that address one on one of the network interfaces on your computer.
Unless your router (which may also be an IPv4 NAT gateway) has an obvious IPv6 firewall, then you have an open & unfiltered connection that is globally routable. If you have someone that you can trust get them to to try and connect to your ip address. If they can then you're probably not secure
"Is there an off the shelf IPv6 box that would protect local network devices?" Depends on your internet connection. Does your router / modem have an IPv6 firewall. It would then allow you to restricted what traffic origionated from outside your local network (/64).
I hate to burst your bubble there, but the USA learn that from the UK. Just look at places like the Cayman Islands, Isle of Mann, Gibraltar (almost every British Over Seas territory) have quite favourable company laws from either 0% corporate tax to hidden ownership.
The "consultants" will mostly be PAYE to the contaltancies.
"if they were doing the same but working for a large company they would have this paid for them by the company which would claim it against income"
A consultant is not a contractor and this is aimed at getting rid of contractors so consultancies can mop up the work with mostly over priced and unverskilled foreign nationals who are here on short term (up to 2 years) employment visa's. Yes they have to advertise the job, but there's nothing to say that they have to advertise the job at fair market rates.
And that's exactly why they keep on about the economic security of it and how Huawei is such a threat to their economic security.
For some reason my auto correct keeps replacing "national security" with "economic security" as I was writing the above. I'll have to get an MP to look into it :D
Of the card design does not include any video out it's pretty obvious. Additionally If you've got a couple of places (that aren't your typical wholesalers) buying more than 2 or 3 cards at a time, you can be pretty sure it's not a gamer.
The most graphics cards I've seen in a PC are 3. Most gamers will not have multiple multiple high spec PC's. Keep in mind that at the time this is covering a GeForce GTX 1080 or GeForce GTX 1080 Ti was in the $900-1200 range.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
