* Posts by blah@blag.com

26 posts • joined 2 May 2020

Security warning deluge from 'npm audit' is driving developers to distraction

blah@blag.com

Job done ...

Sounds to me like the warnings worked then. Security depends on context and mitigation. So the tool flagged up warnings, you reviewed those warnings and decided they did not apply in your context. For a few warnings you decided they did apply. Working as intended.

So now you must document all that so that in future if the context changes you have a reference for further review. This is called being professional.

Radioactive hybrid terror pigs have made themselves a home in Fukushima's exclusion zone

blah@blag.com

This is why I read The Reg ...

... "Radioactive hybrid terror pigs"

Fantastic.

Stop. Look... Install Linux? The Reg solves Microsoft's latest Windows teaser

blah@blag.com

Re: wishes...

"I just want them to get rid of all the Candy Crush style nonsense from Professional and Enterprise editions.

Give us a stable platform to work from, without all the home user junk in it. Not that I want it at home either, tbh..."

I prefer Linux for most things but for work (& gaming pretty much) I have to use Windows. It's not so bad, I install Classic Shell and then have to tweak lots of stuff (telemetry, Cortana off, use UAC, etc, etc) but I end up with a fairly bare install that has crashed less than five times in the last 3 years. Not as stable as my linux boxes but good enough.

I'm actually quite curious about running Android apps if it's as easy as install/run.

Updating in production, like a boss

blah@blag.com

Back-End Issues

A pretty common experience I suspect. But having a dev & test environments is no sure thing either. On one SQL/CR combo I used to re-up the dev server by droping the tables and then batch import new data, that was fairly routine until of course one day I failed to recognise I was on the Prod box. I think of these moments as a "Sphincter Loosener" when your heart misses several beats, disengages from your chest wall and drops into your stomach and attempts to push all contents out of the "back-end".

This particular incident stress tested my rebuild scripts and took the best part of a day IIRC. I explained to my manager something like that I'd found a bad flaw in the database structure, that the flaw meant all the CR financial reporting was incorrect and that only my prompt intervention saved the day.

Racist malware blocks The Pirate Bay by tampering with victims' Windows hosts file

blah@blag.com

Re: Hostfile ? (Internet in a Box)

Well, most* users don't know what an IP address is let alone a hosts file or UAC. More than that they don't want to know because they think it's a conspiracy to make them look stupid, a computer is just a magic talkie/typey box to them.

* most is of course unspecified but I've never met a non-IT person who knows what UAC is let alone how to set it up properly.

This is why this link is funny ... https://www.youtube.com/watch?v=iDbyYGrswtg

No change control? Without suitable planning, a change can be as good as an arrest

blah@blag.com

CM is hard

So hard in fact that we had to implement it twice, but we got there. Lessons were learned ...

- Different parts of the IT function do things their own way, it's best to match their process as close as possible while introducing the extra controls.

- Dealing with regulation (Japan SOX in our case) introduces extra bureaucratic burden, we decreased this burden by defining Pre-Approved Changes for regular defined operations which could be applied by certain people and then post-approved/reviwed by the management team.

- Writing changes, test documentation, roll-back plans is very hard for a lot of people. Having structured documentation and reference examples is essential.

- Always be optimising your processes ... until they are good enough, then stop.

- Really, seriously, examining your processes gives you massive insights into how your dept works and where changes are needed.

- No company/dept/section/team is the same, there is no one size fits all set of processes, if your software can't match how you work then change your software*

- User training is vital.

- ... many others.

When you get it right there are big benefits in overall operational efficiency and accuracy, the extra reporting we got to implement gave us some very nice insights. There were less incidents, faster turnaround of changes, which let us all work more on interesting projects and play with shiny toys.

* I spent 6 months reviewing over 60 different ITIL packages, the final 3 were ServiceNow, BMC and IBM's offering. ServiceNow was by far the best, it wasn't a painless transition but worth it, we dumped an old ITIL package which we had pushed to it's limits and a vendor that couldn't deliver. Whichever software you go for, you'll only get out of it what you put in. Implementing something like this requires effort from the whole dept and more importantly their buy-in to get it to work, so that means you need good leadership from the start.

The future is now, old man: Let the young guns show how to properly cock things up

blah@blag.com
Pint

YADM ... Yet Another Doh Moment ...

I had recently managed moving our Siemens PBX, Telephony servers & call centre servers into a shiny new server room. I had purchased a network card for the system's UPS so we I could monitor it along with all the other services (knowing something is misbehaving 30 seconds before the users being a Good Thing (tm)).

So I rang the suppliers techies and quized them on procedure, did the change thing, as no downtime was needed I proceded on a Monday morning with a Sunday hangover. I put the UPS in to pass-thru mode prior to fitting the card ... Ker-Thump!!! ... both racks went down. It took me most of the day to recover everything.

Basically our sparkies had not wired in the pass-thru. I was quized by the IT Director and the Finance Director and while they agreed the outage was not my fault I was unfortunately the PM on the system move so I should have checked the sparkies work. Obviously the dept thought it was hilarious.

A bad day ended better, went to the pub.

IBM compiles dataset to teach software how software is made: 14m code samples, half of which actually work

blah@blag.com

Countdown to ...

Skynet? We should have a Skynet Clock similar to the Doomsday Clock. I'm actually only half joking.

When software depends on a project thanklessly maintained by a random guy in Nebraska, is open source sustainable?

blah@blag.com

"Whether it's open source or not, you should be doing some kind of a risk assessment on your dependancies"

Spot on. If your business is not managing risks then you're a risky business.

Accidentally wiped an app's directory? Hey, just play the 'unscheduled maintenance' card. Now you're a hero

blah@blag.com

I was once sent a presentation about the new shiny feature set of Sharepoint 2007 to assess for company use. I sent it back with a slight edit of the title page changing "Sharepoint 2007" to "Lotus Notes 1997".

US declares emergency after ransomware shuts oil pipeline that pumps 100 million gallons a day

blah@blag.com

Re: That reminds me...

Interesting read.

Back in the day I worked in the UK Coal industry for a short time. Actually back in the 80's UK Coal tech was the best in the world, the German & Chinese industries looked here for innovation.

So in the pit where I worked they were testing air sampling networks all over the pit, basically air lines pumped sampled air over miles of tunnels to the electronics where the sampling was done. One of the miners worked out you could fart on the input tube and trigger an alarm.

One of the projects I worked on was analysing coal quality (moisture & ash) from face(s), up pit to processing, on over to the local power station. I spent weeks collecting samples then got to one of the main outbound conveyers, and found a constant rain falling on the conveyor from old workings. Hence the "high moisture content" and weird chemical signatures from the ironstone bands in those workings.

Lessons were learned.

Apple's macOS Gatekeeper asleep on the job: Exploited flaw put users 'at grave risk' of malware infection

blah@blag.com

Potential humiliation is a great motivator.

It's because people rationalise their past choices. If you choose wrongly (MS/Apple/Linux in this case) then that makes you look bad. We generally invest serious amounts of money and time into our choice of digital infrastructure, so if something happens so that others can point and laugh then we go down the road of "yeah but ...". Potential humiliation is a great motivator.

I am not immune to this just like every other person on this planet but being aware of it is helpful. I try to look at Windows, MacOS & Linux as just toolboxes to be deployed as required. I prefer Linux because it gives me more choices but I use the others where it makes sense to do so.

But all that is just a distraction. Digital Hygiene is hard enough for us technicians, how on earth are the majority non-technical people supposed to cope with all this? The answer is they won't ever, in fact it will only ever get worse.

Something went wrong but we won't tell you what it is. Now, would you like to take out a premium subscription?

blah@blag.com

Re: Liar, liar, pants on fire

It was DNS, it is always ...

blah@blag.com

Re: Sounds like my HR department

Sounds like all HR depts to me.

More Linux love for Windows Insiders with a kernel update

blah@blag.com

Re: Things change

I think you are missing the point a bit. MS always has an agenda, which is to use it's wealth and influence to garner yet more. Embrace and Extend is real and for good business reasons.

I use Debian, I use Ubuntu, I use Busybox, I've used dozens of distros all the way back to Yggdrasil in the mid 90's. At the moment Canonical has a history of doing many good things, it's distro is fantastic but I'm not using it any more because of it's relationship to MS, it is a Bad Actor.

Worryingly we also see MS's malign influence in Raspberry Pi OS in it's inclusion of VS Code repo by default, 12 year old Johnny Coder isn't going to know or care about telemetry if he installs VS Code but the rest of us should care.

I'm not an MS hater, I've used their products all my working life just about, but if MS continues as it is and deepens it's relationship with Canonical then it will (badly) affect all Linux users and developers.

In ten years time what if MS Office, Teams, SQL Server, Visual Studio, Active Directory etc all work natively on Linux ... but only on Microsoft Ubuntu ... what happens when there is a cut-down MS Ubuntu Community Edition but most of the world pays for MS Ubuntu Pro or MS Ubuntu Server 2030 ... and most of the world's developers create software for those editions because they have to pay the bills.

I don't want that and neither should you.

blah@blag.com

Re: Things change

There are a few concerns here. I'm just an amatuer coder and some time sysadmin for Windows/Mac/Linux/Stuff.

VS Code is fantastic until you see the telemetry sent back to Microsoft, you could use VS Codium I hear you say, but using plugins (one of the best features of both) also can send telemetry. Suposedly you can turn it off, but not for plugins as I understand it.

Equally PowerScript is fantastic, I've used it as well as Bash, but it also sends data on your usage.

If you are a corporate code flinger then Linux on Windows makes a lot of sense in removing a lot of contention with/within IT. Approx 15 years ago I had to run Linux in VMWare which was not ideal but worked up to a point.

Lastly, what do we do when Microsoft aquires Canonical?

Google proposes Logica data language for building more manageable SQL code

blah@blag.com

Yep it's a poor trivial example. Having written/maintained several SQL based reporting systems over the years, often querying unverified data, SQL can get very messy & very quickly as you add complexity. Much of my work was to manipulate the data at the right point in the process to simplify the process, validate the data and end up with optimised queries that ran at acceptable speeds.

So Logica might be a good thing if it significantly reduces the work necessary to do the above but is impossible to tell from this article.

On the other hand, one of SQL's big advantages is that a non-coder can build their own simple (and not so simple sometimes) queries to help them do their job and something like Logica could maybe exclude those users if the SQL interface was walled off.

But I presume Google are looking at this from a perspective of multiple magnitudes of complexity higher than anything I've ever done and I can see that at that level it makes sense to use code that is much more powerful and maintainable (if that actually is the case with Logica).

Spy agency GCHQ told me Gmail's more secure than Microsoft 365, insists British MP as facepalming security bods tell him to zip it

blah@blag.com

Re: An ex GCHQ bod once told me never to use GMail

All I'm saying is that if your data was leaked and that had legal, commercial or personal consequences then find another way.

25 years ago as a newly minted sysadmin our team came up with the phrase "Are you paranoid enough?" which has served us all over the years. This should not be a brick wall and stop you from doing anything, but it is a useful pause for thought where you consider the consequences of your actions and potentially the actions of others.

blah@blag.com

Re: An ex GCHQ bod once told me never to use GMail

I use Gmail, Gdrive sheets & docs for convenience but have always assumed everything on it is basically compromised. i.e. if you have data you would rather not share then keep it elsewhere. In my case encrypted drives plus extra encryption where necessary. Not that this is a total solution either but will defeat casual nosyparkers. If the MAN comes calling then naturally I'm an open book cos I don't want an appointment with Mr Big in the prison showers thank you.

Vietnam reveals state-run Alibaba-and-Amazon alternative, aims it at the EU

blah@blag.com

Very Interesting

I voted remain, mainly cos I worked for an international company and saw the benefits of EU membership on a daily basis, but that argument is dead and buried.

I've no confidence that either the EU or UK have the competence to create an export driving infrastructure platform but it would be an amazing if either did. Think of the absurdity of this, a government actually doing something useful which will raise the standard of living of their population, what are they smoking?

Even more absurd, imagine the UK government developing a successful IT program, try not to shit urself laffin'

Browser tracking protections won't stop tracking, warns DuckDuckGo

blah@blag.com

I use Firefox (10 years?), Ghostery, Ublock Origin (at least 5) & DDG (about 3). It's not perfect but a reasonable compromise. For the most part I just want to stop ads because of security more than anything, tracking/profiling is just anathema so they can all GTF.

Remember that day in 2020 when you were asked to get the business working from home – by tomorrow?

blah@blag.com

Nice article

Really interesting hearing other's experiences, give me more!!

The torture garden of Microsoft Exchange: Grant us the serenity to accept what they cannot EOL

blah@blag.com

Re: Situation normal for Microsoft

"They really go out of their way to make their software as difficult as possible to administer"

MS have always done this, ditto most gigantic software chuckers. I've often reflected this is deliberate, it means ordinary mortals can't hope to get to grips with it. It fosters an industry where training and certification are a must-have and those certified become keepers of the holy flame. It creates an IT enviro where everyone holds their knowledge to themselves as much as possible to retain respect/status/salary and you get cliques holding fast to their little "essential" empires while generating a siege mentality in everything they do. How often have you come across someone describing the IT dept at their company as unresponsive, "the dept of NO", divorced from the business, etc, etc ?

Open Source is not the solution to everything but imo it does foster a more collaborative work flow and work style. Try explaining that to manglement though where all they care about is size of budget, headcount and how they can backstab everyone else.

I am so glad I'm not in IT any more.

Did I or did I not ask you to double-check that the socket was on? Now I've driven 15 miles, what have we found?

blah@blag.com
Pint

Re: Poor On-Call this week

In Cumbria it's something like yan, tan, tether, mether. It's basically "Cumbric" (used up until 13th centuary IIRC) which is related to Welsh as both are Brythonic languages. Pre Angles/Saxons/Jutes all of Britain spoke Brythonic (plus a bit of Gaelic from over the water) and where I live there are still names of hills and rivers with a Brythonic origin. For Example the River Tame ... where Tame essentially means river.

As an aside, where I live we are at maximum a couple of miles from Derbyshire, Cheshire, Lancs & Yorks which throws up some interesting use of mixed dialect and accents.

A free virtual beer for anyone who can tell me the difference between an "Entry" & a "Ginnel".

'I'm telling you, I haven't got an iPad!' – Sent from my iPad

blah@blag.com

Re: Which is why I always turn off email sigs...

Hmmm, I have certs for NCB Flame Safety Lamp, NCB Rope Haulage Operator, Lotus Notes Administrator & Lotus Notes Developer. Possibly the haulage cert could still be useful.

Sun shines on ServiceNow amid pandemic storm after belated spree of $1m+ deals

blah@blag.com

As an old IT'r given thankless task of migrating an old ITIL system to ServiceNow a few years ago now, it was actually a breath of fresh air ... mostly. It does help if the tech lead (urs truly) would also have to daily use incidents, changes, problems and project management so naturally I made sure all of those functions worked as slickly as possible. Added to that the last thing I wanted was the Helldesk turning into a pitchfork & torch mob so it was in my interest to get it right. Finally as we regularly dealt with facilities and HR and had to pick up the pieces of their incompetence I integrated them as well. All in all it was pretty good and we rolled it out to the European offices.

SN isn't perfect but at the time I assessed over 60 (!) different ITIL packages at manglements insistence (even though I pointed at the Gartner report and said going off that would save me 6 months of crying myself to sleep each night) and it was a pretty obvious choice over everything else. SN is just a platform, if your version is crap then pretty much the fault lies with whoever implemented it.

Biggest mistake we made was migrating the old system data into SN, total nightmare and a waste of time/resources.

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2021