* Posts by Max Pyat

23 publicly visible posts • joined 27 Feb 2021

Meta tells staff to return to office three days a week

Max Pyat

More victims of fake crypto investor scam speak to The Register

Max Pyat

Scammers scamming scammers...

Given everyone who was scammed was working on cryptocurrency and web3 projects, I have limited sympathy, and they certainly weren't the best or brightest or most ethical to start with.

Funny too that one of the scammers, "Moreno" has named himself after an anagram of one of the crypto currencies most suited to illegal transactions: Monero.

Trust, not tech, is holding back a safer internet

Max Pyat

Re: Trust the government / security services / police?

I'm presuming then that in your schema, everyone involved in the fighting of WW2 was/is a criminal?: Given that armed forces on all sides prosecuted attacks that killed civilians both directly and indirectly.

By your calculus, it would always be illegitimate for example to try and stop the Holocaust and death-camps if doing so involved attacking a single civilian (even if your enemies had no such reservations about targeting the civilian population on your side).

Your "analysis" of the Jean Charles de Menezes murder is pitiful. In particular how having spent two paragraphs on a spiel that even an entirely just cause can't "justify attacks on civilians", you then take a rather specious cause "fear of further bomb attacks" (fear!) and use it to justify the murder of a civilian by incompetent and negligent security officers (and the failure of that system to hold itself to account).

And no, security forces don't get to just say "we're human, we make mistakes". Anyone making that argument needs to be sacked (no hyperbole, they are not fit for the job). In a HV substation, if a technician throws a switch and kills a colleague, he can't say "I'm human, I made a mistake". Nor can his management. There has to be a full analysis of the entire system of controls that failed and allowed that to happen.

Only non-technicals/"civvies" will say stuff like "these things happen"/"he's only human"/etc.,etc.,

The Twitpocalypse may have begun, as datacenter migration reportedly founders

Max Pyat

Re: Hmmm...

I'm sure they weren't just ordered to change jobs (of course that wouldn't work on its own, but Musk isn't that stupid)

They were probably also told to change their email sig, their profile updated in the corporate directory, and maybe given a new T-shirt with the job title on it.

Native Americans urge Apache Software Foundation to ditch name

Max Pyat

Re: Bit ridiculous

That's fine, of course.

But you don't necessarily get to tell other people how they are supposed to feel or react. If they object, then that's fine and I don't see why not to respect that.

Adobe will use your work to train its AI algorithms unless you opt out

Max Pyat

Re: Sounds like M$'s Github Copilot all over again then?

In principle various open source licenses would cover this, e.g. that AI generated code based on GPL must also be GPL, and if you'd published under GPL it would be a "good thing" for GPL code to spread in that way...

However as Ken Hagan points out, wealthy entities will ignore that as much as they can, and will be almost impossible to hold to account. Layers of AI tech will further obfuscate what's actually happening.

Datacenters in Ireland draw more power than all rural homes put together

Max Pyat

Re: gotta be the crypto mining

I think their point was that Ireland was at least probably a better place for crypto mining than the UK.

Max Pyat

Re: So 35% of elec is residential

It's actually not "hand waving bollocks"

This has been a very active topic of discussion in the industry (datacentre, EirGrid, ESB Networks, and generators) for well over 5 years. The growth and magnitude has been and continues to be/become very difficult to manage. It has major knock on effects on the energy system and on other industries too (as getting grid connections has become much more difficult).

What you're seeing here is that discussion protruding into general consumption media.

Max Pyat

Re: So 35% of elec is residential

There's also a feature that the datacentre development has made grid capacity for other businesses much harder to obtain (that ranging from smaller businesses like creameries, food production, through to pharma/biotech etc., hotels, large residential builds, electric transport infrastructure (EV charging, elec rail)). At distribution level, 20-30 years of projected capacity was devoured in just 2 or 3.

Just getting a grid connection has become much more difficult because of the data-centre build-out (And the data-centres are per MW relatively low on jobs and other knock-on benefits)

Also worth noting is that while the datacentre secures a grid connection at the start, its energy use typically ramps from 0 to full capacity over a period of several years. My understanding is that each server hall within the centre is first fitted out with resistive loads at full consumption so that the auxillary and cooling systems can be tested, then the heaters are removed, and the hall is progressively filled with servers at a fairly linear rate until fully occupied in (IIRC) 5 years or so.

This means that any projects completed within the last year or two are only contributing a fraction of the consumption that they will eventually contribute.

Top Chinese Uni fears Middle Kingdom way behind on tech – and US sanctions make catching up hard

Max Pyat

Re: Cliffnotes

His is literally what every sucessful modern economy has done. US being an object lesson having wholesale stolen IP from UK and elsewhere during industrial revolution

The western economies built up in 20th century were often facilitated in this (Korea, Japan, Germany) by US as part of effort to form a bulwark against Communism, rather than having to "steal", but dynamic the same

UK.gov threatens to make adults give credit card details for access to Facebook or TikTok

Max Pyat

Re: Idiocy

Revolute is one,

Im reasonably happy with them overall

Web3: The next generation of the web is here… apparently

Max Pyat

Re: Legal opinion

Of course you can get the legal opinion, however that does not remove liability should a court look at the question later and form a different legal opinion

Email blocklisting: A Christmas gift from Microsoft that Linode can't seem to return

Max Pyat

Re: Bully boy tactics

setting a default browser is a "standard practice" too.

However, once you reach a certain scale, there are competition law restrictions on what you can and can't do. This certainly has a market-abuse smell about it.

US-China chip cold war? It's only helping the Middle Kingdom, silicon makers warn

Max Pyat

Re: At last some common sense -- but will politicians listen?

Except they aren't going it alone. They're working hard on building up links in Africa and elsewhere.

Meanwhile, outside countries just see the US imposing sanctions and punishing countries for essentially "getting above their station". From a third country point of view, US/UK looks a lot more threatening (and in fairness, a lot more unstable and unreliable: Iran Nuclear Deal anyone?) than China.

Max Pyat

Re: Sanctions

References to Hermit Kingdom like this are pure markers of racism and ignorance.

You're also rather missing the point that China is showing no intention of isolating itself from the world, even if it does end up being cold-shouldered by the US. They are working hard on building relations across Africa and of course with a range of countries that the US has been strong-arming.

What one can easily imagine happening next is that you'll have Chinese engineers and other workers operating at large scale in countries that the US would traditionally have considered it had carte blanche to invade/bomb. Except that will get trickier if such actions are likely to involve significant loss of Chinese life.

It's the same reason you had British and American soldiers in Germany in cold war, and why they brought their families. So that if Soviet tanks ever did roll across the border, No. 10 and the White House wouldn't have to justify intervention purely on the basis of "our friends in Germany" but also "our troops, their wives and children are in harm's way"

Max Pyat

Re: Sanctions

Your comment comes across as a heady mixture of ignorance and thinly veiled racism.

Why are you getting so insecure? Even if you are, you'd be better to try and conceal it as it rather gives the impression you've formed the opinion that the "West" is "losing" to China as things stand.

Academics horrified that administration of Turing student exchange scheme outsourced to Capita

Max Pyat

Re: How do they do it?

Did you read the document you linked?

It is almost impossible to apply and leaves you open to challenge due to subjectivities.

I've worked in large scale procurement and it's incredibly hard to use bad past performance to exclude vendors. In particular, the assessment is always, IME, based only on what you receive as part of the process so you've to be super careful and clever if youre going to exclude on past failures.

Three pragmatic approaches I've used:

1) BEFORE you tender: bring the supplier in for repeated bollockings on basis of their current poor performance. Make it incredibly uncomfortable to be your supplier. Verbally, and as clearly as you dare, leave them in no doubt that if you seem pissed off now it's nothing to what you'll be like if they wander back in to sell you more. Make the individual agents of company believe that you'll hold it against them personally in future; even if they turn up representing a different company in the future.

2) Again, BEFORE you tender, get the supplier black listed because of their performance or because an investigation is ongoing. Hard, and might not stick when you actually launch tender, but good if it works.

3) Most by the book, but hard: Set up the assessment criteria to heavily weight what the bad supplier is bad at. Hope that they don't manage to spoof their way through it

Fundamentally, it's hard to punish your current suppliers for their failures in next tender. But it's almost impossible to punish them for failures serving other customers (e.g. for DfE to punish Capita because they made a balls of MoD contracts). Some of it is regs, but it's also the asymmetry. They know directly the scenario, you (e.g. in DfE) have indirect hearsay, and beyond that end up relying on the submissions of your vendors (read the linked doc!)

When I've intimidated/deterred a supplier to f*** off, it's only ever temporary. When/if they turn up again in 4 years they will explain that they've been on a big quality/improvement drive and are now so much better. And you have to give them a fair shot

When software depends on a project thanklessly maintained by a random guy in Nebraska, is open source sustainable?

Max Pyat

I think the risk assessment comment is almost the key one.

The scenario painted is of companies that find handy open source projects, and then build critical infrastructure on top of that: paying nothing and assuming the project will be there forever and will deliver the bugfixes and features the companies need.

This might well be the case, but if so the fault is entirely with the companies using the software: they need to assess and manage the risks. If you're buying from a commercial vendor, you put clauses into your contracts. If you're looking at an open source project, there are ways to do that too.

On the positive side: the article highlights just how little money it would take to bank-roll some of these projects.

Max Pyat

Re: "somebody else will step forward and carry the torch"

And it can almost certainly still be picked up and maintained if it "becomes relevant" or "starts to matter"

This whole thing is an ill conceived discussion. The issue is about businesses managing their risks.

Max Pyat

Re: "Fix it"...?

I think it would be more appropriate to say you need to know enough to manage the risks. So if you're using a spreadsheet package, you need to understand where you use it in your business, what the dependencies are, what the impacts of outage are, and so on.

At that point you need to manage the risk: if it's a proprietary package, that means reviewing the supplier, including their financials, code-escrow, and so on; if it's open-source, then it could mean hiring a developer yourself, or it could mean getting a commercial support contract outside your firm: that might even be bought from the core dev-team.

1Password has none, KeePass has none... So why are there seven embedded trackers in the LastPass Android app?

Max Pyat

Re: "Only problem was keeping all my devices in synch"

Yes, lots of options.

I have a git repository on my local network, and keep the encrypted keepass file in that.

Then when I'm at home with phone, I can run a one liner in termux to synchronise the phone's git repository with the local server. Ditto for laptop and desktop.

The restriction is that you really should only edit on one device, as there's no way (obviously) to merge changes made in parallel via the version control system given it's a binary file. But on flip side, I don't move file to uncontrolled cloud services.

Seagate UK customer stung by VAT on replacement drive shipped via the Netherlands

Max Pyat

Re: Should not have Netherlands VAT ...

Not quite, and in fairness, Seagate make it all rather clear:

"In addition, while it is correct that the customer is responsible despite the warranty, the customer will be entitled for a VAT relief. If they declare the replacement as outward processing relief at export. If the customer fails to do so, then yes, it is up to the customer to pay for the VAT, and this is a Brexit consequence: VAT is charged when products are crossing the border."

So all that's required is for the customer to prepare export documentation and file it appropriately with HMRC or Customs & Excise or whoever it is these days in order to secure a VAT relief that can be applied against the import of the replacement (or repaired) HDD when it comes into the UK later on. There's probably not much more than a couple of days administrative work required on this (between reading into the processes, documenting it, etc.,), plus whatever administrative checks are needed at the border to make sure that it's all legit.

And one should not forget the most important thing: these are proper UK regulations vital to taking back control. This should not be confused with awful EU red-tape that presumably was in the background of the old system where Hard Drives would shoot back and forth without any proper UK control on what was happening.

Max Pyat

Re: Should not have Netherlands VAT ...

I think as Seagate explained, the owner of the drive needed to declare the export of the drive from the UK as a warranty return. This would have given some sort of credit to the owner, which they could then use to re-import the drive (or its replacement) VAT-free when it was sent back to the UK. I've no idea what the paperwork for this would look like, but the logic is reasonably clear. Additionally, it would be important to be able to verify that the returned drive basically matched the one sent to Seagate (i.e. that someone didn't "warranty return" a 40MB ancient HDD, and then get sent a 1TB SSD by return). Not sure how customs check that, but they'll be building up the systems already if they haven't already.

Ultimately it's not a big deal. A few hours of paperwork and checks (or a couple of days maximum) would be all it would take in terms of actual administrative work, and maybe a couple of weeks of additional transit time. Is that really a problem? It's really just a matter of UK rules and regulations, and seems like a small price to pay.

If the owner of the drive failed to declare it on exit of the country, then there's really nothing that Seagate (or the Netherlands) can do. The UK has "taken back control", so it's not appropriate for them to even comment on the matter. As HRH said "it's none of their damn beeswax".