* Posts by elregidente

44 posts • joined 7 May 2021

COVID-19 was a generational opportunity for change at work – and corporate blew it


This outcome in inherent in a hierarchical organization and distribution of managerial power.

Managers hold in the workplace the decision making power.

They are held responsible for the results of their team, or teams.

They will then naturally want as much control as possible, to maximize their influence over the progress to these goals - for it is their neck on the line - and that means having people in the office.

Once Covid passes, back in the office workers go.

This outcome in inherent in a hierarchical organization and distribution of managerial power.

The Soviet economy faced this exact same problem when-ever an effort was made at decentralization - it meant the managers held responsible for meeting plan targets no longer controlled (or controlled less) the direction of the factories and farms and so on,that they were responsible for, and so they fought it tooth and nail. The fact that centalization as a whole absolutely did not work made no difference to individual managers, because they were still being held responsible for meeting plan targets, had their bonuses and promotion prospects based on meeting or exceeding those targets, etc.

If you have a hierarchy, and you distribute managerial power via that hierarchy, and then set goals and rewards to the managers, why on earth would they do anything to lessen their control of the part of the hierarchy below?

HMRC tool for measuring IR35 status is so great, employers are ditching it in their droves



In court cases, one of the most important considerations with regard to employment status is "Mutuality of Obligation" - whether or not the employer is obliged to provide more work, and the worker obliged to accept.

For an employee this is true, for a contractor it is not.

The CEST tool *assumes* mutuality of obligation is in place.

Case completely, utterly and totally unfit for the purpose of determining employment status.

It is however completely fit for what I cannot help but think is its real purpose, which is to classify as many people as possible as employees, to literally scare them into tugging the forelock and handing over that much more of their pay in tax.

Luxembourg judge hits pause on Amazon's daily payments of disputed $844m GDPR fine


Re: I may be wrong, but I think Amazon deliberately obstruct CCPA requests

I - even I, with my expectation that people will support, fight for and defend lunacy and dribbling madness - am staggered by the downvotes on this post.

Amazon have provided CCPA information which requires *every single one of the untold numbers of people making such requests to manually download over sixty files* - and something like 15 people so far think objecting to this merits a downvote.

What God-damn drugs are you on?

I had forgotten what some people are like, and this has been a helpful reminder.


Re: I may be wrong, but I think Amazon deliberately obstruct CCPA requests

> They could have done what you suggested but all the law requires them to do is make the information available to you.

Which they did not. Manually downloading more than sixty files is constructive obstruction.

> as it seems you cant be bothered to put in a little effort to do the downloads

Get stuffed. I'm not an idiot and downloading more than sixty files is completely and utterly needless, both for me, and for the untold thousands of other people in the same situation.


Re: I may be wrong, but I think Amazon deliberately obstruct CCPA requests

There are untold numbers of people issuing CCPA requests to Amazon.

Do we say then it is better that *each and every one of the those untold numbers of people should manually download more than sixty files*, rather than Amazon doing *just once* the trivial bit of work to put all those files into a single archive?


Re: I may be wrong, but I think Amazon deliberately obstruct CCPA requests

Quicker, to have *every single person* issuing a CCPA request to Amazon produce exactly the same code to do the same job - compared to Amazon doing the necessary work *just once* to put all those files into a single archive?

(And this assumes all the people issuing a CCPA possess the necessary coding skills, which they do not.)


Re: I may be wrong, but I think Amazon deliberately obstruct CCPA requests

> Sorry, but I can't see what's wrong with such a response?

You must work for Amazon ;-)

You try manually downloading *over sixty files*, one by one, by hand, in your browser, and see how far you get.

Amazon could just have well have provided a single archive file with all those files in.


I may be wrong, but I think Amazon deliberately obstruct CCPA requests

I tried, I think starting about two and a half years ago now, to get the information Amazon keep about me, from Amazon, via a CCPA request.

I have yet to succeed.

I may be wrong, but I am of the view Amazon deliberately obstruct such requests - the nearest I managed to get to the data was a web-page with *over sixty individual download links*, with Amazon telling me they expected me to manually download each file (and, later, that "We will do not more than we have done; we look forward to seeing you back on Amazon.com").

Amazon customer support has usually been appalling - disconnected, arrogant, conceited, unresponsive, and almost always unable to read any ticket history - although occasionally with a single person who would be helpful, but it's not been enough to actually get hold of the data.

AI surveillance software increasingly used to make sure contract lawyers are doing their jobs at home


I stopped buying from Amazon about a year ago.

Every time I read a story like this, I'm happy that I did so.

No day in court: US Foreign Intelligence Surveillance Court rulings will stay a secret


This is not a conversation for a surveilled medium

I have strong feelings about this matter, but I'm very guarded these days in what I write electronically where I criticise the State.

When you know your neighbour has a rifle and you do not, you become increasingly conscious of doing anything to upset him.

Red Hat forced to hire cheaper, less senior engineers amid budget freeze


Microsoft and Nokia redux

We knew when Microsoft bought Nokia, Nokia was doomed.

We knew when IBM bought Red Hat, Red Hat was doomed.

"...it also helps us balance the organization as we have many engineers with senior titles."

This is madness; the difficulty of the position determines the seniority of the staff you hire.

If you cannot afford all the people you want to hire, you hire *less*; you do not hire the *same number of people* but ensure they are *all* underqualified for their position.

User locked out of Microsoft account by MFA bug, complains of customer-hostile support


I had a similar experience with AWS.

I activated 2FA.

Not long afterwards, I was unable to log in - the 2FA codes were not being accepted.

When this happens, you are advised to resync.

There's a resync page on the AWS site which did not work.

I was unable to resync, I was unable to log in.

I contacted support - or tried to - because when 2FA, the support offered is a form which lets a 2FA support team know you cannot log in. There's no way to actually send the a message. When you send this form, you get an no-reply email, with a phone number, saying "phone this number".

I don't keep a phone number. I can't phone that number. No 2FA support for me.

The basic problem is that the mechanism used to *initiate* 2FA on an account is *not* the mechanism used to *recover* 2FA unlike email/password based accounts, where they are the same. As such, it can be you can activate 2FA, but not recover when it goes wrong.

I tried contract normal AWS Support, which went as well as you'd expect. I was advised to make a new account.

Eventually, I found a *second* set of resync pages, which worked - and once in, I *instantly* disabled 2FA, since it was infinitely more dangerous than the threats it was there to protect against.

Want to support Firefox? Great, you'll have no problem with personalised, sponsored search suggestions then


Moz jumped the shark years ago

Many years ago, I had cause to install FF on Windows from the standard installer.

When the browser first started, it presented a page which in every way had been made to trick the user into thinking they now *had* to make an account with Mozilla to proceed.

I was, and remain, disgusted.

I think Moz jumped the shark years ago.

The saving grace is that FF is so customizable you can turn off all the evil stuff, and of course, that there are not any obvious alternatives. You can't use Chrome, or anything from MS, or anything from Apple. Chromium, maybe, is an option, but I've been wary. I don't know exactly what it does or not contain.

As it is anyway, I use Tor, which acts to remove a lot of the evil stuff in the first place.

Razer ponders how to fix installer that grants admin powers if you plug in a mouse


Re: Razer went full evil back in about 2013 or so


That is interesting. I'm on Linux, but the OpenRazer project originates there and so it's fine.

Problem is, it would mean buying a Razer product - giving money to them - and also constantly seeing and using their product, when I'm so horrified by what they do. I don't think that will fly, sadly.


Razer went full evil back in about 2013 or so

I used to swear by Razer mice - and in terms of the hardware, I still do; I think they're amazing to hold and use.

Then back in something like 2013 or so, Razer jumped the shark.

The mouse driver, which should just be a driver, became spyware. You needed an *account on the Razer web-site* to use your mouse, the driver spawned an always-on user-mode app with it's icon in the taskbar which you had to have it or you couldn't configure the mouse away from its default settings for DPI and so on, and I recall you had to be on-line or you couldn't log into the app. It also became a living nightmare to install - downloads from the mothership, hundreds of megabytes, install failures which I put down to a complex app being used in the real world, the full evil.

I bailed at that point.

This latest outcome where their complex spyware, which blackmails the user into installation by their purchase of the mouse, has security issue, is the least surprising event this year.

WhatsApp pulls plug on Taliban helpline, shuts down official-looking accounts


Russian Gov sourced info being repeated without attribution

> and Afghan President Ashraf Ghani reportedly fled in a helicopter packed with cash.

The only entity reporting this is the Russian embassy.

Given the source the article should make this clear.

International Space Station actually spun one-and-a-half times by errant Russian module's thrusters


The most surreal white-wash I've ever seen

I could be completely wrong, but to date the impression I have is that NASA and Roscosmos are so utterly intent on presenting what happened as zero-risk, no-danger, nothing-to-see here, that the actual truth of what happened is something we shall not know from them.

Why they're trying to do this I do not know, because it's so staggeringly obvious that uncommanded booster firing is the most extra-ordinarily mind-blowing fuck-up.

So I'm looking at this and it's not even just the cover-up; it's that they seem to be seriously attempting so utterly futile a cover-up.

Russia says software malfunction caused Nauka module to unexpectedly fire thrusters, tilt space station


Re: Those comments from Roscosmos...

One might think it would be reckless to attempt to use a module with such a development history.


Re: Those comments from Roscosmos are the biggest load of ... The title is too long.

So... there was no, simple, direct, reliable, engine cut off switch?


Those comments from Roscosmos are the biggest load of weasel-word flim-flam I've heard in *years*.

1. The main rocket failed during the flight, and the secondary rockets had to be used instead.

2. The docking procedure failed and had to be performed manually.

3. Once docked, the main boosters fired *themselves*, and it was only by the Grace of God no harm was done.

International Space Station stabilizes after just-docked Russian module suddenly fires thrusters


Re: I knew it

Yaw and pitch, baby, yaw and pitch! that's what spaceflight is all about :-)


That seems entirely plausible to me, with the caveat that when Stuff Happens, usually it's only people who were really closely involved who know all the facts, and it can often be from the outside - you and me - things look very different to how they were.

It may be we really are marginally informed, and are getting it wrong; but this is not to say things were *better* than we think. They could perfectly well have been worse. It's only to say we can probably know we don't really know, which is also rather alarming - that's all tax payer money up there, and we're in the dark. I wonder how much more information will come out over time, and how true and complete it will be (not that we can really know).


"Move along - nothing to see here..."


(From The Naked Gun.)


Holy Jesus W T F???!!

Jaw currently on desk.

This is absolutely mind-blowing.

I'm gobsmacked.

There must be nuclear blasts going off behind the scenes now between everyone involved in the ISS and Roscosmos.

UK celebrates 25 years of wasteful, 'underperforming' government IT projects


Management choose technology, *then* hire experts

I've worked for a quasi-Governmental body, as a contractor.

What I saw was that management would choose technology, and then hire experts in that technology, who could plainly see the wrong choice had been made but where it was of course completely impossible to communicate that fact upwards.

Everyone cites that 'bugs are 100x more expensive to fix in production' research, but the study might not even exist


For the love of God, stop saying "methodology" - these are all *methods*

Sociology is the study of societies.

Methodology is the study of of methods.

"I'm studying British sociology" is not the same as "I'm studying British society".

Any given way of doing something is a *method*, not a methodology.

Open-source dev and critic of Beijing claims Audacity owner Muse threatened him with deportation to China in row over copyright


I think Audacity has had it, then.

Muse just can't seem to get anything right.

If you look at the string of cock-ups so far, there's been enough you can't imagine things are suddenly going to turn around.

This is it - this is what you get - and this isn't going to fly.

Community needs to pick a fork and go with it - that's the hard bit though - getting everyone to go in roughly the same direction.


Re: Is this really news?

You don't give people the death penalty for parking offenses.

You do not send critics of China to China for copyright offenses.

I no longer have a burning hatred for Jewish people, says Googler now suddenly no longer at Google


HR departments are the problem

So, to the extent we can know what happened, it seems that this guy has written a long article and posted a long video about how he used to hate Jews, but (and genuinely) no longer does.

Google fired him for this.

I think this is categorically wrong, but also I am not even faintly surprised.

I could be wrong, but it has to do with the nature of the HR department in large organizations.

In my experience over a couple of decades, with things I've seen happen, HR departments in large organizations experience a certain set of incentives placed upon them by their situation, and so all end up being pretty much the same : they are a law unto themselves, no one checks or validates their work (who guards the guardians), they have no idea about right or wrong *at all* - not even a shadow of a shadow - and as part of that no idea about jurisprudence. Decisions are based on political sensitivities ("will this look bad") and are based on hunches and prejudice, not evidence.

So if you come out with a long piece on a sensitive subject, that's it - you have literally stuck your head in the lions jaws, and that has *nothing* to do with what you've *actually* said - unless you happen to be clearly going along with the line HR would want made public as it looks good.

HR departments are one of the reasons I'm a contractor rather than an employee.

Five consultancies with severe branding difficulties win spots on UK government's £580m 'transformation' services framework


Accenture in my limited experience are catastrophically bad

A fairly recent and very large client had a contract with Accenture, who handled their AWS stuff for them.

I had almost no involvement with them, so I almost cannot speak first-hand, but I heard from colleagues a new EC2 instance would take *six weeks* to be delivered.

I did observe one interaction with their staff. The number of people on the CC: went through the roof - a colleague started off by alerting one or two people to a problem, and then a week later (by which time the problem had long been solved) there were a bunch of people on the CC:, with Accenture (who never did grasp that there had been a problem, or that it had been fixed) explaining to us there hadn't been a problem at all, and giving their (incorrect) best guess as to what had probably happened.

I get the feeling Accenture are picked by managers, not by staff, and then are retained because they tick all the corporate-level boxes. The fact their *actual service* seems staggeringly, mind-bogglingly awful *and supremely expensive*, doesn't seem to come much into it.

If the Gov is selecting Accenture, I think we can know right from the off it's going to be another few billion down the drain.

Android devs prepare to hand over app-signing keys to Google from August


This fundamentally and profoundly undercuts Android security.

This seems like a staggeringly and terrifyinglly bad idea : that Google, or whichever State puts pressure on Google, can silently replace the content of any package, right?

I'll be okay, I am fairly soon moving away from Android, to a LIbrem, which will run actual Linux, but this seems a vast and profound loss of security, in exchange for - just what we need - even *more* surveillance.

You can have security, or you can have surveillance; if you have surveillance though, you have to give up security.

Microsoft warns of serious vulnerabilities in Netgear's DGN2200v1 router


I've had a dim view of Netgear since about 2008.

They may have improved since then.

I bought one of their routers. The specs were impressive, reviews found the performance was impressive.

Once I had the thing, I found two issues.

Firstly, and this unlike the second issue is rather nebulous, I've lot of experience with large bodies of unmaintainable C code and the UI to configure the device *totally* gave me that vibe. The options, the ways thing were arranged, interacted - it did not feel good.

Secondly, and this to me was the give-away, upgrading the firmware wiped all the settings, *and it was not possible to load saved settings from a previous version of the firmware*.

Settings should of course be saved in something like XML or what-have-you, and you can then load them, parse them, and get as much sane information from them as you can. Not being able to do so means settings were being saved a binary blob, which combined with my bad feelings about the whole thing in the first place. It also meant upgrading the firmware then involved 15 minutes of configuration work (there were a lot of options).

Over the years since then I've noticed quite a few stories of the most basic security blunders, although in fairness you can say that pretty much about all router vendors.

Huawei dev flamed for 'useless' Linux kernel code contributions


Re: Monty Python's Life of Brian (album)

BTW, in the end, that Big American company was purchased by Oracle, at which point I then knew Oracle were just as bad or worse, since no one in their right mind would have made that purchase.


Re: Monty Python's Life of Brian (album)

Many years ago, i worked for a lovely little Dutch company which was purchased by a big American company.

Big American company - and I kid you not - had a metric of developer performance which was - wait for it - *number of lines of code committed*. You had to reach a given minimum to meet the KPI.

They paid about 25m EUR or so for the company, and I think a few years later, having fired half the staff (I'm not kidding) and run it into the ground, they sold it for about half that price.

There are upper limits on how *well* something can be done, but there's not much in the way of *lower* limits :-)

AWS launches BugBust contest: Help fix a $100m problem for a $12 tshirt


Re: I've gradually become disillusioned with AWS/Amazon

BTW, relating to customer-centric, I made a CCPA request for the data Amazon/AWS hold about me.

It took *some months* to get it done, and what I ended up with was URL to a page *with more than sixty download links*, each one for a separate file.

I explained this was not viable, and was told, in a one-line reply; "We're not going to do anything more than we have. We look forward to seeing you again at Amazon."

I've chased up since then, also tried to make a fresh request, but now my emails are ignored.

All I can say is that thank God Amazon *are* customer-centric. Can you imagine what would happen if they were not? :-)


I've gradually become disillusioned with AWS/Amazon

I've in the past found and reported two acutely critical bugs to AWS, directly to the devs for the product, who in one case had a fix out in about six hours (the other in the next patch release, I recall).

I can't even think about how much damage was prevented.

Response from AWS? zilch. Nothing. Nada. They don't have a bug bounty problem. I doubt they even know, beyond the devs who made the fixes, the information came from outside.

I've found other bugs, which I've tried reporting to Support. That usually goes nowhere, even after months of effort; Support have a superficial understanding of the product, and don't seem to be able to much *think* for themselves you get rote and rigid responses. After six months of trying to explain one particular bug I gave up trying.

I don't report bugs any more. It's costs me time and money to find them, they're problematic to report, and AWS either haven't thought about it, or expect them for free. In any event I assert by their actions - the lack of a bounty program, and the difficultly in reporting to Support - they do not take security and reliability seriously.

Of course, Amazon *says* it goes - but what else are they going to say?

Amazon also says the customer is the center of everything they do, and I've seen a number of large companies say that, and when a large company begins to say that, that's when it has *definitively* stopped putting the customer first.

Trivial example : after one year, support cases are *silently* deleted. I had an archive of material I wanted to examine, to check for any interesting information, and when I went to them, half were gone. I contacted Support. They explained this is documented (it is - one sentence in a vast FAQ, below a question about finding AWS docs in Japanese), that there was nothing they could or would do, and closed the support case, without giving me the opportunity to even reply.

You'd have to come away from that thinking they just don't care.

I actually stopped using Amazon about a year ago, after El Reg produced a report on the working conditions in their warehouses.

I stopped paying from AWS Support a year or two before that; Support for individual developers is almost free, there's a token charge only, but, I'm sad to say, Support wasn't worth *having*, regardless of the price. The Support was normally irrelevant, wrong, incredibly difficult to get anywhere and if you start to ask questions they don't want to answer, Support will *actively* misled you, so that you *think* you're being answered, when in fact what you're being told is incorrect *and they know it*. I was seriously unimpressed with that once I realised it was happening.

Tax check tool CEST is the pits, say UK contractor consultancies as latest HMRC usage stats are published


HMRC is getting a bigger slice of the pie, but has made the pie smaller.

I'm a contractor.

The CEST tool assumes MOO, which is *not* the case, and I do not take contracts where the client has used it and by this has placed the contract inside IR35. It is morally repugnant.

Fortunately, I still have access to the EU job market, unlike most of the poor buggers in the UK, who can't escape what's being done.

If you pass laws and rule, as HMRC does, but you pass (tax in this case) laws which are unjust and widely ridiculed, you bring yourself into disrepute. HMRC I suppose, if it has thought about this matter, assumes it has such power as to be able to force itself on everyone, regardless of how unjustly HMRC behaves; and given the advent of massive State surveillance (which has existed in banking for a few decades now), this is I would imagine true.

I understand a common refrain from those in favour of mass surveillance (typically bits of the State and no one else) is that "if you have nothing to hide, you have nothing to fear". This assumes the entity conducting surveillance behaves in a responsible manner, both now and forever in the future.

Dell SupportAssist contained RCE flaw allowing miscreants to remotely reflash your BIOS with code of their creation


Dodged a bullet there then

So glad I never bought a Dell laptop in the end, over the years. They were always a contender, with the XPS range. These days it's Purism/Librem only.

To CAPTCHA or not to CAPTCHA? Gartner analyst says OK — but don’t be robotic about it


Poor implementations are fatal for users

The problem for me is poorly implemented captcha, which means Google.

As far as I can tell, Google flat-out blacklists all Tor exit nodes.

It doesn't matter if you're human, or how many captchas you complete : Google will not let you continue. You just get another captcha.

IME, captcha works, and they are *necessary* : if you have an open forum or mediawiki or the like, in a few days you will be drowning into automated spam posts and articles. I remember when I realised my mediawiki had thousands of automated spam articles...

However, they can - Google - be implemented in a way which makes them a critical problem. For me, any site using Google captcha is a dead site. It may as well not exist, because I can't get past the captcha. In this case, the captcha solves one problem but introduces another.

Also, of course, with Google you have the problem of spying. They're collecting information via the captcha.

Wyoming powers ahead with Bill Gates-backed sodium-cooled nuclear generation plant


That was best worst joke I've read in a long time :-)

I doff my cap to you, El Reg.

Cloudflare launches campaign to ‘end the madness’ of CAPTCHAs


Speaking as a Tor user, the Google reCaptcha is a brick wall. It *never* completes - it goes on forever - and so any site using reCaptcha is fully and 100% at that point unusable to Tor users.

hCaptcha works with Tor, and so has restored those pages/sites to being functional over Tor.

If you don't have anything nice to say, don't say anything at all: El Reg takes Twitter's anti-mean algorithm for a spin


New and unused Twitter account blocked for violation of rules - Twitter fishing for phone numbers?

I recently made a Twitter account, for business (I do not myself keep social media accounts).

I made the account but I've yet to use it, so it's been created but it's done nothing; no posts, no following, not been followed, nothing.

I logged in occasionally to perform configuration work.

Now and then when looking in I'm asked to complete a Google captcha - well, okay, shrug.

Then a day or two ago, I was informed my actions has violated Twitters Rules (capital R) and my account had been locked, and I would need to pass a captcha *and provide my phone number*. I did not provide a phone number when making the account, and phone numbers are gold for data collation, which is central to the business model for Twitter, Facebook and the like.

It has led me to speculate that Twitter is using security as a ruse to obtain phone numbers for data collation and so monetization.


> Social media in general has a tendency to make strangers feel remote and abstract. They aren't people, but rather pixels on a screen, and thus it's easier to tweet things you wouldn't dare say to their faces.

There are I think three core factors involved.

1. In the physical presence of other people, we moderate our reactions, with the extent of the moderation being in relation to how well we know the people in our company; the more they are strangers, the more we moderate our reaction. We expect our friends, those who are close to us, to sympathize with our pain and so allow ourselves a greater expression of our feeling; but with strangers we know they will have little sympathy with us, and we look to moderate our reaction so it is fitting in their eyes.

2. The man who lives alone feels emotion more strongly than anyone else; but there is a lack of appropriateness. Such a man might feel the greatest sympathy or sorrow or rage, but if he lived his life in the company of others, with friends, being social, he would have far more perspective and hardly care or notice things which being alone would dominate his mind.

3. As our dear El Reggo opines, the physical absence of the target of our response removes (rather like #1) moderations which we would otherwise would impose upon our own behaviour, in part from consideration of how the other person will judge our reactions. We do not wish to look disproportionate, even in the eyes of the person with whom we have taken up an objection.

We see then that the environment of posting upon on-line forums is actually the worst possible combination of all three factors. It is where we as humans are least able to moderate our conduct.

Backup a sec – is hard drive reliability improving? Annual failure rate from Backblaze comes in at its lowest yet


Re: I doubt the story above

> I have to doubt the story above because best I can see on Backblaze website there is no form to add an address. Just the zip code and region in my part of Northern Europe.

It's possible the UI has changed; it is now something like two years since the events described. However, I would still expect that you will need to enter an address somewhere, at some point, for your bank card, for billing. It may be also that what you are seeing is different to what I saw, since in my case, the billing address was different to the address of the issuing bank. You may be travelling down a different UI path.

> I also find it strange that you can't provide a case number since most people today use email services that store email for what amount to forever in most cases unless manually deleted from the inbox.

I also expect the large majority of people keep all email forever. I did so too, many years ago. I do not now, and have not for a long time. It's a matter of privacy. I travel constantly, and so pass borders on a regular basis. At the border, your phone and laptop are wide open. You have no privacy at all. The only way in fact to have privacy is *not to keep private information*. As such, I regularly trim my email, deleting all sent, trash, and I typically archive nothing.

This is I would the emergent behaviour of the costs and benefits of privacy. Loss of privacy incurs a cost entirely born by the individual, with a benefit entirely born by the State. It is not surprising then that privacy has over time consistently been stripped back.


Biting the hand that feeds IT © 1998–2022