Forgot your password?

Comment: Increase productivity or reduce headcount? (Score 2) 228

by Stolpskott (#47628979) Attached to: What Do You Do When Your Mind-Numbing IT Job Should Be Automated?

Most of the IT jobs (emphasis on the "jobs" part) that I see, cannot be automated - or if they can be automated, the automation needs a level of oversight and constant tweaking that it is not economically viable to automate the process.
Almost without exception, an IT "job" can be split into discrete "tasks", where some of the tasks can be and should be automated for various reasons, but in terms of the W.W.W.W.H. (What, Where, When, Why, How) aspects, the reason for automating (Why) has a significant bearing on whether it would be a good idea to even try automating.
Automating the tasks which can be automated within a job makes sense in many cases - relieving the employee of the trivial and repetitive tasks to tackle the more high-value elements of the job. From a commercial perspective, if you are spending most of your time on the high value tasks, you are probably earning more money for your company or providing better value. As long as the boss recognizes that fact, your job should be more secure and your pay packet should, at some point, see an increase to recognize the higher value that you represent. ok, you might need to leave the company and parlay that higher value experience at a new employer to see the increase in your salary, but if your CV can show a successful sequence of task automation leading to higher productivity, then you will probably be more in demand.

If you have either a role that can be automated to the point where you are irrelevant, or a manager who thinks that your role can be automated to the point where you are irrelevant, then my advice would be to start looking for a new job where either you are more stretched or your manager appreciates your contributions more.

Comment: Re: cretinous because (Score 2) 316

by Stolpskott (#47612263) Attached to: Verizon Throttles Data To "Provide Incentive To Limit Usage"

I cannot decide on the best response to that:

"You will never find a more wretched hive of scum and villainy. We must be cautious.”

“Who’s the more foolish; the fool, or the fool who follows him?”

or maybe...

"If they follow standard Imperial procedure, they’ll dump their garbage before they go to light-speed. Then we just float away.” “With the rest of the garbage.”

However, whatever the response is, Verizon will come back with one of these:

“So what I told you was true from a certain point of view.”
“Only at the end do you realize the power of the Dark Side.”

Comment: Oh, please... (Score 1) 45

by Stolpskott (#47595497) Attached to: UK Spy Agency Certifies Master's Degrees In Cyber Security

So the spy agency that admit s to (a) sharing data with the NSA, and (b) has pretty much admitted that it wants to be able to hack into any systems it wants in search of information, is now certifying information security courses that would, in theory, make their jobs harder...
What can possibly go wrong?

Comment: Re:Change management fail (Score 1) 162

by Stolpskott (#47579731) Attached to: Passport Database Outage Leaves Thousands Stranded case my other article did not make it clear, we always ask if they have a backout plan, and they always say they do.

I used to deal with a lot of Indian outsourced IT groups, and the only way to handle this is to either follow up the "Yes, we have a backout plan" response with "Tell me what your backout plan is" or just to skip straight to that without bothering to ask the "Do you have a plan?" question.
Things still got screwed up, but after the first occurrence we completely cut their access to the servers and re-enabled them on demand, so we forced their people to update a specific server first to show that they could do it on a system which is not mission-critical.
However, that approach really only works when the client does not turn into a whining tub of lard when the vendor starts putting pressure on.

Comment: The vendors are clowns, but not the funny kind (Score 1) 348

If the POS (point of sale... although if the vendor are as lax about their quality assurance as they are about network security, that might just also stand for "piece of shit") and the back office PC are completely isolated from the internet, then I would agree there is no need for a firewall. However, retail POS systems almost always now come with a built-in credit card payment system instead of having separate terminals for that... so the POS cannot be guaranteed an airgap out to the internet unless the POS vendor is also supplying a separate credit card payment system with separate hardware that will reside on a completely separate network from the POS and back office system.

My advice to the OP would be to register their extreme dis-satisfaction with the setup verbally with the client, and in writing/email to the client and vendor, detailing the concerns about data security. That way, it at least limits OPs liability for the inevitable fuck-up and loss of customer credit card data to the time and effort involved in hiring a lawyer and producing said documentation when the shit hits the fan and law suits alleging incompetence start flying.

From experience, I know that as the 3rd party implementation consultant, you are nothing more than an annoying buzzing sound to the vendor unless you get the client on board, and even then it will still not work unless there are break clauses around client satisfaction built into the vendor-client contract. All OP can really do is cover his/her own ass, do their best to educate the client about the dangers involved, and leave it at that.

No firewall is probably because the vendor is too lazy to figure out how to configure the POS firewall so that they can still connect to it for remote support/maintenance tasks.

Comment: Welcome to the LinusT show... (Score 1) 739

by Stolpskott (#47550427) Attached to: Linus Torvalds: "GCC 4.9.0 Seems To Be Terminally Broken"

There is an article on /. every few months, about how Linus Torvalds was abrasively to-the-point about something, or about how a kernel developer responded to a Linus abrasive episode with a "dude, not helpful, be nice..." reasoned argument.
From my recollection, Torvalds does not often get involved beyond the initial message, but when he does I seem to recall that his response is "My sand pit, my rules. You don't like it, go make your own."
While the GCC compiler may not be a part of his Linux sand pit, it does go a long way toward defining the quality of the executable it produces, so even if the code is perfect a shit compiler will still produce a shit executable, in the same way that a perfect compiler will produce a shit executable from shit code. The difference is that a shit compiler cannot produce a good executable, whereas the shit code can be improved to good code with time and effort, and if a coder whose executable ends up being shit tries to turn around and blame the compiler, everyone else is going to respond with "bad workman always blames his tools, therefore the code is shit".

99 times out of 100, the code is shit, because generally the compiler devs are much better coders [citation needed] than the rest of us mortals, so we probably assume that executable errors are introduced in our code (or is it just that I am a crap programmer??).

Comment: Unify the OS, but not the UIs (Score 3, Interesting) 322

by Stolpskott (#47520889) Attached to: Microsoft's CEO Says He Wants to Unify Windows

So many negative comments here... as if people think that a unified OS must also mean a unified UI.
A single core codebase for the OS will have a few problems with performance on different hardware, but that is a separate discussion... and who expects Microsoft stuff to run quickly anyway?
However, incorporating a different UI for each target device means that you should not need to see the craptastic Metro UI on a desktop system or workstation, while touchscreen and small screen systems are not compromised by a need to develop elements for discrete keyboard and mouse input.

Comment: Biggest problem in IT security: ID-10-T errors (Score 4, Insightful) 129

by Stolpskott (#47499009) Attached to: Snowden Seeks To Develop Anti-Surveillance Technologies

Securing the technology is one thing - that in itself will be a huge job, because depending on how far you want to take it, you can end up needing to sandbox each application and harden each layer of the communication stack.
You might need a complete new protocol ecosystem based on only systems which are open source (not just because I like open source, but so that everything can be audited and peer-reviewed at the code level), built with compilers which themselves are not only trusted but also auditable as matching their published source code, and using communication protocols which are themselves open source and audited.

Put all of that together, and you still have the biggest security/privacy threat to deal with - the ID-10-T (aka the user sitting at the computer). Until users of a computer system are educated - not necessarily to the extent that they can themselves audit source code, but at least to the point where they can recognize compromised behaviour of a computer system - then they will always be the weak link in a security/privacy model for IT systems. Getting away from the Windows/local admin culture would be a huge step, but until the most idiotic and incompetent user of a given computer system is either isolated from the ability to do anything or educated to prevent them doing dumb stuff, the computer they use must be considered compromised and all users of that computer must be considered at risk.

Comment: Re:No excuses left (Score 4, Insightful) 390

by Stolpskott (#47482139) Attached to: Verizon's Accidental Mea Culpa

Too big to fail, too arrogant to concede, too greedy to care. This news is all the more reason to regulate.

But, but, but... regulation is the antithesis of the Capitaist way that our republican Democracy has weaned its children on since it was formed!!
I do tend to agree though - regulation of ISPs is probably the only way to deal with this.
Capitalist theory says that if an incumbent merchant/provider is too inefficient to provide a good service or if another potential merchant/provider thinks they can do a better job for a lower price, then that new provider will step in and provide said service. The threat of that is what keeps the incumbent lean and competitive, and the result is a competitive environment that is generally good for the consumer and rival providers seek to offer better deals to entice custom away from their competitors.
However, that theory assumes that there is a very low or non-existent barrier to entry into that competitive marketplace. Given the initial infrastructure setup costs and, in many cases, exclusivity contracts between providers and the municipal areas which would present the profits to drive services out into more marginal areas, the barriers to entry into the Tier 1 ISP market are prohibitive, to the point where you need to be a corporate entity the size of Google to be able to reasonably make the capital investment required.
As such, the local markets for each ISP more closely resemble non-competitive monopolies with the illusion of choice being provided by third party suppliers who typically have to by access to the resources from the incumbent monopoly - they get wholesale prices, and the consumer sees some small price reductions if the third parties can make enough money to operate by charging the consumer slightly less than the discount they got from the incumbent. But fundamentally, everything is still controlled by that original monopolistic provider, so services suck, progress is stifled because there is no incentive for change, innovation is discouraged, and the level of capacity/reliability is never going to be any more than "just barely enough so that we can maximise our profit margins".

Comment: Re:Final Objective? (Score 2) 76

by Stolpskott (#47480995) Attached to: The Hacking of NASDAQ

'We've seen a nation-state gain access to at least one of our stock exchanges, I'll put it that way, and it's not crystal clear what their final objective is,' says House Intelligence Committee Chairman Mike Rogers

Ummm to make money or destabilize our economy?

Makes one feel good that you are the head of the Intelligence Committee.

The problem with the final objective is that Nasdaq's IT security was (and probably still is) pretty incompetent, because once the bad guys were past the outer defences, there was very little internally to audit unusual activity. The analogy used in the BusinessWeek article uses the analogy of physically breaking into a bank versus breaking into a private home - the bank will have internal security sections, cameras, password-protected doors, and so on. So when determining what was taken, you can look at what areas the bad guys had access to and where they went. In a private home, there is the external alarm - once that is down, you have no way of knowing where the guys went unless they leave a physical trail. In this case, while it might be expected that Nasdaq would be the IT security equivanelt of a bank, they apparently were the equivalent of a home owner who left the alarm deactivation code on a piece of paper taped next to the alarm console.

Let's try a few plausible options, based on the article. Determining the probable source of the hack/attack will help there.
The core of the malware used was a 0-day exploit kit that had previously been attributed to a team within the Russian FSB's electronic warfare group, suggesting that the Russians may be behind this. At the approximate time the hack took place, the Russians were combining their two domestic stock exchanges into what they planned as a single super-exchange to rival Nasdaq, NYSE, LSE in London and the Hang Seng in Hong Kong. Probably a dual-purpose reason being (a) increasing international prestige and economic diversification, and (b) preparation for pressurising large Russian companies whose stocks were listed on international exchanges to draw back and list exclusively on the new Russian exchange, thus reducing the potential leverage and influence that US and international governments would have over those Russian companies (thinking sanctions, as with the current situation in Ukraine). For the Russians therefore, a plausible action would be to hack the Nasdaq exchange servers and copy the software code that powers the exchange, so that they can use it or modify it for their own exchange - believe it or not, the code for the Nasdaq exchange is generally considered to be world-beating, so that would be a viable target.

Second, the CIA apparently found some information in the real world suggesting Chinese connections - the Chinese Peoples' Liberation Army certainly had electronic warfare capabilities, and conceivably might plant an electronic bomb in the Nasdaq systems for use at a later date if it proved convenient. Equally, with the Chinese approach to IP and industrial espionage, hacking to steal the code in a similar way to the Russian scenario is possible.

Both of those governments' beurocrats are often known to be corruptable and have links to organised crime, so there is another possible source for the attack, with the goal of either blackmailing Nasdaq or gaining access to the not-yet-public information stored on the compromised systems to give them advance knowledge of information that would move stock markets and prices (financial gain).

In determining the source of the attack, the origin of the malware used is not the greatest indicator - malware kits can be copied as easily as any other software, so either an actor within the FSB may have sold a copy to someone, or another hacker may have hacked a completely different system infected with that malware kit and downloaded the elements of the kit they could find, reverse-engineering the rest. So just because the FSB are credited with creating a previous version of this specific kit does not mean they are involved.

Lastly, looking at the capabilities of the payload may give some insight into the objective - a malware kit with a keylogger and dial-out facility to a C&C server is generally not going to be paired with a logic bomb to fry the infected system. So a system with a keylogger will be used for industrial espionage, while a logic bomb is an offensive, destructive weapon. The NSA's original analysis of the malware apparently indicated all sorts of interesting/terrifying capabilities. Given their extreme interest in surveillance of computer systems, if they chose to deliberately scare-monger and make this breach out to be more serious than it may otherwise have seemed, they could use that as leverage to expand their intelligence remit to be the gatekeepers of data security and cyberwarfare within the US - expanded influence, and also a much more free hand to conduct their own domestic surveillance. Plus, it is definitely conceivable that they would already have laboratory copies of the FSB malware kit that they could use when hacking Nasdaq.

So, there you have 4 other possible actors and objectives:
Russia: Domestic economic control over large businesses to reinforce geopolitical strength, and industrial espionage.
China: Industrial espionage, or the future possibility of electronic sabotage.
Organised crime: Extortion or industrial espionage for financial gain.
NSA: Empire-building.

This is not to suggest that any of those groups actually did do this, or that if they did that they did it for the reasons I have suggested. But it does indicate that there are a lot of possibilities out there, and Mike Rogers is a politician, so he is not going to start slinging mud at someone unless they give him a good quote as justification.

Comment: Re:Chicago Blackhawks too? (Score 1) 646

by Stolpskott (#47271195) Attached to: Washington Redskins Stripped of Trademarks

What do you call people from India, Pakistan, Bangladesh, Afghanistan and that region?

Being from the UK myself, I asked some of my American colleagues who also work here ("here" being Sweden... more about that in a moment).
The response from two of the Americans was that they had no idea what to call people from that region, as they had no real idea of where those countries were. The other 3 promptly came up with "Terrorist", and were apparently not joking, judging by the lack of humour in voice or demeanour.

Anyway, regarding Sweden, this country currently has a degree of nationalist racism against "Invandrare" - effectively immigrants, but used as a catch-all for those immigrants who are obviously not Swedish, have poor language skills or education, and typically who come from near/middle eastern countries or central/eastern Europe, but Asians can also be included. Broadly speaking, immigrants from other Nordic/Scandinavian countries are ok, and immigrants from the UK or USA are loved unless they are complete assholes.
Historically however, there has never been a huge problem with racism, particularly against "coloured" people - and in this sense I use the term "coloured" to refer to anyone who does not have the typical Nordic/Scandinavian/Aryan light skin/light hair/blue eyes combination, not specifically people of African descent. So up until very recently (10-20 years), it was possible to buy "negerbollar" - literally "Nigger Balls" - which are a small chocolate-based pastry typically dusted in coconut, and many people still call them negerbollar without feeling any discomfort or embarrassment. Now, though, their official name is "chokladboll" to avoid any problems.

Comment: Re:Internet (Score 1) 248

That's part of the problem of expanding into other countries, you have to either accept their rules or stay out. Consider Google or Yahoo in the case of China...

Compare to an example of a court order that forbids a third party railroad line from transporting a particular product into the country.

This is the part that I have a problem with - if a Canadian judge wants to mandate that all discussions of the health benefits of eating less Maple Syrup are blocked in Canada, I have no problem with that. If I live in Canada or if I live in China, then I expect what I see on the Internet to have to comply with local laws, and while I expect censorship in both Canada and China, I expect a hell of a lot more of it in China.
The precedent it sets, though, could allow a fundamentalist Islamic cleric to order Google to not index (and therefore censor) discussions about the interpretation of Islamic Sharia law so that his interpretation is dominant, not just in his country, but around the world as well.

This instance of the problem - a couple of embittered former employees of a company selling knock-off products - is not a bad idea. While I would like to know that they used to sell these goods, if I am looking to buy said equipment, I do not need to be able to see the actual site they were using as a sales portal. But the precedent it sets is a dangerous one.
Consider (not trying to derail the topic, honestly) the recent EU ruling that establishes the "right to be forgotten". If you look at it as the right for a woman who, as a dumb teenager, posted naked pictures of herself to show off a new tattoo, who now wants to see those pictures fade into obscurity, then it is a good thing. But many of the requests Google are receiving are from people who want to hide criminal convictions or other information which can legitimately fall under the heading of "in the Public Interest to know", so while Google can use that as a way to refuse the request, it shows that "good idea" precedents are often used to justify "bad idea" changes.

Comment: Re:Could the Tesla circle jerk be any more open? (Score 0) 455

by Stolpskott (#47270753) Attached to: NADA Is Terrified of Tesla

From my perspective, the most interesting thing about this is not the pro-Tesla/Elon Musk choir, or the Automotive lobbying juggernaut against it, but the fact that this is happening in America (statement of the bloody obvious, I know).
America, being the home and religious temple for Capitalism - Capitalism being an economic system where, if a new supplier in the market can provide more desirable products or with a more efficient/cheaper supply chain, that new supplier can gain a foothold in the market and offer their products/services in competition with the established actors, without political interference in the process.
The capitalist approach would be for the authorities in America to say to Tesla "You think you have a product which customers will want, which they will buy, and which will not blow up in their faces? Power to your elbow, go ahead and sell to Joe Public*!"
Instead, allowing the established automotive manufacturers to try and dictate "we sell through our Dealerships, they are a 'Good Thing' so you need to do the same, so that we are all doing things the same way smacks of something. I do not want to call it Socialism, but I cannot think what else to call it, because even collectivist Keynesian Capitalism does not really cover it.

* With the caveats that applicable advertising laws and standards are met.

Comment: Re:Internet (Score 5, Insightful) 248

Or as a car analogy: You don't tear out the road when one person is driving recklessly.

The car analogy would be accurate if the order was for the internet to be removed. In the Google case, it is more like "Someone is using a road to drive recklessly in Arse-end-of-nowhere, Ontario, CA. People who go to this God-forsaken place usually have a paper map made by Company X, so we are ordering Company X to remove Arse-end-of-nowhere from their maps."

Note, I am NOT suggesting that Ontario is the Arse-end-of-nowhere, but I do find it very troubling that a judge half way around the world from me thinks that my access to information on this matter should be curtailed. If the content is so objectionable, then the web host should be ordered to take the site down. As the plaintiffs in this case have named two Google entities as the non-party entities targeted for action, and the defendants as the individuals responsible for the actions that led to the case being brought, I see no action being taken to order the hosting provider to do anything.
If the rationale behind that lack of action on the hosting provider is that the hosting provider is outside Canadian jurisdiction, then the same rule must also apply to Google Inc., who are being ordered to comply with this ruling.

As a European, regarding the "right to be forgotten", I think it is a potentially good idea in some circumstances which is let down by dumb-assed execution opening the door for abuse by people and other entities looking to remove information of valid public interest.

Comment: Depends what you consider the "start" of the day (Score 1) 141

by Stolpskott (#47252809) Attached to: I typically start my workday ...

Out of bed by 5:00, because Monday to Friday I am on-call for "the shit hits the fan" stuff at the office from 5:30. I then start doing actual work at 7:00. For weekends and vacations, I am on call from 07:00. And yes, I am paid a lot extra for being on call :) One of the benefits of unionization!

Biology is the only science in which multiplication means the same thing as division.