Posts by NeverMindTheBullocks

Re: Scuttlebutt in the tech community on twitter is that it's a BGP issue.

Starting to get corroboration of this in the media.

https://www.nytimes.com/2021/10/04/technology/facebook-down.html

Re: Informal poll on whether you've ever had to do something like this

No so much Resurrection as Resuscitation.

In the dim and distant past I did a stint as a support bod at a large London investment bank.

As part of their BC/DR processes we were scheduled to come in over a weekend to carry out a controlled power down of the data center under simulated outage conditions. Building power isolated, Switch to generator power, fail over to the remote DC somewhere in Hertfordshire, onto battery backup (they had an entire sub-basement full of lead acid battery's on heavy duty racking) and then gracefully power everything down before bringing building power back online, recovering the DC and re-connecting to the remote DC to resync everything.

All went well with the shut down, UPS took the load as the building power was cut. Generators came on line and ran for an hour before being shut down again and leaving the building on battery power while we ran through the shutdown routine for the DC.

The problem came when we started powering the kit back up. Most of the servers came back just fine

but the rows of cabinets containing a couple of hundred IBM PS/2's performing non-essential (i.e. not trading floor related) tasks remained ominously quiet. Turned out the last time they were shut down was 3 years previously during the last test, and 90% of them had failed to boot due to stiction. Cue myself and 2 other support staff armed with rubber mallets from the FM stores working our way up and down the aisles, pulling servers from the cabinets, opening the cases, whacking the drives a couple of times and replacing them back in the racks to see if they would boot. We got them all back eventually but it was a lot more overtime than had been planned for.

Re: Ahh, old timers

The currency markets aren't the problem here.

In order to use Cryptocurrency to actually buy or sell things you have to have bought them with fiat currency at some point, unless you are in the fortunate position to have mined them yourself, but that puts you in the extreme minority.

In the real world fiat currency, from an individual point of view, is very, very stable - Venezualan hyper inflation etc being edge cases. If you buy something for £X today then you should be able to buy the same thing for £X tomorrow, sales, discounts etc not withstanding. Real world prices are largely unaffected by the currency markets, and when they are the effects are minimal, a few percentage points either way at most and most of the time these fluctuations are absorbed by manufacturers and vendors in order to retain customers.

If you buy cryptocurrency for £X today and then buy the same amount tomorrow, X is going to have a markedly different value and you will get a different quantity of cryptocurrency for your fiat currency. This means that the effective price you pay for a thing with Cryptocurrency will vary dramatically based on the fiat value of the cryptocurrency at the time you acquired it. This matters because in order to realize the value of your cryptocurrency you either have to convert it into tangible assets or back into fiat currency directly.

If you buy £5000 of Bitcoins today and tomorrow you use that to buy Gold then there is a good chance you will get less gold for your Bitcoins than you would if you had just bought it with £5000 in fiat. Of course there is also a chance that you will get more than £5000 of gold, but that's the gamble with cryptocurrency, it's all speculation driven by a very volatile market that is open to manipulation by individuals or groups of individuals with the ability to execute very large transactions.

Until the real world value of Cryptocoins against assets becomes protected from the speculative value and achieves real stability they will remain an investment tool rather than a day to day currency.

@DavCrav

Maybe try reading the report. In particular the selection of witness statements here. Inclusing a Locum social worker and jobbing IT freelancers. We are not talking about high net worth individuals or celebrities.

https://publications.parliament.uk/pa/ld201719/ldselect/ldeconaf/242/24217.htm#_idTextAnchor122

You have also completely misunderstood the legislation. These were employment agencies signing up workers and paying them through these schemes, not the workers own companies, assuring them that HMRC are aware of them and that they had been approved by legal experts.

HMRC have been aware of these schemes for over a decade and they had been declared under the HMRC DOTAS process. HMRC chose not to do anything about them. They are now not chasing the scheme providers, but the individuals who were signed up to them, many of them unaware of the arrangements or accepting the claims of the scheme providers.

This is no different to the Govt. deciding to raise income tax by a penny, backdating it 10 years and then demanding that everyone pay the extra tax, despite the fact that thay had paid everything they were supposed to at the time and charging interest and penalties on top. With no means of appeal.

Re: National Cyber Security Centre Is One You Might NOT Want Messing Around With Your 'Jewels'

What makes you think they are not "messing" anyway?

If you are on the web and are of even a passing interest to the security services then this has been done to you already, they just haven't told you what they found. In this case they will tell you, and how to fix it, but only if you are a Public Sector body.

The service is essentially the same as you would get if you paid a professional testing company to do an external scan of your services, it's just been automated a bit and made available to Public Sector organisations for free. Along the lines of the Qualys SSLLabs service but with extra advice and guidance on how to fix whats found.

If you're looking for an excuse to break out the tinfoil headgear, this isn't it.

Re: Woah! Some much tin foil, so many hats.....

@h3nb45h3r

It's not your phone that anyone would be interested in.

What about journalists working in repressive regimes, human rights activists trying to prosecute those in authority, whistleblowers in authoritarian governments.

Any of these and more could have their lives and work compromised by those in authority who want to shut them up by getting "evidence" from their phones.

I doubt the company selling these devices will be particularly fussy about who they sell them to. You may not have much to worry about but many many others will as a result of this.

Re: Sick Pay?

Re: Sick Pay

What we are talking about here is not Statutory Sick Pay that you get when signed of sick longer term but getting paid for the odd days here and there that you ring in sick for.

A permie off for a couple of days with the flu or a dodgy belly will still get paid. A contractor doing the same won't be. No workee, no payee.

Re: B2B vs B2C

Where did you get that information from? If you didn't collect it directly from the individuals then you are not the data controller and you don't need to worry about consent. That's down to the Customer who provided it to you. In that scenario you are the Data Processor. You sill need to be complaint but the rules are slightly different.

Even if you are the controller you don't automatically need consent, that's just one of the possible criteria for the Lawful Basis for processing. You do need to work with those customers at a business level to ensure that they pass on the appropriate privacy notices to their employees that explain why you are holding their data an what you intend to do with it. You also need to be able to respond to SAR's from them and delete data under RtbF.

The first thing you should be doing is getting the Lawyers to give you a view on your status as Controller or Processor for the different data sets you hold (assuming you know what they are). Everything else follow from that.

Re: So now official websites have files with viruses, uh?

Whats going on is that Transmission was specifically targeted by the scammers in the knowledge that it is widely used around the world. Exactly how they managed it remains to be seen, but fundamentally they set out to break into the distribution of Transmission and upload a malware infected version signed with an revoked but otherwise legitimate looking developer certificate.

You can put the tinfoil hat away. There is no great conspiracy here. Just a particularly cunning exploit of a popular application by scammers looking to make money.

"An ex parking fine processor, eh?

Didn't realise the best cybersecurity gurus were utter bastards. Time will tell if things turn out."

You've not read BOfH then?

Re: OWA used by smartphones

Yes it is. However, as others have commented, the real issue here is not that the OWA service was used to gain access to domain credentials, but how the offending DLL was installed on the server in the first place, and how the server config was manpulated to load the malicous DLL in place of the legitimate one. That was the cause of the breach, everythng else was the effect.

No they don't.

In the Public Sector there are rules that say if you are in a contract for more than 6 months, paying more than £200 per day then you have to provide evidence to the client that your Tax and NI payments are compliant with IR35, either inside or outside.

If you work in the same general location (whether in the Public or Private sectors) for more than 2 years then you can no-longer claim travel and subsistance costs. Location is very broad, so 12 months with one London Client followed by 18 Months with another London Client would be caught by this rule (30 months in one location). If the commute doesnt fundamentally change (Next Client is in Leeds for example) then the rule applies.

Other than that there are no restrictions on how long you can contract with the same client, nor is length of engagement an indicator of your status under IR35.

@TheTick

There is such a service in place.

FCO Services ( the services division of the Foreign Office) provides and supports a formally Accredited application services platform that includes Office 265, delivered via the PSN and Internet specifically for use with material that may need delivering to out of the way places and embassies in countries that may be somewhat less than respectful of our National Security. Or simply for handling more sensitive material at home.

Re: the previous posts - ANPR

No, a vehicle of interest is one that has been reported stolen has previously been associated with criminal activity, or is connected to a known or wanted individual. There is no link between the ANPR database and the DVLA systems for tracking registration, MOT etc. If a vehicle is stopped these can be manually checked or they can be checked if a vehicle is reported for other reasons.

Re: end customers haven't pulled their heads out of their arses

Except they aren't.

Rule one only applies when your customer can go elsewhere. Like it or not, there are no practical alternatives for enterprise class operations who want to maintain continuity for their desktop environments. Despite all the discussion about porting to Linux or use of VM's or compatibility modes etc, in practical terms these are as much if not more work to implement in the current timescales than going down the MS upgrade path.

Realistically, if you wanted to get of the Windows merry-go-round you should have started planning the jump 5 years ago when MS extended the end of life to 2014. You'd be about ready by now if you had.

As far as MS are concerned in this, Rule One can go screw itself.

You can whinge all you like about whether MS is right or not to do this, it doesn't change the fact that they are doing it. They told the world they were going to do it, gave the world an extra FOUR YEARS to deal with it and now everyone is getting all upset that they are actually doing what they said they were going to do 12 years ago.

The numbers of XP desktops out there, still in daily production use indicates that the IT world has had it's head up it's collective arse the whole time.

Whinging about it and claiming the customer is always right is just the verbal equivalent of ramming it that bit further up there, when push comes to shove you're still going to end up eating shit.

It's not him

It's her.

Mercedes is a girls name.