Posts by Lee D

Re: If a prospective candidate expresses concerns about AI-based interviews ...

If you don't have the time to interview me as a human being, it's absolutely not a job I want, a workplace or person I want to work for, or anything I want to encourage.

Of ALL the things you could do.... sitting down for 5 minutes to interview a real person who you hope to impress enough to work for you is the absolute bare minimum that should be expected.

I would refuse any such AI-interview, as would an awful lot of people I know.

And, as a manager, I would refuse to ever implement such a thing as anything other than "additional" (to check some boxes) to my personal interview with anyone who was going to work under me.

I am by far not one of those "handshake and eye contact and let's meet in person" kind of managers day-to-day, but you know what? For an interview... I want to see you, the person, on your own, talking to me. For so many reasons that it's laughable to think that an AI interview would ever suffice, or even add anything into the process.

Re: Hmm

You can have all the energy you want.

The only pertinent questions are:

- What are you willing to pay for it?

- Who is detrimentally affected by providing it?

Which tell you why government aren't doing it.

Honestly, I think we should just charge a huge premium on any large and unusual power usage, regardless of the unit rate being charged. Literally a "high-user tax" on it.

Then watch as all the datacentres scramble to buy more efficient systems and/or supply their own power rather than just keeping buildings full of floors full of racks full of servers full of cards running at maximum 24/7/365.

Did you read the article?

Where the AI's guardrails are eroded more the longer the query is? Because the AI is the thing implementing its own guardrails via analysing the tokens it's being given, rather than an external factor strictly limiting them before they can reach the LLM, or where an external factor filters the LLMs output to make sure it's not breaking out of its own guardrails?

Re: spam coming from inside

I use unique email addresses at my domain for everything I sign up for.

This tells me immediately who gave out my addresses, just by looking at what address the spammers sent their email to.

In my time, I have had DOZENS of companies spam addresses that were only ever given to one company.

This includes places like Scan.co.uk, RM (hilariously that one was actually stolen by a former employee who then took it to an educational furniture reseller and used it as their customer list - I know because they confessed all when I asked this random company how they've got an address that I'd only ever given RM), SecurityFocus (remember them?), Tagadab, PizzaGoGo, Macromedia, CheapFlights, WordsWithFriends, etc.

And those are just the ones which got so widely spammed that I blocked any reception to that email address ever again. For reference, I have never once allowed someone to use my address for "3rd parties", etc.

Emails get spammed because companies don't protect those emails from their employees, and the employees sell them on or literally take their customer list to their next employer.

The bigger irony? All those emails eventually end up at GMail - that's what I use for actually managing my email. And I can tell you that I get a thousand times more spam addressed to my GMail account directly (which has NEVER been used/advertised) than anything else. To the point that I'm now considering just running my own webmail now.

As I've said before, companies are obligated under GDPR to not provide data which their employees do not require access to, and that really means that they shouldn't just have customer databases that allow arbitrary queries, and show all the customer information, and most certainly that that information shouldn't be capable of being stolen en-masse. But I promise you that nobody actually does things properly in this regard (e.g. me calling up a company shouldn't need them to see my address, phone number, or email whatsoever - not even to send a delivery, message or call me. That can be done without the end employee actually seeing that data unless - explicitly - I ask to change those details or they need to verify them, at which point JUST THAT ONE FIELD should be visible to them). It would instantly stop a lot of customer data theft like this if it becomes actually difficult to suck out thousands of customer addresses and provides a great big red warning of an audit trail to do so.

Your email is being stolen from Microsoft, but most probably by one guy in a call center somewhere on minimum wage with full access to customer details that he shouldn't have. As more of our data goes cloud, gets outsourced, etc. the problem will only get worse without effective data privacy controls.

I once signed up for Microsoft volume licensing and the entire sign-up was electronic. I later enquired what was taking so long and it turned out that someone had mis-spelled the email which we'd asked for it to be sent to. An email we'd only EVER sent electronically and with the correct spelling. It was literally the case that, somewhere in the world, someone at Microsoft themselves was PRINTING OUT AND TYPING IN volume licensing administrator email addresses by hand. This was also not that long ago.

Re: It's different this time

True story:

Once walked into a customer's network that, overnight, had literally just stopped.

It was one server running a school (normal in those days) and it just wouldn't do anything. Frozen.

Hard-rebooted it. Booted into Windows. As soon as it got there, same thing. Safe mode: same thing.

Services would work and the thing would ping for a few seconds but once it got into Windows it would just all stop.

No problem, restore from backup. Yesterday's backup: same thing. Last week's backup: Same thing. Last YEAR'S backup: Same thing.

No way, because those backups were FINE and were tested and restored perfectly just recently.

Tries a Live CD... server was fine.

After much hair-pulling, I found a hint in an online forum.

Turns out that the APC UPS software was written in Java. One of its JAR files held a certificate. That certificate silently expired (and no way for a customer to renew it anyway). When it expires, rather than just error, the APC software absolutely jams the server up so hard that you literally can't do anything, not even get a ping out of it.

The fix was to modify the filesystem in another OS and remove that JAR, then the software would just stop working rather than mess everything up.

Then you could uninstall the UPS software and install a later version and it would be okay... until the certificate expired again, I suppose. I had a very annoyed customer over that one, because they were entirely down and there was nothing obvious at all, and backup restores are NOT things you can do quickly, and a few of them and STILL no success? Nightmare.

In other news, a very important MS certificate just expired and people have been scrambling to fix it, but fortunately that doesn't bring your machine to a grinding halt and Windows Update mostly takes care of it so long as you update regularly enough.

Re: It might be just me...

I don't mind what they do in terms of UI but don't make it so that there's some setting that WAS in control panel and no longer IS in Settings anywhere.

Drives me mad to have to jump through hoops to get back to the old interface because that's the ONLY place to set certain things... and they KNOW it because they literally take you there from Settings if you dig deep enough looking for the damn thing.

I guarantee it happens every time they migrate any settings. Like network adaptor settings... you end up on the old "control panel" network interface because it's the only place to configure protocols, gateways, the network driver etc. but rather than migrate those settings, they just lead you a merry dance trying to get to them.

Re: How about...

I can kind of see why they might work that way.

But there's no excuse not to just have two checkboxes on export that let you change those options.

As ever with Microsoft, it's their way or no way. Where a simple option selection would actually PLEASE millions of people.

P.S. I'd like my start menu back please, and the taskbar to be draggable again.

Re: No mention of NAT, then?

The whole anti-NAT thing really hindered IPv6 adoption for a completely UNRELATED technology.

Give me a billion addresses and I'll deliberately NAT through one of them. I know I will because I'm sitting in a workplace with a leased line with an allocated subnet and that's exactly what we do on IPv4 anyway.

Anti-NAT sentiment literally held everyone back. Why?

Because I could have transitioned a single NAT router to IPv6, at home, in my workplaces, etc. and that would INSTANTLY allow all external connections to move to IPv6 only. What do you CARE what I'm running internally? Any problems that causes are MY OWN.

But the easiest way to transition to IPv6 is to change the router first, and retain IPv4 on everything internally, then moving everything internal at your own pace.

But no... that wasn't "good enough"... we had to utterly abandon our network numbers force huge routing tables into our devices, replace all the simple numbering with more complex numbering, modify EVERY device internally and allow direct routing to every internal IP.

Just no. The very suggestion was ridiculous and (rightly) ignored by ABSOLUTELY EVERYONE, to the detriment of IPv6 adoption.

And now what is our solution? CGNAT. Who cares about that? Almost nobody. Your phone is being NATed right now, I guarantee it. My 5G phone gets internal ranges like 10.x.x.x on it's 5G connection and they are NATed to the Internet. Nobody gives a damn.

The reason there's no mention of NAT? They finally realised that they utterly cocked up by tying anti-NAT sentiment to IPv6 and that it badly hurt adoption.

There's no reason on earth we couldn't give everyone an IPv6 NAT router for their home network which does 6-to-4 and 4-to-6 translation as necessary. No changes required to anything at home whatsoever. But suddenly you can then convert all the ISP backbones to IPv6 only and nobody would even notice.

Or you could charge the heaviest commercial users more given that they are having the largest impact on those people who need water (i.e. small-usage residentials) and have the most money with which to fund this stuff.

It's a nonsense that I can't water a 3m x 3m garden with a hose, but datacentres can slurp whatever the hell they like.

Re: Not so smart

By the time everyone is on smart meters, most people will be on solar anyway.

Honestly, just over the last two years, the EXACT SAME kit I was buying is nearly half the price it was, and it was already some of the cheapest things there were (batteries and panels).

The ones who can't do that - and even councils are moving people to solar and heatpumps - are likely on a pre-pay meter or a private landlord anyway, so they'd struggle with doing either.

But honestly, I'm now planning my retirement (~20 years out) around the fact that I won't be using grid electricity by then.

And though there's nothing new in being able to cut you off, really, even without access to the property - the barriers were mainly legal, not physical - via my smart meter I've had 4 hours of free electricity (as much as you like in those hours) already... because we're basically throwing electricity away when it's sunny and dry. The last few weeks, all my chores were done during those hours, and I charged my solar batteries to make as much use of it as possible. I literally tripped my RCD because I turned everything on and even did things like charge my drill batteries and suchlike. I even thermal-camera'd my fusebox - which is rather old - to make sure there wouldn't be a problem if I did pull a lot of power in the winter.

And Octopus keep linking to this:

https://wastedwind.energy/

We're basically throwing energy away now. Cut you off for it? They're more likley to be begging you to use it or forcing you to stay connected to the grid. They have a MASSIVE investment in the grid, and we're all going to start fulfilling our household's entire energy needs in a few years, and I wouldn't be surprised if they started introducing taxes on electricity because of - say - electric cars. To make up for the fuel tax disappearing, and to then charge people by their usage at home even more. Whether or not they have an electric car.

I need 8KWh a day. I basically have that in batteries already. My roof can take at least 24KW of solar. Multiply by a minimum of 8 hours of sunlight per day, and cut it DRASTICALLY for the winter months... and I don't think I'll care about the grid in another 5 years, let alone 20. My heatpumps take ~200W to cool/heat my rooms to 20C, even in the depths of winter.

The only thing I'll need a lot of power for? An electric car. It's likely to be the only reason I bother to keep grid connectivity. But even that wouldn't be "essential". I'd have enough power in the house to get it going, and could just pay at an EV charger somewhere for the rest if needed.

Re: Job offers

Nope, that would flag on police checks and they were pristine.

Re: Kuiper

Nope... I've tried and pre-registered with all the ones working the local area should they ever offer service.

As I say, at this rate, FTTP looks more likely as in that case they (Gigaclear) are actually doing some works as I speak and rolling it out to nearby villages.

I used to work on a single-floppy Linux distro that turned an old PC with network cards / modems etc. into, basically a router.

1.44Mb to boot the OS, have drivers for all the possible networking, and then do all the NATting, routing and everything else necessary as well as be a DNS caching server and all sorts of other things.

I remember being quite put off when people started publishing 2.88Mb boot images, and then later ISO images of it.

Now 1.44Mb is probably not enough for the HTML/CSS/Javascript on this comment posting page, without even the images included on it.

Re: Basics?

I worked at a place that had ransomware, but we were being asked to prove that data exfiltration never occurred.

It's extraordinarily difficult to prove such a thing.

In the end, the insurers and cybersecurity forensics, etc. people as well as the ICO were satisfied because we just happened to be in the middle of an ultra-quiet period, almost nobody was on site (COVID), and this showed on the networking stats, and our backups were clean (they managed to delete some backups, but the ones they couldn't get to were clean of the ransomware).

It was only sheer luck that the thing they hit was on a server cluster, that server cluster was running a software router (Smoothwall) as a VM, and hence as soon as they affected its storage, the router (including the primary DNS, default gateway, all the inter-VLAN routing, etc.) shut down hard. That immediately stopped any exfiltration being possible without knowing the REAL gateway address on an entirely separate VLAN that only the Smoothwall used and to which all the actual physical upstream connections were forced onto at the networking ports. No other ports were configured to allow that VLAN to be accessed or routed to, even if they tried.

It was pretty simple to determine that, before, during and after the attack took hold, there simply wasn't enough data going over any of the connections to do anything in terms of significant exfiltration.

A weird combination of cloud-managed switches with full stats, and a software router as the primary gateway for EVERYTHING, saved our backsides from having to notify thousands of people that their data may have been exfiltrated.

As it was, to this day, nothing has ever come of that, and we believe that even the ransomware responsible wouldn't have had time to call home or get remotely-controlled. It was introduced by someone plugging in an unauthorised USB stick - which we know from logs - with a zero-day detected malware, that 2 years later STILL did not appear on any antivirus check as malware... our cyberforensics specialists kept checking and submitting and it always just passed straight through the AV, which is how it was able to infect us. The timing between the USB stick warning, and systems dropping off the central AV dashboard - starting with that PC - was seconds. It was able to then get into the servers, and from there escalate into the cluster hosts itself within a minute. And then everything went off because the primary gateway for ALL VLANs had been knocked offline by it doing so.

But it wasn't able to talk home and its automatic actions were to shut down the only way for it to talk home by encrypting the cluster storage and then demanding Bitcoin to an address to get the key to unlock.

We basically had an unintentional automatic lockdown because of the design of the system (which was necessitated by simply not investing in IT for a decade).

(We clearly just wiped the entire network, changed all credentials and started again extremely carefully, no ransom was paid, no data was exfiltrated).

Re: Logs

Same for RADIUS logs on Windows.

Put them on a separate drive, they manage themselves and delete themselves when full.

Put them anywhere on C: and you will regularly find yourself with no space on the boot drive and failing services etc. because of it until NPS decides to clean them up.

So what you're saying is that your American car wouldn't fit in a British garage, bu you'd be able to fit even more British cars in your American garage? Because they're inherently different standards?

I don't think that's the argument you wanted to make on this particular comment.

There are models of car that have been very publicly vulnerable to USB/Bluetooth attacks to the point that the criminal fraternity targetted them explicitly and insurers started to refuse insurance for them.

Doesn't make either situation any better, but modern life apparently now means "we don't give a damn, you've already paid us".

Re: Only issue...

My parent's house has a water stopcock in their front garden.

For some reason, it's the stopcock to the entire street. I'm not joking.

It was discovered when a water main burst at the same time as the sewers were blocked, and the authorities were informed by several homeowners that their houses were flooding in shite.

Turned out that the water company blamed the sewage company and the sewage company blamed the water company (this was some time ago and, no, I don't know why they were separate). So while people's garden further down the street were inch-deep in effluent, and several neighbours were threatening to throw certain representatives of the company into the outflow, and the whole thing going on for days, dad walked to a small, nondescript stopcock hidden in his front garden and turned it off.

Suddenly, the water problem solved itself. Except now the utilities had to provide bottled water to everyone because nobody in the entire street had any water. The sewer company cleared out their blockages (neighbours flushing nappies). It took weeks, no water. And then the water mysteriously came back on for the whole street. Which allowed the water company to seal their quite obvious leak.

Decades later and that still is true. Engineers will come out and want to shut off dad's water for whatever purpose and the whole street goes off and though the engineer on the ground might figure it out, nobody seems to realise that's how it's plumbed, and the diagrams never get updated and the stopcock never gets changed. He often warns the guy actually doing it, and they never actually believe him until they turn it.

But it's not possible to isolate the water to my parent's house without cutting off the entire street. If they die and we sell that house and the next owner wants a water meter... they might be in for a shock.

Re: Greasy

It's the principle of the thing.

I might have the worst employer ever and be walking out the door in a storm... and though that might mean my co-operation ends, it doesn't mean I go beyond that and out the other side into malicious damage.

I don't really care about the references... A reference from a shite working place isn't worth anything to anyone, and nobody has ever cared about them. If there's a pattern, sure, but not "I left my last employer after YEARS of employment but their reference is rather non-positive even though I did nothing wrong". Nobody cares about that.

You'll get a handover. Which might just consist of me shoving a bunch of documents in your face and making you witness myself change my password to whatever you choose, but that's the bare minimum.

I have done it... I have walked out the door with zero notice (long story short, I was subject to an audit - by a FRIEND of the boss - that confirmed ALL my concerns/issues with the workplace, plus added a ton more that the employer needed to resolve, they utterly ignored it, tried to hide it, while still trying to say I wasn't doing my job. By then I had 8 weeks of holiday accrued legitimately - because one of the items was that there weren't enough IT people and I was overworked and I was "not allowed" to take my full holiday allowance, only to roll it over - and 8 weeks notice. Bye.) I have walked and left documentation. I have done crude handovers to totally inexpert people who went from cocky "Ha, now you're going, I get your job" to suddenly realising exactly what they were being lumbered and how much I actually did (a lot of wide-eyed "Really?" or "And that's for me to do?" in the course of a few hours). I have done "this disk contains everything someone needs to know about the network... do not lose it or give it to an idiot". And I've obviously also done some really much more professional (on both sides) handovers as you would expect.

But once I'm gone, I'm gone. I've had people from the old workplace calling me MONTHS after I've left asking how to do X or what do we do about Y, etc. and I just tell them I don't work there any more. I've had some quite stroppy demands in those instances. I just ignored them.

You're literally NOT WORTH destroying my reputation (I don't care about references, I don't care about future employers, I don't care about the work colleagues I left behind - the good ones will have come with me or know that it wasn't personal, and I'd make sure they already had whatever they needed before I went - but I do care about my reputation which, oddly, isn't as "damaged" by walking out of toxic employment as you might think. Precisely the opposite, usually).

I'm sorry, but has nobody watched ST:TNG?

"Computer... generate an opponent capable of defeating Data..."

Now that's 1) proper AI at work and 2) Exactly what you DON'T want happening.

Re: Swasticar ? No thanks.

Do I want to use products from a billionaire nazi, simultaneously evidenceless-paedophile-accuser and rapist-friend, who can't release a product without a reference to his drugged-up lifestyle?

Not ever, really.

I don't know what happened to the world, but there was a time where anyone from a respectable brand closed their Twitter accounts because of his behaviour, and where companies would be absolutely abandoned the second their CEO turned out to be off his head in public.

But apparently his company that underdelivers EVERY TIME consistently for decades is still one of the highest-valued companies in history.

The fact that anyone gives him the time of day, let alone airtime, is disgusting.

Re: Oh no!

That's what happens when you let Del Boy buy a cheap statellite...

Re: Time is a flat circle

The best thing about cloud is that MS has to eat its own dogfood.

You want to have Exchange servers running millions of users and update it every month and deal with the fallout... you do it, Microsoft. I did it for decades, with you being absolutely no help, so I will pay the £3.99 a month or whatever and then complain like hell if it's down for even 10 seconds.

Strangely it's at that point that they decided that, say, Outlook needed a long-overdue revamp to purge the legacy cruft, and that server clustering was a great idea, and that their services suddenly got more expensive, etc.

You don't have to pay up if you never agreed to.

The only reason Oracle can ever audit you is if you gave them the right in the first place.

Just cancel the Oracle products, tear up the contract and when this happens you tell them to take it up with the alleged-infringers directly.

Can we identify them? Sorry, no, not without a warrant.

Re: Meh...

I'm about to buy a NAS for myself, and others for work, and to be honest, I'm looking at ones that include several M.2 NVMe slots.

Because, for a start, I already have a bunch of them lying about that are too small for individual usage, but would make a great cache for a NAS to stop the disk spinning more than they need to.

But also, you can just get NVMe NAS nowadays, and the NAS I'm looking at can make RAIDs out of multiple NVMe's too.

It's all going that way. Every computer in work uses a M.2 stick. The main servers are M.2 for boot drives and SSD for caching. My laptop is 2 x M.2. My RPi's all have NVMe boot support with a tiny cheap adaptor for hardware.

And just looking at the size of things, you can put 4 M.2's in the bottom of a NAS and add zero size to the device at all. You can get a slimline router-size thing that's an entire RAID NAS for NVMe.

Disks are dying, and another few years they'll be dead. I only buy hard drives for large RAIDs nowadays, and those are all backed by SSD caching and fast approaching the point where the SSDs are nearly as cheap.

So I'm looking at a 10-bay NAS with 4 extra slots for NVMe. That should be enough to throw all my old stuff in, including old spare disks, SSDs and NVMe's, and then if I need to I can keep using that for a long time with a handful of cheap adaptors and bring the modern tech into the old disk bays (just not at NVMe speed, but who cares?).

As far as I'm concerned, disks are on the way out and even this is just a nod to using the old stuff I have lying around, which is starting to become as much NVMe SSD as if it hard disks. When I upgraded my laptop to WD Black M.2's, the original sticks... they're just lying on a shelf. Why not make use of them? Cache at first but, you know what? Storage just as much when I later replace those WD Blacks.