HackerTrans
TopNewTrendsCommentsPastAskShowJobs

PaulAJ

no profile record

comments

PaulAJ
·el año pasado·discuss
Anyone who doesn't understand what's so difficult should read this:

https://wiki.c2.com/?WhyIsPayrollHard

Its from a different domain, but it gives you a flavour of the headaches you encounter. These systems always look simple from the outside, but once you get inside you find endless reams of interrelated and arbitrary business rules that have accumulated. There is probably no complete specification (unless you count the accumulated legal, regulatory and procedural history of the DVLA), and the old code will have little or no accurate documentation (if you are lucky there will be comments).
PaulAJ
·hace 2 años·discuss
Would this also be potentially a DoS amplifier? If you sent it the right spoof packets, would it return a lot of packets to the apparent origin?
PaulAJ
·hace 2 años·discuss
The ONT's job is to translate from (typically) Ethernet to the optical fibre, and nothing else. In networking terms its "Level 1"; concerned only with moving bits from one end to the other. Most ISPs will provide an ONT which does that and nothing else, and then a regular router/firewall that plugs in to the ONT via Ethernet.

Your security barrier is the firewall in the router, plus whatever encryption you apply to comms outside it. As long as you get that right your ISP can't see what you are doing apart from the to/from addresses on your packets (which can't be hidden, obviously).

ISPs generally push their own managed router/firewall at you because that way when something isn't working you don't wind up with arguments about who's fault it is, and the ISP can troubleshoot your router. But in my experience they have no problem with you unplugging their device and plugging your own in instead.

I haven't seen an ISP which does the ONT and the router in a single box. Its theoretically possible, but would be a bad idea for several reasons. One is security, as you say. Another is that the fibre can't be extended with more wire, unlike a copper phone line. So the ONT tends to be a small wall-mounted box with an Ethernet jack in it. That way your Wifi access point isn't stuck low down next to your front door or something.
PaulAJ
·hace 3 años·discuss
I think I see what they mean. "Misconception" means something where you can point out "no, that's incorrect". But these people have more than just an error in their knowledge, they are fundamentally misconstruing the world and how it works.
PaulAJ
·hace 3 años·discuss
Also missing from this are:

* The time you spend managing and supervising, including desk-checking the stuff they send out, because it goes out under your name and you are only as good as your last job.

* IT costs, and office space if they aren't working from home.

* Liability insurance in case they screw up. (Not certain about this: maybe you just trust that your company is a sufficient legal firewall because its only asset is you).

I remember back around 1990 hearing that for my big company employer putting a coder in a seat in front of a computer cost roughly twice their salary. That's still true today.
PaulAJ
·hace 3 años·discuss
How much maintenance does this take to keep its reflectivity? Does it get colonised by algae? If it needs to be scrubbed with bleach once a year, I can see that being an issue.
PaulAJ
·hace 3 años·discuss
Has anyone pointed out that in the UK 999 is the emergency number (like 911 in the US). So "999 Request Denied" sounds like a public safety issue to someone who doesn't speak tech. Make it 998 if you must.
PaulAJ
·hace 3 años·discuss
I use a Raspberry Pi, cheap USB webcam and https://raspberry-valley.azurewebsites.net/MotionEye-OS/ Motion Eye to watch out for intruding cats coming through the cat flap. Entirely open source, completely under my control, and simple to set up. What's not to like?
PaulAJ
·hace 3 años·discuss
During COVID the government tried skipping those procurement rules in the interests of expediency. The result was a huge corruption scandal.
PaulAJ
·hace 3 años·discuss
Nothing specific, but I've seen some big systems from the inside, and I know the kind of thing that leads to failures:

* Back in the 60s they got a big IBM computer to do some stuff. Then later on they needed to do other stuff. The old computer was too expensive and difficult to replace, so they got a new VAX or something to do the new stuff and talk to the old mainframe. Then some PCs got added to do more stuff, and so on. Today the back end consists of many different systems of different ages all talking to each other using different protocols that were designed against different requirements. Newer systems are forever being patched and updated to cope with new requirements, while the code for old requirements lurks waiting to be accidentally reactivated. Each of these systems has its own specialists for care and feeding, but nobody fully understands the whole thing. When something goes down there are not many people who can diagnose the fault and get it back up.

* Government contracts have lots of rules around them to ensure value for money and prevent corruption (see the UK COVID PPE fiasco for what happens when you try to cut these rules out). But the size and complexity make even bidding for a big contract very expensive and complicated, so it tends to be the preserve of a few big companies who chose to specialise in it. Their core competence is winning these contracts, not delivering on them later.

* These rules mean that everything has to be specified in detail up front, so that everybody knows what is supposed to happen. But this makes the whole thing horribly inflexible. As new requirements emerge from the woodwork there is a continuous process of renegotiation.

* The UK civil service is based around the "cult of the gifted amateur". Senior managers are rotated around departments every few years. So the person who kicks off a project is rarely the person who sees it through. Everybody gets to blame someone else for failure.

* When one of these big contractors fails to deliver, the Government has to chose between suing to get their money back (or some of it) in a few years, or getting the at least part of the system they actually need at a higher price. The government doesn't need the money, it needs the system. So the contractor gets to carry on regardless of failure.

* Humans are very bad at managing small risks with large consequences. Many big disaster stories have at their heart someone who decided that the risk was too small to be bothered with.
PaulAJ
·hace 3 años·discuss
Here: https://i.pinimg.com/originals/36/ad/9f/36ad9f245cf7b76cccd5...
PaulAJ
·hace 3 años·discuss
One thing to remember: Small Claims Court (or whatever it is called where you live). Most jurisdictions have something like this: a light-weight court system without lawyers for low-value cases. Pay a minimal fee, like 10% of your claim, up front, and your claim is in.

Just make sure you know exactly who your counterparty is. If the item is sold by someone else via Amazon then your first target is the seller, not Amazon. HOWEVER there may be the Amazon A-Z guarantee, which is part of their deal with you, and which you can sue them over.

I'm always amazed about how stories like this never seem to talk about "here is how you use the court system when MegaCorp stonewalls you".