|
Company InformationIntroductionCompany principles Certifications and qualifications Why choose BladeSec IA? News and comment < |
Products and ServicesTypical workEngaging us Specific highlights |
MoreContact usPrivacy statement Terms and conditions Environment statement Equality and diversity statement |
|
Latest news and comment.2024/13/03 - System upgrade - Work completed. The work was started early (yesterday!) and now our gateway server is running Ubuntu 24.04.
2024/11/27 - System upgrade - At risk notice.
2024/11/20 - The thirty year cycle. And all this came to the fore when I read that Sweden has reissued If crisis or war comes for the first time in six years. Finland did something similar a few days ago. (I note the Finnish version is entirely online which may serve as part of the problem rather than a part of the solution). To those of a certain age, the words "Protect and Survive" carry a certain chill even now. It is also interesting to note the world events. Ex. Dynamic Front 25 started earlier in November and is currently taking place in Finland, not far from the Russian border. And as if by magic, two cables in the Baltic Sea are degraded, possibly severed.
2024/11/18 - Tesco in Stornoway.
2024/11/11 - Security investment. Over the years, I have used a variety of techniques to try and implement an effective security culture:- In terms of the why, one technique I have used (although, this is about getting those moist robots to do the right thing rather than obtaining additional security budget) is to ensure the advice and guidance they are given, translates to something they can use outside of work. Thus, instead of just implementing two-factor authentication, you take the time to explain to staff why it's important. Not only will that ensure that a good security control registers with them, but it will also help keep them safe at home. In terms of getting security budget, once upon a time, I would take a programme perspective and for every technology delivery, I'd build in a budget for appropriate security controls. In this case, the security spend was always absorbed into the overall project delivery. For the most part it worked, but as budgets tightened, the programme manager would always point at me and say that it was my fault that his project went over budget. What started off as a simple server upgrade would grow arms and legs as we needed to replace various parts of legacy networking infrastructure to accommodate what had been sold purely as a simple, cheap piece of work.
I responded by tracking security incidents and applying a cost to them. It may have been a largely fanciful amount, but it was strangely effective when you do this for every incident:- This approach allows you to highlight how much a security incident costs and can usefully be contrasted with the cost of implementing a security control. The Register has called before for an independent investigator into technology incidents and did again, earlier this month. The more I think about it, the more I think this is the future. This is not about assigning blame, but to find out why something happened so that society can learn from it and prevent it happening again. Whilst this might go a long way to helping the case for security budgets, it would also do away with the spin that every company puts out when they have been hit with a "sophisticated" and "complex" cyber-attack, when the reality is more likely they just didn't patch something, they ignored a legacy product or they failed to configure a new toy properly. Transparency can only improve IA within UK PLC and certainly be of a significantly greater benefit than a fine.
2024/11/08 - Internet attacks. And that happened to our gateway server in October. This server only offers SSH to the internet. The authentication must be by public / private key pairs and all the weak crypto is disabled. The other thing of note is that this server, because it faces the internet, is very aggressively patched. It has some other tools installed on it to detect nefarious activity, including Fail2ban. Fail2ban has a fairly robust configuration to simply drop traffic from known bad hosts. I've been collating the number of blocked IPs that Fail2ban blocks on an hourly basis for almost exactly a year now. I felt something interesting was happening, but have only just done the analysis. Nine of the top ten days with the most blocked IP addresses were made in October this year. As a result of that, further investigation of the log-files showed an entity that learned quickly it would be blocked after a specific number of failed attempts. It stopped fairly quickly hitting that limit, and instead rotated it's IP before it occurred. That means, there were multiple failed logins that did not result in a statistical entry. The attempted User IDs were, however, logged and unsurprisingly "root" was the number one attempted ID. There wasn't really anything else of note. Looking further back, and taking the months in general, October last year was the second worse month for blocked IP addresses after October this year. December, 2023 and January, 2024 make up fourth and third respectively. What is equally interesting is the drop-off of attacks. As I write this, for the last week, blocked IPs only just make it into double figures. There was a similar pattern back in May, 2024 for about ten days, although the traffic immediately prior to that wasn't particularly notable, except there was a gradual increase from February, 2024 to April, 2024. Prior to the October, 2024 bump, things had been relatively quiet since August. Interesting times....
2024/11/02 - Tesco opening on Sabbath in Stornoway.
2024/10/22 - Business use of personal e-mail. Whilst the definition of insanity is performing the same action and expecting a different result, there are complexities about business use of personal resources - whether e-mail, IT equipment or mobile phones. Certainly, the stay-at-home order at the beginning of Covid would have been inordinately impossible for many organisations without a degree of flexibility from all those involved. It must be emphasised, that a number of commercial e-mail services handle considerably more e-mail in a day than many government systems handle in a year - probably by several orders of magnitude. This gives them an insight into what bad looks like and permits them to take precautions that government can only dream of. If the personal e-mail account is properly secured, the threat from the bad guys is probably minimal. The real issue is the question of legal jurisdiction as most sizeable e-mail providers who have the insight I suggest are based in the US; and that could be a problem. But it's not really an excuse. If the department policy says, "organisational kit only", then that's the line in the sand. And I guarantee there are really, really good reasons for that.
2024/10/01 - Nightsleeper annoyances. However, beyond the inaccuracies, there were two things that really irked me about the finale:- Firstly, when the staff were evacuated from Nova, they didn't even lock their PCs. My one and only evacuation whilst in a secure office in Whitehall saw all the staff lock their PCs away securely, before leaving the building as this was deemed safer than taking their laptops with them outside the office. However, the real doozy (for me) occurred when Joe plugged a USB cable into a console. He managed it on the first attempt - almost without looking. I mean there are only two ways to insert a type A USB, but everybody knows that it takes between three and five attempts, and usually only after checking the alignment of the connector you are trying to insert! One thing that Nightsleeper did capture almost perfectly was when Abbey walked out of the station at the end. It's an incredibly odd sensation when you have done something that is monumentally important and yet the world doesn't know anything. The only way I can describe it is like you're not part of what is going on, like you're watching it, rather than being part of it. It is a strange sensation and probably has a name.
2024/09/27 - Interesting news items.
Next up: Owners of Unix-a-like systems, including Linux, some flavours of BSD and potentially ChromeOS need to update their CUPS installation immediately. There is a doozy of a vulnerability present, that Canonical and Red Hat have assessed with a CVSS of 9.9. You can determine if your install on systemd systems is vulnerable by entering:-
If the response states "running" or "enabled", run this:-
If that says, "cups", then your system is vulnerable. There are steps available to mitigate the vulnerabilities, but it will affect the printing service. You should apply patches from your vendor as soon as possible.Finally, from the "I didn't realise they were separate" news-desk, Tails and Tor announce they are joining forces. Given that we issue a Tails stick to every consultant on any deployment, this can only be a good thing.
2024/09/26 - Public wi-fi disruption. Even the opening paragraph highlights that it is the public wi-fi that has been impacted and not the railway stations. The irony is that out of the locations that are listed as being impacted, I would wager there's a pretty good 4G, possibly even 5G signal and therefore, it does beg the question why people need public wi-fi. Instead of making a useful article about the risks of using unprotected wi-fi, the BBC have gone nuclear in their headline.
And for the avoidance of doubt, I am quite enjoying Nightsleeper. The first episode annoyed me as I picked holes in everything. The second less-so as I learned to live with the inaccuracies. Whilst not as good as The Undeclared War, fundamentally, it's a good romp that glamorises to the world, the work we do. And it is nice seeing so many familiar locations, but not the real Nova. Seemingly, the interior shots were filmed at the Riverside Campus belonging to the City of Glasgow College.
2024/09/10 - Death of James Earl Jones.
To those that think his world started and ended with Star Wars and The Lion King should also reflect on the fact that he was awarded his Ranger Tab and his unit was sent to establish a cold-weather training facility in Colorado. When you look at his long list of credits, remember that he had a stutter since childhood. But above all, reflect upon the kindness of the man who never grew tired telling small children that he was their father.
2024/09/09 - Upgrade to Ubuntu 24.04.1 temporarily stopped. Interestingly, a laptop that went from Ubuntu 23.10 to 24.04 is operating with no ill effects.
2024/09/02 - End of an era in Stornoway. I also note that the TSB is closing the Peterhead and Lerwick branches. That too, is somewhat poignant, as my father was the first individual from outside Peterhead to win a scholarship to Peterhead Academy as a youth. Equally, my father used to go to the Lerwick branch of the TSB occasionally to cover holidays. So... it is the end of an era, but I am grateful that the bank gave me ties to Stornoway and Lewis that go well beyond any other place I have ever lived.
2024/08/29 - More on the arrest of Pavel Durov, CEO of Telegram. A new BBC report now states his arrest was far wider than CSAM, and covered an investigation into organised crime and complicity in enabling illicit criminal transactions. That would seem to be backed up by the AJ report linked at 16:15. Interestingly, the architecture of Telegram is such that it would have been really easy to permit law enforcement access to the majority of messages within the platform (as far as I can see, unless "Secret Chat" is enabled between two participants, all messages are unencrypted and would reside on the Telegram servers in plain.) To that end, I would wildly speculate that you can take the boy out of Russia.... ;-)
2024/08/28 - Interesting commentary on Telegram. Coming the same week as the CEO of Telegram, Pavel Durov, was arrested in France, is a monumentally interesting analysis of what Telegram actually is. (Spoiler alert: It is really difficult to activate the encrypted messaging as it requires your collaborator to be online at the same time in order to activate "Secret Chat". Equally, it can't be used for more than two participants, making a mockery of Telegram channels. Ergo: For a very large percentage of it user base, Telegram is simply an unencrypted social media platform.) Despite this, it is amazing how often Telegram's "end-to-end" encryption of messages is incorrectly repeated. Equally, some press reports state that Telegram has suddenly become more popular following Mr Durov's arrest in France. On the face of it, Telegram has been, and continues to be immensely popular. Just before Russia Today went dark earlier in August, it published a statement quoting the Russian internet watchdog, Roskomnadzor:-
It is clear that there is an awful lot of manipulation of opinion going on - which is why there are so many links to source articles in the paragraph above. On the face of it, Russia appears unsure of how to play it. Should they adopt Mr Durov as a slighted one of their own, or simply go down the well-worn route of using him as a political pawn, highlighting the censorship and sanctions imposed by the west? It does remain to be seen why Mr Durov was arrested.
2024/08/19 - Congratulations to Inveraray & District Pipe band. I had been invited to go, and it would have been great to be there to watch friends win, but unfortunately, I had a prior commitment. Instead, we were at The Royal Edinburgh Military Tattoo - which was also an excellent show...
2024/07/29 - Secure Boot rendered useless. The issue arises from an accidental(?) leak of the platform key in a GitHub repo back in 2022. Whilst the key was encrypted, it was encrypted with a four character password that was trivial to break.
2024/07/24 - Securely deleting storage media.
What it really comes down to, however, is how much money and time an attacker is willing to put into recovering your data. Whilst some activities may be of interest to authorities causing them to expend a substantial amount of time and resource, the fact is most people just aren't that interesting! An attacker waiting to acquire a storage device at the point you fail to blank it properly is more likely to put effort into compromising your security in other ways. An organisation who buys up old hard drives to see if they can recover anything interesting just isn't going to be able to apply a massive amount of time or money on every device. To my mind, that means that using any of the above processes, whilst undoubtedly leaving fragments of data behind that would be recoverable, will render the vast majority irretrievable.
2024/07/22 - More on CloudStrike. But in all seriousness, most people had never heard of CrowdStrike until Friday. And to be honest, I had no idea it's use was quite so widespread. It always struck me as a fairly niche product - that has previous for instability. As usual, the criminals were quick to weaponise the world's most serious IT outage in the history of technology. It showed how quickly Windows admins along with Security and Communications Teams had to align to prevent a catastrophic incident becoming an awful lot worse. Interestingly, there has been some reasonable speculation how the current, post-pandemic hybrid or home-working will have contributed to extending the outage. Despite the efforts of no-doubt tired, stressed and undervalued IT staff over the weekend, it looks like there will still be a backlog at GP surgeries, some flights still won't go and trains and banks will also be impacted. I note that there are many "experts" have jumped on the bandwagon to proclaim how to fix things - but this really was almost a perfect storm. Fixing it requires a change to society's thinking - starting with understanding the difference between value and cost. In other news, I see that Cellebrite assisted in the accessing of Trump's would-be assassin's phone - and did so in forty minutes.
2024/07/19 - Microsoft 365 and CrowdStrike.
2024/07/02 - Vulnerability in OpenSSH. Clearly, there are caveats. It's not been proven on Windows or Apple variants, nor on 64 bit versions of Linux - and only glibc-based versions are vulnerable. Either way, with over a third of all internet facing versions of SSH proving to be vulnerable, it's time to patch - urgently. Original finding from Qualys here.
2024/06/26 - USB slots in Toyotas. This time it's about the USB ports in some Toyotas. I recently bought a new-to-me Toyota. It was the first vehicle I've ever bought that seemed to come with everything needed to make and receive phone calls and listen to music from a USB or by Bluetooth out of the box. (All my previous Subarus had to be "tweaked" slightly with after market hardware.) The frustration, however, arrived really quickly when trying to use the USB port as the car would play it in an entirely arbitrary order. It meant that for the first 3 months of owning my new car, I had to resort to using the same CDs burnt with MP3s that I was forced to use in my last Subaru. Even upgrading the software made no difference. The long and short of it is that I should have followed my hunch and not done so much internet searching. If you search for information on how to fix it, you will get lots of people tell you that it's playing the tracks in alphabetical order (it's not), according to the access time (definitely not) or by numerical track order according to the file metadata (nope again). There are even a few people that say that they managed to solve it by creating a playlist (an M3U file). That didn't work for me and indeed within the almost 1500 pages of manual, it did say that it didn't recognise playlists. I should have followed my hunch. The FAT drive specification is pretty basic and the car was basically playing the music in the order that it was copied to the stick. (I admit, there is some complexity around this, but broadly at a high level, it's as simple as I outline). To solve it, copy the files to the stick and run this as root on the unmounted device. Windows and Mac users will be pleased to know there are other similar programmes for different operating systems - but this isn't supposed to be easy! You're welcome! (And don't get me started why Toyota would put a USB port and 3.5mm audio socket vertically on the centre console. Sure, they're protected when they're not in use, but put in any USB memory stick and the audio socket remains exposed. Luckily, protective covers aren't expensive.)
2024/06/25 - Mr Assange pleading guilty. Whilst I accept my views are unpopular, I do wonder whether his fans have ever stopped to reflect on the impact his actions have had on the victims of his alleged crimes in Sweden. For an individual who stood up for justice, transparency and accountability; it is clear that he does not see those values represented amongst his own personal morals. And those who think that the atrocities WikiLeaks highlighted meant that ends justified the means, then they are deluded. As Wilfred Owen said, the "the first casualty of war is innocence". If anybody thinks the level of barbarism exhibited in the 2007 Baghdad air strike was somehow unique to that era, they remain deluded. War is to go beyond hell. Sitting at home in a comfy seat, with an oat-milk skinny latte leaving likes on everything social media throws up is not war. It's not even a worthy commentary on the utter destruction and personal loss.
2024/06/24 - News round-up.
2024/06/20 - Kicking the wronged when they're down. This was a national disgrace when it happened. It became far worse when the Post Office failed to remediate legitimate third party concerns. It perpetuated the travesty by failing to do any of it in a reasonable timescale. Instead, the Post Office continue to find ways to make it far, far worse.
2024/05/05 - Russia outed as behind NHS major incident.
2024/05/04 - NHS severely impacted by security incident. I'd wager Russia are behind this. And the date is significant. And the NHS being a target is deliberate. It's sickening.... But there is no Geneva Convention in the virtual world - even when it impacts the physical world.
2024/05/23 - PSNI facing £750k fine from the ICO. The bottom line is that right now, every public sector organisation is facing huge budget cuts. They face a daily onslaught of people who rightly exert their legal right to obtain information on their operations, or to access the information that they hold about that individual. Each of these requests takes up a hugely significant proportion of time and effort to resolve. Back when I was the inaugural Data Protection Officer for a public sector organisation at the roll out of the Freedom of Information (Scotland) Act, I operated largely singularly. Now most public sector organisations have entire departments dealing with public requests. That is a massive cost that, for the most part, is entirely unrecoverable, yet it forms part of the legal obligations of that organisation. However, the real reason I have an issue with the penalty regime is that fining the body responsible for the (in this case, a human error) breach, doesn't help the victims. Instead, it impacts the funds available to the body to take appropriate corrective action. They may be able to pay another suitably senior individual to validate responses to official requests prior to sending them out which would prevent this ever happening again. They may be able to invest in suitable automation; to prevent this happening again. They may even be able to pay their victims more than the paltry £500 the PSNI are giving each of their staff. And that's why in the current economic situation, I would suggest that the ICO's approach for fining public sector organisations is flawed. Whilst I am criticising the ICO, I may as well highlight that they are permitted to keep a portion of the fines they raise. I appreciate that what I said above makes a case for increasing their fines, but I'd point out that the ICO have been trying to increase the scope of their operations at least since 2017. As recently, as yesterday they were rattling their swords on something that is for preview in Windows 11, that may never actually go live! On the other hand, they don't seem to be terribly interested in flaws in Apple's and GL-iNet's geolocation services that have existed for years.
2024/05/05 - A less Googled future. That prompted an investigation to determine what that phone should be replaced with. I had spent a lot of time reading about GrapheneOS and the work it was doing on containerisation for Google applications, as well as redirecting Google Play Service calls to GrapheneOS. It was interesting enough for me to want to give it a go. Because it only works on Google Pixels, I had to order one of them and because a Google Pixel 7 can run both LineageOS and GrapheneOS (clearly not at the same time!) I ordered one of them. Another benefit was that stock was being run down ahead of the Pixel 9 appearing. Yesterday I installed GrapheneOS. It was pretty easy, following the instructions and I had a play. A day later, I'm replacing it with the stock Google firmware ahead of flashing LineageOS onto it this afternoon. The reason is that GrapheneOS clearly has a very niche market and I don't think it's me. Whilst I don't want to depend on Google applications and services, BladeSec IA does use Google cloud infrastructure for our business e-mail, contacts, calendaring and tasks. As a consequence, I do expect a new phone to be able to handle those four things - not necessarily out of the box, but with as little effort as possible. It's clear that GrapheneOS is too much in the privacy camp. Try as I might, I could not get the FOSS Calendar application I use, to synchronise to Google. I managed to get everything else working - in the end. On the basis that it synchronised my Tasks, I freely admit that it was probably me doing something wrong that prevented my calendar working. The problem was that having exerted a few hours trying to work it out (and I even read the online manual whilst it was flashing; worryingly, it goes from explaining Android gestures to storage permissions) I have opted to revert to LineageOS. And that's where I find things now. LineageOS strongly suggests only installing it from the stock image. You would think that would be easy enough - Google even provides a web page to help you do it. And that's the point of this update as there are a few nuances that I thought may help people in the future. Firstly, I chose to do it on Chrome from Windows 10. We have a solitary remaining Windows laptop that's used for all sorts of things. If I need to run some stuff that I can't look at, it will always go somewhere else other than a production machine. Hence, reverting the firmware to stock was always going to happen there. My Pixel 7 appeared under "Portable Device" in the Windows Device Manager. It seemed to support my notion that I had followed the instructions to install the Windows USB device drivers. It did strike me as odd that Windows said that it was running the most up-to-date drivers already, but I'll circle back to that in a second. The next issue is that the Google website doesn't actually seem to tell you how to prepare the device until after it fails. You need to enable Developer Mode, enable USB debugging and enable OEM unlocking. (I won't tell you how to do that as this isn't supposed to be easy!). When you enable USB debugging, it is easier to click "Always" under "Trust the computer". You are, after all, reflashing the firmware - the decision won't persist. All went well and the online flashing tool was able to find my Pixel. I was able to click the option to reinstall the public firmware and my Pixel rebooted into the bootloader. That's where the wheels came off. Nothing I did would allow my laptop to see the Pixel. I went back into Windows Device Manager, and I spotted that the Pixel was now listed under "Other Devices", but with a yellow warning triangle. A quick right click and offer of the USB device drivers I had previously tried to apply when it was a "Portable Device" and low, happiness was restored. I'm typing this as the original stock firmware is downloading. This afternoon, I will install LineageOS after updating the phone on the stock Google software. Hopefully, it'll be easier as it's something I've done many, many times before.
2024/04/29 - Threat in the news.
2024/04/24 - Website issue. We've taken the SSL redirect off, so that you can read the website in glorious insecurity until Namesco have resolved the issue. The website doesn't actually capture any sensitive or personal data, so this won't impact on much except your browser telling you that the connection is insecure.
2024/04/16 - A world away.
This afternoon's work has been completed and all is working again.
2024/04/04 - Reminder of this afternoon's at risk notice for CJSM networking.
2024/03/31 - At last a good use for artificial intelligence? I suspect I was reflecting on this. I can't relate to the why but I do find it utterly heart-breaking. If this genuinely helps, then perhaps it is the best use of generative artificial intelligence so far.
2024/03/30 - Death of Ross Anderson.
The Cambridge technology field was surprisingly well acquainted with each other. It was due to a legacy of those times that I've always supported Cambridge during the annual boat race - and there's a little bit of me thinks Ross would have welcomed today's result in both the men's and woman's races.
2024/03/27 - At risk notice: Changes to the CJSM secure e-mail service. The normal internet e-mail shall remain unaffected by this change.
2024/03/25 - More on the British Library attack.
2024/03/18 - News round-up. Firstly: This breaks my heart as much as an article in The Field listing details of the men who died between the signing of the 1918 Armistice Agreement at 5:45 and when it was announced on the 11TH hour, of the 11TH day of the 11TH month. If you work within IT or the technology industry, you owe it to those Post Masters who died having been falsely prosecuted to ensure that it never happens again. Never. Secondly: Moving onto the digital attack that occurred in October last year against The British Library. In an relatively unprecedented demonstration of openness a review of the incident was published at the beginning of the month. The details of that, including the apparent attack vectors, should be shared with every senior in every organisation. Next: There's been a massive outcry about a family photo that was posted by The Princess of Wales to social media on Mother's Day. It was "kill-filed" by various media outlets as having been doctored. Given that Google actually advertises the Pixel phone by highlighting the reality-altering features of the Magic Editor, my view is "how can we trust any image from a modern phone as being undoctored?". I get annoyed at my Nokia G22 that regularly does things that AI thinks improves the image resulting in a cartoony feel - and there is no way to switch it off. No. I think we should be grateful that the Princess of Wales edited the image by hand rather than using AI. After all, it's the minute flaws that show it's hand crafted. Finally: Many folk who work in this sector will be aware that Professor Fred Piper died on the 12TH of March. Whilst many people knew Fred from Royal Holloway, where he was the founding director of the Information Security Group there, I knew him as one of the founders of the Institute of Information Security Professionals in 2006. The IISP went on to became the Chartered Institute of Information Security built on much of the work that Fred did, from the Skills Framework to the academic network. Not only was he one of the founding Directors, but he held the role until 2014 where he helped influence information assurance in academia and the wider industry. He was one of the humblest, most engaging academics, I knew and I will miss him.
2024/03/06 - Safer Travel, 2024. Eagle-eyed readers will notice there are very few updates between the final issue of 2023 and this one. We make no apology for that as it represents a different way of working. We normally spend hours trying to integrate all the necessary changes into the first edition of the subsequent year at the same time as fielding enquiries from folk who say, "Safer Travel is out of date" without actually contributing for it. Hence, this version has only received minor changes. Watch this space.... We suspect the next issue will top out at over 200 pages!
2024/02/26 - The Calcutta Cup. By the time we had checked into our hotel in Ullapool, and I had unpacked all the dog kit, Scotland had started their retaliation and were ahead - something that England never recovered from. The match was notable for more than just the fourth successive Scottish win. Credit must go to Duhan van der Merwe for completing the first ever hat-trick by a Scotland player against England. His personal performance was the stuff legends are made from.
2024/02/15 - Backdoored encryption is illegal. The mechanisms behind the decision make for interesting reading too, as we largely have to thank our friends(!) in Russia for this finding. It gets even weirder than that, as it was a legal challenge against Russia's Federal Security Service (the FSB) who demanded technical information from Telegram in order to assist in the decryption of a user's communications in 2017. The user originally challenged the order in Russia unsuccessfully - unsurprisingly. The thing was, somebody clearly overlooked the fact that Russia was a technically a member of the Council of Europe from from 1996 until its invasion of Ukraine in 2022. This means that the appeal, lodged in 2019 had to be considered by the ECHR until a decision was made; which it now has. Good manners saves me from making a comment citing both the UK Government and Russia in the same sentence!
2024/02/01 - Safer Travel 2024. There are a number of modifications that are outstanding; mainly around having a "plan B", and what it should look like whilst dealing with disasters in foreign places. Equally, now that everybody has become an expert on videoconferencing, there's a never ending stream of advice on that particular front that we need to sort through. We hope to have the first edition for 2024 in place by the end of February as the changes are not terribly extensive. When that's sorted there will be a significant review in time for the second edition. As always, we will try to get it out prior to the Scottish summer holidays. In a related note, this year marks my 25TH wedding anniversary and we have some very interesting, and extensive travel planned for much later in the year. I think the travel shall encompass every form of travel that is listed in Safer Travel. Whilst I didn't set out to do this, it feels that that highlights how extensive the anniversary travel is!
2024/01/21 - Network upgrade - Work completed.
2024/01/21 - Network upgrade - Work commencing.
2024/01/15 - Network upgrade. It must be emphasised that whilst the outage will have no affect on customers, this will result in no connectivity for internal BladeSec IA information systems. Whilst e-mail and the BladeSec IA website shall continue to be fully operational, the gateway and customer reporting servers shall be taken offline. Any customer having a critical issue, should use the appropriate telephone contact rather than e-mail during this time. The customer facing service shall be fully operational by 08:00 on Monday 22ND.
2024/01/10 - The Post Office scandal - the last word. At long last the poor souls that have been battling to get their reputations and livelihoods back, fair compensation and even widespread recognition are on the brink of achieving all this. This is great and shows the power of the media. That said, I do find myself irritated that it took a TV dramatisation for it to enter the public conscience and for it to be prioritised by politicians and criminal justice organisations. Only now are we seeing a force of thought, and the potential prosecution of responsible staff in Post Office Limited and Fujitsu. What is wrong with society that it took a fact-based work of fiction to fix such an atrocity?
2024/01/09 - Website updates.
2024/01/05 - Mr Bates vs. The Post Office. If you haven't watched it, please do so on STV Player or ITVX. This programme should be mandatory viewing for senior civil servants, MPs, MSPs and all directors and C-Level executives of organisations of national interest. If you think you can get away with it or that what you do doesn't affect people's lives, to quote Abe Lincoln, "You can fool some of the people all of the time, and all of the people some of the time, but you can not fool all of the people all of the time". And that's the rub; the internet is "all of the people". In this day and age, eventually, somehow, even against the odds, no matter how careful you are, and despite NDAs and confidentiality agreements... The truth will always come out.
2024/01/02 - For Rebecca.... As the credits rolled on the first episode, I was reminded of the point my late father lost faith in banking. He was an old-school bank manager that liked pens, paper and writing everything down. (This was one piece of advice that I have ruthlessly stuck to - If you write it down, you don't go wrong.) When his bank was computerised, the closing balance did not tally with the paper record that he had insisted was maintained. I recall that it was not a massive amount, but because he had sought evidence that the computer system was accurate, one of his tellers was quickly able to identify that the amount outstanding was, to the penny, the same as the funds held in the charity and non-profit accounts. When my father phoned the helpline to point this out, whomever he spoke to realised that that category of account had not been transferred onto the computer system. My father maintained that he heard some typing, and the outstanding balance on his branch was changed to nil. He maintained that if somebody can do that without seeing the evidence of the cash at hand or without the authority of the branch manager, computerisation was always going to be met with suspicion. My father was lucky in some ways as ultimately, his bank made the transition reasonably well, although I note that I had cause to complain to a different bank several years later, when I went to get a mini-statement from an ATM and discovered that the date the statement was issued was three days prior to the "last transaction". That's why this remains so important....
2024/01/01 - Happy New Year! Looking back at the last three months, we've been inordinately busy, doing inordinately interesting things for our inordinately special clients. We're delighted to have a couple of new clients on-board who have been very vocal in championing our skills and abilities with other bodies. I continue to look in frustration at the "traditional" consultancy sector. It is clear that it survives by never admitting failure, never scaling to provide best value and pandering to procurement by being so large, it can't fail - except to deliver best value client focused programmes. Many government departments are bought into the hype looking for "digital delivery partners" that can offer "development, hosting, administration, infrastructure, security services, data centre, on-prem, cloud, hybrid, UK-based, security cleared and ready-by-a-week-Tuesday". If that were divided up into smaller lots, you can imagine the value that would be provided to the tax-payer; all in return for an overarching programme manager - and you never know, some programmes may deliver to time, to budget, to specification. With that, here is our tongue in cheek look at the last twelve months:-
Click here for older News & Comment.
|
||||