|
The best protection are simply longer passwords - if you use "thisismypasswordandyoucantcrackit" it's a lot more difficult to crack that than "4%UAxz"
|
|
#
?
May 13, 2017 10:36
|
|
|
|
| # ? May 17, 2024 11:16 |
|
|
At uni the password for our router was doorcuplightshit. According to a random website I just looked at it would take 35 thousand years to crack. It also has the added benefit of being really easy to remember even 6 years later. I still maintain these are the best passwords for ease of memorisation and difficulty to crack.
|
|
#
?
May 13, 2017 10:41
|
|
|
Firos posted:At uni the password for our router was doorcuplightshit. According to a random website I just looked at it would take 35 thousand years to crack. It also has the added benefit of being really easy to remember even 6 years later. I still maintain these are the best passwords for ease of memorisation and difficulty to crack. Except password crackers are now targeting strings of common words. Having 'poo poo' in there means you're probably okay though.
|
|
#
?
May 13, 2017 10:46
|
|
|
Praseodymi posted:Except password crackers are now targeting strings of common words. Having 'poo poo' in there means you're probably okay though. To be fair it was our uni router so we didn't really care. It was easier to remember than the default password which was our main issue 
|
|
#
?
May 13, 2017 10:47
|
|
|
Your random website is wrong about that. Your password illustrates the exact problem mentioned above. Although in theory there are ~20000 possible words to use in your 4 word combo, the vast majority of real life passwords will use a selection of ~100 common words. Takes a lot less than 35 thousand years to go through that. "poo poo" is probably one of the top most common. Why do you even need your wifi password to be easily memorable? You enter it once on a new device and never worry about it again.
|
|
#
?
May 13, 2017 10:49
|
|
|
I lived with 2 people doing computer science so they wanted to do stuff with it IDK. I used that password more as a proof of concept for ease of memorability. We weren't really worried about someone trying to hack our router. If I'm ever afforded the chance, I use similar passwords but with words more obscure than "door".
|
|
#
?
May 13, 2017 10:56
|
|
|
Cerv posted:Why do you even need your wifi password to be easily memorable? You enter it once on a new device and never worry about it again. Its also one of the few passwords where you probably want it shorter (10-20) but very random, as many devices that need Wifi have poo poo interfaces to enter the password in and it can be a complete pain to enter a long password into them.
|
|
#
?
May 13, 2017 10:57
|
|
|
endlessmonotony posted:Y'know, most of that work goes firmly in the category of "why bother". This is bollocks. There are 152 NHS Foundation Trusts who are semi-autonomous from the DoH, and 470 trusts in total. At this point you can take even the smallest most basic workflow that exists within the NHS and you'll find 20 different ways it is implemented somewhere in the country. You're therefore completely skipping over the single biggest problem with the project, which is that you have to re-train almost every single staff member in the fifth largest employer on the planet. And the vast majority of them firstly see computers as a necessary evil that they would rather not deal with at all, and secondly are completely overworked as it is. Where do you get the time from to cover for doctors on training when there is already a 20% staff shortfall? How do doctors work in the meantime while only some of them have been trained for the new system? And it's funny because recent history points out that this is the case. The exact thing you are talking about was attempted starting in 2011, by 2013 they gave up having spent £11bn but succeeding only in creating yet another records system alongside all of the others, because they couldn't find a way to train everybody to switch to the new system without creating a patient care meltdown. endlessmonotony posted:Medical devices have a lifespan. Conform or die. Figuring them out probably isn't worth the expense in a vast majority of cases. This is also bollocks. Medical devices have a lifespan measured in decades. It's not uncommon to find that there exists only one model of device in the world to perform a particular test, in which case it is likely to be made in exactly the same way now as it was when it was first invented. So your proposal now includes in some cases funding the production of an entirely new device just so it can do the exact same job but electronically integrated (not that I would mind necessarily, my company exists to do exactly this but you're on another planet if you think this is trivial). "Conform or die" is possibly the most crass approach you could take - suppose the only device that tests for a disease which is obscure, but fatal if untreated, doesn't work with your new system. What point do you choose to decide when enough people could die that it is worth the expense? Hint: if your answer is 1 death is too many then your costs for this are somewhere along the lines of 'astronomical'. Scikar fucked around with this message at 11:15 on May 13, 2017 |
|
#
?
May 13, 2017 10:59
|
|
|
Cerv posted:Your random website is wrong about that. Your password illustrates the exact problem mentioned above. Although in theory there are ~20000 possible words to use in your 4 word combo, the vast majority of real life passwords will use a selection of ~100 common words. Takes a lot less than 35 thousand years to go through that. The same people who only use a small selection of words are using them in passwords already. Take a "random" word (as you say, realistically one of a fairly small number in reality), make a few substitutions (a = 4, e = 3 etc., these are almost worthless because there are only a small number of possibilities that make sense), finally add one or two "random" special characters to satisfy the system you're working with. It turns out that while each step after the random word makes the password harder to remember, it doesn't actually make it that much harder to crack. Whereas four random (or "random") words is actually in many cases higher entropy and therefore more work to crack even with a dictionary, while being easier to remember.  The closest we have to practical password management is to use a password manager so your individual passwords are as difficult to crack as possible, and then secure it with the most difficult password that you can still easily remember (and preferably a second factor too).
|
|
#
?
May 13, 2017 11:07
|
|
|
It's also important to keep in mind that the article refers to hashes getting cracked, which is only relevant in a situation where a website got hacked and the password data stolen. If you have different passwords for all logins the dangers from that kind of attack are minimal, given that they can't test millions of passwords on a real world login.
|
|
|
#
?
May 13, 2017 11:13
|
|
|
Oh and that talk about the NHS still having support for XP? That was for security patches from Microsoft, which would most likely have included this issue (the older versions of SMB are still supported in Windows 10 for backwards compatibility, so it's likely to be the same code itself, just more work to test if it breaks something else). It was £5.5 million a year for the whole of the NHS, but Cameron cancelled it and told the trusts to negotiate their own individual deals with Microsoft instead, which leads to the wonderful decision of "do we spend this money on more beds and doctors which are desperately needed and in the headlines most days, or on computers which will only be in the news if they break?"
|
|
#
?
May 13, 2017 11:14
|
|
|
jabby posted:Honestly it doesn't even matter if what they say is accurate or even true, that poo poo never stopped the Tories. They just need to come out hard blaming the attack on underfunding and the government cancelling the support contract with Microsoft. Have you seriously literally only just noticed that the current organisation of the Labour Party is terrible at press management? Scikar posted:This is bollocks. There are 152 NHS Foundation Trusts who are semi-autonomous from the DoH, and 470 trusts in total. At this point you can take even the smallest most basic workflow that exists within the NHS and you'll find 20 different ways it is implemented somewhere in the country. You're therefore completely skipping over the single biggest problem with the project, which is that you have to re-train almost every single staff member in the fifth largest employer on the planet. And the vast majority of them firstly see computers as a necessary evil that they would rather not deal with at all, and secondly are completely overworked as it is. Where do you get the time from to cover for doctors on training when there is already a 20% staff shortfall? How do doctors work in the meantime while only some of them have been trained for the new system? This, but that's only the latest attempt. New Labour had a several 'spent £xbn on NHS IT systems with nothing to show for it' scandals. It's not a Labour/Tories thing, it's not a resources thing. The problem is just of a scope where even if you sort out all of the autonomy and motivation issues, you can't develop, prototype and then roll out a system across that many users without it becoming obsolete in the process. The MOD is spending £1bn to upgrade it's computers and that's literally just to give the everyday desktops systems modern versions of Office.
|
|
#
?
May 13, 2017 11:19
|
|
|
But this is a problem that has to be sorted eventually. What're we supposed to do, just ignore it and let the systems get older and older?
|
|
#
?
May 13, 2017 11:26
|
|
|
Correct me if I'm wrong but isn't £5.5m a year basically nothing to the NHS in the grander scheme of things?
|
|
#
?
May 13, 2017 11:26
|
|
|
Steve2911 posted:Correct me if I'm wrong but isn't £5.5m a year basically nothing to the NHS in the grander scheme of things? The cost would go up each year as MS tried to pressure people into upgrading instead, but yes it's peanuts for the NHS as a whole. Individual deals for each trust, not so much when some of them are basically bankrupt already. It's the perfect Tory move - declare a saving at national government level, transfer the larger costs to the NHS itself on top of all the other pressure, then when it blows up blame the NHS itself and use it as more ammunition to support privatisation. e: In fact I think Microsoft wouldn't even offer it to organisations below a certain size. Smaller trusts wouldn't have even had the option on their own.
|
|
#
?
May 13, 2017 11:31
|
|
|
If you had a proper guarantee of a nationalised NHS with an agreed standardised system you could institute a staged roll on, where new facilities and departments all have to use the new developed system (and hopefully this staged approach would limit how many unique systems it would have to interface with) and eventually lead to enough roadtesting that older systems could be transferred over as well over two decades or so. I wonder if these IT projects were given that sort of timeline?Steve2911 posted:Correct me if I'm wrong but isn't £5.5m a year basically nothing to the NHS in the grander scheme of things? It's measured in the billions so yes. A friend of mine introduced me to the concept of market Stalinism, where more effort is put into recording and monitoring data that can be used as proof that a market is working well than is put into actually making a working market and I've got to agree that that's a reasonable summary of the NHS. The various Trusts are technically given budgetary independence, must submit business plans to NHS England regularly and many must aim to produce a 'surplus' (read: profit, although it is meant to be used for investment) yet their major source of income still comes from government and they're just dividing it up amongst other healthcare providers and they're sometimes given independence to procure their own services (like IT sometimes) and other times it's managed by NHS SBS, depending on what looks good rather than what is practically better.
|
|
#
?
May 13, 2017 11:39
|
|
|
namesake posted:If you had a proper guarantee of a nationalised NHS with an agreed standardised system you could institute a staged roll on, where new facilities and departments all have to use the new developed system (and hopefully this staged approach would limit how many unique systems it would have to interface with) and eventually lead to enough roadtesting that older systems could be transferred over as well over two decades or so. I wonder if these IT projects were given that sort of timeline?
|
|
#
?
May 13, 2017 11:52
|
|
|
Should be using AmigaOS
|
|
#
?
May 13, 2017 12:01
|
|
|
Have we talked about this loving disgusting piece from the Scum? https://twitter.com/therubykid/status/863331572010897408
|
|
#
?
May 13, 2017 12:02
|
|
|
namesake posted:If you had a proper guarantee of a nationalised NHS with an agreed standardised system you could institute a staged roll on, where new facilities and departments all have to use the new developed system (and hopefully this staged approach would limit how many unique systems it would have to interface with) and eventually lead to enough roadtesting that older systems could be transferred over as well over two decades or so. I wonder if these IT projects were given that sort of timeline? They are given that sort of timeline. It doesn't work because the scale of the NHS, and the huge degree of autonomy granted all across the system (which makes sense and works better than centrally organising and standardising the system). That is why they keep getting cancelled in a way which makes it all look like a hopeless boondoggle. Tech simply moves faster than a monolithic institution like the NHS because the NHS is 1.4m different people. Every hospital will have somewhere in the range of 2-300 PCs on site, every GPs office somewhere between 20-80 PCs. All of them will be connected to various departments which all have specialised needs. You can't just carve out parts of the system to upgrade it, and slowly roll out to older parts gradually, because the information on those PCs needs to be shared across a wider network which interacts in a simplified manner which is more or less commonly understood by all employees. Likewise, someone working in one of your proposed new departments will also have to interact with systems from old departments - where their difference in systems training can make a significant difference on the quality and speed of care delivered in an already trying time for the organisation. Any sort of technological jump for the NHS would probably need to be done in one single, unified step, and honestly it would probably need to be proprietary systems designed around modularity (so that future upgrades can be rolled out with ease) and extremely efficient performance (to reduce the need to upgrade hardware when those updates roll out). By making it a closed, proprietary system, you also close out a ton of potential risks consumer level OS face too. Unfortunately that would probably require the NHS to have a research and development department working on it almost constantly.
|
|
#
?
May 13, 2017 12:06
|
|
|
Praseodymi posted:Have we talked about this loving disgusting piece from the Scum? Pretty good advert for Corbs that. Shame it'll be Sun readers reading it. stev fucked around with this message at 12:11 on May 13, 2017 |
|
#
?
May 13, 2017 12:08
|
|
|
LemonDrizzle posted:Windows XP is 15 years old. If you're rolling out your replacement system over a two decade period, isn't it going to be even more obsolete than XP is today by the time you're finished? Potentially, but that would only mean it was about as vulnerable as the system is today but as its bespoke there's less risk of it falling to untargetted attacks like what's just happened and it means future upgrades wouldn't have all the issues we've been talking about with ensuring compatibility. I'm not an IT project manager so I'm just spitballing what might be possible. Praseodymi posted:Have we talked about this loving disgusting piece from the Scum? https://twitter.com/therubykid/status/863331572010897408 ..... Have they really just called a refugee crisis a war?
|
|
#
?
May 13, 2017 12:09
|
|
|
I like how 3/4 of that list is before he even became an MP. "That dastardly jam man, not supporting a war that started when he was -4 years old  "
|
|
#
?
May 13, 2017 12:10
|
|
|
You guys are misreading that graphic. The figures listed are the numbers of British service personnel killed by Jeremy Corbyn, with his bare hands on the battlefield.
|
|
#
?
May 13, 2017 12:14
|
|
|
Angepain posted:You guys are misreading that graphic. The figures listed are the numbers of British service personnel killed by Jeremy Corbyn, with his bare hands on the battlefield. I was going to find an appropriate MGS quote (because I'm a complete manchild slowly losing his grip on reality) but instead I found this which is SO MUCH BETTER. 
|
|
#
?
May 13, 2017 12:19
|
|
|
The NHS is just so fragile because it's working flat-out in almost every department and there's no way to just decide to ease off for the majority of departments. In my old job we switched to a new patient management system but something as minor as hiding when appointments were booked and putting inpatient and outpatient appointments in separate menus meant that it took Medical Records staff 2-3x as long to figure out where a set of notes was likely to be (we weren't using the original system for what it was 'meant' for so it wasn't picked up as a use case). When we were just barely finding 95% as it was, you suddenly have a lot of missing notes, angry doctors and patients turned away. Why risk putting yourself through that unless it's absolutely necessary?
|
|
#
?
May 13, 2017 12:21
|
|
|
Also the issue with bespoke and proprietary systems for the NHS is that they would be massive money sinks, and would probably require an entire training path just to hire people to work on developing after it exists and is out there. There is a reason we contract tech stuff out: it requires an expertise which only industry has, because nobody goes to university to get a degree in coding so they can take the modest income of NHS backend design - they would work for a company which pays them as much as possible for their knowledge. This would become a greater problem again as the system got older and older, because the education for coding would evolve - the language and design ideology of the NHS bespoke system would be an artifact of the day it was released. Getting people to choose to train into the expertise of a bespoke system would require some serious incentives, both for those choosing to learn it and the institutions you want to teach it. The funding would need to compete with private contract stuff. Basically, having it all in house would either require a lot of money and connections with centres of learning (to train them for you), or it would require a lot of money and even more administration and internal organisation (for you to train them yourself). Another Person fucked around with this message at 12:26 on May 13, 2017 |
|
#
?
May 13, 2017 12:23
|
|
|
Don't you Englishers still use Amstrad CPCs in your daily lives anyway? Long live teletext.
|
|
#
?
May 13, 2017 12:29
|
|
|
I still miss digitiser
|
|
#
?
May 13, 2017 12:33
|
|
|
Angepain posted:You guys are misreading that graphic. The figures listed are the numbers of British service personnel killed by Jeremy Corbyn, with his bare hands on the battlefield. This is amazing. Labour need to spin this right now. The right won't be able to resist his alphaness.
|
|
#
?
May 13, 2017 12:33
|
|
|
Another Person posted:Basically, having it all in house would either require a lot of money and connections with centres of learning (to train them for you), or it would require a lot of money and even more administration and internal organisation (for you to train them yourself). Sounds fine to me. Hell I'd love a Department of Digital Infrastructure to do project work for all state services. namesake fucked around with this message at 12:39 on May 13, 2017 |
|
#
?
May 13, 2017 12:36
|
|
|
Another Person posted:.... Given how much money has been blown on contractors having a serious in house capability is probably the best long term solution.
|
|
#
?
May 13, 2017 12:38
|
|
|
Hey check this out, apparently registering a website stopped the malware from spreading. A pretty drat cool killswitch actually. https://www.theguardian.com/technology/2017/may/13/accidental-hero-finds-kill-switch-to-stop-spread-of-ransomware-cyber-attack
|
|
#
?
May 13, 2017 12:43
|
|
|
Oberleutnant posted:I still miss digitiser Mr Biffo's still writing online http://www.digitiser2000.com
|
|
#
?
May 13, 2017 12:44
|
|
|
Another Person posted:Also the issue with bespoke and proprietary systems for the NHS is that they would be massive money sinks, and would probably require an entire training path just to hire people to work on developing after it exists and is out there. There is a reason we contract tech stuff out: it requires an expertise which only industry has, because nobody goes to university to get a degree in coding so they can take the modest income of NHS backend design - they would work for a company which pays them as much as possible for their knowledge. This would become a greater problem again as the system got older and older, because the education for coding would evolve - the language and design ideology of the NHS bespoke system would be an artifact of the day it was released. Getting people to choose to train into the expertise of a bespoke system would require some serious incentives, both for those choosing to learn it and the institutions you want to teach it. The funding would need to compete with private contract stuff. I guess ideally the ecosystem you create is so good that you eventually sell it to other health services and similar extremely large organisations. That means it's widely used enough that people actually want to train in it, and maybe even brings in a bit of cash so it isn't such a massive money sink. You're talking about setting up a nationalised version of Oracle basically (hopefully not that bad though).
|
|
#
?
May 13, 2017 12:47
|
|
|
Another Person posted:Also the issue with bespoke and proprietary systems for the NHS is that they would be massive money sinks, and would probably require an entire training path just to hire people to work on developing after it exists and is out there. There is a reason we contract tech stuff out: it requires an expertise which only industry has, because nobody goes to university to get a degree in coding so they can take the modest income of NHS backend design - they would work for a company which pays them as much as possible for their knowledge. This would become a greater problem again as the system got older and older, because the education for coding would evolve - the language and design ideology of the NHS bespoke system would be an artifact of the day it was released. Getting people to choose to train into the expertise of a bespoke system would require some serious incentives, both for those choosing to learn it and the institutions you want to teach it. The funding would need to compete with private contract stuff. So we can't hire people to design a system for the NHS because we can't pay them enough, but we can pay an outside company to do it who will take that money, skim off huge profits and then pay their employees to design a system for the NHS. I detect a flaw in the plan.
|
|
#
?
May 13, 2017 12:48
|
|
|
namesake posted:Sounds fine to me. Hell I'd love a Department of Digital Infrastructure to do project work for all state services. This is not only desirable but necessary I reckon. Problem is that a lot of the top level decisions in government and private industry are still made by 50 and 60 year olds, who think of computers and networking as basically just office supplies like photocopiers and fax machines. How do you get photocopiers? Eh just give the department some money to buy their own I guess..? It's ridiculous. This stuff is as integral to society as any physical infrastructure, but procurement and maintenance are parceled out piecemeal because they just don't get it. Party Boat posted:Mr Biffo's still writing online
|
|
#
?
May 13, 2017 12:49
|
|
|
look all we need to do is find a way to fix this massively complex and important issue but without having to spend any time or money on it, surely that isn't too difficult
|
|
#
?
May 13, 2017 12:51
|
|
|
jabby posted:So we can't hire people to design a system for the NHS because we can't pay them enough, but we can pay an outside company to do it who will take that money, skim off huge profits and then pay their employees to design a system for the NHS. It's not that you can't pay them enough, it's that the proposal is for the NHS to start a software infrastructure company from scratch. There is a flaw with that plan. The point of the NHS is not to achieve autarky, it's to deliver healthcare. You buy a product from companies that are set up to build those products. e: you also can't just grab a bunch of CS graduates, throw them into a room and tell them to build you something. The decades of accumulated knowledge and product iteration these companies have on them is worth a hell of a lot. There is a reason why private companies commission IT infrastructure rather than try to make it themselves - because it's a terrible idea. Alchenar fucked around with this message at 12:56 on May 13, 2017 |
|
#
?
May 13, 2017 12:51
|
|
|
|
| # ? May 17, 2024 11:16 |
|
|
Looking at the comments on news websites it's amazing how 'sack the pen-pushers, hire doctors and nurses!' has become 'why wasn't more spent on IT?'. I even saw one upvoted comment saying that the NHS should have run a paper system alongside the computer-based one just in case, I can't imagine the howling about NHS inefficiency if that actually happened.
|
|
#
?
May 13, 2017 13:00
|
|