GremlinIT

22 hours ago, DaveB said:

Hi

Welcome.

Quote

 

One year later ...

• Badly implemented / thought out bot.

That timing.

One year later ...

• Badly implemented / thought out bot.
• Worse support and developer response times.
• Departing staff members not being replaced.
• Support department lumped into one level, effectively demoting people and wasting skilled workers' time with very basic problems, such as password resets.

Not the best approach for retaining clients.

On 14/06/2022 at 17:44, Mark Sollis said:

The real question for Open GI is why is only 1 browser supported?

 

Why do you think that is?

 

10 points for each correct answer …

Partnership deals that are in the interests of Open-GI's profits and not the best infrastructure for their clients.

• HP - (30% returns from printers to servers when I worked for a HP partner. Haven't been pleasantly surprised with 6 more years of dealing with their hardware).
• Microsoft - Oh ook another 60 security holes and a zero-day (M$ product zero-days can only be fixed or mitigated by Microsoft) that has been actively exploited for over two months now.
• Sophos - Tavis Ormandy of Google's top security team, charitably wrote a 30 page paper, which concludes that the company was "working with good intentions" but is "ill-equipped to handle the output of one co-operative security researcher working in his spare time". Recently, they forced through Multi-Factor Authentication for their "cloud" management site (which has a really useless, coutnerintuitve and uninformative interface), that is completely useless in a ransomware take over, you could easily be left without access to your "cloud". They should implement physical keys if they are going to push for this, not software methods that can be taken over as part of an attack. 

Open Attach hasn't changed. It should be a database, more secure, better control over user access, find and retrieve files more quickly, et cetera.

Now everyone is being pushed to use MS Edge. I thought I saw a notice that you could use Firefox or Chrome, that seems to have been retracted and no one in support knows anything about it.

Not sure I want to trust payments to a web browser, which is made by the some company that produces Windows, which has 50-100 vulnerabilites each month with 1-6 of them being zero days.

A year later, it doesn't seem to be any better. Still getting frequent news flashes of it being down, having problems and one case of a whole afternoon and evening of it being unvailable. 

Core seems to be having problems, the level 2 and 3 staff appear to have been lumped into level 1, so their time is being wasted with donkey work and it seems that when people leave, they are not being replaced. Support turn around times are growing and bugs in the code are increasing.

If you have locked yourself out of a PC by forgetting the administrator details, you can sort it out by buying a Razer mouse! 

https://www.bleepingcomputer.com/news/security/razer-bug-lets-you-become-a-windows-10-admin-by-plugging-in-a-mouse/

It will be interesting to see the results of the shake up in a year or two.

On 31/07/2021 at 13:25, Mark Sollis said:

OUCH!

So where were the hosts hosted and by whom?

I don't know who was hit. It was on premises hosts.

Basically, everything Windows on their network was destroyed.

Could possibly have something to do with this.

I was discussing measures to guard against ransomware with an OGI support member. 

Hosts of virtual machines are not safe.

They had a client a few weeks ago, where the ransomware managed to get into the hosts (plural) and it destroyed the vhdx files (what a virtual machine is stored in). In a lot of instances, with limited access, more ports closed on the host and so forth, you would be inclined to believe that they are safe and only the virtual, more "public access" machines would be affected to different degrees.

I am now looking into making a Linux host, so that backup snapshots of a virtual machine will be safe and can easily be fired up for emergency cases.

On 09/07/2021 at 10:59, Mark Sollis said:

Not 24 hrs before your post! A despairing mini-rant criticising the very response you received. Feel free to add a real life instance on there - Typical Standard Response Warning 

I don't use Linked In. Good post.

My colleague had that all the time, would ask OGI support, "How do I do this?" and would receive the answer, "It can't be done." A week later they would go back to OGI with, "This is how you do it."

Now they don't even bother to log tickets with OGI. If OGI cared and had enough staff to put more time into working these things out with my colleague, then they would have an over all better product and better service.

Latest response from OGI:

Quote

I did discuss this with engineering and we are not sure with what they are asking whether it's even achievable with the software. But if it is Engineering advised it would be chargeable. I discussed this with [hardware technician's name redacted]. 

My response:

Quote

This needs to go to development. OA simply needs to change its Read & Execute permissions from Windows Authenticated User to SYSTEM the same as it already does for Write and Modify permissions.

I don't know why development did half a job of it in the first place and that getting this on their enhancement wishlist is such an uphill battle.

Anyone else want to log a similar request and join the chorus?  

On 18/06/2021 at 17:07, Mark Sollis said:

 

Makes no difference if they're not thirsty 

Oh, they are. They only want the yellow liquid someone else is giving them because they were convinced, somehow, that it is lemonade. 

1 hour ago, Mark Sollis said:

I feel your pain with the horses - but at least you found the water - that's half the battle 

Now how do I convince colour blind horses that the water is clean and safe to drink?  

17 hours ago, Mark Sollis said:

#whosheadisontheblock

Not mine and I have lead so many horses to the water but I can't get them to drink. Putting it out here in public view is a last straw / venting action.

Had a fun chat with OGI about Open Attach and Ransomware ...

Currently, OA uses SYSTEM to modify and create folders and files. However, it uses the User's permissions to read and open files.

This means that I can help prevent ransomware from encrypting the data but not prevent it from exfiltrating the client documents.

They decided that getting someone to finish the other half of the job was a bespoke contract. Told them we can wait, far more likely another broker is affected and kicks up a storm that affects OGI rather than us.

It was initially fired across our bow as a full replacement, something that would address all the shortcomings of Tripos + Java and Open-I would be phased out in a few years. Those few years have already come and gone of course. 

We have a full OGI buffet, including ICP, ODP, binders and so forth. 

Mobius simply doesn't offer enough to be remotely enticing right now.

https://www.theguardian.com/technology/2021/jun/14/ransomware-is-biggest-online-threat-to-people-in-uk-spy-agency-chief-to-warn

I recommending reading the full article but what might be on the horizon:
 

Quote

Cameron also called for insurance companies to stop paying out ransoms – currently legal because hackers are rarely members of banned terrorist groups - ...

We recently revisted migrating to Mobius.

• There is no local server hosting.
• It is limited to consumer only.
• We frequently get news flashes that there are problems with the current Open-I Cloud solutions.
• Performance is worse with Exchange 365 than locally hosted Exchange 2013 (that we previously had). 
• Integrated products, Open Attach working with Outlook and thefore MS mainframes has been frustrating and cost us a lot in productivity.

We might revisit this in two years time. I doubt I will be recommending it as the way forward at that time.

On 27/02/2020 at 19:09, karl said:

Even a bulk insert for me only takes around 15 minutes (and I thought our database was reasonably large).

Hour and a half for us. Microsoft's Hyper-V doesn't leverage host CPUs very well at all.

You might be able to do it via Brooms letters. I don't even know what system letter you mean.

One way to do it, is to append a frame onto the end of the Policy Amendment chain. The frame having a "Yes / No" field, from that trigger you can then use "INIT-LETTER" 

https://www.opengi.co.uk/support/onlineguides/#Subsystems/CoreSchemeToolkit/Creating_A_Diary_Entry_Using_WRITE-DIARY.htm

Frames and keywords for Motor Writer is here.

Is everyone confident that they have purged the old data, which they should not be retaining?

For example, a policy that can only have a claim against it two years after it was taken out versus one where a child might be injured and claim 15+ years later.

It is possible to write a Batch calc that can do pretty much anything to any keyword, for example, we moved a book to another agent by running through all policies and where it matched the old Exec it put in the new one.

As such, one could write a calc to find a very specific entry by PolRef in the ledger with a specific transaction type and alter the figure in a particular keyword.

Make sure you are very comfortable with Batch Calcs because if you don't have this calc spot on, you can end up changing all transactions of that type to that figure, for example.

Use InfoCentre Select * From ic_brcledger Order By B@, Dt_Settled Select * From ic_brcashhist