Medlin Software, Dennis
Donors-
Posts
1,813 -
Joined
-
Last visited
-
Days Won
83
Everything posted by Medlin Software, Dennis
-
That is what I read as well. The file was a sort of tattletale file, which is used to compare to or check for the item believed to be nefarious. Sort of what is known in consumer security as a signature file. This is a basic stupid mistake, to have one data file able to bring down the entire system. We are not talking about a piece of data such as a tax record, which has to be there, but clearly a separate data file which is not needed to use the product (as proved by the "fix"). Simple code would have prevented this. 100%, the company will say missing the file means there was tampering, but a warning message while annoying, would have sifficed.
-
"Our CEOs and Board of Directors are trained at the elite business schools to consider IT and IT security as a controllable expense since it doesn't produce any revenue." Skipping how it can cost revenue (at best) and end the entity (at worst)? Skippy teaching Skippy. There needs to be some old war horses kept in the education and reality loop. People who have dealt with total data loss and total machine failure, at the same moment. School of Hard Knocks (or for original Raider fans, the University of Mars) wins again! I am a firm believer that IT "school" can never be timely, it can give a foundation, but hard knocks is a MUST to be current. "As a result many IT functions are subcontracted out too often to the lowest bidder." "Lowest bidder" always makes the hairs on my neck tingle. Yet, I drive over overpasses built by a company who usually is the lowest bidder, but they figured out how to pad by getting a bonus for early completion.
-
Even if someone is using 3.1 or 95, it would not bother me depending on the circumstance. There are still plenty of COBOL uses, which predate my lifetime. What is missing is the acceptance everything can fail, and redundancy is not an option. I saw a headline Delta still has not fully recovered, and the politicians are investigating why. I still try to point out all who use a computer need to be prepared for it to disappear/poof at any moment, and the same for their office. Once someone can say they can reasonably quickly start over with no location or hardware from the past, and proved it by real testing, then and only then do they have a good recovery plan.
-
What gets me is this product is used by high end computer users, with what should be experienced people maintaining the devices. There was no auto restore/revert process in place? Failing that, no image or similar they could have brought back in short order? Or secondary devices ready to failover? So if not, which seems to be the case, why use the "security" software in the first place, as they clearly are not really protecting themselves from failures? Not having alternate hardware system in place is the REAL failure and is one that strikes all at some point from the new computer user to the highest experts. This is a case of belt AND suspenders, and only a few actually take the time to strap on both every single time. I doubt SWA is using W3.1 as many opine, but they software could be from that era, such as 16 but software (for instance). There is some truth to being outdated as the script kiddies have no idea how to hack software made before they were born.
-
You can and could setup your own server for hosting a forum. While it would be accessed through the internet or wayback, through a direct connection such as sending and receiving modems. I suppose the semantics are defining cloud versus non-local hardware, as well as who controls the management of the hardware and software. "Cloud" seems to have morphed into some sort of magical storage hardware "in the sky" for which most have no idea what or where it is. For me, I demand to know where the hardware is, as I want it in the US, and want to know where in the US so I have storage in more than one area for disaster reasons, as well as for compliance reasons.
-
Ask. If the information is not available/shared freely, something is wrong. If so inclined, you can use monitoring via your router/firewall/logging system, to see what an application does or tries to do online.
-
Banks are likely directly regulated and would not get out of compliance often. I have customers, and I think have read similar here, who insist using Windows 7, 8, and very soon, Windows 10, is safe (and they will NOT be upgrading).
-
This very forum is "cloud", and publicly stored and searchable by anyone.
-
As a developer: It is always best, but sometimes difficult, to ask about all items used to create/manage your important processes. For instance, we use one third party vendor for certain things, but the software functions even if there were to be an issue with the third party (by design). Not one single customer has ever asked! I also choose vendors who are like me, personal, and not usually the biggest player with the biggest target on them. Nothing wrong with remote storage of data as long as there are options for local use as well. Hardware and software not at your location is another story. One must consider outage and even instant end of life for all such things, and how to recover. A good example is charge card processing. I keep three methods somewhat ready. My main, which has actually never been down for any significant time in 40 years, and two others which I can get going within a day. None if this is new, and if shocking, it is a personal failure to plan. No different than having more than one bank account and more than one charge card, because they do have issues (such as this issue) from time to time. Note for the OP, the software (CrowdStrike's Falcon) is not used "by" Windows, it is software which was made for Windows machines, installed and used by the person/company (not Microsoft). One must always consider issues, such as asking if their tax preparer/accountant/doctor/etc. is using a current version of Windows, kept current, with limited access.
-
Real world, how would an AI bot handle this from a customer? "My witholding amounts are different when I run the month report to when I run a weekly payroll report." AI: ? (Me: What exactly are you referring to?) "When I add up the 3 months totals, it is different than the quarterly amount totaled." AI: ? (Me: Can you be specific? Which items? Without specific information, you are not giving me anything I can look into or discuss.) "Can you look at these and tell me why they don’t match the totals without being rude?" AI: ? (can it open a PDF and disseminate the contents as they relate to the perfectly vague inquiry?) (Me: If you are saying I was rude, I can say I was forced to be direct. I had to be because you were not giving anything useful to look at or consider. There are MANY items on reports, so stating "When I add up the 3 months totals, it is different than the quarterly amount totaled." is factually useless, after being asked to be specific in my first reply. Your examples do not even say which item or items you are concerned with / referring to, at least not that I can see. And your samples are for one month, looks like two payrolls, with nothing showing the "3 months" you referenced in your reply. If you do not reply with specific items to look at, I will have to go through them all, which will not be as fast of a reply. In other words, I would like to help, but I first have to know what you are referring to, specifically, not just something like "the numbers don't add up". Me: (After looking at the samples) The issue is checks were added or deleted, with a June date, after the two payroll reports were printed, but before the monthly report was printed. The old saying of "garbage in, garbage out" applies. Reprint the per payroll reports and compare, or better yet, print a payroll check listing for the month and verify no checks are missing, incorrect, or extra. The software has only the paycheck information at the time the report is prepared, top add together. --- AI would likely have been more drone like, with likely programmed in fluff, and at best, would have had to keep asking more questions to get to the needed information. Still would have likely received a complaint for not being helpful, since the customer was giving nothing to look at. Only someone who has heard this many times, and has an instinct of what to look at, (un)common sense, could have resolved this with the given information.
-
I could be blinded by age, but I see much of "AI" as a compilation (sometimes stolen, meaning without authorization) of the work of others. A good example is asking an AI bot to create program code. The "answer" likely comes from the work of others as mined from web sites, not from the work of the AI bot creator. This is somewhat an extension of the wayback machine by (IIRC) Internet Archive. Decades ago, I blocked that sort of mining from my site as they did not ask my permission to post my creations (my web sites). I now also block known AI mining bots, so my work does not end up generating profit for others without compensation. A recent article opined AI code snips are maybe 60-90% accurate and should not be relied on. Imagine if an AI data seller had successfully scanned in all books from the Library of Congress and a few large libraries instead of mining websites. IIRC there was at least one author who brought this up (found their work in an AI dataset) and blocked the use of their copyrighted material. The initial AI grabbing of websites is likely because the majority of site managers were or are not aware of how to protect their work and have a tough time paying for and/or proving infringement. Even this very site is public, and our answers to each other can be mined for AI purposes, unless Eric has implemented blocking the known AI search bots. A good use of AI is what Tesla is doing for their driving assist, as they can (paraphrasing) use the camera feed and drive track from all their vehicles to provide very updated nav and driving assist without having to hard code things like a wonky 5 way intersection near me (which will soon be replaced by two roundabouts with different numbers of entry/exits which my wife claims she will never use), or the couple of intersections I travel through with a signal in a strange place because of the blind curves. I remember when a new path to my house was made, I submitted it to google maps and the other backend nav companies, and it took months for the maps to be updated. Same for telling them there was a locked fire access/exit gate through a mobile home park which UPS drivers kept thinking was a clear path to us. Like what Tesla is doing, some sort of self created or learned bot to catch things like tax data entry errors could be handy but will never replace a veteran tax processor. Sounds like 1800 likely higher paid "makers" will be replaced by more marketing and support (low cost) workers, and the remaining makers will have no choice but to use AI (the work of others) to perform their newly increased workload.
-
SC claiming ERC credits
-
Anti-virus protection programs discussion
Medlin Software, Dennis replied to mcb39's topic in General Chat
Not commenting on the truth, but the reality is many do not trust items from certain countries. If an AV from Russie has been banned, and drones from China are or are soon to be also, it makes sense these could be trade related only (bans bought by US competitors), based on fact/fear, or a little of both (likely). I thought about buying a certain computer brand but skipped it because of the origin. I happen to use a local hardware firewall and can ban and monitor all outgoing items. While I am fine with a global economy, it is an eye opener how many things we usually trust try to connect to places most would prefer not to. As a for instance, a game my spouse plays has to connect to a country I block (for ads) to function, so IU had to setup a safe path for her game to work! -
Maryland AG Opinion on BOI Reporting
Medlin Software, Dennis replied to Lee B's topic in General Chat
Skill and judgment take real skill and judgement to determine. Along with some good old fashioned (now un)common sense. -
An entity with little or no depreciating and physical assets may often change hands without closing things out. In our case, shares were transferred on a mid year date, so there was income "recorded" through that date, then for the remainder of the year. Only affected those particular shares. I do not prepare the returns, just the accounting, but that is how I remember it. Ending things and starting fresh can be a bunch of not needed work when the parties can agree on a smooth transfer.
-
For some clarity. Information in the "cloud" is not any better or worse because of the location. Actually, it is a good thing to have a secure backup of your data online, in a few places - for the day then your machine fails or walks away, or worse yet, when a computer "tech" messes it up while "fixing" it. It is a rare and likely extinct person who manages local backups properly, such as making rotation sets, both for at the desk, and moved and rotated to a couple of secure alternate locations. I am one of those who no longer manages local backups as a proper only method, as I work at home, and my former office was too close to be out of the same natural disaster area. One of the server locations I use is a very secure facility with restricted access, armed guards, etc. It is not uncommon and is actually expected for major server farms. It is also at a specific place where many different major fiber carriers intersect (and a good tech population to draw employees from). I cannot remember any offline issues for more than a few minutes (while they swap to a reserve connection or something). They have multiple days of power self generation at the ready at all times. There is at least one local fiefdom which set a rule that all records and data must remain within the boundaries of their fiefdom, but I doubt anyone follows that rule. On the other hand, if your only working data is online, and it is for accounting and/or payroll, I have yet to see one which would satisfy me. Why? 24/7 access is impossible to guarantee, and outages happen at least once a year, sometimes for 24 hours or more. I am a firm believer there is no such thing as an accounting emergency, so all should be able to handle such a payroll outage with either paper checks and a pen, or with cash. Even with local data, paper checks and cash access should be considered and planned for as a backup. The other issue with online is even I can type faster than online data can keep up. I am sure online providers use tricks like caching and such, but those don't fly for me. I actually deal with this when I am lounging in our hot tub, over my own connection, let alone a remote connection of some sort. I am of the belief when I hit a key, it should be saved, period. Computers are well fast enough to do so. Online cannot keep instantly updated, so they often work like the old days, where you have to click something to trigger a save then wait. (A few still ask me where our save button is, or how to save the data before they close the software.) There is also a significant cost to offer live online storage, there is a charge for bytes up and down, as well as storage size, redundancy, etc. Server space and pipes are not free. What do I think is ideal (and what we will eventually release in the next 12 months or so)? Hybrid. data stored securely online, downloaded to the device for use, then uploaded securely for storage. Also with a local copy, securely stored, which can be used if online access is not possible. For those who what to change any software to something else, one cannot only look at the price itself, there will be a learning curve, extra uncompensated time spent learning/moving/adjusting, as well as keeping the current system in place for some time period for safety. I don't know what the magic number of cost % is, but it should not be ignored. Thus a comment like sticking with X for another 2 years until retirement is a very wise decision.
-
Suggesting to wait could be a can of worms too, such as "I could not get the information in time, since you told me to wait". Maybe a no comment is best, to avoid giving any advice which could bite. This is a "nothing burger" for most. If the persons are privacy concerned, they already have things in place to shield their personal address as much as possible. It is easy to get a compliant UPS or other virtual address if one wants (for personal), and likely the same will be or is compliant for business address (if one stretches their thinking to be comfortable stating their business records exist at the virtual address, say on a server controlled by the mailbox company - who would never give the data up anyway). The grey of where the records are is no different than pretending electronic data meets record retention rules without having to do the things electronic record retention for compliance actually requires.
-
Looking at what is already public, my only consideration is trying to allow anyone who wishes to not show their personal address, which so far, seems possible. Also making sure each person creates their own ID so they are the ones who decide what is included. Our CA annual form almost went in last year with addresses some wanted to keep private. It is a constant battle.
-
The unknown is once the individual ID's are setup, if the company process will reject if the individuals are only set for the business address. I don't want to test with known invalid information (such as just mine) so I have to wait to get the other ID's first.
-
Starting to get mine done. Here is what I see so far. One can have the BO's register and maintain their own data and report their FinCEN ID to whomever manages the business BOI registration/updates. I am using this method as I do not want to have to manage the BO's data. Likely removes some/all of the issues/risks of getting and managing individual data. Must use login.gov to sign in, not id.me, so now I have both Interestingly, my personal reg went through with only a business address. Meaning I "did not" open the help link and see where they state one should enter both a personal and business address for BOI usage. I also tested a UPS PMB address, and it worked fine with the PMB (failed with a # sign). I also reviewed USPS's offering of a street address for their PO Boxes, but their contract explicitly excludes using it for a legal address. With the ability of each BO to take on the responsibility of their own data, there is little risk on the business side, other than keeping the proper BO list correct. It also seems that a PMB will solve not only the non US issue, but for those who prefer not to, or are unable to, use their work at home address, and for those who have no physical location (such as permanent travelers). I have seen where using a registered agent address works for non US entities, so it might pass the online entry for US entities.
-
Depends. Some can use below average fees but keep their results higher quality by limiting customers (for instance). The real value on sale would be how many stick. A higher priced but less happy customer base may not stick compared to a lower priced but very happy set of customers. The value depends on the buyer though as a lazy buyer may only look at price per customer, not potential retention rate.
-
And med students have zero incentive to go family or internal med. the exception are the three year to MD programs for these tracks. Our 4th year med student gets by on student loans, food stamps, and other no wage benefits. And he will be forced to accept where he matches and start paying his loans while earning a restricted wage. He is thinking internal med and going back to research (as an MD this time). But he still has his eyes on anesthesia as even the last in class will likely start at 400k. He would prefer trauma surgery but he does not want to be poor and tired for 7 to 10 more years. it is way more than reimbursement which limits access. Not encouraging family med in a meaningful way is just as bad. Advantage plans like the games united healthcare plays are a big issue too. Thankfully we are second generation Kaiser lifers. We get what what we need timely, with no surprises.
-
So PhTT has taken over for PhFB in prestige?
-
Or you cannot find it and your computer has issues. That has happened to me too, but even then, I had alternate backups in alternate locations (back then, physical locations). And for sure, don't plug into an outlet or strip under your desk as that one stretch of your legs will be a nightmare (if you still rely on a computer without a battery).
-
As long as you believe that device will not walk away or fail, and you can find the thumb drive. I too used to think such actions were enough, but when you leave your home (office) not knowing if the home will be there on your return, you start to think differently. We literally left in 10 minutes, having to make decisions on the fly (yes, those photos can be replaced, yes, that auto is insured, l will tow the other, we can get clothes at a store). While we don't think that every time we go out the door, we are prepared anyway.