O w mordę: #Orlen#KGHM i teraz to - strata, stratę, stratą pogania...
Rekordowa strata finansowa PKP Polskich Linii Kolejowych S.A. za rok 2023
Audytor zakończył badanie sprawozdania finansowego PKP Polskich Linii Kolejowych S.A. za 2023 rok. Spółka wykazała stratę netto w wysokości -937 mln zł, co stanowi znaczący spadek w porównaniu z ubiegłym rokiem, kiedy to osiągnięto zysk netto w wysokości +173 mln zł.
Głównym powodem pogorszenia wyniku była konieczność uwzględnienia kosztów związanych z roszczeniami inwestycyjnymi. W 2023 roku PLK SA musiała rozpoznać koszty w wysokości około 1 mld zł, głównie z tytułu roszczeń zgłoszonych przez wykonawców w 2022 roku i wcześniej. Te koszty nie były dotąd uwzględniane w wynikach finansowych w latach poprzednich. Łączna wartość roszczeń wykonawców prac inwestycyjnych wobec PLK SA wynosi obecnie ponad 7 mld zł.
– Jestem zaskoczony poziomem straty w 2023 roku. Ujawniona wartość roszczeń wykonawców robót inwestycyjnych i ryzyko ich zapłaty spowodowały najgorszy wynik Spółki od 2005 roku. Skarb Państwa oczekuje od PKP Polskich Linii Kolejowych SA wyniku finansowego w okolicach zera, a w poprzednim roku została wypracowana ogromna strata – mówi Piotr Wyborski, prezes Zarządu PKP Polskich Linii Kolejowych S.A.
Did some more brainstorming about a title for this project/piece and have settled on STRATA for now — these emerging structures/fragments very much remind me of them (rock strata and/or thin section microscopy) and the many folds & cross-stratifications observed on my hikes over the past few years have been a regular inspiration to keep working on this project...
Been slacking posting more art here, so time for a teensy selection of an old generative/evolutionary system from 2014 (then used for my HOLO 2 magazine guest design). Originally written in Clojure, meanwhile ported to TypeScript & Zig, I've kept working on & experimenting with it ever since... 1000s of screenshots and 100s of versions to sift through. Loosely based on research done by Barricelli[1] since the early 1950s, conceptually and aesthetically it sits nicely between my C-SCAPE and De/Frag and has a similarly huge design space to explore (in some versions coupled with genetic programming to evolve cell replication rules)... There's a 1500 word draft blog post from back then too, which goes into more detail and history of this approach. Maybe its time to publish that one too at last... :)
Folded strata in the ridges of the badlands at Canyon Sin Nombre in soft winter evening light; Anza Borrego Desert State Park, California; December 2023.
Expiring passwords. We’ve all been forced to with them. And the annoyance of trying to think up yet another weird combination of characters which will be compliant with whatever other password policies apply is a pain in the 4$$! all too familiar to computer users around the world.
But I have a secret to tell you – expiring passwords are bad security!
Yes, that’s right! Bad security! Expiring passwords were never good security, and they’re being walked back from by serious security and software vendors around the world, including some former heavyweight evangelists.
But first, a history lesson…
Actually, you know what? The history doesn’t matter (I’ll e-mail it to you if you want).
The “short” version is that it goes back to 1985 when the US Department of Defence suggested changing passwords every year (based on crackability), and that timeframe was reduced as computing power which could be applied to cracking increased. So, when the US National Institute for Standards and Technology (NIST) wrote up its recommendations in 2003, a much shorter timeframe was suggested. That got “baked in” to many vendors’ settings and recommendations (including Microsoft’s).
What ultimately does matter is human behaviour.
When faced with the “challenge” of choosing a new password every 30/60/90 days, humans will be lazy. They’ll make simple changes to existing passwords, or repeatedly change them until they’re able to pass a “not the same as the last 𝑥 passwords” test and be back where they started.
They’ll fall for phishing attacks, put passwords on sticky notes, use their kids’ or pets’ names, choose security questions (e.g. “What city were you born in?”) with easily discovered answers (“Hello, Facebook?”) – there are myriad ways password security is compromised by human behaviour.
And security practices have advanced to the point where we can do a lot better, and avoid the false sense of security a periodic password reset instills.
Here are the basics of good security/password practise:
Use long random passwords: long passwords with minimal requirements about the types of characters work best, for example “caxsAb-tufjew-qepgy1”
Don’t use the same password for multiple sites/services: if one site gets cracked/hacked, you don’t want the attackers trying that password on other sites and getting in
Use a password manager: programs which store your myriad random long passwords and are accessed via single strong password you commit to remembering
Use multi-factor authentication (MFA): two-factor authentication (2FA) is a form of this, it means in addition to something you know (your password) you use additional information, such something you have (your phone to generate one-time codes or to approve logins) to make cracking the site password alone useless
Avoid SMS MFA: SMSes are able to be intercepted by SIMjacking and other means
Use incorrect answers to security questions: if you must use these with a site, save the incorrect answers in your password manager because some of that “personal” info is relatively easy to find
Returning to required periodic resets, the US National Institute for Standards and Technology (NIST) dropped that recommendation in 2017, and some big-gun adherents like Microsoft have also dropped it as the default and recommended setting.
If a provider is still requiring it, they are not doing security right, especially if they’re also using 2FA.
This post is brought to you by the security mavens in the NSW Government IT services division who are using 2FA (painfully, through e-mail) for Strata Hub, yet still apparently require expiring passwords.