Posts by big_D

Re: Do you think

I agree with your last statement, if in doubt ask your lawyer first. That assumes that you have legal insurance, although around here you can sometimes get an initial discussion (10 - 30 minutes, depending on the law firm) for free.

Re: Do you think

HR have always been the people to talk to, in my experience. But, then, I've mainly worked at good companies and they have had good, and supportive, HR departments.

Re: Do you think

A real PFY would have loaded the photos onto the homepage of the .ca authority, replacing the official photos of those involved... You should re-read you BOFH archives. ;-)

Re: Thermal Incident

HP kit is pretty resilient.

I worked at one company, who thought the ideal computer room was the top floor, south facing room with floor-to-ceiling windows and no AC! In summer, the first person in the building went into the computer room and opened the windows...

When I started, the first thing I told the CEO was that we needed AC in the room, or to move the computers into the basement. Both were vetoed, the AC budget was exhausted, because the CEO needed AC in his office and the mirrored SQL Server was already in the basement, eggs in one basket and all that... Plus, the servers had never had problems in the past.

Yeah, because they were newer and not full of dust!

I quickly put a thermometer in the middle of the rack. In winter, it was reading over 40°C, with an open window.

Summer came and lo-and-behold, the temperature in the space between the servers exceeded 60°C, but there was still stony silence on the need for AC... Until one of the financial servers went tits-up - I came in one morning to screaming fans, well, screaming a bit more than usual, I have the admin-gene and I could detect it! :-D

A quick status check and it was confirmed, the server was not responding. I forced the power off, pulled it out and waited... It eventually cooled down to under 40°C and I took the lid off, thick dust everywhere. With just a can of air, I sprayed the worst out and managed to get our external support company to come in on the weekend with an air-compressor and we went through the whole rack and cleaned all the servers.

But even so, only one server crashed, even though the room temperature was over 40°C and the rack temperature was over 60°C. I quickly left the company and found another job. But that HP kit is tough!

Re: Wrong argument

That is the problem, the US doesn't make a profit, it goes offshore to a tax paradise.

The same for Europe, either to Luxembourg, where it pays naff-all or Ireland, where it gets good subsidies. They even get around sales tax for a large part of the business. The EU are trying to change that, so that the sales tax is paid in the country where the buyer is located, which seems fair.

Re: Not asked to opt-in

I don't use Chrome and I don't use Google's web presences, where I can avoid them.

Also, the Chrome EULA does not count as an opt-in, because it cannot be dismissed without accepting it, therefore it cannot be used as an opt-in - opt-in explicitly states that you cannot stop the person using the service if they opt-out of personal data collection.

Re: I Might Be Out Of Step But

The problem is, even if you pay the ransom, you still need to replace all the hardware, or at the very least reformat and re-install all machines and recover data from backups.

Are you really going to trust a machine that had malware on it and was encrypted? Do you know it isn't still active, that they haven't opened a back door into your system with another tool?

At best, I'd expect to retrieve the last few hours of data since the last backup. The rest of the work will have to be carried out anyway, whether you pay the ransom or not.

Re: Who to block?

A better bet would be a groundswell of people complaining to their local GDPR controlling body, the ICO in the UK, for example.

If they start getting thousands of notifications, they will have to pull their finger out and actually do something.

Re: True multitasking didn't exist ...

Ah, the forefather of the Inmos Transputer?

Re: This is Facebook's standard dodge

And if you aren't a Facebook user, you are still tracked and you have no way to opt-out - well, at least normal people don't. At home, I have all 1,500 Facebook tracking domains blocked in DNS, but that isn't practical, when I'm out and about.

Re: The un-named PR gave half an answer of course

Technically, yes. You cannot record numberplates, faces or anything else that could identify the persons in front of the camera, unless you have permission.

You can use a dashcam, but you can't use continuous recording (as in hours of footage), just the short time before an accident - I think 30 seconds. If the camera is recording, it can record a maximum of 30 seconds or so, before it has to overwrite the video, you can then use the override switch in the case of an accident to keep it rolling and recording.

You can share accident footage with the police, now, that didn't used to be the case. It is still a grey area, whether you can share it with the insurance company. But posting it online, when the vehicles and people on the video are identifiable is illegal.

The YouTube channel from Sasch LKW Fahrnünftig is a good example of what is allowed, here a link to his latest video: https://www.youtube.com/watch?v=jGj6Q3Y7_PA

As you can see, the numberplates, faces and company logos are generally blurred out.

Re: The un-named PR gave half an answer of course

One of our neighbours was having problems with another neighbour and they put up a dummy video camera in the garden.

The police were round within a day and they had to remove/reposition the dummy.

Re: Infuriating

Yes, that wouldn't fly over here. You cannot set the camera up in a way that it can see anything outside your property (making it totally pointless, if your front door opens directly onto the street, and you have to have surveillance warning signs at the entrance to the property.

Videoüberwachung verletzt Persönlichkeitsrechte

Sein Sondereigentum, den eigenen Garten oder die Innenräume darf ein Wohnungseigentümer überwachen. Anders sieht es aus, wenn Treppenhaus, Hauseingang, Aufzug, der Weg zum Haus oder Stellplatz von Überwachungskameras gefilmt werden.

Worse than I thought, you can't monitor the house entrance, the hallway in a block of flats or the driveway.

https://www.haus.de/geld-recht/nachbarrecht-ueberwachungskameras-wann-sind-sie-erlaubt

Re: The un-named PR gave half an answer of course

Do you agree that we may store all video, images, voice, and historical, time-stamped data of yourself, all other occupants, all visitors, and every individual who comes within the coverage area of Ring?

How is that even legal? The owner of the camera cannot agree for visitors or strangers who may just happen to cross the path of the camera, they would have to get a waiver from everybody who goes in front of the camera, before that would be legal.

Over here, if the Ring (or any other camera) can see the street or pavement in front of the property (or can see into a neighbours property), it is illegally mounted and it must be so adjusted that it cannot under any circumstances film anything that is not on the owner's property. I believe you also have to have a warning sign at the entrance to the property that video surveillance is carried out on the property.

Even at work it is very difficult. We have cameras for security and loading purposes scattered around the building - so that people in dangerous areas can be monitored, in case there is an accident, or so that the operators can see if an HGV turns up for loading, so the gate can be opened - but the camera for the outside of the gate has to be carefully placed, so that it shows the part of the property before the gate, but does not show pedestrians on the footpath or vehicles on the road. Likewise, the data protection officer had to get a signed document put into the compliance documentation, stating that none of the videos will be recorded, or where recording is made, E.g. high danger areas, that if there is no industrial evidence, that the video will be deleted within 24 hours and that the videos will only be stored locally.

Videoüberwachung verletzt Persönlichkeitsrechte

Sein Sondereigentum, den eigenen Garten oder die Innenräume darf ein Wohnungseigentümer überwachen. Anders sieht es aus, wenn Treppenhaus, Hauseingang, Aufzug, der Weg zum Haus oder Stellplatz von Überwachungskameras gefilmt werden.

Worse than I thought, you can't monitor the house entrance, the hallway in a block of flats or the driveway.

https://www.haus.de/geld-recht/nachbarrecht-ueberwachungskameras-wann-sind-sie-erlaubt

There are some exceptions, but it is very strict.

Re: Windows Server

Also, at the moment, Chrome and Firefox disrespect your own DNS settings and use their own DNS servers (Google and Cloudflare by default, respectively), whereas non-browser DNS respects the operating system settings.

I suspect that that is the part that the ISPs don't like. It is certainly the part I don't like, because I have a carefully curated DNS server on my network, the last thing I want is my browser to arbitrarily ignore my settings.

Blocking DoH to known Google and Cloudflare DNS servers was my solution to the problem. I could see disreputable IPSs doing that as well.

By default, all of them. They all act as a DNS proxy/forwarder on the local network and by default they get their DNS server settings via DHCP from the ISP. It is one of the first things I override when I get a new router.

And now, I don't even use the router for DNS, I use a Pi-Hole with DNS over TLS and DNSSEC to a trusted provider. My security gateway provides DoH and uses the Pi-Hole as its authority.

Re: Windows Server

DNS over TLS is no different to DNS over HTTPS, apart from it uses the DNS protocol, as opposed to HTTPS. Both are end-to-end encrypted and can't be spied upon. But it is a more standard protocol, so probably the ISPs are keener on using that themselves than DOH.

If you use a DNS provider other than your ISP and use TLS, they can't see the traffic. DoH uses the same TLS encryption as well, but over HTTPS TCP instead of DNS UDP.