* Posts by Mk4

33 posts • joined 16 May 2013

Customer data security is our highest priori- ha ha ha whatever, suckers

Mk4

Shadow IT accronym

"ShIT". Hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha!!!!!! "Shit!" Hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaha!!!!!!! Ach! Feck, I've given myself a hernia.

2
0

US Director of National Intelligence legs it

Mk4

Are you taking the piss?

Really? Really?!

7
0

The solution to security breaches? Kill the human middleware

Mk4

Oh sod off

Go and read a few decent journals. Every now and again someone leaves USB sticks in a car park in a university (where all the clever and educated people are) and lo and behold... most people plug them in. Really? This is news?

Security as a domain of human activity needs to secure my and everyone else's normal behaviour, not make me contort my behaviour into some twisted version of itself. You don't build a building with doors and then act surprised when people try to use them. If a door should not be used it is either not in the building design in the first place or it is locked. Then idiots like me don't have to be given a list of doors that are there but that we must not use. This is not a perfect analogy, but then that's the nature of analogies.

4
0

Crypto guru Matt Green asks courts for DMCA force field so he can safely write a textbook

Mk4

Really?

I am from the UK and expat but unlike you I have spent more than 10 years in one developed country, not bouncing around many of them. I speak and understand the language (not natve level but my job is in English). I have now spent enough time here (just) to somewhat disentangle the national persona and stereotypes from individual people's personalities and get used to a host of ideosyncratic ideas and behaviour.

Before you write off the rest of the non-US world,think about how much time you spent in each place compared to the time you spent in the US growing up and normalizing your viewpoint with the rest of the US people around you.

I think the reason you didn't feel you belonged is that you didn't belong. When you do, you do.

4
0
Mk4

Really?

I am from the UK and expat but unlike you I have spent more than 10 years in one developed country, not bouncing around many of them. I speak and understand the language (not natve level but my job is in English). I have now spent enough time here (just) to somewhat disentangle the national persona and stereotypes from individual people's personalities and get used to a host of ideosyncratic ideas and behaviour.

Before you write off the non-US world, think about how much time you spent in each place compared to the time you spent in the US growing up and normalizing your viewpoint with the rest of the US people around you.

I think the reason you didn't feel you belonged is that you didn't belong. When you do, you do.

18
0

Scrapped NHS care.data ballsup cost taxpayer almost £8m

Mk4

opt-in, opt-out is missing the point

PNGuinn is being facetious but there is one point made that really important - it's personal data (my data and your data). It should be the property of the people it comes from, then many problems with questions about data access in the NHS and many other places become vastly simplified. Imagine the personal data is the property (in law) of the people it relates to. If someone wants a copy then it's equivalent to asking to borrow someone's property - if someone doesn't provide that permission then it's a criminal offence (like TWOCing) if they take it anyway.

Sure, this leads to a great deal of work to manage permission, but that's the same in many other spheres of human activity. Having a simple and clear principle to work from, that everyone can easily understand (not like DPA or GDPR) prevents a huge amount of discussion and interpretation (leading to massive variation across systems and industries). Not to mention pissing 8 million quid up the wall.

1
0

Seagate sued by its own staff for leaking personal info to identity thieves

Mk4

Personal data needs to be personal property

I've made this point a few times on El Reg comments sections. The problem is the starting point in all disputes regarding personal data, it is dealt with in the same way as all other kinds of data, but personal data is special. The Seagate employees are having to show that seagate was at fault, it is a similar story in all situations where personal data is deleted, given away, stolen, not available for discovery, etc..

Data relating to individuals should be the legal property of those individuals. It should be created, copied, modified, accessed and destroyed in the same legal framework as would physical goods.

There can be other legal provisions to make execs responsible for the proper treatment of personal data, but the starting point would be for Seagate as a corporation to be facing a criminal investigation for the loss of the personal property (of thousands of staff) that it held in trust.

6
0

Hacker takes down CEO wire transfer scammers, sends their Win 10 creds to the cops

Mk4

Is this just a puff piece for Sec Consult?

There isn't any information showing that crims "hate him for it". Do they? How do you know?

There is a proper place for puffery posing as journalism and it's in those horrible spamfomercials that go to my work email address pretty regularly. Don't just recycle a report about this security conflab and pass it off as news.

I'd be interested in a properly researched piece with multiple unrelated examples of how this kind of defence is denting global crime. Is opening bank accounts really that hard? Where is the evidence.

Go and get some stats from Europol, Interpol, FBI, whoever, and work it out.

1
2

VMware survives GPL breach case, but plaintiff promises appeal

Mk4

How to know when a corp. has pinched your code?

Frivolous cases aside, could the court order an independent and private review of proprietary code to compare it with the open source code it's supposed to have pinched from? Hang on a minute! I might be wrong but it's just possible this could be automated! :-D

3
0

Handover of US internet control to ICANN officially blocked in Republican policy

Mk4

Re: This is not a bad thing

There is a single sentence with the word ICANN and if you replace that with US Government the sentence does indeed have some truth to it. But I have made no comment about what the solution should be, I've only stated what should be very obvious - selecting a poor solution for something critical makes no sense.

You should also have a look at the way that ICANN conducts itself vis-a-vis selection of staff and the options to remove them from their positions. It is not very encouraging.

You should also really look at the record of many politicians who are working in that very difficult environment while maintaining their ideals. Dr. Mo Mowlem is a case in point, someone whom I knew personally and struggle to place in that all encompassing box of "dodgy politicians" you have created.

0
0
Mk4

This is not a bad thing

I'm as amazed as you are that I find myself in any way close to the US Republican party on any topic, but as I do it's incumbent upon me to state this and specify my reasons.

The function performed by IANA is critical to the functioning of the internet. The solution being presented is far from perfect. It seems to me madness to state that the solution for something critical is far from perfect. This is not a critical part of your car, it's a critical part of a global system upon which countless people depend in all sorts of ways.

To pick a comparison that will prompt a strong emotional response. Choosing a far from perfect solution for critical parts of an aircraft that you will be travelling in would probably result in you declining to board said aircraft.

Let's take a pragmatic approach, you say. Question: Is the proposed solution better or worse than the current solution? -> pick the best. But accepting a solution that is far from perfect risks the effects of the law of unintended consequences. We can be sure how the current solution operates in reality. We cannot be sure how the new solution will operate in reality. So it's seems prudent to make the new solution as good as it possibly can be by rejecting solutions that do not meet the standard of "pretty good".

The way ICANN has worked over the years and in particular the way it has conducted itself as an organisation in the last few years makes it untrustworthy at best.

I'm not an expert on this topic and this is just the opinion of an outsider based on what is being reported. That said I'm also a very active internet user and so I do have an interest in how it is governed.

2
1

European Commission straps on Privacy Shield

Mk4

Some tortuous english - are you involved in the legal profession? What do you mean by "protection" - for me that is about preventing unauthorised access to the data (ref. information assurance). In any case, I don't think you have read the text of the privacy shield documentation. Yes, there are notes about protection of data but it's really about control of the data, how organisations indicate compliance with the scheme and various aspects of governance of the scheme (and, of course, all the ways the US gov. is permitted access to the data).

You can argue that the level of protection is too low (and I would probably agree with you), but control of data and protection of data are two different things. I am discussing control of data in the sentence you cite.

Privacy shield is better than safe harbour, under which vast amounts of data was shovelled across the Atlantic. As I noted in the original post - my position is that personal data should be the legal property of the persons to which it pertains. Every time we take a step towards that postition it is an improvement.

0
0
Mk4

I humbly disagree with most of the above comments

The "Privacy-Shield" name is as badly chosen as "GDPR". 95/46/EU and the GDPR is mostly not about protecting data, it's about protecting people from organisations who want to use our personal data. It is a small step on the path to individuals owning their personal data (which is how the world should be organised IMO). If you find that an organisation is holding data on you that is not correct - e.g. that you have county-court judgements against you when you do not - there is a legal channel to getting a copy of that data and then getting it corrected.

Similarly Privacy-Shield is not really there to protect privacy - it's there to try and provide some kind of control over our personal data. It's not as strong as the GDPR and I imagine the main thrust of the legal challenges will be to establish if Privacy-Shield really does provide similar protections as 95/46/EU or the GDPR. This is a requirement for an EU organisation to send your data outside the EU.

The US government can get your data where-ever it is, forget about legal restraints, there aren't any that apply to them. The Privacy-Shield agreement includes many clauses specifying all the ways that US government can get to your data, so it actually formalises these methods as permitted.

If you give your personal data to a non-EU organisation directly e.g. filling in a form on a website hosted in the US (also the rest of the non-EU world) then your data is not covered by Privacy Shield, comes under none of the protections of and there is no recourse to authorities under Privacy Shield, 95/46/EU or the GDPR.

Until the basic standard is that individuals have legal ownership over their personal data and misuse has a similar legal standing as (for example) taking without owners consent (TWOC) it's up to everyone individually to think about which organisations they give their data to.

0
0

Half of EU members sidle up to EC: About the data-sharing rules. C'mon. Chill out

Mk4

The letter argues for the full implementation of the GDPR

Currently the differences between laws in EU member states mean thought has to be put into what needs to be done in different EU countries. With GDPR there is going to be greater parity between states, yes - I know it's not goint to exactly the same everywhere but a huge improvement on today when you, for example, compare Ireland and the UK. Ever had a chat with LinkedIn (located in Ireland) about your personal data expecting the same data protection rights as we have in the UK? I have and they don't exist (respectively).

If you want to have data moving freely between corporations in the EU then common rules seems to be a good idea. The GDPR will also make Europe the place to put your data if you want more than hollow words protecting your rights to this (your) data. Creating a strong regulatory framework for personal data is much the same as having strong regulations for accountancy and housing property ownership. Trustworthy regimes promote commercial activity. This will promote the growth of the digital economy in the EU, not hinder it.

BTW - Safe Harbour was not the predecessor of the GDPR. Directive EC/95/46 was. Enacted as, for example, the Data Protection Act in UK, Wet Bescherming Persongegevens (WBP) in NL and the "Pointless Piece of Paper" (PPP) in Ireland. Safe harbour was a self-certification scheme run by the US Department of Commerce so that US entities could pretend to provide the same level of personal data protection as we have in the EU. It was, frankly, bollocks from day one and the Snowdon revelations had nothing to do with that. Killing it has been a step forward.

6
0

Would you let cops give your phone a textalyzer scan after a road crash?

Mk4

Re: One issue....

Research as far back as 2001 demonstrates that listening to something (radio, audio book, etc.) in dual-task studies has no effect on driver performance. Tasks involving word generation result in a two-fold increase in failures to notice signifcant events (e.g. red lights) and an increase in response time when those significant events are noticed. This is irrespective of whether the device is hand-held or hands-free.

The science is clear on this topic, but interestingly it may also include speaking to people in the car. On the basis of the science, law-makers should make it illegal for a driver to speak while driving, irrespective of the person or device being spoken to.

5
1

Police create mega crime database to rule them all. Is your numberplate in it? Could be

Mk4

Re: Responsibility

Yes, Dave said there shouldn't be any strong encryption because criminals use it. Or was that cars? Yes, yes, it was cars wasn't it! Yes. So that's cars should not be used because criminals use them. And tin openers. I'm sure criminals use tin openers too.

21
0

Diskicide – the death of disk

Mk4

I actually stopped caring about media about a year ago

Great - flash this, "spinning rust" that, compression, dedupe, blah, blah, blah. I really don't care any more. What I want is the major attributes of the storage presented to the user able to be independently modified without effecting any of the other attributes. On the fly. Using an automation interface. Performance (IOPS and MB/s), availability, protection level (data redundancy), versions (snapshots) frequency and retention, locking data with guaranteed integrity, encrypting data, off-site copy of data, off-line copy of data, geo-distribution of data, access permissions, metadata creation/modification, etc., etc. All of them, no exceptions and no mealy mouthed marketing bollocks.

Compare and contrast with compute. If we were having this discussion about compute it would be about the number of CPU cores, memory technology and bus speeds. The dicussions on compute are actually about containers vs. H/W virtualisation, devops, continuous integration, etc. It is time storage got out of the stone age and joined the rest of the world. Discuss.

0
0

WIN a 6TB Western Digital Black hard drive with El Reg

Mk4

... so, before we close the meeting. To maximize the sales potential we need you to make a version for men. When can we have that?

0
0

Get whimsical and win a Western Digital Black 6TB hard drive

Mk4

Bloody humans. Who the hell am I supposed to call?

0
0

UK.gov issues internal 'ditch Oracle NOW' edict to end pricey addiction

Mk4

Re: remotes

OpenOffice Writer is great. I had to start using it a few months ago for a course I'm doing and it suddenly made so much more sense having the same application on my MacBook and my Windows desktop.

Running Office 2011 on my MBP, Wordpad on my Windows desktop (on the few occasions I needed to write something) and MS Office at work was just horrible. If I could use Writer at work I would, it doesn't randomly f**k up my document formatting like Word does.

2
1

Big Blue bafflement: Anyone in IBM Storage know which way is up?

Mk4

That takes me back...

to trying to read manuals for Taiwanese IBM-PC clone kit in the 90's. :-) How ironic, the master has become the clone.

0
0

The world .sucks at a minute past midnight on Sunday

Mk4

Re: no dot-suck?

ICANN got paid 185,000 USD in an auction for .sucks. Vox Populi won the auction (against rival registries) and then goes on to charge 2,500 USD per domain to pre-register. 74 domains later they are coining it. How is ICANN even equivalent to FIFA?

1
0
Mk4

Begin the cash cow milking

Shameless, absolutely shameless. ICANN apparently now operates on "FIFA Corporate Rules".

4
0

Hedvig flutters in carrying $18m in fresh VC greenbacks

Mk4

A great mind in action

"before being software-defined becomes too vacuous a term to be useful", and then you thought about it and decided it's already too late - 9th June "let's kill SDS" article. :-)

0
0

Let's kill off the meaningless concept of SW-defined storage

Mk4

Re: SDS

Hahahahahahahahahaha - oh, I haven't laughed so hard in a long time! For that I thank you, but I'm still going to mark your post as abuse of my intellect, if not actually abuse of the comments. :-)

0
0

Life after server-side flash: What comes next?

Mk4

Is this really what you think about storage?

Hi Dave,

You might have noticed that Samsung is making 3D NAND chips right now, and Toshiba and SanDisk are joint funding a 3D NAND fab in Japan. Martin Fink (HP CTO) has recently said that memristor DIMMs will be launched in 2016 and be in full production by 2018. So I would say that 3D NAND just won. If there was ever a race between them. Which there certainly hasn't been for at least a year.

BTW - NAND in it's current design is page access memory and memristor seems to be word (byte) access so can replace main memory. So they aren't really competing for the same use anyway - one is a disk replacement and the other is non-volatile main memory.

You should be interested in this stuff. For example a switch to non-volatile main memory will allow complete change in the way data is used. Think ccNUMA but accross a whole data centre (or wider).

It is a hugely interesting time in the world of storage at the moment. Articles like this do a massive disservice to a vibrant and fascinating area of IT, and one that should be supported by this esteemed organ.

Cheers

Mark

0
0

US Attorney Gen latest to roast Apple, Google mobe encryption

Mk4
Alien

The enforcement agencies don't make the laws...

But they would like to, and in some cases have or tried to (e.g. GCHQ IMHO). There is a constant drum-beat globally on this "paternal care of the people" idea. This is trying to, and in recent cases has, circumvented the accepted normal law making process. Trying to influence vendors seems to be yet another way to circumvent normal law making processes. I agree with many of the other comments, and I would really like to do something to help to stop this. Any good ideas? (orgs to send some cash to?)

5
1

Home Depot ignored staff warnings of security fail laundry list

Mk4

Re: Security dept. is there to serve the business

Yes, additional laws or other regulation is one option that can be used to get businesses to meet a higher level of security. But the drawbacks are it's a pretty blunt instrument (you have to find a law that can be applied to all companies) and there needs to be a check for compliance. That last point on checks on compliance is a very significant one - it looks like PCI DSS rules were not complied with in this case and it seems over a number of years. But this was not detected, so we can deduce that no-one checked properly or perhaps at all. That's a pretty damning inditement of the credit industry, and illustrates that laws and regulations are not going to help if there is no effective enforcement.

Businesses understand risk - they take risks all the time. The risk to the corporate reputation seems to have been realised in this case and there was an attempt to take action, which was too late. To me that looks like the risk became very obvious to the leadership, but at too late a stage. Making the business risks clear to management early on is the right way to go and if the business decision is to do nothing then it's a business risk the management have decided to take.

0
0
Mk4

Security dept. is there to serve the business

This might be a somewhat unpopular opinion but at the end of it all, it's a business decision. I agree with Mark 85 - there is going to be a political fight over who to blame and if there isn't a solid paper trail showing the security department made all the right noises (and it sounds like they did) the blame can be laid on some security staff (right or wrong).

It's time security folks joined the rest of the IT world in a thorough understanding that they need to justify what they do. Simply telling businesses "you need to spend this money to get this new thing" will never elicit the desired response from a security perspective. I remember mainframe and VMS operators about 15 years ago tellling businesses they "needed another million" and being surprised to be asked why. Ho hum, the wheel turns.

3
1

You - vendor. Pin your ears back, I've got some things to tell you

Mk4

Hmmmm - vendors listening to the customer.

It's a novel concept. Not sure your average vendor is going to understand.

The rash of "new technologies" coming from companies small and large in the last year leaves me wondering if anyone in these companies acutally remembers why they are making this stuff in the first place.

I'm sure everyone has a jolly good time making new things and sales drones get all excited and dribble on themselves thinking about the bonuses they are going to get selling them. But in the end, we have to actually use this stuff to support real-world workloads and no vendor is making my life any easier.

1
1

Forget the mobile patent wars – these web giants have patented your DATA CENTER

Mk4

Re: I'm going to use patents to paralyse the west

You just made me laugh out loud in the middle of the library where I should be working :-)

0
0

Company selling you out? You've been TUPE-ed

Mk4

Lasted 5 years ... death of a thousand cuts

I got TUPEd from an industry job to an IT service provider. One thing about TUPE was that it enabled the IT SP to ignore the handover contract signed by my old employer and the new. We were supposed to get regular pay rises but never got them - the new employer always said that they were only obligated to deliver an existing equivalent package. They even tried to say that it mean't they were not allowed to offer an increase in remuneration. You can argue with an HR department bod all you like (I did) but in the end you have to get a lawyer or shutup and do something more constructive than waste your time on legal shenanigans with a a company that doesn't want you.

I like some of the other comments - treating it like a massively extended notice period in retrospect would have been the best thing to do (a year at most). 5 years was too much - and left me and a couple of others saying "all the good people left already - what does that make us! :-)". Now I've moved I can see how far down I fell and I'm going to have to spend at least a couple of years hard work getting back to the skill level I used to be at.

0
0

EMC's ViPR: Is it really that venomous?

Mk4
WTF?

EMC late to the party?

NetApp has WFA which seems to be doing something at least similar to ViPR and of course there is also CDMI to stitch together heterogeneous storage subsystems into a coherent service. Having VMware in your back pocket is a nice way to make a link between the storage and application platforms, but then again VMware has an API too, which could just makes it an orchestratee rather than an orchestrator.

0
0

Forums