Assemble a large number of blockheads, link them all together forming a chain of fools, then sit down and count all your money for nothing.
381 posts • joined 25 Oct 2007
Once again, encouraging messages from Hancock. Open standards for interoperability of disparate local systems. Nice if it really happens. No more multi-billion failed attempts at monolithic NHS wide systems.
BUT - email for sensitive patient communications. That's got to be taking the piss (if you'll excuse the pun). If you need secure communications with guaranteed delivery then email is absolutely the last tool for the job. A smartphone app with end-to-end encryption giving access to a secure document store - that could work.
This is indeed shaping up to be a classic omnishambles.
For businesses not using a package that already supports MTD for VAT, building bespoke links into the HMRC API looks like it wouldn't be too hard, or alternatively for bridging software I've found this solution https://www.btcsoftware.co.uk/mtd-for-vat-software-solutions-2/ which looks pretty good.
HMRC bombard us with info about all kinds of guff, but nothing about this, which actually matters.
- We keep it because it works.
- We don't connect it to everything else in the world because it doesn't need to be connected to everything else in the world.
Excellent points which we all ignore daily.
Now excuse me while I go and reboot my IOT immersion heater controller with which I replaced the old electrical timer switch that worked perfectly. I'm not joking either, I'm a moron. It must have been a pissed Amazon purchase but I can't remember.
There is loads of room for scepticism here BUT hidden beneath it all is a crucial change of direction. In the past, and including NPfIT, the strategy has been to build a monolithic, centralised system to which every corner of the vast and disparate NHS would have to mould its operational practices. That, as we all know, is impossible even in a much smaller organisation and is a key reason for the failure of NPfIT.
Now we hear mutterings of data interchange standards, enforced use of the existing unique ID number, allowing local units to build IT systems that suit their operations, yet still be able to speak to other systems on the network.
This is how the internet was built. The "fathers" did not instruct us how to build an email server, they merely defined SMTP and told us that if we want to build an email server, this is how it's going to send messages to other mail servers. This model works and it scales well beyond the size of the NHS.
Ironically, given my example, most people on the planet now just use two monolithic email services, but don't get me started on that - it might lead to violence.
Hancock is clearly not someone who can deliver this, but parts of his plan are a very welcome change in emphasis.
Agreed that it's good to have an effective rollback procedure. That said, five hours seems like a long time to roll back a firewall change and in terms of PR, the status page seems to have been behind the borked firewall and therefore unavailable and the customer support bods didn't seem to have a clue what was happening either.
I'd venture a guess that in this case the displays were attached to Windows XP machines, which have been the weakest link in a majority of the recent spate of ransomware attacks. That would also explain why they could only recover the displays incrementally instead of all at once. Rebuild the PCs driving your most important displays first.
Data protection and information security are two slightly different things.
A good lawyer will show that BA only stored data it needed for the purposes of transacting its business with the customer and further that BA took reasonable steps to control access to and protect that data. The lawyer will show that this was a particularly skilled compromise of BA's information security measures, but not a breach of its obligations under GDPR.
Turnover £39.6m, profit after tax £9.47m, and they want to raise £350 million from equity investors. Even if they're selling 100% of the company, that's a ridiculous mark up.
Only if you're losing £50 million a year selling Beta versions of IOT fitness monitors disguised as fluffy pink cats can you get that sort of valuation.
Like many Reg readers I've been around a while and have seen my fair share of hype cycles, but the one surrounding blockchain is the biggest and the worst yet. Never in the field of tech has so much bollocks been spouted by so many. I have it on good authority that things ending in gasm are supposed to get smaller with time, but hypegasms just seem to get bigger and bigger.
PS Mildly bitter as I seem to have managed to miss my ride on the gravy train of pretty much every single tech hype cycle.
Exactly. We are left guessing what EY's five qualifying questions are and there are some key details missing from the article regarding voting nodes and who controls them, but almost certainly this should be handled by a conventional database. Nothing is gained in this scenario from using blockchain - except of course a shed load of PR column inches.
Classic case of a problem that could (and should) be addressed by a conventional database. The only reason to use blockchain is where two or more parties who don't trust each other need to agree on a version of the truth. Traditionally this problem is solved by using a trusted intermediary such as a bank or land registry. With the blockchain the issue is resolved by having multiple nodes a majority of which must agree to validate a transaction AND where no single party controls a majority of the voting nodes.
In this case all the nodes belong to Microsoft and the blockchain is simply being used as a database to allow developers to view their royalties and how they were calculated. Should've been a normal database.
On the issue of GDPR it is prefectly valid to store data that is encrypted with someone's public key within the blockchain so that, in this case, a developer could only view the details of their own royalties. Transparency in the context of the blockchain is the ability for all nodes to view and agree on the integrity of the chain. It does not mean revealing private data that is not actually part of the chain's proof of integrity.
Banks, telcos, healthcare you name it are all reaching the tipping point where a head in the sand approach to legacy tech has finally come home to roost, as we the illuminati all knew it would. Now that the costs of doing nothing are beginning to outweigh the costs of doing something, we should finally start seeing some action on all those things we've all been telling "them" about for all that time.
Trouble is, before things get better they will get worse. There is going to be soooo much pain as the band aids are slowly peeled off to reveal the festering decay beneath.
"We've known for a long time that installing and patching our software is painful ..."
" ... but this is one of the first times we've really felt that pain ourselves. ...The challenge of upgrading every quarter at scale is immense."
That is very funny, except if you're a long standing on prem VMware customers.
In countries where they've already pretty much completed this (Switzerland for example) the biggest headache has been elderly customers. It takes a lot to convince them that :
- If they haven't got it yet, they will need broadband.
- They will keep the same number (they never believe that bit - how can it possibly move to the internet?)
- No that favourite telephone they've had for the last thirty years definitely won't work any more1 but the new ones are very nice
- The anxiety attacks they are having about possible disruption to what is often their main link to the outside world will pass in time
These are all serious and genuine concerns, and the answer has been to deploy very expensive teams of support staff to go and visit this segment of customers to help reassure them and handhold them through the transition. Warning, costs will go up as well as up.
1) without some additional non-standard equipment at at significant additional supply and setup cost.
Most blockchain use cases can be achieved with conventional databases. It is specifically where issues of agreeing a version of the truth (attaining trust) between multiple parties, without the use of an intermediary such as a bank or a land registry, where blockchain comes into its own.
This video of a talk by Gideon Greenspan, who is a blockchain architect, brilliantly debunks all of the hype and explains very clearly exactly where blockchain is better than a traditional database, and where it is not. I've never heard a more lucid, less BS explanation and no I have nothing to do with his company.
Given the level of understanding and quality of questioning we saw from US law makers when failing spectacularly to bring Facebook to heel, I'm not too worried about this.
"So, why do you keep logs on your computing device?. Do you burn them to provide sustainable energy to run it? Or is it more to hold the device down in case it gets windy?"
"No sir, it's so we can track visitors."
"Ah I see, so each visitor leaves a stick or a log as a kind of thank you gift. Very good. By the way, my grandson has a computing device. Do you think he would be pleased if I left a log on it?"
"Yes sir, I'm sure he would."
"Thank you. You are free to leave".
To be fined you have fist to be prosecuted, as is the case now. The fact that the level of fines will be bigger does not mean that the level of prosecutions will be higher.
The new rights revealing the data held, the authorisation thereof and the right to be forgotten do not imply that the thousands of businesses who currently don't know what data they hold on you will suddenly know. Maybe some large enterprises have got a grip on this but the majority of SMEs have not.
I'd maintain my position that the new rights and fines will not substantially improve the situation in the real world. We may see some spectacular headline events with the likes of Facebook et al, but lower down the food chain not a lot will change.
DPA, PCI DSS, GDPR blah blah blah. These all amount to nothing when the expertise is not there to implement them (and there is a good argument that PCI DSS amounts to nothing even when it is implemented properly). GDPR in spite of the heavy fines will not magically make businesses who've never even taken data protection measures under existing legislation become compliant.
The accountancy micro-business I use is very good at accountancy but I have no faith whatsoever that the copies of my passport and other identity paperwork I am obliged by law to supply them with are secure. Multiply that up by the thousands of accountancy firms, solicitors etc... who have had copies of your identity paperwork and rather than hindering the fraudsters it becomes an invaluable stash of material to promote the fraudsters' success, as admirably demonstrated by this article.
GDPR has primarily been a gravy train for FUDster consultants and will not go very far at all towards improving the protection and usage of our personal data.
Thank god we're leaving the EU. Once we return to being a small isolated island on the edge of a huge economic zone, instead of being a leading member of that huge economic zone, it'll be back to the glory days of the Empire.
No longer will Putin be able to poison people on our soil and then give us the bird. When our defence secretary says "go away and shut up" they'll take us seriously instead of laughing their pants off - oh yes indeedy.
And as to upstart heads of global tech giants, the only question they'll be asking when we summon them to Westminster is "how fast should I run?". You just watch, once we're out it'll be like Sampson growing his hair back. People will take notice again -you just wait and see.
Agree with Jason. @adnim, at some point you have to trust others with stuff that you don't want to or can't do. Most self employed people will relatively blindly trust an accountant to compile and file all the correct returns and keep them out of trouble with HMRC. If you've ever bought a house, did you make sure you fully understood every last legal technicality of the conveyancing process, or did you trust a solicitor to ensure that the property was legally yours and unencumbered at the end of the process. There are many things that need to be entrusted to others, including rock solid backups if you're not technically minded. The art is choosing good suppliers.
Much of the advice, scare mongering and FUD about GDPR focuses on consumer data. One thing I can't find a clear answer on is the impact of GDPR on B2B businesses. Say you run outsourced IT support for other companies. On your help desk system you hold personally identifiable information on all the employees of each of your customers. Do you need to get explicit consent from each of those employees to hold their data? Do your customers' employees have the right to be forgotten with respect to your help desk system?
Has anyone seen an authoritative legal opinion on this specific issue?
Biting the hand that feeds IT © 1998–2019