* Posts by Adam 52

1560 posts • joined 18 Jun 2009

Uber: Hackers stole 57m passengers, drivers' info. We also bribed the thieves $100k to STFU

Adam 52
Silver badge

Re: To be fair (?!) ...

"GDPR should have been worded to explicitly outlaw the transmission and storage of unencrypted personal data outside of a company controlled network"

So you're saying that unencrypted files of user data on corporate laptops is OK?

Or on department file servers?

Sounds a lot like you're responsible for the NHS network!

In this particular example it doesn't matter a jot whether the data was encrypted or not - s3 offers server side encryption that would satisfy your rule and it may well have been enabled. Wouldn't affect the outcome at all.

Legislation should never mandate a technical approach, it should define requirements. Otherwise it stifles progress and just invites stupid implementation.

2
0
Adam 52
Silver badge

Re: Inside Job?

Why not? If you know who they are and have the ability to bring charges resulting in serious prison time if they renege on the deal it seems a fairly secure arrangement.

This happens all the time. Muppet commits keys to github, three random people get them, one of those three uses them. Corporate security/legal team contacts that person and asks them to delete what they've found. Usually it's just someone being curious and they're happy to, or already have.

If that person's a bit more ruthless and wants to gouge you for money, well it's probably worth it. Just paying the lawyers and CEO and all the PR people will cost more than Uber paid. It's a far cry from paying up to an anonymous ransomware author using Bitcoin.

0
0

SagePay's monster wobble... On the third day of sale week, UK retailers start to weep

Adam 52
Silver badge

Re: "it's the way a cloud company deals with them that sets the grownups apart."

Er, how many people want to integrate direct with card issuing banks? If you don't want to do that (and as someone who did it once, I really don't want to do it again) then you don't really have any choice.

Next you'll be calling domain registrars "cloud" and moaning about how unreliable and badly scaling they are when DNS has an upset.

These companies do a vastly better job at a massively cheaper cost than anyone outside of a Fortune 500 could do.

2
1

Microsoft's memory randomization security defense is a little busted in Windows 8, 10

Adam 52
Silver badge

"That applies to any OS btw."

I'm curious to know if it does. I sort-of assume that any exploit in CPU land would still have to understand the OS running on top in order to exploit it. So if you're running something obscure you might well be safe. Sure it's security through obscurity, but obscurity worked for Linux for years.

0
3
Adam 52
Silver badge

Re: Conversation at Microsoft during Windows 8 development

More like:

"I'm just changing ASLR so that it's more obvious what the registry settings do"

"OK. Just make sure the EMET team know."

...sometime later...

"The EMET team has been disbanded because EMET is no longer a product. Didn't we have some dependency on them?"

"Yes, but if EMET is dying it can't have been important."

21
1

As Google clamps down, 'Droid developer warns 'breaking day' is coming

Adam 52
Silver badge

Re: Easy to see where Google's priorities are

"They didn't care about click fraud until advertisers started demanding lower rates or rebates when they were able to prove it!"

This. Especially in the US market where advertisers are traditionally less trusting of publishers and routinely audit claims.

6
0

Amazon launches Secret Region – so secret it's endorsed by the CIA

Adam 52
Silver badge

Re: Ingenious Tradecraft Intelligence

It's for stuff classified to "secret". Which is basically the colour of the White House toilet paper and the number of uniforms the Navy is buying.

4
0

MPs draft bill to close loopholes used by 'sharing economy' employers

Adam 52
Silver badge

Re: More Info Please

"It would 'elp to have some details on the proposals"

The draft Bill is allegedly now on Parliament's website:

http://www.parliament.uk/business/committees/committees-a-z/commons-select/work-and-pensions-committee/news-parliament-2017/future-of-work-report-17-19/

0
0
Adam 52
Silver badge

Re: More Info Please

Try here:

https://mobile.twitter.com/frankfieldteam?lang=en

which links to the Guardian article, or here which links to the reports but you may need a subscription:

https://www.ft.com/content/8ece44d8-cd15-11e7-9dbb-291a884dd8c6

1
1

OnePlus 5T is like the little sister you always feared was the favourite

Adam 52
Silver badge

RAM

Does it really have 6GB / 8GB RAM, or is it like the OnePlus 3 that only makes 3GB available?

0
0

UK.gov 'could easily' flog 6m driver records to private firms this year

Adam 52
Silver badge

Under very limited circumstances he/she is allowed to drive on the pavement.

If you are planning on taking court action for damages (perhaps you were distressed and suffered emotional injury?) then you should be given the keeper's details. You might, of course, decide to discontinue your court action after receiving them; that is your right.

2
0
Adam 52
Silver badge

"It would be interesting to know what the rules and regulations are on becoming one of these companies."

You don't need to be one of those companies, anyone with a good reason can request details and cough up their £2.50.

CraPo above should have been allowed to too, possibly he didn't use the right language on the form.

5
0

DNS resolver 9.9.9.9 will check requests against IBM threat database

Adam 52
Silver badge

"police in the UK to lie ...

Technically ... "Misconduct in public office"

Not misconduct in a public office at all. Misconduct is:

"wilfully neglects to perform his duty and/or wilfully misconducts himself to such a degree as to amount to an abuse of the public's trust in the office holder without reasonable excuse or justification"

If lying were are crime the House of Commons would be a lot emptier.

I'll give you an example:

PC: "Billy, we know you were dealing drugs at the school, we've got you on CCTV".

Billy: "No way, I had my hoody on..."

PC: "Thank you for confirming it, there was no CCTV."

1
1
Adam 52
Silver badge

If it's storing personal data (or anything linkable to an individual) then you'd have recourse via the GDPR if you can enforce against IBM's lawyers. But not in the UK against City of London Police because policing is one of the many opt outs taken by the UK government.

As it happens I'd tend to trust these people. Whether or not I'd trust whoever ends up running it in six months time or once the inevitable request from NCA comes in is another thing.

You could always turn if off if you're planning on doing something that the spooks might be interested in and inject random noise.

7
2

It's artificial! It's intelligent! It's in my home! And it's gone bonkers!

Adam 52
Silver badge

Re: I wish I could +1 articles.

"Do I remember correctly that once upon a time, at least for a brief while, you could?"

You could, but just as they do in the comments people tended to score on whether they agreed with the message not the quality of the article. So an incredibly well researched article would get downvotes and a cut-and-paste press release would get upvotes. It must have been a depressing for the authors.

0
0

For goodness sake, stop the plod using facial recog, London mayor told

Adam 52
Silver badge

Re: Facial recognition software

An opportunity for Captain Swing?

1
0
Adam 52
Silver badge

One of the details is that there was no arrest. That was clarified at the time, but El Reg continues to publish the incorrect version.

Oh, and on the "presumption of innocence" point. The incident was about a court issued arrest warrant. There is no presumption of anything when executing a warrant; the court has ordered an arrest and the court gets what the court wants.

2
2
Adam 52
Silver badge

Re: +++ Don't miss this important snippet from the letter +++

"This information was omitted from the posters at tube stations"

And El Reg's sycophantic write-up.

Wonder if it was also omitted from the Information Commissioner's briefing?

0
1

Fear not, driverless car devs, UK.gov won't force you to write Trolley Problem solutions

Adam 52
Silver badge

"At present the registered keeper of a vehicle is automatically prosecuted if an offence is detected by cameras unless the keeper can prove that he/she wasn't driving."

No they aren't. They might be prosecuted for not providing the driver's details but not for the road traffic offence.

1
0

Google says broader right to be forgotten is 'serious assault' on freedom

Adam 52
Silver badge

Re: @Adam 52

"Perhaps you should actually read the Right to be Forgotten law."

I've read Google Spain Vs Gonzales, thank you.

"The information has to be ..."

If it were that clear then the French Supreme Court would not have felt then need to refer to the European Court, would it?

Silly me, I keep forgetting that commentards on El Reg are better legal minds than Supreme court judges, that's the second time this week I've been called up it.

1
3
Adam 52
Silver badge

Re: The right to be forgottten was a bad idea

"Normal slander and libel laws ...

Google ... They do not generate any content. How can they be held accountable"

Under English libel law republishers of libel are liable just as much as the original author. Google could opt to be liable for every single libel in their search index if they wanted to. Somehow I don't think they would want to be liable for every libellous statement on the Internet.

3
0
Adam 52
Silver badge

"then in what way is retention of that information lawful?"

Supposing Donald Trump were secretly banging Vladimir Putin on the Oval Office desk. Under EU data protection law detail about Donald's sexuality is private and can't be revealed, but an EU newspaper would quite like to publish that story and Google would like to link to the article. It could be argued that the drafters of the data protection law never intended it to prevent publication of the story.

16
8
Adam 52
Silver badge

For those that care, four people were accused, separately, of being involved in some salacious activity.

That activity included what the EU considers "sensitive" personal data - details about political affiliation and sexuality - which would normally be highly confidential.

The French court is asking the European Court how far the right to privacy offered by EU data protection extends. It doesn't seem to be asking about the right to a private life, but one would imagine that relevant.

Google is, of course, misrepresenting the subtleties of the case.

Disturbingly I find myself supporting the Scientologist.

16
2

Prosecute driverless car devs for software snafus, say Brit cyclists

Adam 52
Silver badge

My two moving vehicle "accidents" were down to my failure as an inexperienced young driver to tell the difference between a speeding car and one travelling at normal speed at night and an inability to look forward, backwards and sideways at the same time. An autonomous car would hopefully suffer neither of those problems.

I've had three other incidents that damaged a car; the first two the car was parked and I was in bed asleep and the third involved a shotgun owner not paying attention to where he was shooting. Universal AI would fix the first two, the last one is probably beyond current technology.

1
0
Adam 52
Silver badge

May I leave this here?

https://www.gov.uk/guidance/the-highway-code/using-the-road-159-to-203

Quite frankly some of the attitudes in this thread lead me to wonder if any of you should be allowed on the roads in any vehicle.

5
0
Adam 52
Silver badge

Re: RE: GOT AWAY WITH IT

"A driver who deliberately removed his brakes and went on the road to kill a pedestrian by driving like a nutter would have been given up to 15 years, The more common number in a case where the modifications to the vehicle have been deliberate is ~ 7 years. He got only a year and a half."

Unlikely to be true. Construction and Use Regulation violation is a summary offence, so magistrate only. Usual scenario is a fixed penalty notice and 3 points or the same at Court with a slightly larger fine.

http://www.legislation.gov.uk/uksi/1986/1078/part/II/chapter/B/made

5
0

How about that time Russian military used a video game pic as proof of US aiding ISIS?

Adam 52
Silver badge

Re: I'd like to meet

It's not inconceivable in the murky world. I wouldn't be at all surprised if there is a modern version of Oliver North arming ISIS factions so that they can attack, for example, one of Al Assad's chemical weapons stores or an Iranian interest in the region that the Americans don't like.

14
2

Ads watchdog tells Plusnet: There's no way unlimited business broadband costs £4.50

Adam 52
Silver badge

"I honestly don't get why honest business is so hard."

I don't think it's possible any more. At one end honesty doesn't sell and at the other it's impossible to comply with regulations (my favorites are all the things you have to do before employing anyone... who is supposed to do them if there are no employees?)

Reputation no longer counts for anything when it's trivial to fake a reputation with 100 positive Amazon or eBay reviews.

3
0

How can airlines stop hackers pwning planes over the air? And don't say 'regular patches'

Adam 52
Silver badge

Re: Satcom remote monitoring

There's quite a lot of cable in an airliner and it isn't insignificant weight. Each cable needs mounting brackets. Weight is important in something that's supposed to fly. Apparently they use multiple 10GB Ethernet runs just for the inflight WiFi.

If you want an isolated passenger airspeed indicator then that's going to involve punching another hole in the hull, same with a new GPS antenna, and I bet there's a whole world of risk in that.

Even Concorde's famous Mach indicator was driven off the pilots' instrument, until it got replaced with a computer that lied.

3
1

EU court advised: Schrems is a consumer in Facebook case, but can't file class-action

Adam 52
Silver badge

I'm still waiting for the "I don't have a Facebook account at all but Facebook put cookies on my machine without my consent and built a profile from that" decision.

2
0
Adam 52
Silver badge

Just as happened with the banks over their fees all the little cases will get adjourned until one test case makes it through.

2
0
Adam 52
Silver badge

Re: So it seems like the ECJ just outlawed class action

"Re: Really, it can't be a huge surprise that Australians can't sue a US company in a EU jurisdiction, can it?"

For the purposes of EU Data Protection law, Facebook is an Irish company. Because Facebook chose Ireland as the place to face the music for EU data protection issues. It's the Irish data protection commissioner refusal to enforce EU law that is the issue here.

...And Schrems is Austrian not Australian.

Hmm, I think I'm answering a Facebook shill.

"Johnny Foreigner sues other foreigners for alleged libel outside the UK in London courts, so why not this?"

There has to be a connection to England, however tenuous for this to happen.

In this case though, it's about

3
0

Amazon to make multiple Lord of the Rings prequel TV series

Adam 52
Silver badge

Re: Numenor

A tale about a small island nation that once had a great empire allowing a weak prime minister, sorry King, to be corrupted, splitting from its friends to the East and looking towards unobtainable riches to the West only to be destroyed as a result of its own greed.

34
1

WikiLeaks is wiki-leaked. And it's still not even a proper wiki anyway

Adam 52
Silver badge

Re: "And it's still not even a proper wiki anyway"

The scary thing is that Trump is a proper POTUS, nuclear button and all.

8
0

Audio spy Alexa now has a little pal called Dox

Adam 52
Silver badge

Re: "Dox" may not be the image they want to convey....

"But who believes that?"

Everyone who's checked for themselves and not believed the FUD spread on web forums?

10
2
Adam 52
Silver badge

It only starts sending data when triggered by the wake up word.

According to Amazon. And easy to verify with a simple packet monitor or by looking at the flashing light on the ethernet switch.

2
0

You, Google. Get in here and explain all this personal data slurping – Missouri AG subpoena

Adam 52
Silver badge

Re: Grandstanding

The thing with politicians grandstanding is that it encourages other politicians to grandstand and then eventually one of them decides that there's enough momentum built that there might be votes in actually doing something.

9
0

Brit cops slammed for failing to give answers on digital device data slurpage

Adam 52
Silver badge

There are people on here who know the process better than me, but if you're concerned about images then every image needs to be viewed (esoteric cases involving hashes excepted). That involves a person. If you've got 2,000 hours of "Watching Paint Dry" then it takes a PC 2,000 hours. After everything's come back from the lab. And these days, because Theresa May "protected" the "front line" it will be a PC because there are no civilian staff left. Apart from the privatised detectives, who generally won't be involved in piddling small crime.

3
0
Adam 52
Silver badge

Re: "10 said it would require a manual search to get it."

Error: Table "seized_device_table" not found. Line 1.

12
0

Brace yourselves, fanboys. Winter is coming. And the iPhone X can't handle the cold

Adam 52
Silver badge

Re: Diversity figures are meaningless without context

"Not if they want to stay on the right side of the (UK) law they can't. Sex (or racial) discrimination is illegal unless those factors constitute a genuine occupational qualification in the individually specific case (i.e. social engineering the overall population isn't a valid excuse). There is no provision for "affirmative action" schemes."

Whilst this is technically true, in practice there is no enforcement at all. Companies openly trumpet their discriminative recruitment policies and no action is taken.

3
0

Firefox 57: Good news? It's nippy. Bad news? It'll also trash your add-ons

Adam 52
Silver badge

Re: No Classic Theme Restorer?

Mozilla's customers are "Yahoo in the United States, Baidu in China and Yandex in Russia" according to Forbes.

2
0

Metal 3D printing at 100 times the speed and a twentieth of the cost

Adam 52
Silver badge

Speaking from a position of total ignorance, can that CNC waste be recycled?

The 3D printing thing seems very wasteful on burnt off binding agents and making powders, but then I guess conventional production isn't exactly clean.

7
0

Squeezing in little Quake between builds? Not any more: Facebook Bucks up Java compile tool

Adam 52
Silver badge

One of the really useful things Microsoft did around 2005 was introduce "edit and continue" to Visual Studio. A game changer in the dev-test-retest cycle (yes, I know interpreted languages have had it for years and some of the DOS era compilers has incremental compilation).

These days I watch the continuous delivery crowd waiting 20-30 minutes between code iterations for their Jenkins jobs to run and want to cry.

0
1

Activists launch legal challenge against NHS patient data-sharing deal

Adam 52
Silver badge

"If you have an issue with what I say and can articulate why then please do so."

A civilised society looks after it's sick. It doesn't treat people differently on the basis of skin colour, national origin or religion. And it doesn't deny healthcare to those it considers criminals.

That's the simple version. The complex version adds a whole load of stuff about confidentiality, centuries of patient/doctor privilege, common law and politicians sacrificing public health to grub votes from a bunch of racists.

14
3
Adam 52
Silver badge

Memo

For those interested: http://www.statewatch.org/news/2017/jan/uk-home-office-nhs-digital-data-sharing-memo.pdf

3
0

Uni staffer's health info blabbed in email list snafu

Adam 52
Silver badge

Re: Sorry, is this El Reg or "Take a Break" ????

"contract is with the student as an individual rather than the university.."

I don't think that's ever been tested in court, and I suspect that the big SaaS providers really would rather that it never is.

0
0

KVM? Us? Amazon erases new hypervisor from AWS EC2 FAQ

Adam 52
Silver badge

AWS hasn't switched any significant amount of workload yet (as far as we know). Google might use a heavily modified KVM but they don't use Qemu so there's very little point in comparison with VMware.

Agreed that VMware doesn't look good a mega scale, but for a smaller outfit (i.e. anyone with < $10bn revenue) where you don't have a dedicated engineering team to continually tweak the hypervisor and build your own management tools then it's still a viable option if you really don't want to do "cloud".

0
0

SSL spy boxes on your network getting you down? But wait, here's an IETF draft to fix that

Adam 52
Silver badge

Re: "it works by essentially not trusting said equipment."

You are aware that PCI-DSS is not a legal requirement? PCI is a club, not a law making body. Primary legislation trumps recommendations. PCI has various levels of certification, as anyone who has actually certified or audited knows...

Anyway, on to real law:

RIPA s1(1) "It shall be an offence for a person intentionally and without lawful authority to intercept..." Note a private network is covered if connected to the public Internet. Routine monitoring is *not* acceptable under the associated regulations governing what is lawful.

The HRA incorporates ECHR Article 8 the right to privacy and family life, and has been confirmed by both the Supreme Court in England and the European Court (Barbulescu) to cover monitoring employee traffic.

Also Data Protection Act requires any processing of personal data - including communications - to be subject to the usual rules. And the Information Commissioner's code says "it will usually be intrusive to monitor your employees" and "employees have an expectation of privacy".

You can argue as much as you like, but unfortunately the regulators and judiciary have time and time again disagreed with you. And you know what, I trust the highest judges in Europe to know the law better than a random AC on the Internet who doesn't even know what legislation is.

1
1
Adam 52
Silver badge

Re: "it works by essentially not trusting said equipment."

"And that sort of technology is very much going to be needed to meet GDPR"

Complete rubbish. Not required at all for GDPR. GDPR requires adequate security. If it's already on the way out when you discover it then you've failed. Only a fool trusts their internal network, a fool who is likely about to have a theft by insider incident.

"legally mandated requirement to inspect their own traffic."

I'm not aware of any legal requirements to inspect traffic. Plenty of legal precedent *prohibiting* the inspection of traffic - not least RIPA and HRA - but none that requires it.

2
1

Google on flooding the internet with fake news: Leave us alone, we're trying really hard... *sob*

Adam 52
Silver badge

Google News claims to report the news.

Google Search claims to search the Internet.

Google Sites is a publisher.

Google Scholar searches academic papers.

Should Google censor the Internet to only report its version of the facts? Should Google Scholar not find controversial research? Should Google Sites prevent those with unconventional (but legal [for some values of legal]) views from publishing them?

1
0

Forums

Biting the hand that feeds IT © 1998–2017