* Posts by Adam 52

1414 posts • joined 18 Jun 2009

Page:

More data lost or stolen in first half of 2017 than the whole of last year

Adam 52
Silver badge

Re: A poor reflection on the industry

"Why? It's already a data breach is already an offence, the bulk of the change is simply that the penalties COULD be much higher."

Breaches themselves are not an offence, failing to secure adequately is. In the same way that crashing a car isn't a crime but dangerous driving is.

GDPR covers a lot more than the larger fines though. There's mandatory disclosure, so reputation damage is always a risk. Then there's the subject access and consent rules so people can take action to make sure that the data isn't there to be lost. And then there's collective action that means everyone will be able to collect damages, not just those that can afford lawyers.

0
0

UK PC prices have risen 30% in a year since the EU referendum

Adam 52
Silver badge

"already been decided and priced in"

At the moment the market is pricing in uncertainty. They aren't yet pricing in the results of Brexit. That's why the currency market has moved by the stock market is relatively stable. When we start to see concrete proposals, and the winners and losers become more obvious, then the real shifts will happen.

11
0

Uber Cali goes ballistic, calls online ads bogus: These million-dollar banners are something quite atrocious

Adam 52
Silver badge

"It never gets old. Even after all these years"

Maybe I'm old and miserable, but it was clever when The Sun did it, amusing the first time El Reg paid homage but after the umpteenth time now just boring.

4
11

What's that, Equifax? Most people expect to be notified of a breach within hours?

Adam 52
Silver badge

Re: Still not clear on the actual size of this breach

Well you've just put your and your nearests' details into a dodgy bodged together site, so I expect you'll be in the next leak, due any day now.

4
0
Adam 52
Silver badge

Re: Words are cheaper than sysadmin time

Sysadmins can't patch application libraries. Not if you expect the applications to work afterwards. You might get away with it with dynamically linked libc, but Java, Python or Go libraries (start praying if you use any stats or data science libraries) won't necessarily be backwards compatible and no sysadmin is going to know the subtleties of how each library call is used.

If you're lucky to have an application support team then it's their problem otherwise it's a developer problem.

5
0

Black screen of death after Win10 update? Microsoft blames HP

Adam 52
Silver badge

Who should I blame for yesterday's continuous reboot cycle on my Win 10 *Dell* laptop?

(Before you say, it doesn't have Win 10 on by choice - stupid thing autoinstalled and I haven't removed it).

0
0

BoJo, don't misuse stats then blurt disclaimers when you get rumbled

Adam 52
Silver badge

"the ONS line of responsibility is direct to Parliament"

As of last week, Parliament gave control over Parliament committees to the Government. So that independence is now gone.

7
0

AWS can now bill us if you read this far. This bit will cost us, too

Adam 52
Silver badge

"Servers-by-the-second is set to kick off on 2 October for all current or new Linux Instances running Microsoft Windows or Linux distributions that have a separate hourly charge don't get to play. Another small hitch: you have to pay for the whole of the first minute."

I think this paragraph is attempting to say that anything running a per-hour licensed OS (Windows, RHEL and lots of marketplace stuff) will continue to be billed hourly.

0
0

UK attorney general plans crackdown on 'trial by social media'

Adam 52
Silver badge

Re: Contempt of court can also be committed by defying or ignoring a judicial order

"I'm aware of people being jailed for contempt of court"

It happens at Crown Court quite often. Magistrates almost never. But usually for annoying the judge, and it's often the messenger that gets blamed not the person actually responsible, for example the Police officer in court will get blamed for the CPS failing to bring evidence, or the van driver from Serco rather than the prison service.

Failing to do as ordered by a magistrate - whether that's answer bail, pay a fine, behaving in court, do community service or anything else - usually just results in being told to do the same thing again or the matter being forgotten about.

Family Court, as mentioned by the OP, is so secretive and anti open justice that who knows but it doesn't smell good.

1
0
Adam 52
Silver badge

"However, every alternative ever tried has proved worse."

Other countries have bench trials. They aren't hopelessly corrupt and they tend to enforce the law as opposed to public opinion (see recent events in the US or South Africa) which may or may not be a good thing.

And then there's magistrates' courts, the worst of both worlds, about which the less said the better.

0
0

Equifax's IT leaders 'retire' as company says it knew about the bug that brought it down

Adam 52
Silver badge

Re: admin/admin

"This has absolutely nothing to do with developers. They simply didn't have a patching program sufficient for an enterprise data gathering organisation."

These two sentences nicely illustrate what's wrong with a large number of developers today.

Patching and security; all somebody else's problem.

7
2
Adam 52
Silver badge

Re: admin/admin

"lists no education related to technology or security"

I don't think you can read too much into that. Plenty of useless comp sci graduates around. For someone who's in a position to retire now there's plenty of time to have gone on workplace training. Tim Berners-Lee has a BA (albeit in physics).

And security is a large part human factors; if they'd had a techie in charge we might now be reading about the massive Equifax phishing scam.

Besides which, have you ever known a CISO who was actually empowered to force developers to do anything. Somebody set up that admin/admin account and it won't have been anyone with "chief" in their job title.

34
2

VMworld schwag heist CCTV didn't work and casino wouldn't share it

Adam 52
Silver badge

Re: Other Explanations

You what? Who mentioned search warrants (although they are sometimes available in civil cases)?

I suggest you type the word "subpoena" into your favourite search engine.

9
1

AWS users felt a great disturbance in the cloud, as S3 cried out in terror

Adam 52
Silver badge

It's a valid point. If us-east-1 had a big, prolonged, outage then there would be a huge rush elsewhere and nobody knows how AWS would cope in that scenario, especially for the niche services that are only available in a few regions.

Two thirds seems high though. It also doesn't fit with other published stats about AWS AZ sizes, in theory us-east-1 can be at most 5 times us-west or eu-west.

1
0

UK Data Protection Bill lands: Oh dear, security researchers – where's your exemption?

Adam 52
Silver badge

Re: Is consent needed to hold records regarding consent?

Covered under the necessity justification.

1
0
Adam 52
Silver badge

Exemptions

As I read it, the following are exempt:

1. Anyone in government, or government related activity (like policing)

2. Anyone in banking

3. Credit reference agencies

4. Employers checking on their employees

5. Phone hacking journalists

6. Google health data researchers

7. Sporting bodies

Is there anyone left who isn't covered by an exemption, apart from a few small businesses trying to scrape by?

5
0
Adam 52
Silver badge

What makes you think that? The list of people who can have a public interest defense is:

"the administration of justice,

(b) the exercise of a function of either House of Parliament,

(c) the exercise of a function conferred on a person by an enactment, or

(d) the exercise of a function of the Crown, a Minister of the Crown or a government department."

1
0
Adam 52
Silver badge

Sure that can be the case, this government is all about taking back control and democratic accountability isn't it? They'd never do something like that.

Or possibly they're a bunch of untrustworthy lying con (would)men.

6
0

Facebook posts put Pharma Bro Martin Shkreli in prison as a danger to society

Adam 52
Silver badge

Re: Menace to society? I think not.

Funny how nobody complained when the Chaos Computer Club were asking for DNA samples of prominent politicians.

6
4

Missed patch caused Equifax data breach

Adam 52
Silver badge

Consider the brave new world of microservices deployed as blobs onto docker containers.

A single developer can generate a handful of these a day, possibly in multiple languages with multiple libraries. So over time there will easily be hundreds floating around, nobody really knowing what they do.

Keeping track of those may, just about, be possible because it can be automated. Patching and testing will rapidly become infeasible though. It's taken my team weeks to upgrade five services to the new version of Dropwizard released on Aug 24th (because of all the linked dependencies).

3
0
Adam 52
Silver badge

Re: Who will watch the watchers?

Adding headcount to the regulator won't help. Complying with identity verification (aagh), money laundering regs and sanction enforcement is one of the reasons the banks use credit reference agencies.

We really need a sensible regulator that doesn't apply the same rules to everyone that it does to Kim Jong-un. And a government that isn't a control freak.

5
1
Adam 52
Silver badge

Is that a good or bad thing?

0
0

Auto-makers told their autopilots need better safeguards

Adam 52
Silver badge

Re: We can continue to make cars more idiot-proof

It will, unless we stop intervening to prevent natural selection removing the idiots.

0
0
Adam 52
Silver badge

Re: Still say

Not quite sure the point you're making. If you really do have 20,000 hours and that's as a professional, then you really should be aware of the large number of incidents arising from aircrew failing to monitor the autopilot correctly - approximately 3 notifiable incidents per year and hundreds of dead passengers, notably Air France 447 and Continental 3407. If you think autopilot doesn't need monitoring (in an aviation, maritime or automotive context) then you are a danger to all those around you.

But then anyone with a genuine 20,000 hours would have done crew management training on why relying on experience and seniority is dangerous too.

3
0
Adam 52
Silver badge

Re: Still say

You mean like Autopilot? So many people with no idea of what an autopilot does ready to criticise.

4
9
Adam 52
Silver badge

Re: It is easier to automate the damn highway

We have 2,000 miles of motorway and it costs £10m/mile to add a lane. So that's £20bn. HS2 is £55bn and the tunnel part of that is £60m/km for 40km, so £2.4bn.

1
0

UK's new Data Protection Bill will be 'liberal' not 'libertarian', says digi minister

Adam 52
Silver badge

Re: Seems a little confused

Yes, I noticed that. I don't know if that's standard politician tactic - merge two issues and claim to support one you need the other - or sloppy reporting. The data protection bit wasn't in the quote, the juxtaposition is El Reg's.

1
0
Adam 52
Silver badge

It won't. It'll be left to the Courts. And the English courts will inevitably disagree with the EU courts. And then you'll get people like Andrew Orlowski complaining about judges meddling with the law.

2
0

Cops' use of biometric images 'gone far beyond custody purposes'

Adam 52
Silver badge

"person ultimately responsible for policing is the Home Sec"

Being annoyingly pedantic the person responsible for most, but not all, policing is the Home Sec.

CNC report to the Energy [...] Secretary, BTP to the Transport Secretary, MOD plod to the Defense Secretary and the Cambridge University Police and the various ports Police are private.

No idea who SOCA report too, probably only God and then reluctantly.

Individual constables being answerable only to the Queen is, unfortunately, a theoretical fantasy.

3
0

Slack re-invents the extranet and shared Notes databases with cross-company teams

Adam 52
Silver badge

There was nothing wrong with the Notes idea, it was just the awful user interface and resource hog client app. And all that messing around with knowing the exact path of replicas. And the stupid client key thing that meant you couldn't access from more than one location. And the email integration.

What Slack does well is an easy to user interface, so matching the two sounds ideal.

We run cross-company Slack already, but it means having a second, shared account and switching in the client. Just adding external people to your conversations sounds perfect.

1
1

'Don't Google Google, Googling Google is wrong', says Google

Adam 52
Silver badge

"Real programmers" in the Ed Post sense, don't write documentation.

Real developers, in my experience, often write barely comprehensible poorly structured documentation that does little to help anyone who has to maintain their code. It will tell you that the function LogMessage logs a message, but doesn't tell you how the code fits together, how the underlying algorithm works or what the business need was.

Now that we're all Agile, of course, we prefer working code over documentation. Which is fine; just show me some perfectly working code.

42
0

Mostly idle at work? Microsoft Azure has some bursty VMs it'd love to sell you

Adam 52
Silver badge

Re: This is great!

Chunkhost

Digital Ocean

AWS Lightsail

Linode

Should all do what you want. Google won't sell to you as an individual so you can't use their stuff.

0
0

44m UK consumers on Equifax's books. How many pwned? Blighty eagerly awaits spex on the breach

Adam 52
Silver badge

Re: So much worse than that ...

"More on topic it's not entirely obvious what they can do. It's down to the ICO to figure out if there should be a prosecution and not really anybody else."

Remove the exemption that allows the credit reference agencies to store incorrect information would be a start. And allow people to opt-out of data processing would help. And stop giving them access to the unfiltered electoral role.

Plenty of things the government could do if it weren't in the pay of the banks.

3
0

Users shop cold-calling telco to ICO: 'She said she was from Openreach'

Adam 52
Silver badge

"And I don't get why you'd try TPS numbers anyway"

Because the systems to filter out TPS subscribers are more expensive than the fines, and the chances of being fined are tiny.

17
0

London Tube tracking trial may make commuting less miserable

Adam 52
Silver badge

Re: That in effect makes it impossible to know what the original MAC address was

I tend to agree, even though you've attracted downvotes. Everyone seems happy to congratulate TFL. I don't see how collecting personal information (MAC address and location) without consent is legal. The law says you can't do it, not that you can do it as long as you anonymise it eventually.

Would you all feel the same way if this were Google collecting information without consent from all Android devices?

1
2

Equifax mega-leak: Security wonks smack firm over breach notification plan

Adam 52
Silver badge

Re: Go to the organ grinder..

Sorry, been thinking about this a bit more. The banks (and Facebook and Microsoft) all rely on a consent clause in the contract at the moment. That means that they currently don't believe that the necessity criteria is met (or that there's no harm in requiring consent just in case) even under the UK's more lax interpretation than other EU states.

If that's the case then the necessity justification won't be available post-GDPR either, because nothing much is changing there, and they'll have to rely on one of the others. It's not life or death, there's no public interest, preventing crime is a stretch so there really is only consent or a very optimistic "legitimate interest".

0
0
Adam 52
Silver badge

Re: Go to the organ grinder..

Nobody knows how GDPR will pan out yet, and what the courts will consider acceptable under the legitimate interested justification.

Google and Equifax will be arguing for liberal interpretation. I'm hoping that the AC above is correct. It's hard to see a legitimate interest in banks sharing transaction level information just so they can be members of a club though.

1
0

Look! We have direct fibre connection too, wails Google Cloud

Adam 52
Silver badge

Re: Very cloudy

You've missed lots of tricks.

1
1
Adam 52
Silver badge

Re: Doubt it's aimed at AWS/Azure

Google don't see it that way. They are actively trying to poach AWS customers.

Google aren't that far behind and they're ahead in some areas.

What really irritates me is that whereas AWS target the techies "here's a neat new tool you can use" Google target c-suite "we're better than AWS at... and cheaper" whist ignoring all the things that Google are bad at (data security being the obvious one) resulting in top-down diktats.

2
0

Stand up who HASN'T been hit in the Equifax mega-hack – whoa, whoa, sit down everyone

Adam 52
Silver badge

Re: Equifax credit score

"That Equifax had a breach isn't their problem at all."

It is a bit, because those same customers also supply the data (which is what makes this such a great business, you get data from your customers and give it back to them). They can only do that if there's plausible deniability around customer security, and events like this make it blatantly obvious that data isn't being held as securely as the public and regulators much expect.

0
0
Adam 52
Silver badge

Re: Forced to use them, irrespective of how we want to live

We, I at least, don't want them to have my data. But it goes to them anyway.

I don't want the convenience of a web portal. I just want the whole protection racket - because that's what it is - shut down.

I really, really, hope that our American friends get together a class action to take $200 a piece for every affected user. Which just happens to be Equifax's entire annual revenue.

14
0
Adam 52
Silver badge

The consumer credit rating system is a giant fraud full stop. It's got notice do with mismanagement or hacking, it's a scam by design.

They acquire data from third parties under no obligation to check if it's correct, without consent and informing the data subject. They refuse to correct incorrect information and they refuse to disclose it.

And then they derive a score using a secret algorithm which they then use to libel individuals.

All which would be illegal unless there were an exemption in law.

25
0

Pack up, go home to your family: Google Drive is flipping out

Adam 52
Silver badge

Re: Do your own - it's safer

Then it's not doing what Google Drive does; multi site resilience, global access and real-time sync.

Compare apples and apples.

4
0
Adam 52
Silver badge

Re: Do your own - it's safer

Really? You have your own cable laid? And your own connection at LINX? And your own power station? Duplicated in case of fault. And your own oil refinery for that power station? Wow!

2
6
Adam 52
Silver badge

Re: My FTP repo, OTOH,

Is it? Supports 2FA, supports removal of downloaded files from devices, can lock out devices, can enforce device patch level and anti-virus policy, supports immediate lockout of expired users, supports restrictions on download and print. Logs every file access, and whether it was downloaded or just viewed in a browser.

2
2

Smart cities? Tell it like it is, they're surveillance cities

Adam 52
Silver badge

Re: Cough

"armed police were dispatched before the first 999 call came in because of CCTV monitoring"

Might be true, but can't find anyone from the Met saying that. It would explain the very quick response.

"IIUC the guy was brought down by a minister's bodyguard before"

Again, can't find any evidence of this. PC Charlie Guenigault was an off-duty unarmed response officer - what most of you would consider a normal policeman - and something of a hero.

"standing police presence was enough to ensure that 999 was redundant"

This is definitely wrong. Granted Police presence is much higher than you'd find most other places in the UK but there is no standing presence on Borough High St or Borough Market. Nor indeed was there any at the time of these attacks.

0
1

Facebook ran $100k of deliberately divisive Russian ads ahead of 2016 US election

Adam 52
Silver badge

Re: Where's the substance?

See your point there, thanks.

Still not entirely sure why Mr Putin from Moscow buying ads is more sensitive than Mr Redneck from Texas if both are declared. And acknowledged that they weren't declared this time. Does US law require everyone to declare their influence? If it does Facebook look to be in trouble.

Wanting to nail Kushner on a technicality I can understand.

1
2

You are the one per cent if you read Firefox's privacy spiels

Adam 52
Silver badge

Re: How often?

Lots of lawyer fodder in May. Which I guess is why they're changing.

But it's not just aptitude, Windows Update and Play Store do the same. Heck Play Store forces an update everything on a new Android version. Technically that's all​ illegal at the moment but nobody cares. The publicity around GDPR and the closing loopholes will make it much easier for the sueballs. And I consider that a good thing.

2
0

Facebook claims a third more users in the US than people who exist

Adam 52
Silver badge

Depends. Some people do. We do, or at least try to. It's tricky because it's almost impossible to get a reliable control group or even a reliable sample but you can produce long term trends.

We know, for example, what the optimum rate of ads is before they start to be a turn off. We also know how long it takes you to forget and forgive. Both are averages and will vary by person, so we tend to model by clusters.

And then there's whether your annoyance affects your purchasing behaviour.

1
0
Adam 52
Silver badge

Re: I know several people with two accounts

Sounds like a good reason to avoid Facebook corporate accounts. Just look at the potential lawsuits - my employer required me to share all the intimate details of my social life with Facebook in violation of God knows how many human rights and data protection laws.

5
0

Page:

Forums

Biting the hand that feeds IT © 1998–2017