Posts by sysconfig

BBC "Analysis" on the subject...

The revised bill is expected to reflect the majority of the recommendations made by three Parliamentary committees.

Where recommendations have not been accepted, the government says they would compromise the capabilities of law enforcement and intelligence services.

(Source, about to disappear from the main news page soon)

No wonder that nobody apart from privacy advocates and IT guys complain. Even the TV channel that we are paying for isn't doing a lot to dig into the matter, and the wording is important here. "Would compromise the capabilities of law enforcement" is a very subjective view -- the government's. That phrase could be used to dismiss pretty much all of the recommendations, which I suppose is going to happen anyway, because it's been merely a couple of weeks since they were published.

Clear message to other firms...

As long as fines aren't enforceable against individuals (read: directors, or ex-directors as the case may be), the only message being sent clearly is: If you run that kind of business, make sure to re-distribute your profits quickly elsewhere, so that you can fold, rinse and repeat quickly. That is exactly what's going to happen here, if it hasn't already. The ICO is mistaken if he really thinks that fines against limited companies as a whole (as opposed to individual officers of such an entity) will change a thing.

Edit: How did the debt collection against a nuisance call blocking (and making) company go, dear ICO?

No more olympic swimming pools?

That used to be the measurement du jour on the beeb for quite some time. But I guess nine coaches works better in the scaremongering department than a fraction of a swimming pool.

Let's see...

The customer called TalkTalk with regards to issues with his broadband after the breach. Engineer came around, and then again after that, some rogue would-be engineer knew all the details about the visit, including the engineer's name and the customer's account details.

There's several options here:

* engineer leaked data to rogue third party

* call centre shared data with rogue third party

* rogue third party compromised TalkTalk's network and still had live access to the system used to handle engineer visits after the breach

Given TalkTalk's track record, the last option almost seems most likely. In good old TalkTalk tradition, I expect the next major breach to make headlines within a month or two...

Makes no sense

"arbitrary detention" on the parts of the UK and Sweden, and called for his immediate release

This makes no sense. He hasn't been detained by the UK or Sweden. He skipped bail and arbitrarily detained himself in the Ecuadorian embassy to avoid facing trial relating to rape allegations.

If the US really wanted him so badly, they would have got him before he holed himself up in his Knightsbridge accommodation. The UK and US are closer allies than the Swedes and the US. He would have been safer going to Sweden. (And I wish he had done so, because he wasted a considerable amount of tax money already.)

Why should the UK (or Sweden) compensate him for anything? He was free to leave the embassy at any time. Yes, he would be properly detained for breaching the conditions of his bail, but that's his own fault.

Do the UN have any information in relation to the US's alleged intentions of bringing him there and the UK and Sweden being accomplices in that plot? If that were true, the UN's decision would make more sense. Otherwise it just doesn't.

Ambiguous

Has the "snapshot of SuSE's findings" been edited in any way? Because out of those five points, only one ("high difficulty") seems to be specific to OpenStack. The rest is just talking about private cloud in general terms.

So yeah, sounds like a bit of self-serving PR. OpenStack is quite a messy and constantly evolving affair, so from that point of view I can relate to the criticism of it being highly difficult to implement. Avoiding vendor lock-in is not necessarily a cheap option in the long run. Depends on the use case and scale of the "private cloud" (man I hate this term).

Down here too

They've had increasing latency and packet loss throughout the day, but since around 2pm it's completely unusable (Infinity, south-west Essex).

Plan B, that is Giffgaff 4G tethering here, works well enough for the most important stuff, though.

Quite telling...

...that Windows 8, 8.1 and 10 combined have less than half of Windows 7's market share even though M$ stopped selling new Windows 7 licenses many moons ago and has been forcing Windows 10 down everybody's throat.

If the draft bill really becomes law

...it's a just a question of time until this ends up before the ECHR. The fundamental right to privacy is thoroughly trampled upon with this bill - for everybody in the UK (and quite possibly outside, because when I use VoIP to call people outside of the UK, and therefore generate one of those obscure ICRs, their privacy is indirectly affected too)

So please, if HM Gov want to go ahead with this, do it quick, before Joe and Jane Public will have their say whether or not we'll stay in the EU. I dearly hope the UK population is not going to vote for leaving the EU as that removes safeguards against their own government (namely European courts).

"smart door locks"

Not going to happen. Ever. (In my house, that is.)

If somebody wants to enter my house, there's three options:

- a family member lets them in

- they have a physical key

- they have to forcefully break in

I will not add an attack surface which can be exploited from virtually anywhere and allow burglars to enter the house as if the door was left open, without any physical trace of forced entry. It'll be a hell of a job to explain that to the plod and the insurance!

If smart meters really helped saving energy...

...the energy providers' lobbying efforts would have made sure that they are never going to see the light of day. By definition those who sell energy to us cannot have any interest in reducing the amount of energy we use; it would cut into their profits.

But they are being rolled out, so how do the energy providers benefit?

I suspect that we'll soon see variable tariffs (if they don't exist already) whereby prices go up during peak hours such as 5pm, when people are coming home and would prefer their house to be warmer than outside temperatures; early morning hours, when everybody gets up and ready for work; weekends, when most families are at home. Off-peak times are likely going to be charged at very similar prices than before, increasing overall costs. (Temporarily they may be cheaper; just wait 2-3 years and compare again.)

People who don't pay exactly on time will probably see energy supply remotely switched off, likely incurring an excessive admin fee (clicking a button or having the process automated is definitely worth £50 or so per incident, right?)

And switching providers is going to cost serious money too. "Oh you got a Fucking Stupid Meter 2000? Well sorry sir, we need to install a Seriously Dumb Counter 900 instead. That'll be £50 installation fee, but we can waive that if you commit to our overpriced 48 months contract."

Also, I'm expecting really ridiculously creative offers like: If you only use a certain amount of gas/water/electricity, it will come really cheap, but energy used beyond that allowance will be costing two arms and legs. Much like some mobile/landline tariffs out there.

I know I sound upset. That's because I've been debating this subject with EDF for well over 12 months now. So far they have failed to convince me that the smart meter brings more benefits to the customer than the energy provider. Until they succeed (which they won't), a smart meter is not going to happen unless a law forces me to have one. (Right now they are only working with guidelines and lack of nation-wide standard.)

The new garage will have a flat roof then...

...because the "drive way" is just not the right place for a manned quadcopter.

In all seriousness, though, this makes a lot more sense than autonomous vehicles in the long run.

A Comcast spokesperson said...

"We are reviewing this research and will proactively work with other industry partners and major providers to identify possible solutions that could benefit our customers and the industry."

Hold on a minute. Pro-active can't be the right word, sir. The issue was disclosed to you 2 months ago.

I'm sure affected home owners don't give a toss who you work with and to whose benefit that might be. They want you to fix your crap asap so that can feel a little bit safer in their own houses again. I guess.

...with business banking running at a "significantly reduced capacity"

Yes, zero is indeed a significantly reduced capacity. Trying to log on has been impossible whole day.

Internet of Things...

Whether tiny, small, big or very big "things"... some just shouldn't be connected to the internet at all.

Great

Security standard determined by lowest common demoninator rather than what's necessary to be a useful and reasonably secure standard.

PCI wasn't a particularly strong standard to begin with. Now they're weakening themselves.

It takes about 15 minutes to get a replacement certificate and swap it out. As somebody else suggested above: if they had an incentive, they could do it.

So bottom line is: PCI is weak and has no teeth.

Sometimes you wonder

whether those paying bug bounties in fact only want to see the most obvious flaws discovered (the amount paid seems to indicate that).

Admittedly, it's a thin line, but the guy here discovered an already rumoured flaw (IRC tip-off), and by digging a bit deeper, he also revealed the severity and impact while finding other poor practices (passwords) along the way.

Has he possibly crossed a line? Maybe. But then again he didn't take the keys and went on to sell them. Instead it was immediately clear what Facebook needed to do: Fix the flaw, change all passwords, replace the keys he was able to access.

Rather than pestering him, they should have paid a substantial amount to encourage others to do the work for them. If you make their life miserable and pay them with petty cash, you only discourage the most talented white hat hackers to look at your systems, because they can earn more money elsewhere without being hassled.

The black hat hackers on the other hand will be more encouraged, because they can assume that fewer bugs have been discovered, which means potentially bigger loot for them. And that group of hackers will not tell you what they found. Pastebin will.

What's GCHQ's global turnover?

Of course the same applies to private outfits which are set up for the sole purpose of harassing (cold calling), hoovering up data etc, often hidden in layers of "holdings" and "groups" and practically nada on their balance sheets, or all the entities which keep losing citizens' data.

Turnover alone is a very bad metric to determine fines. But hey, it's a good start, because unless something costs serious money, megacorps will not care.

Free Wifi, health/personal data, GOV involvement...

what could possibly go wrong?

The affair is far from "largely concluded"

Indeed. My Audi is affected. All I got so far from Audi is a letter confirming just that and essentially telling me to sit tight and wait until they have a plan.

In the meantime, the resale value of the car has dropped (not that I don't like the car or want to sell right now, but I have paid more than I should have, given these revelations). Depending on how they intend to go about fixing the issue, the value may drop further (lower MPG, maybe lower BHP, possibly higher taxes based on re-assessed emissions).

So it could be the case that keeping the car costs me more money than it did before, and selling it will lose me money too. Between a rock and a hard place.

The affair cannot possibly be concluded before all owners of affected cars know what exactly VW/Audi plan to do to fix it (how and to which effect), and compensate owners one way or another.

What the...

So exactly one years ago, gov publishes this:

https://www.gov.uk/government/news/maths-and-science-must-be-the-top-priority-in-our-schools-says-prime-minister

(Especially section "World-leading digital and coding")

Now, interest in coding is considered a warning sign for kids to become cyber crims. Well, looks like the government has done their best to criminalise the young generation then. Well done, morons.

/me wonders if politicians (and by extension all sorts of agencies) *ever* think before they open their cake holes these days...

So far they assumed

that roads are always dry and straight, and the sun is shining?

Despite all the progress being made (which is fantastic!), I think there's still a very long way to go until an autonomous car can outsmart a reasonably experienced driver. Tricky road conditions cause a lot of accidents. At least in Blighty you can encounter tricky road conditions even on dry, straight roads and excellent weather! (Some councils make sure of that by not spending any money where it's urgently needed.)