Looks as though you didn't actually read the criteria.
280 posts • joined 20 Dec 2010
I'd just like to put up a little reminder of this article:
Nice story from Wired (linked from the Guardian's report): How to Make Your Own Homemade Clock That Isn't a Bomb.
My Ubuntu system uses bash version 4.3.11(1)-release (says "bash --version"). My executable dates from April 23 (says "ls -l `which bash`).
Yet the test in the article shows my bash (from April) isn't vulnerable to Shell Shock.
The advisory says bash through 4.3 is vulnerable. I'm not entirely clear what "through" means, but evidently some time after 4.3.0, there was a fix released such that 4.3.11 is not vulnerable.
The advisory makes it clear that the recent bug discovery was really made only recently, so I'm very puzzled as to why 4.3.11(1)-release isn't vulnerable.
Was the Shell Shock bug fixed accidentally, somehow, before April 23? Or did someone spot the exposure and quietly patch it over? Who made the fix? Someone at Bash Central, or Debian, or Canonical? Which versions, exactly, after 4.3.0 are not vulnerable?
I think the amount of information given out during and after an outage is inversely proportional to the size of the organisation concerned. Expect nothing from the Beeb, even assuming they know, or will know, the reasons themselves, considering there are practically no in-house techies.
The story says he only recorded the last eight minutes or so. There's nothing great about the quality – you can hear from the room echoes the phone was on speaker and the recording was made with a microphone. Giving the rep some rope? Hardly, when the rep repeatedly interrupted him.
There's a list now on the Open Rights Group blog.
I confess I hadn't heard of most of them, but there was no great surprise about the ones I had heard of. David Davis, of course, and – yet again – Caroline Lucas is a national hero.
The only surprise to me was Nadine Dorries, but I suppose she's nothing left to lose, really.
I think they have a purely financial agenda
That's not true. From http://www.hscic.gov.uk/dles:
The HSCIC is publicly funded and we therefore operate on a cost recovery basis. We do not charge for data itself but do apply charges to cover the costs of processing and delivering our service.Check out the charges. They're not going to make a profit on this.
That the HSCIC actively pursues a technical solution to allow access to data, without the need to release data out of the HSCIC to external organisations.
This. It should be right up at the top of the list of recommendations. Do this, and the other recommendations become less vital, or even irrelevant.
All "clearly identifiable", "anonymised" or "pseudonymised" data should be held strictly on HSCIC premises and equipment, and only processed at arm's length, with incoming queries and outgoing reports strictly vetted by the HSCIC.
All truly aggregate data can be openly published, in accordance with the government's welcome commitment to open data.
There's a prevailing tacit assumption held by many bureaucrats and politicians, which should be challenged, that the only way to handle data is to pass it around on USB sticks, or DVD discs, or something, and process it with Excel. It's this kind of ignorance that leads to unencrypted laptops full of sensitive data being left on trains.
Data's not being sold
The article you reference says:
Who can access the data?So it can be sold.
Information from your Care.data record will be made available to organisations within the NHS (such as commissioning bodies) but also outside of the NHS, potentially (subject to approval) to pharmaceutical companies, health charities, universities, hospital trusts, think-tanks and other private companies.
So for me, If I'm mangled in an accident, I want any hospital in the Country to be able pull up my records and see this. I also want my record out there being used in any studies that may help to find medications that bypass my condition.
Your first sentence quoted refers to the SCR; the second to care.data.
One of the disturbing trends that we’ve noticed over the past year is the government justifying data sharing as if it is part of satisfying wider open data policy.
Data sharing is not open data.
Maybe you should have "reached out" to them. Or to the also similarly-named, also independent, Open Rights Group.
Have you seen the BBC News page recently? I can't believe you have. Most of the space is "Features", "Magazine", "Most Popular", and other dumbed-down stuff. What's "Most Popular" right now? The Return of the Dimpled Pint Glass.
One good thing - they block people in the UK from looking at bbc.com, because that's even more dumbed down.
Ouch indeed, if true, but the Campaign Description says (also quoted in the article):
100% of the proceeds will be offered to security researchers. Any leftover funds will be passed on to the OpenSSL Software Foundation. Bugcrowd will administer the bounty at it's [sic] own expense.
Biting the hand that feeds IT © 1998–2019