* Posts by DaLo

621 posts • joined 30 Aug 2012

Page:

Tick, tock motherf... erm, we mean, don't panic over GDPR

DaLo
Silver badge

Re: Up to €20m includes the figure zero

There has to be room for willfulness. So Talk Talk were heavily fined but it seemed to be for sheer incompetence.

The £500K fine would be for a company who made a decision to act recklessly or even criminally with data and were found out.

With the new fines I think there will be more emphasis on hurting the company's bottom line and will be relative to the size of the company but will still have a major element of whether it was premeditated or not.

2
0
DaLo
Silver badge

Sure, but until you see where the grey areas are you can't tell whether you are sitting in them or not. Most companies can't afford to be the one who is party to the proceedings that create the case law.

2
0
DaLo
Silver badge

So, does anyone know when the first draft will be published (or is it accessible somewhere now)? BBC were saying it would be published today but it now seems that it was just a proposal that was published today. It had also been stated that it was due in September.

There are important nuances and ambiguities with the current EU GDPR wording that might be a bit clearer in the published Bill so it would be useful to get some idea of the actual wording before too long.

0
0

Missed patch caused Equifax data breach

DaLo
Silver badge

Re: Typical problem of many large organizations

"This release addresses one potential security vulnerability:

Possible Remote Code Execution when performing file upload based on Jakarta Multipart parser"

"Namely, no explicit mention of the CVE fixed in the release, making it relatively easy for a busy admin - with several dozen packages status monitor, to downgrade the update from must do to 'pending'."

Hmm, Remote Code Execution would make any sysadmin's ears prick up. Anything that has a possibility of remote code execution needs to be investigated for risk asap and should get it straight into the "must do" pile.

4
0

UK Data Protection Bill lands: Oh dear, security researchers – where's your exemption?

DaLo
Silver badge

It also seems that Direct Marketing and Data Sharing have no clarity. The Bill states that the ICO must come up with a code of practice for each at some point and then have it approved by parliament, but failure to follow those guidelines does not make the company liable to prosecution.

Almost sounds like - "we're running out of time for this complex part where everyone is lobbying us and threatening to withhold their party contributions, we'll just pass the buck and deal with it later".

2
0
DaLo
Silver badge

Re: [an offense of] altering personal data in a way to prevent it being disclosed.

"I think that's it"

Nope. It is section 163

"It is an offence for a person listed in subsection (4) to alter, deface, block, erase, destroy or conceal information with the intention of preventing disclosure of all or part of the information that the person making the request would have been entitled to receive."

i.e if you get a valid data subject access request you must not change or withhold any of that data before giving it to the data subject.

4
0

Apple’s facial recognition: Well, it is more secure for the, er, sleeping user

DaLo
Silver badge

"...it would actually just be pronounced "Windows Neun" by any German speaker."

Yeah, I can see why that would really annoy Apple.

1
0

UK's new Data Protection Bill will be 'liberal' not 'libertarian', says digi minister

DaLo
Silver badge

I just hope they provide a bit less ambiguity to the 'Legitimate Interests' clause. Some commentators are taking that to mean - as long as I have (our company has) a legitimate interest (our interest) in doing it we don't need consent.

other commentators are saying that this is extremely narrow and only when explicit consent would have been impossible. I suspect the meaning should be the latter and very narrow. However it was also muddied by recital 47 which stated "The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest." which has caused major confusion. Everything seems so clear and quite black and white and then they throw this curve ball.

I can only think this was included as a lobbying measure. There's been a lot of commentary about it but the most informed seem to suggest that direct marketing when the is no explicit consent is not allowed as a rule.

Hopefully the DPB will clear all this up - I doubt it and looking at the IP/Cookie thing could cause even more confusion.

3
0

El Reg is hiring an intern. Here's the lowdown...

DaLo
Silver badge

Re: If I were 30yrs younger

But surely if you have sufficient experience and skills, you could just apply for a real job with them?

3
0

'Don't Google Google, Googling Google is wrong', says Google

DaLo
Silver badge

Re: September 13, 2017

True but at least it is unambiguous. It is ridiculous that it still isn't standardised to use yyyymmdd with or without hyphens or colons. The amount of times I've either been struggling to find a log entry only to realise the date format hasn't been localised or I have to scroll down out of the single digit dates to see what format they are using [fragmentation, consider re-writing]

Similar for times when using a cloudy service.[don't use nouns as adjectives] Are they local to the cloud, are they local are they UTC?[Rhetorical, avoid]

23
0

ICO slaps cab app chaps for 10-day spam crap

DaLo
Silver badge

Not the greatest business move?

Why would a cab company give details of its customers to a firm that will then use them to get them to use a service to recommend a cheaper cab company.

Not just a bad move from a privacy point of view but also a bad move in understanding the value of your own customer base.

6
0

Equifax mega-leak: Security wonks smack firm over breach notification plan

DaLo
Silver badge

Re: Go to the organ grinder..

However this shouldn't be allowed after 25th May 2018 as the UK version of GDPR will be in place. You can refuse to have your data shared with Equifax and the company involved cannot withhold a product from you unless they can prove it is required for the purposes of fulfilling a contract.

they may be able to claim justification for the contract bit in gaining your credit profile but them creating extra information beyond that on your profile or the credit reference agency utilising it for marketing or selling it would not be allowed.

8
0

SpaceX X-37B launch

DaLo
Silver badge

SpaceX X-37B launch

Just watching that live launch. Pretty amazing, it looks so routine. Even with a hurricane bearing down in the next couple of days, it just seemed a case of popping it up before things get a bit too windy.

Oh, we'll just land the first stage perfectly back on land again.

Impressive stuff, looks like a lot more government and military contracts might head Elon's way.

0
0

It's official: Users navigate flat UI designs 22 per cent slower

DaLo
Silver badge

"Microsoft MUST have ..."

You've not used Visual Studio have you?

16
0
DaLo
Silver badge

UX testing can be performed on 71 users and give very good correlation.

It depends on the tests, the question/task set etc and the diversity of the pool of users (e.g. you couldn't ask 100 people in a pensioner home to carry out a task and think it applies to the whole population). This is very different from a statistical survey based upon opinion.

UX testing with a pool of just 5 users can provide sufficient result for your own apps to be clear about consensus if you have a clear problem you are trying to address. It may not suffice for a general subjective or opinion based question about your website or app.

Heatmap testing general requires around 40~50 participants.

81
2

Asterisk RTP bug worse than first thought: Think intercepted streams

DaLo
Silver badge

Re: Alternatives?

Every piece of modern software is insecure - the only difference is the vulnerabilities haven't been found yet.

3
1

Rolling in personally identifiable data? It's a bit of a minefield if you don't keep your feet

DaLo
Silver badge

Re: Just wondering

Chapter 3 of the GDPR asserts your rights as a data subject. There is very little, as with all regulations, saying exactly what you can and cannot do. So having a 'no reply' e-mail address would not in itself be forbidden.

However easy access to your data, to rectify your data and to erase your data is required. In the best case this would be via a control panel that the user can access to do all this and for companies with a significant number of requests this may also become a necessity. Other than that the data subject would need another way of easily completing this, that doesn't require jumping through hoop sor fees.

The issue will be companies from outside the EU - trying to find the source of the data transfer, which may have happened many years ago will be hard. If they aren't trying to sell you an EU product or Service you will still get the same amount of spam as before.

After the 25th May 2018 I would suggest a good use of the + email extension to allow you to tag every e-mail address given out with a unique reference or the company name. Even better your own mail domain with a different e-mail address for every company you deal with. That way the source of any data transfers will be obvious and you can ask the ICO to fine them 2% (maybe even 4%) of their turnover. Or maybe even just threaten them with the ICO unless they give you substantial compensation.

0
0
DaLo
Silver badge

Re: Just wondering

Oh and it can't just be part of the terms and conditions, it must be more explicit about what you are consenting and also a service can't usually be limited if you choose to decline.

2
0
DaLo
Silver badge

Article doesn't clear much up but muddies it further.

If anyone is using this article for their own research then I would recommend a lot of extra reading. For instance

"This said, though, explicit consent isn't always required. According to Article 6 of GDPR processing, PII is legitimate (albeit with a couple of caveats) if: "processing is necessary for the purposes of the legitimate interests pursued by the controller". If you want to buy something from my online store it would be daft if I was obliged to ask you explicitly for permission to use your card number to take payment and your address to post you the goods."

However the legitimate interests is a sub section 6(1)(f) and states ...

“processing is necessary for the purposes of the legitimate

interests pursued by the controller or by a third party, except

where such interests are overridden by the interests or

fundamental rights and freedoms of the data subject which

require protection of personal data, in particular where the data

subject is a child.”

The caveats are key as anything as absolutely necessary to function (e.g. not marketing) would not be in the interests of the data subject. The data collected and processed would need to be the absolute minimum with a clear assessment of why data was included. This section also does not apply to public bodies.

The actual sub section for dealing with a shop customer is 6(1)(b)

" processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;"

Which covers the minimum needed to capture customer data to make a sale. This may well stop shops asking for your address when buying over the counter for instance - also it should stop shops in airports requiring your boarding pass when you aren't buying duty free goods.

There are some critical issues relating to the GDPR that may make significant changes to the way companies operate. WIth the ruling that IP addresses can be PII, this can affect everything from weblogs, analytics and intrusion detection systems. It may be hard to justify intrusion detection as a legitimate interest if you have never had an attack but have been merrily hoovering up IP addresses of everyone who visits your website. Also call centres would no longer be able to automatically record calls apart from some industries which may have a legal obligation. They will have to give the caller an option at the beginning of the call, which will have to be auditable.

Also remember the actual bill has not yet been published so we only know the minimum that will be in the bill not all the clauses it will contain.

6
0
DaLo
Silver badge

Re: Just wondering

Unless you explicitly asked to have them anyway then they would no longer be able to send them in the first place after 25th May 2018. Only subjects who have given consent equivalent to GDPR can have their data processed for those purposes. So unless you ticked a box to say that you wanted to receive those, they would not be able to be sent to you.

4
0

Japanese sat tech sinks Sea Shepherd anti-whaling activists' hopes

DaLo
Silver badge

@gandalfcn

You seem like you could bring some useful information to the thread but being so aggressive in tone just makes you out to be a tetchy idiot.

Calm down, it's just an IT forum.

17
0

Vodafone customers moan about sluggish data abroad

DaLo
Silver badge

Re: Blame placement

Three did the same thing a while back. Three's 'At Home' service worked great for a while but then it slowed to a crawl. Even loading a page of Google search results was unusable.

After quite I did quite a bit of testing - 6 different countries, hundreds of different cell towers, multiple foreign telcos the results were the same. A local SIM had no problem and a roaming SIM from a different network had no problem. It was HTTPS page that were being crippled along with high-bandwidth pages like streaming video. So bing.com worked fine but as Google defaulted to HTTPS it didn't.

Even with this 'evidence' Three stated it was the local providers who may have poor data throughput but Three weren't doing any throttling. They obviously were - due to not being able to see the traffic in SSL secured streams they must have taken the decision to throttle it to unusable levels. So transferring money from your bank account when you realised you needed some more while abroad wasn't possible until you got onto WiFi. It eventually resolved itself!

I suspect a similar problem.

6
0

Kremlin's hackers 'wield stolen NSA exploit to spy on hotel guests in Europe, Mid East'

DaLo
Silver badge

Re: WordPad

You seem to be confusing a number of topics. CMYK splitting isn't a feature of PDFs - they can hold any number of image and colour formats formats. Neither is more compatible or less compatible. RGB works better for screen, CMYK can work better with some printing (but not necessarily). As most images will start their life as RGB then who does the conversion to CMYK can be have pros and cons. Almost everything will 'automagically' eventually convert to CMYK. Whether you leave it up to your printer, your print driver or do it in pre-process is up to you. A decent print shop will be using the colour space and profiles of the actual proofer and final print machine so it may be beneficial to leave the splitting to an experienced print shop who will be able to match your RGB colour space to CMYK far better than you can using standard sRGB color profiles.

The fact that you state that InDesign creates 'fully compliant' PDFs shows that you don't need to use Acrobat or Adobe Reader as you stated.

A PDF is also very easy to edit you can load it into something like Indesign or Inkscape and edit away.

If you believe that your print shop will use your original files as they want to commit nefarious acts with your files and edit them to insert messages in them then you should find a better print shop. Most people who do printing will have a long and good relationship with their print shop and will not have such paranoia. Also if you do have a trusted print shop who have the original files they can often fix composition errors, bleeds trims and print marks and cater for issues with paperweights or types that even some of the best graphic designers get confused about.

However the fact still remains that you can get exact PDF reproduction for passing documents around using any number of PDF readers, none of which are relevant to print shop work. They don't need to touch Adobe software, let alone Acrobat or Adobe Reader, for creation or viewing and the result can be exactly the same if not better. Once you have created a PDF you also have no say in what is used to view it.

0
0
DaLo
Silver badge

Re: WordPad

But who would create print ready proofs in Acrobat? Surely you would use your DTP or graphics software (InDesign etc) and choose your export format based upon your printer's requirements. If that was PDF then your software would create a pdf from that. You would send it as a PDF and they would use whatever tool they wanted to import the PDF and set it up for printing. You wouldn't know what tool they were going to use to open the PDF for printing.

More often than not they would ask for the original binary file, such as an indesign file and set printing up directly from that.

Generally, other than font issues a PDF is a PDF and will display the same. It is an open ISO standard and the extensions are just that, extensions. They won't affect layout, they are used mainly for forms, annotations and for 'insecure stuff', javascript/attachments etc. (Acrobat is often used for creating PDF forms)

If it is stored as PDF/A then there is unlikely to be any incompatibilities.

1
0
DaLo
Silver badge

Re: WordPad

"The solution for circulating "complex" documents is usually Adobe Reader and that's a security nightmare too."

Shome mishtake, shurely? They might be circulated using PDF, the tool used to read the PDF is up to the end user but definitely does not have to be Adobe Reader and many safer alternatives can readily be found.

1
0

South London: Rats! The rodents have killed the internet

DaLo
Silver badge

Re: It doesn't matter.

It may be the case that they can, but I've never had a rodent eat through armoured fibre but I have lost loads of Copper Twisted Pair cabling due to various animals eating through them.

At a difference of a few pennies per metre for armoured fibre it is used for most outdoor runs that we do.

In fact I would be interested in some citations about rats being able to chew through steel, aluminium possibly but steel seems a stretch.

6
0
DaLo
Silver badge

Hmm, I thought it was standard practice to run armoured for all outdoor runs. The price difference has never been much for the runs we do.

5
0
DaLo
Silver badge

Oh damn, we've only ever had issues with various rodents chewing through ethernet twisted pair cable. The fibre has always seemed to be immune. If they are getting a taste for fibre as well then it makes life a lot more difficult.

I wonder what armour they had on these cables?

4
0

What's your point, caller? Oracle fiddles with major database release cycle numbers

DaLo
Silver badge

"The shift between 12.1.0.1 to 12.1.0.2 introduced 13,000 fixes as well as “huge and important new features such as Oracle In-Memory”, he said..."

Ah yes, the small point release that could have cost you tens of thousands of dollars.

https://www.theregister.co.uk/2014/07/24/oracle_in_memory_database_feature/>https://www.theregister.co.uk/2014/07/24/oracle_in_memory_database_feature/

3
0

Horsemen of the disk-drive apocalypse will ride upon 256TB SSDs

DaLo
Silver badge

Re: Confused editor?

SSD ≠ Disk. The author stated that 100TB HDD have little chance of reaching us in the next few years whereas SSD with >100TB have already been announced.

The author has now corrected higher to lower WRT rack space, power and cooling.

3
0
DaLo
Silver badge

Re: SSD is fine - while it works

SSDs also have early warning of failure. Similar to the SMART disk failure prediction. However, if you have a NAS just back up to it regularly anyway and then you would be covered in the event of a failure (even a continuous sync with versioning - in case of 'ransomware').

It's quite reasonable with the price and size of SSDs to run them in RAID1 even for the home user - even laptops can generally take two drives from my experience. If you are clever you can also use one drive for a year before adding a second to ensure that the MTBF will not coincide on the two devices (or swap the second drive out to a new machine after a year or two)

6
0

Man facing $17.5m HPE fraud case has contempt sentence cut by Court of Appeal

DaLo
Silver badge

Re: Automatic halving of sentence

It's because there is no facility to extend a sentence unless another crime has been committed or new evidence received and it is returned to court.

Therefore you can't hand down a 9 month sentence but if they a very badly behaving prisoner extend it to 18 months. SO the court first doubles it to 18 months and then you can halve it for good behaviour or other circumstances. There are a few sentences which automatically qualify for a half life and a few that qualify for full term.

However it is in the prison service's (government's) interest to have well behaving prisoners who are let out of their very expensive prison cells and back into the wider world with as little hassle as possible. The prison system is much cheaper to run that way.

2
0

European MPs push for right to repair rules

DaLo
Silver badge

"and LEDs that likewise can't be replaced"

Can't remember the last time I had an LED die in a product where I would have wished to replace it. In fact I can't see how they could accomplish this as they will always be soldered in in nearly every product.

...hmm unless the author meant phone screens, LCD/OLED etc?

14
0

Say hello to Dvmap: The first Android malware with code injection

DaLo
Silver badge

Game: colourblock

Developer: Retgumhoap Kanumep

Source - the linked article with the full details of the whole infection process.

8
0

US laptops-on-planes ban may extend to flights from ALL nations

DaLo
Silver badge
Facepalm

"...however copying the same amount of files from my phone over that pretence at a usable data-transfer protocol called MTP would take at least 24 hours - despite the SD card being able to sustain 100+ MB/second for reads..."

If your data is on an SD card why would they try to get the data off over MTP?

5
0

Self-driving car devs face 6-month backlog on vital $85,000 LIDAR kit

DaLo
Silver badge

I was going to enter the self driving car business...

... but now I've read this line "... if you want to enter this space, and take on the likes of Waymo and BMW and Ford, you'll need deep pockets – tens of thousands of dollars per test vehicle" I'm not going to bother.

If I'd known it was going to cost me tens of thousands of dollars for a test vehicle I wouldn't have even considered this idea. I just don't have pockets that deep.

8
0

UK hospital meltdown after ransomware worm uses NSA vuln to raid IT

DaLo
Silver badge

I presume the running of exe from temp is for users only (non-PC admin). MSI and windows update require admin privileges.

However, the initial file is a PDF/Word doc that can create a non-PE file that could still encrypt files, or scan for an executable-allowed directory. Or they use a vulnerability in existing software that then uses privilege escalation - like the recent windows SMB bug.

1
0

New MH370 analysis again says we looked in the wrong places

DaLo
Silver badge

Re: Still no changes

Yes, exactly. You don't need the cable as it would probably snag and pull the buoy under. If it can signal immediately then you know where it crashed. If it needs to be detected by a local observer then you can calculate drift fairly reliably over a short period of time.

Either way it would be found within hours, not after some flotsam arrives on an island and you have to work out approximate drift patterns over the last x months.

4
0
DaLo
Silver badge

Still no changes

Even though there were a few planes in sea incidents and the highest likelihood that an international flight that crashes mid flight will land in the sea, why not create a simple search solution.

A mechanically operated pressure release switch* which will release a floating marker/battery operated distress buoy when it detects it is more than 10m underwater.

Having the marker signal stay hundreds of metres underwater with the plane and a 30 day countdown just make the chances of finding it sooo much harder.

*one that can't be disabled from the cockpit and doesn't rely on electric to operate.

8
1

Drunk user blow-dried laptop after dog lifted its leg over the keyboard

DaLo
Silver badge

Re: Ah, but progress...

Many laptops have fairly water resistant keyboards. If you spill something on them, rapidly unplug all connections and immediately turn them on their side (sometimes upside down depending on manufacturer).

Once you've done that pull the battery and proceed to remove the hard drive (yeah you won't get a clean shutdown but you're probably not running the companies ERP server from your laptop).

If it was something sticky and you aren't totally short of cash to buy a new one if it fails then spray water up at the keyboard to wash it out. If you are short of cash, with the laptop upside down, disassemble it and remove the keyboard (normally only a few screws and a couple of catches). Then wash the keyboard in warm soapy water, rinse and dry thoroughly. Dab the empty keyboard recess of the laptop with damp then dry paper towel.

Even though there is still a battery for the BIOS, quick action will usually save a modern laptop almost everytime.

No too dissimilar for a mobile phone - pull the battery (err, if you can else turn off) immediately then shake out excess water and chuck it in a bowl of rice, completely covered and put in a very warm area/on top of radiator for 24-48 hours.

6
0

Profit with just one infection! Crook sells ransomware for $175

DaLo
Silver badge

"...we just sort of look bemusedly at people who have these problems"

Others realise that they need greater RPO/RTO than tapes can deliver, need more flexibility, capacity, less manual intervention for a lower cost and want to be able to mount backups as VMs anywhere near instantly and get better than a simple verify check to ensure that their backups are consistent and databases mountable.

It is those people who look bemusedly at people who use tapes as a daily backup and not as an archiving tool and use a well configured, redundant and secure disk based backup system.

0
0

Android O my god! It's finally here (for devs)

DaLo
Silver badge

Probably not but it is an api for apps, so it is up to WhatsApp how they implement it.

0
0

Nokia blasts 250 Gbps across Atlantic in optical test for Facebook

DaLo
Silver badge

If you abbreviate a sentence so that it becomes nonsense then I would suggest the abbreviated form is not a good one.

How about "... in a field trial that showed off 200 Gbps and 250 Gbps using different wavelengths on a 5,500 km link"?

0
0
DaLo
Silver badge
FAIL

"...200 Gbps and 250 Gbps wavelengths..."

Interesting measure of wavelengths.

3
0

SpaceX yoinks $96m GPS launch deal from under ULA's nose

DaLo
Silver badge

Re: Strangley specific cost

In the 1850s Everest was measured to be exactly 29,000 ft. However it was changed to 29,002 ft so it didn't look like the recorded height was a vague/approximate measurement.

P.S. The actual height using modern instruments is 29,029 ft, so the original measurement, using theodolites and very difficult conditions, was remarkably close.

4
0
DaLo
Silver badge

Re: Supposed to launch in 2024?

And of course, having a helicopter hovering over a 'chute will not upset it at all. It will continue to glide down nicely as you snag it?

Anyone who has stood under a large Sikorsky will attest to the rather unsettling airflow that engages you.

0
0
DaLo
Silver badge

Re: SpaceX Development

"Hopefully in the next few months we'll get to see an actual launch on a recovered booster."

Next couple of weeks!

2
0

1.37bn records from somewhere to leak on Monday

DaLo
Silver badge

Re: So what's next?

" Has law enforcement been involved, can the police actually do something, will they actually do something, what?"

From the article:

Law enforcement was informed about the breach and the questionable activities it exposed. However, we cannot discuss those elements, because the agencies involved cannot comment on pending or ongoing investigations.

0
0
DaLo
Silver badge

Re: why would you believe a government "statement"

SteveD3 has confirmed it is not the Indian DB.

https://twitter.com/SteveD3/status/838321094146797569

2
0

UK's Virgin Media subscribers suffer fresh email blocking misery

DaLo
Silver badge

It may work for individual organisations, but when large ISPs start to use it (and especially when they publish that this is what they are using), how long will it still work?

3
0

Page:

Forums

Biting the hand that feeds IT © 1998–2017