* Posts by Halfmad

561 posts • joined 16 Jan 2013


IBM: ALL travel must be approved now, and shut up about the copter


Re: Again

It'll be sold as a brand and used in future years to flog products made by others. Wait? erm, I'll get back to you.

UK trigger-happy over fines for data breaches compared with Europe


As it's almost entirely dependent on self-reporting I'm willing to bet a lot of it is down to companies just not owning up. The UK public sector is particularly good at reporting itself to the ICO quickly, within hours usually, knowing that if it does so there's far less chance of a monetary penalty at the end of it.

Whoops! Microsoft accidentally lets out a mobile-'bricking' OS update


Well on the brightside

At least it's more secure now.

UK council fined £150k for publishing traveller family's personal data


Re: Named council employees?

As the guy who works in public sector at the moment and who reports my organisation to the ICO when there's a breach I'd love for staff to face disciplinary when it happens. I rarely see that though.

Mistakes happen, genuine "shit I sent that to the wrong person" mistakes, should people lose their job over it? Well personally I think that should always be an option when they've caused actual harm by their actions. However I have yet to see it happen.

Staff names are typically removed from reports the ICO get, I'd love them to demand those and public those involved. My name will be on the ICO multiple times - as the person reporting it and the contact for the organisation, but others should be up there for having been held responsible for the breach.

This shouldn't just be the chief execs though, it has to include those who have direct line management responsibility if training was permitted to slip, if policies were not up to date and staff not aware of them etc. Putting a single name up won't be enough, it has to be the "chain of command" from top to bottom that could have prevented it.

There are also typically prosecutions that could be brought but again never are. Section 55 of the DPA is one such area but there are many others - we simply done' hold people accountable, but then again we don't for virus infections either even when it's personal USB sticks brought in from home - because the organisation should simply have tools to block those working right?

But surely if that sort of thing isn't permitted by policy (rules of your employment essentially) then you should be sacked for doing it?

IT breaches in general are seen as trivial when it comes to disciplinary action, I've seen people hit far harder for mistakes on their time sheets or breaking a window by accident..


Re: Grrrr

NO but what those at the top can do is fire people for gross misconduct or have HR policies written to state that a breach will be handled as gross misconduct.

It never is though.


Re: Grrrr

Your argument makes little sense, if you've ever been involved in a breach you'd know that it's typically down to one persons mistake initially then a series of mistakes over the course of the next few days as people try to cover it up. The "best" breaches are those where staff put their hands up so you can try to contain and get control back over that information (usually not possible, but sometimes it is), you can then notify the ICO and you can talk to those involved most importantly the data subjects who's information has been spewed.

In terms of "taxpayer coughing up" the monetary penalty goes from the council to central government, it doesn't go to the ICO and then essentially through loans etc to councils will end up back there eventually.

The public need to start understanding that public sector organisations, (especially the NHS - and I'm excluding GPs as those are PRIVATE contractors) are very good at self-reporting to the ICO. This is why the stats typically show that the public sector are AWFUL at handling information but in reality they are generally better than private firms, just that they are far happier to notify the ICO when something happens.

Having worked in private and public sector over the past 25 years I can honestly say I've personally reported my organisations to the ICO half a dozen times, yet never had approval from private companies to do so - even when the incident was arguably far, far worse. It comes down to money and lack of "give a toss" about data subjects.

Acronis adds automated ransomware protection to latest Backup version


Re: True Image?


I think you mean "feature rich" !

BT considers scrapping 'gold-plated' pensions in bid to plug £14bn deficit


Yeah but they don't want to have to put that money into the pension scheme they've been managing for years do they? Let's just reduce the payments to those who have been paying into this scheme the company agreed to manage.

Cos that's fair, right? :-/


Much like my pension, which I'll likely never get.

Yet I've been paying in at a higher rate than any of those currently retired, the pension age will keep increasing and I'll probably die before it.

The country as a whole needs to take pension funding more seriously, for starters they should NEVER be allowed to run in deficit.

'Major incident' at Capita data centre: Multiple services still knackered


Thing is with these companies that although they may include agreeing to have failover sites etc when sh!t happens and those don't work they just say "hey sorry, won't happen until the next time it happens" and as the NHS is f*cking awful at contract law they have no monetary clause to hammer them with.

Seen this so often in the past 10 years.

‪WannaCry‬pt ransomware note likely written by Google Translate-using Chinese speakers


Re: More to the point

Well tells them an IP, might not tell them where the people actually were though.

Info commish: One year to go and businesses still not ready for GDPR


Re: Pointless fines

I've been saying this for years but it also has to apply to public sector organisations, as right now they get fined - they go to government ask for a loan for that amount (since it's the government who essentially fined them anyway) and they are back to square one.

Public sector are great at reporting themselves compared to private companies but they also have nothing personally to lose, we need to change that for directors and chief execs.

IT firms guilty of blasting customers with soul-numbing canned music


I don't mind beeps, I don't mind music.

Just don't keep me hanging on for 30 minutes telling me every 30 seconds how ******** important my call is whilst I'm 305th in the queue also sort out the damn volume level between that message and the music so I'm not deafened by one or the other, then unable to immediately hear the call handler who's whispering in afterwards.

Gig economy tech giants are 'free riding' on the welfare state, say MPs


Re: 'worker' status to the drivers

Autonomous vehicles will need R&D and more frequently - maintenance. You can also bet your behind that the government will come up with new ways to extract money from them in new taxes etc.

UK outsourcing market hits record levels


Re: This is where the lack of training and head hunting ethos has got companies.

You could say the same for any department which is generally not "front of house" such as information security, information governance, cleaning, estates/facilities management, HR, occupational health etc.

They are all being outsourced where possible to "save money" but in reality I doubt any money at all is saved and the service is usually poorer and less flexible as a result.

Oh lordy, WD just SCHOOLED Seagate in running a disk drive biz


Pepperidge Farm remembers

When Seagate drives were considered some of the quietest, reliable drives on the market.

Them were the days, long gone now.

Don't stop me! Why Microsoft's inevitable browser irrelevance isn't


Re: My work Windows 7

If they have sites that only work on older browsers go to IE11 and use Browsium.

While Facebook reinvents Sadville, we still dream of flying cars


Re: Flying cars? Pft.

Why the f*ck would I want them flying above my house? Not like they'll be restricted to specific routes and of course the governance for it will take years and start happening properly AFTER it's started and AFTER several high profile crashes no doubt.

PC sales are up across Europe. You read that right. PC sales are up


Re: Brexit or not...

It's not cretinous to not know about computers especially since many of those buying them for grand children didn't have access to them until they were well into adulthood. I'm sure a few of them could teach our millennials a few things about how even modern car engines worked as they are far more likely to have had to get their hands dirty maintaining their own car.

Using the wrong terminology is one thing, fact is they knew what they meant - storage space as that's typically what's marketed as good as it holds all the kids "college work", it's not as if other goods aren't marketed as equally daft at times, cars for example are typically done on fuel efficiency none of us ever see and on glamour when it's a tool most of us don't think twice about until it breaks.

Police Scotland and Accenture were at odds over ill-fated IT project i6


Re: "at odds"?

Quite impressed that the Police had a contract sewn up like that, good on them - now if only whitehall could start doing that.


There's ideas being mooted of merging some of the remaining health boards and/or potentially parts of councils too. I can see the merit in some of it, but as always with IT there's a lot of contracts which need to expire etc for it to start happening without a huge amount set aside for buying out/penalty clauses.

What I don't get is why England can't do something similar, if anything everything there is becoming more fragmented year on year.


Re: £46m to save £20m PA.

It's likely more complicated than that, infrastructure will be quite different from one area to another and changing that can cost a lot of money and require existing contacts to expire first.

Flaws found in Linksys routers that could be used to create a botnet


Smart eh?

It's always the smart ones which are dumb.

Have we got a new, hip compound IT phrase for you! Enter... UserDev


Re: Success!

Not security, training and likely not following policy.

No, Microsoft is not 'killing Windows 10 Mobile'


They don't have to kill it off.

It'll die on it's own.

Free health apps laugh in the face of privacy, sell your wheezing data


You'd at least think they'd want to stifle the competition for it..

Londoners will be trialling driverless cars in pedestrianised area


Re: Make use of...

Personally I have nothing against cyclists, I do however hate this them v us attitude from both sides. I live in a fairly rural community and what really grinds my gears (insert Peter Griffin here) is that planning it done almost entirely focused on cities when cycling clubs won't go out in the city for fun, they'll head to rural roads, as will family groups. Those are generally very poorly catered for, yeah you can get to cycling routes, if you shove your bikes on a car first.

There's shit cyclists, there's shit drivers and there's shit pedestrians. The sooner we tackle the main problem - namely many of us having to commute for a job we could likely do at home the sooner we'd all be a little happier. productive and fatter.. I mean less stressed.

Consumers go off PCs as global shipments continue their decline


Re: Yet again...

I also find I'm increasingly being asked to build PCs for people, they may not have the confidence to do it themselves so just want me to hang out and double check things for them. I've no problem doing this as I'm the sort these days who says "I'm not private IT support" and I stick to that. But I'm happy to help give them confidence to tackle their build.

I've recently helped my 71 year old dad build his first gaming PC, he was bored after my mother died last year and he's gotten right into Skyrim and the Total War series since (with a bit of rocket league thrown in).

He was able to build the PC he wanted, with the monitor he wanted etc and without software he didn't want or pressure to buy "tech support" etc during the after sales pitch.

Company wise we still replace PCs in a cycle, which I think is increasingly mad and even our directors are starting to see it that way, PC slow? shove in another gig of RAM if it's a 64bit OS and an SSD, job done 99% of the time.

HMRC beer duty bungle leaves breweries struggling to pay online


I'm disappointed that El'Reg didn't jump on that one to be honest.

Ford to build own data centre to store connected car data


200PB by 2021..

That's a lot of "where our customers have been" data.

Security co-operation unlikely to change post Brexit, despite threats


That's not what was said, essentially it's a case of "we won't be able to share information unless we have an agreement to share information", that sharing is two way.

It's stating the bloody obvious.

How to leak data from an air-gapped PC – using, er, a humble scanner


Morse code by clicking a pen, that's my bet.

Creators Update gives Windows 10 a bit of an Edge, but some old annoyances remain


I'm only here for the MS hate.. but

I quite like Windows 10, I just wish they'd stop all the bullshit with it. As a core operating system it's fine for most users and it's relatively easy to support.

But my god can cortana get to ****.

FYI Docs.com users: You may have leaked passwords, personal info – thousands have


Re: Wait, so ....

The entire point of the site is to share information and showcase it - I think that's potentially the problem, people have treated it like a dropbox alternative instead.

BT hit with £42m fine for Ethernet compensation delays to competitors


How incredibly convenient

That this news comes out shortly AFTER a decision is made not to completely split BT from Openreach, one may ponder why it wasn't announced just a few weeks ago where it would have been seen as a fairly damning indictment of the way the two work together (but totally don't, no way, not at all.)

Microsoft delivers secure China-only cut of Windows 10


Re: So...

A choice, like the EU browser choice window only country flags showing who you want your data to be shared with first. I'd suggest making the US flag into the shape of the old IE logo and forcing it to be default anyway.

World's worst botnet fiends switch from ransomware to stock scam spam


Re: We are no longer the botnet called Ni!

You should consider moving to SHHHHH!!2! ASAP AC!

London councils seek assurance over Capita's India offshoring plans


Being alert is one thing, giving a damn is another. They'll start caring when the first council is hauled over hot coals for breaching it, assuming the ICO actually uses it's new teeth.

UK's Association of British Travel Agents cops to data breach


Re: Dumbing down?

As it was outsourced I doubt they'd know themselves.


Re: Perhaps another approach...

It'd help if they stopped storing compressed images of the letters etc on a public facing web server too.

How UK’s GDPR law might not be judged 'adequate'



random doesn't mean unannounced.

Fire brigade called to free man's bits from titanium ring's grip


That image

Never has the el 'reg put such an appropriate image on an article, bravo!

*continues crossing his legs*

Apple urged to legalize code injection: Let apps do JavaScript hot-fixes


Legalize ?

Don't you mean facilitate? or at a stretch simply approve?

Petya ransomware returns, wrapped in extra VX nastiness


Re: Priorities

Hospitals are only the "losers" if local IT don't have appropriate backups running and local/network permissions set properly. At worse ransomware should encrypt local docs and shares the user has access too - that's assuming it gets past firewalls/sandboxing/AV and malware protection and application whitelisting etc.

Restoring a few folders is the bread and butter of most sysadmin roles, hardly a big deal and that's the WORSE case scenario in a well run IT department.

Proper application whitelisting alone massively reduces randomware infections on it's own.

UK to block Kodi pirates in real-time: Saturday kick-off


Re: Why the obsession with Kodi?

Latest media obsession, expect Rory Kettle-on Jones on the BBC to catch up in about 6 months and still manage to get a few mentions of Apple in whilst writing about it.


Re: Meh

I prefer the term "Sniperdeathball" as that's what it looks like when they dive.

Scott McNealy: Your data is safer with marketers than governments


No it's bloody not.

The government (and people usually throw the NHS into that) self report to the ICO far, far more than any private companies do. That's a fact.

Just because they aren't reporting themselves doesn't mean breaches don't happen, they are merely more worried about bad PR than public employees, many of whom would report to the ICO even if their bosses told them not to (sorry MPs!).

Spy satellite scientist sent down for a year for stowing secrets at home


Re: It will happen this way...

Paper is exceptionally easy to sneak out of buildings especially if done over the course of several years. They only found 500-600 pages by the sounds of it, doesn't mean that's all of it.

As for them "missing" the 500 page set the first time around, there's nothing to say it was in the house at the time or if after the first search he thought "well that's that - let's get my own back".

Bottom line is we don't know enough about the discrimination case or investigation to draw any real conclusion.

User lubed PC with butter, because pressing a button didn't work


There's a balance to be had with IT, I'm sure those who have worked in IT departments know this, there are always bad eggs (like every department).

If the organisation hero-worships IT then it'll never work properly, the bad eggs will do next to nothing and consider themselves above the rules that apply to other stuff. If the organisation treats IT like sh!t, they'll only have poor staff and a high turn over of decent workers.

Personally I think IT should always be treated like any core service department, it's given the funds it needs but oversight is fairly strict, importantly that oversight should be by someone who understands how IT functions e.g. a Director who has worked in IT hands on. You'd never have a finance director who'd never worked in payroll or accounting after all.

Brit ISP TalkTalk blocks control tool TeamViewer


Re: Re : I wonder where the scammers got hold of their client telephone ...

This would require two things which TalkTalk clearly don't have 1. Systems which are fit for purpose. 2. Management with an understanding of what's going on.


Biting the hand that feeds IT © 1998–2019