Posts by Doctor Syntax 16449 posts • joined 16 Jun 2014
"Even if people are aware of what they're doing is wrong or against protocol, they will still do it, because they don't want (short term) hassle - usually from the recipient(s)."
It's a matter of attitude. My last client before retiring took security very seriously because they provided secure services to clients. Irrespective of the inconvenience staff would observe secure protocols. As yet most businesses can get away without that. Gradually, as consequences get more serious and more widely realised things will improve. It'll just take bigger fines and more class actions before it happens.
"We have a student DB, but it's unwieldy, slow and crap. To get any changes made to it, you have to get the developer in to do a analysis, then the design, then the development, etc before it can be finally added and used."
I wonder why anybody does analysis and design. Could it be to try to prevent this sort of thing?
By letting - yes, there's an element of permission there, even if only be default - short-cuts to be taken your student DB is prevented from being improved. And so your management paints itself further into a corner so that, assuming you're in Europe, one day you find that you didn't really save money, all you did was postpone it until it was drained away in a big fine.
" I believe it will be ignored overall."
If it gets through into EU law then it can't be ignored. That's a pretty big if, however.
I'd like to see the EU Parliament get this through in less than 2 years. Her Ladyship won't like it but then I think her tenure won't stretch anything like so far ahead.
"Their approach is to introduce soft/ malware on the suspects device, being able to monitor before encryption happens."
That's a distinction without a difference. It simply means that they're granting themselves the right to break the system as a whole rather than the encrypted component of it. Same effect.
"So in order to own a website, you have to register with a certification authority? That's a step backward for privacy, right there."
Maybe someone should invent an open certification authority. What would it be called? How about LetsEncrypt.org? I wonder when someone will get round to it.
"By not paying the staff they don't have to sort the IR35 issues."
A faulty payroll system won't bother the contractors. They get paid against invoice and if that payment system fails theirs always the Small Claims Court (never let the outstanding sum exceed the SCC limit) and bailiffs.
A Morrisons spokesperson told The Register: "We sent out an information message to a small percentage of our customers that aimed to provide some helpful information about our service. We did this with the best of intentions and we're disappointed that this was deemed to be 'marketing material'."
The ICO should fine them again for this response; clearly they didn't learn.
A more appropriate response would be "We shouldn't have done this. The employees responsible have decided to seek fresh opportunities elsewhere.".
Probably at least one a year from each reporting body. Basic rule of civil service procedures the world over: once you start something it just continues until you take positive action to stop it. It obvious thing would have been about June 2000 to do a post-implementation review and stop the reporting apart from any remaining issues.
"There was also UUCP, Xerox XNS, and something from Banyan IIRC. Despite TCP/IP being older and an independent standard (or maybe because of it), in the 1980s it wasn't widely adopted by commercial systems - and MS was just one among many, back then."
AFAICR TCP/IP was introduced after the proliferation of multiple networking technologies. I think that, at least at first it was seen as a means of connecting separate networks - remember it's the internet. So you'd have your Token Ring here and your Banyan Vines (you made me dig that out of my memory!) there and something was needed to interconnect them. Only gradually did Ethernet as the physical medium and TCP/IP as the logical one creep in to replace the others. For a long time it was supposed to be ISO/OSI that would be the long term solution - in the end the term turned out to be so long as to be never.
Even as late as the '90s I was running a Unix server with TCP/IP on the same physical network as another group running DecNET. Eventually we had to install DecNET S/W in the Unix box in order to exchange data with the VAXen. They weren't going to sully their VMS with TCP/IP - after all our Unix box was a temporary system only destined to last another 6 months and had been for several years; all things DEC were to be the strategic solution. I wonder how that worked out.
"Client mattered when it came to integrating other services and maintaining support."
Possibly in more ways than you realise.
One of my clients (that's client as in customer) had a system where files were emailed for processing and I had a specific client configured to feed into the remainder of the processing pipeline. You could have had a similar situation where one of your users was receiving files from a remote telescope or particle physics experiment. Universities are apt to use computing to much more varied ends than a commercial business.
It could also, of course, have been the case that your users didn't trust you. I'm sure anyone on KCL who didn't trust their computer services to store data felt vindicated.
"We could not dictate to them which clients they used (we had fellows who refused to upgrade from pine to alpine and this was 4 or 5 years after the final release of pine....) We also had the ridiculous situation where every system had to have a corresponding MX record because academics liked to run to their own mail servers (which we had 0% control over)"
I wonder who develops some of the clients and servers. It could even have been some of your users.
The Register - Independent news and views for the tech community. Part of Situation Publishing
Join our daily or weekly newsletters, subscribe to a specific section or set News alerts
Subscribe
