Re: Ancient Greek option.
"Couldn't they just put a big bronze ram on the front?"
When I saw your headline I thought you were going to suggest a really big concave mirror. It works is the sun's shining.
16449 posts • joined 16 Jun 2014
"So, not only do law enforcement not know *who* did it, they don't even know *how* they did it."
That doesn't follow. They're just not telling outsiders what they know which is reasonable. This is some external analyst trying to work it out/guessing on the basis of what is public knowledge. Just like the rest of us.
"I would hazard a guess that they have changed a procedure with regards to processing so they can stop payments or withdrawals."
Why would they stop payments? Maybe they had a means of making transfers from one Tesco A/C to another so they were routing payments through one they controlled to an external bank.
The same questions have to be answered.
Where does the data end up?
How distant is it from the system it's backing up? (A copy of the data sitting next to the server protects against a disk crash, it doesn't protect against a fire.)
How secure is it against unauthorised access?
How quickly can it be brought back to site if needed?
Above all, how often is restoration tested and with what results?
"Just don't ask me to write it down, or it will be one-way encryption."
Me too. Almost my first action after getting my grant cheque is-it-really-that-many years ago was to walk down the Strand to a typewriter shop & spend a whole tenner on a >2nd hand portable. I still have it somewhere but I think it's got woodworm - it has a wooden cover.
'The college's policy is probably due to a desire for a "one-size-fits-all" approach where esoteric chemistry files are treated the same way as payroll files.'
This is the point. One size does not fit all and trying to lay down the law on the basis that it does it just plain wrong.
Another aspect of this is that if you're going to insist on running the backups for the payroll you whould be able to demonstrate to the payroll management that your claimed backups are actually viable. As I've written in other threads the main requirement of a sysadmin or DBA is paranoia. You'd think that after such an incident the KCL team should be thoroughly paranoid now, even if they weren't before. From what's reported here there's no evidence of that.
"a tiny ring-like structure about 10 to 20 micrometers in diameter"
On the atomic scale 10 to 20 microns is far from tiny. You're dealing with things this sort of size: http://www.psmicrographs.co.uk/_assets/uploads/hazel-pollen--corylus-avellana--80015210-l.jpg which are about 25 microns across and showing much finer structures on the surface. They're easily observable with the light microscope with the fine structure being just about at the limit of resolution.
The thinking at the time was that it was something the IR had been trying to get through for years. They finally found a Chancellor and/or Paymaster General* daft enough to fall for it. The sad thing is their successors are still falling for it.
*Don't deny Red Dawn her share of blame.
"during one of the <very senior person's> Royal Progresses round his empire."
I've been through a number of those event. The disruption they caused. All work stopped. Clear the benches so we could stand the information boards on them. Thank goodness we lost them in the fire - the boards that is; we lost the benches as well but those were replaced.
Bollocks. It's a perfectly acceptable and long established usage. It was nuppits who tried to rewrite English grammatical rules based on those of a different language who introduced the idea that it isn't. If thou thinkest it wrong then please explain why the plural version of second person pronoun and verb is now almost invariably used for the singular.
It's the sort of situation that requires ritual humiliation.
Back in the days of character terminals we had MOTD set to remind users to log out. Inevitably there were those who didn't so the message got amended with "This includes you, xxxxxx", edited each time we caught an un-logged out user's name. It was effective in a remarkably short space of time although we were eventually asked to remove the last offender's name.
Maybe this is a case for an article in a newsletter explaining how it went wrong initially and then was made many times worse by the following people sending a reply to all....
And no, they can't complain about data protection. They outed themselves themselves.
"As an ex-IT professional I worked on the principle that there are no stupid users, only poor computer systems that don't protect users from their own stupidity."
This is the theory that systems should be made idotproof. Nature abhors an idiotproof system and responds by producing a new, improved idiot.
"Obviously, court cases will continue to exist, but there's a chance that they will be less frequent when the population uses a rather reliable tool to do the gruntwork for them."
Maybe in the US with plea bargaining even the innocent will continue to plead guilty. Over here I doubt those who insist on pleading not guilty even when bang to rights will take any more notice of a WebLawyer than they currently do of their barrister.
"seems many politicians are starting to realise that leaving the EU will drop us right in the cacky"
I think most always did. There was the numpty fringe that didn't. The referendum was expected to silence them. I think there were a few closet believers on both sides who were counting on the referendum going remain. AFAICS we now have a closet leaver as PM who can't believe her luck and a closet remainer as Foreign Sec who can't believe his bad luck.
"That's an OS install, though, and consumers aren't used to doing that when setting up most IoT tat."
That's only because they're not required to. If they can't use the equipment without they'd become used to it PDQ. They do more complicated things than that every day.
"Until regulation requires it. Which makes the manufacturers bark with dismay, because to them regulation = evil socialist totalitarianism."
They're based in China!!!
In fact regulation as evils is no argument at all. Anything you buy to plug into mains is subject to regulation as is the wiring back from the plug to the point where electricity enters your house. The vehicle you drive to the shops to buy the article or the van that delivered it is subject to regulation. The materials the article's made from are regulated. Safety regulation is everywhere but security regulation would be totalitariansim? Bollox!
"Good luck getting that change approved though!"
Given the increasing levels of damaged being caused I think the pressure for "something must be done" is growing fast. We just need that something to be sufficiently effective. Vendors' stock confiscated. Whole containers of goods held up at the docks or sent back to China because customs discovered a shipment of non-compliant product inside. Complaisant ISPs* not getting routed onto the net. It could all be over in a very short time.
*And countries if necessary.
"This is difficult and you can't really leave security to the manufacturer either, especially the hundreds of small Chinese outfits that work on thin margins and don't give a toss."
But you can enforce it in the marketplace, UL in the US and CE in Europe, whatever applies elsewhere.
You need to understand that thin margins apply because they're trying to undercut each other because price is a factor in what gets sold. But if they can't get to sell the product without complying with the appropriate regulations then it doesn't matter how cheap they are. If it does cost more to build in some level of security then it's still a level playing field between them - they just compete on thin margins at a slightly higher price.
"And by people, I mean the lawmakers who should have sued Facebook into non-existance years ago."
If you make laws that's all you do. You don't enforce them.
If the laws you make provide for civil damages then it's up to those injured to sue.
If the laws you make create criminal offences then it's a matter for the appropriate criminal enforcement agency to prosecute and the options for punishment are fines or imprisonment which are not the same as suing for damages.
In either case it's up to the court to find for the plaintiff/prosecution, whichever applies, and to decide on the damages/punishment.
There are good reasons why we have these different approaches for civil and criminal matters* and different roles for legislators, prosecutors and courts.
*And it's not a good thing that IP issues have been allowed to blur this distinction.
"Tax is paid for the purchase of services or supplies. Tax is paid for the sale of services of supplies."
I don't know what tax regime you're in but this sounds very odd. Surely there's a single tax on the transaction whether it's called a sales tax, a purchase tax (UK old style) or VAT?
As to the rest, maybe you should have a word with your accountant. Or a new accountant.
Biting the hand that feeds IT © 1998–2019