* Posts by Doctor Syntax

16449 posts • joined 16 Jun 2014

The glorious uncertainty: Backup world is having a GDPR moment

Doctor Syntax Silver badge

Re: Not a problem

"You have Fred's data on a tape backup that you know you cannot dump in the bin but at the same time you can no longer read."

This raises questions about the sanity of the audit or about your failure to migrate the old data to new media once the old one becomes obsolete. It also raises the question of whether you have effectively forgotten everything on the old media already.

Doctor Syntax Silver badge

Re: Not a problem

"If it's that difficult for you to restore a backup, do you really have a backup?"

And why are you even keeping it that long?

Doctor Syntax Silver badge

Re: Not a problem

" If it's ever necessary to restore from a backup taken prior to the deletion then later transactions, including the deletion, will be reapplied."

You'd hope so but Murphy's Law can apply here.

Doctor Syntax Silver badge

Re: Not my field of expertise

"Erase-on-restore is probably a nonstarter because it is technically trivial to *not* erase-on-restore"

It's equally technically trivial to not act on the request in the first place. No difference.

"If you delete the tokenisation key or the master record, the record in the backup becomes (to some extent) anonymous."

How do you handle the restoration of the backup of the key?

Doctor Syntax Silver badge

Re: Not my field of expertise

My only question is, once you've "forgotten" about somebody, how do you remember to forget them on a restore?

GDPR allows you to keep PII which is being held for a good reason. You couldn't, for instance, forget the delivery details of an order which is yet to be despatched. On this basis one should be able to hold the forget request until all the backups that the real data may be on have been superseded and wiped.

Don't read this, Oracle... It's the rise of the open-source data strategies

Doctor Syntax Silver badge

Re: Not puff piece. Not employer

"As it says at the bottom of the article, Matt is head of ecosystem at Adobe. He left Mongo DB in 2014."

But still pushing cloud, e.g. "a developer's first decision is what cloud platform they'll use". My first decision would be "Does it matter if my data ends up on haveibeenpwned?" and take choice of storage place from there.

German court snubs ICANN's bid to compel registrar to slurp up data

Doctor Syntax Silver badge

Despite these comments, ICANN’s general counsel John Jeffrey said that the ruling “did not provide the clarity that ICANN was seeking when it initiated the injunction proceedings”.

I'd say it provides excellent clarity. It shows that European registrars know what they're doing, know that some of the ICANN contract terms, being unenforceable in the EU, should be ignored and the business should proceed along legal lines. The sensible thing for Jeffrey to do would be to go back to his clients and tell them to let those registrars continue doing what the law says they should do.

But wow. That must have been one of the shortest times on record for a European court to give a US corporation a flea in its ear.

Cold call bosses could be forced to cough up under new rules

Doctor Syntax Silver badge

"I wonder if I can take Laithwaites Wine to task for sending me wine offers after I've told them several times I am no longer interested?"

After a long while Everest seem to have started sending letterbox litter to me - or at least having the Royal Mail deliver them to all local addresses. I'm considering ringing them to send a representative along - who will then be presented with the unwanted mail I wish to return. This, if organised nationwide, would be an effective deterrent as they wouldn't be able to distinguish real leads from complaints.

Doctor Syntax Silver badge

"They are happy to be disqualified as a director"

Citation required. Remember that simply putting up someone else as a front is an offence that can carry a gaol sentence.

Internet engineers tear into United Nations' plan to move us all to IPv6

Doctor Syntax Silver badge

Re: Mapping plan

Anything that poses a problem for the IoT is to be encouraged.

The ITU, of course, has been in a permanent state of being miffed ever since the world preferred Internet technologies to its own on account of the former being here and working and the latter being in committees.

GCHQ bod tells privacy advocates: Most of our work is making sure we operate within the law

Doctor Syntax Silver badge

Re: "If you whack governments on privacy it will only drive the vulnerability market."

"Some admirers of technology have no idea how the ordinary selfish human world works."

Well, this one does because he spent about 14 years helping investigate crime, much of it terrorist related because we had a little local problem largely funded by the US. And emerged from that with a strong belief in the presumption of innocence and due process of law, fundamental concepts for a free society which surveillance tends to trample on rather severely.

Who had ICANN suing a German registrar over GDPR and Whois? Congrats, it's happening

Doctor Syntax Silver badge

Re: Merica f*ck yeah

"At this point, trying to argue that collecting the data is necessary falls flat on its face over the kerbstone of historic indifference to its accuracy and I'm fairly sure that german courts will point that out."

Sort of. The defendants might well point it out to the courts and the court would then note it in the judgement. Most likely the defence will point out that contract terms can't override legislation and here's a sling in which the court can hand ICANN its arse.

USA needs law 'a lot like GDPR' – says Salesforce supremo Marc Benioff

Doctor Syntax Silver badge

Re: Privacy policy law

"Plus, I don't actually believe that companies are all that fussed about sticking to what the privacy policy says anyway."

Probably not. The EU regulators didn't think so either so that's why they came up with a law. What's more it's a law based on a few decades of past experience in trying to regulate this area.

Lessons learned from Microsoft's ghosts of antitrust past: Step up, Facebook

Doctor Syntax Silver badge

Re: Microsoft can no longer afford being like the microsoft of 20 years ago

"Watching microsoft grow to become the humbler and wiser corporation they are today has been quite pleasent."

You forgot the joke icon.

Police block roads to stop tech support chap 'robbing a bank'

Doctor Syntax Silver badge

Silent alarms

One of the side issues in a former job was that we provided a few silent alarms. Not entirely silent as they broadcast a message on the police network. They were used in one-off situations where there was reason to expect a ...umm.... situation. One was a bank that was subject to armed robberies. I'm told the police got so slick about that one that armed robbers were met outside the bank and ushered straight into the police car without passers-by realising what was happening. More reliably I was told that at one time there were 4 lots of would-be robbers all awaiting trial.

The police weren't always so slick. Another one was in a filling station which was repeatedly burgled. The police must have been told to go there on the alarm but not why. They rolled up, watched the burglars loading up their car and did nothing.

Oz sports’ pee-samplers outed buying Cellebrite phone-crack kit

Doctor Syntax Silver badge

"And how can it possibly be justified?"

It doesn't have to be. Justification is for little people.

Microsoft and boffins cook up hardware-secured database

Doctor Syntax Silver badge

So the idea is to use a trusted server to enable an untrusted database server to be trusted. So how does one trust the trusted server and if it can be truly trusted why not apply the same to the database server so that it can be trusted directly?

Doctor Syntax Silver badge

Re: What's that ?

The Microsoft downvoting shills are pretty active these days.

Microsoft gives users options for Office data slurpage – Basic or Full

Doctor Syntax Silver badge

Re: @Herring`- "is there a chance of any document data being sent to MS?"

"Enhanced error reporting, including the memory state of the device when program crash occurs (which may unintentionally contain parts of a file you were using when the problem occurred)"

Translation: unintentionally = inevitably

Doctor Syntax Silver badge

Re: Corporate users?

"I just hope that somebody from legal or the IT security group runs into that before I do."

If they don't run into it before make sure they do immediately afterwards.

Doctor Syntax Silver badge

Re: Firewalls?

"Could some kind soul work out what IP address(es) they're using, so that we can add a few new rules to the firewall."

By the time they've finished you'll probably need a lot more memory in your firewall, just to hold the rules.

ISP TalkTalk's Wi-Fi passwords Walk Walk thanks to Awks Awks router security hole

Doctor Syntax Silver badge

IndigoFuzz went public immediately because TalkTalk subscribers publicly raised the alarm in 2014 that the WPS feature is insecure they'd have done nothing about it anyway.

FTFY

FBI's flawed phone tally blamed on programming error. 7,800 unbreakable mobes? Er, um...

Doctor Syntax Silver badge

“approximately 7,800 mobile devices

That word "approximately"; I do not think it means what you think it means.

GDPR for everyone, cries Microsoft: We'll extend Europe's privacy rights worldwide

Doctor Syntax Silver badge

Re: 'Microsoft be applauded for taking user privacy seriously'

"But if you want a Laptop / PC there's no alternative to paying the M$ tax. No matter who you are / where you are."

There are alternatives but you have to look carefully for them.

Doctor Syntax Silver badge

Re: Gah!

"I apologise to any lowlife libertarians"

Why?

Doctor Syntax Silver badge

Re: Windows 10 April update is in breach

Microsoft are clearly relying on legitimate interest here - "to help keep Windows secure..."

Saying it doesn't make it so although I'll admit that within the Redmond reality distortion field that might not be so obvious.

Doctor Syntax Silver badge

Re: Msft Employee Perspective

"There's also a LOT of new rules around storing PII." (My emphasis)

One of the main rules in GDPR is the need for specific permission to collect anything beyond what's needed to process a transaction or what's legally required. It makes no difference having your own rules about storing information if you don't have the permission to acquire it. Couple that with the fact that the law in the US might be quite different to the law in Europe about what's legally required (and we note that MS welcomed the CLOUD Act) and it's still difficult to see how this makes MS GDPR compliant. My suspicion remains that by concentrating on what MS can do that doesn't greatly impinge on telemetry they're trying to deflect any EU investigation to the latter.

Doctor Syntax Silver badge

First reaction: I think they've only read the bits they want to read. Granular permissions isn't one of those bits.

Second thoughts: They're flattering the EU hoping that it will avoid proceedings about the absence of granular permissions.

IPv6 growth is slowing and no one knows why. Let's see if El Reg can address what's going on

Doctor Syntax Silver badge

Re: Simple explanation

" If you can't read hex you really shouldn't be messing with stuff like this."

So that's all SOHO/SMB users ruled out of IPv6. Are we still puzzled about poor uptake?

Doctor Syntax Silver badge

Re: Want vs Need

"Speak for yourself because in many parts of the world there haven't been enough IPv4 addresses for years."

SEP to be blunt.

"It's infrastructure so people shouldn't really care whether it's IPv4 or IPv6, it should just work, but this pretty much does mean IPv6, with mandatory privacy extensions."

The last two words say it all. Privacy extensions. Privacy isn't built in, it's an extension. What do we keep saying about security (or privacy)? It should be part of the original design and not an extension. If it isn't it's yet another thing to go wrong.

Doctor Syntax Silver badge

"Which, if (as you should) you assign addresses randomly, improves your protection against network mapping and hence port scanning, even if you do accidentally forget to do ingress filtering."

This implies that the LAN owner has to do stuff. For a large enterprise this is fair enough - they can pay for people to do it* - but for small businesses and home users it's a no-no. Unless the whole thing comes configured with such sensible default options it's going to be addressed along the lines of "what we have works - don't need anything else".

* and, in theory, to be trained if they're not already equipped with the knowledge although enterprises tend to treat this as optional, default off.

Doctor Syntax Silver badge

Re: Privacy issues with IPv6?

If all it requires is a few tweaks in the devices and a few tweaks in the router to eliminate a security issue it's amazing that this hasn't been rolled out for home users.

Doctor Syntax Silver badge

Re: Simples

"So skipping/wasting a number or two is not something you really want to do."

If IPv6 is inherently unsaleable - which the article seems to be pointing to - that number is already wasted and skipping it doesn't cost more. The important thing would be to take a good deal more care next time around.

Brit water firms, power plants with crap cyber security will pay up to £17m, peers told

Doctor Syntax Silver badge

Re: Legacy

Legacy is the really valuable stuff that's running the business that's earning the money to pay you to develop new stuff which will probably prove ephemeral. It's not broken, don;t fix it.

Doctor Syntax Silver badge

"A cursory search shows BT still provide kilostream, but only until 31 March 2020 which may hamper your proposal for mandatory private circuits"

Regulations such as this could extend its life by renewing the market.

Doctor Syntax Silver badge

"Maybe, instead of waving around pointless fines, the government should make it a mandatory requirement of operating, set in law, that utilities and power companies must use private circuits for their infrastructure."

If your mandatory requirement was flouted what would you do? Impose fines of course. Which is just what this regulation does. The only difference is that it says what's to be done rather than how to do it.

Doctor Syntax Silver badge

"their legacy systems increasingly interface with and are exposed to the internet."

Simple solution: don't.

Within Arm's reach: Chip brains that'll make your 'smart' TV a bit smarter

Doctor Syntax Silver badge

Re: How will it be used?

Every one of these devices will ship with clauses buried in their EULAs/ToS that make you give permission for the device to phone home for "troubleshooting" or "diagnostic" purposes, to "enhance user experience", or even - just putting it on the table - "to provide relevant advertising".

That isn't going to play well with GDPR. In fact I wonder when the case against Microsoft's telemetry gets under way.

You've got to be kitten: Vet recruiter told to pay £1k after pinching info from ex-employer

Doctor Syntax Silver badge

Re: Should've gone to California.

"Might not be legal but it definitely happens as the old Rolodex is a goldmine of pre vetted hot leads"

And the GDPR (just like the old DPA) applies to the Rolodex, little black book or whatever. Data is data whatever the technology.

Doctor Syntax Silver badge

Re: Data protection laws are there for a reason

Until that "Action" is a deterrent, you may as well just add a surcharge to companies for them to pay the crown yearly.

Up to now this behaviour has probably been seen as standard practice by a lot of salesdroids. This case should be a warning that it isn't. Although the fine in this case might be low* don't expect it to be as low under GDPR and don't expect it to be low for repeat offenders.

* You also have to factor in that a guilty plea brings a reduced fine.

UK digital committee fumes: You didn't answer our questions, Facebook. (Psst. EU. Pass 'em on)

Doctor Syntax Silver badge

I doubt there'll be any quick penalty for his not attending. However, when the UK legislates on anything affecting his business his lobbyists are going to find they get much the same reception from MPs as MPs got from him.

Doctor Syntax Silver badge

Re: Being in possession of an offensive company..

"If you're downvoting please post a reason, it might be a good one that I hadn't thought about."

Not liking someone or the business they run is not a basis for an arrest warrant. You made the suggestion, you provide a suitable basis.

The future of radio may well be digital, but it won't survive on DAB

Doctor Syntax Silver badge

Re: broadcast is here to stay

"An argument here was the power consumption of all the FM transmitters, digital radio is green radio."

Does that include the power consumption of the many receivers (DAC vs demod) as well as the few transmitters?

Doctor Syntax Silver badge

Re: Cars are priority

"Although many people do listen in cars, according to the latest Rajar data, 60% of listening is in the home, 24% in car, and 16% in the office."

Those figures don't add up. Or rather they do but leave nothing for all the vocal diarrhoea DJs that seem inescapable in shops etc.

RAF Air Command to take on UK military space ops

Doctor Syntax Silver badge

Dan Dare! So we're all saved.

Doctor Syntax Silver badge

"Spaceships are like submarines - small enclosed space etc."

Aircraft are large, unenclosed spaces?

Greenwich uni fined £120k: Hole in computing school site leaked 20k people's data

Doctor Syntax Silver badge

"Nice use of GDPR terminology"

T'other way about. GDPR has inherited from earlier rules such as the previous EU Directive and the earlier DPAs.

You know me, I don't know you: Hospital reportedly raps staff for peeking at Ed Sheeran data

Doctor Syntax Silver badge

Re: Celebrity databases

"I've worked around a bunch of HO / Gov Depts and never saw or came across anything like that"

Neither have I but my instant reaction was HMRC! Or its predecessor, IR.

Doctor Syntax Silver badge

Re: Don't

"I'd bet money the breech was identified through word of mouth"

In the maternity ward?

Now that's old-school cool: Microsoft techies slap Azure Sphere IoT chip in an Altair 8800

Doctor Syntax Silver badge

"sticking one of Redmond's IoT development boards into an Altair 8800 case"

They develop IoT on S-100 boards?

Biting the hand that feeds IT © 1998–2019