* Posts by Doctor Syntax

16426 posts • joined 16 Jun 2014

Fancy coughing up for a £2,000 'nanodegree' in flying car design?

Doctor Syntax Silver badge

If, by the end of your degree, you'd built your own flying car it would be worthwhile.

Julian Assange to UK court: Put an end to my unwarranted Ecuadorean couch-surf

Doctor Syntax Silver badge

Any other bail dodger would, of course, rightfully expect arrest but he's sooo special.

Driverless cars will lead to data-sharing – of the electrical kind

Doctor Syntax Silver badge

Re: First create the infrastructure for taxes

"Then again maybe this is just the first stage of that process."

That was my immediate reaction to the article. Once they've been suckered in with the low prices start adding tax to the power consumed for charging so that as tax on petrol and diesel goes down the tax on charging goes up.

User stepped on mouse, complained pedal wasn’t making PC go faster

Doctor Syntax Silver badge

Re: Reminds me of a story

"I wouldn't blame the user. I'd rather say it's the user interface that is under-developed."

It's not even the user interface to blame. Just whoever should have but didn't explain the relationship between mouse and screen.

Back in the day if you bought a Windows computer there'd have been a big manual explaining this stuff. Nowadays it's just assumed the user will have used something similar before or will have seen it being used. When that assumption fails - and it's the assumption, not the user - then someone needs to fill the gap.

Doctor Syntax Silver badge

Maybe teacher training has improved since the days I endured its products but I've long believed that subjects are taught by people with an aptitude for the subject (OK, not when ICT gets foisted on them) and as a consequence they're unable to understand and compensate for the difficulties experienced by most of their pupils or even the basic lack of knowledge.

Doctor Syntax Silver badge

Re: Old as the hills

"Isn't that a bit sad?"

Can't upvote you enough for that one. It makes you wonder how many books the entire household owns.

Doctor Syntax Silver badge

Re: If somebody does not understand...

"All she wanted to do was transfer photos from her camera to her computer and organise them."

SiL (B.Sc. physics from a good university although it was some time ago) rung up because the computer wasn't opening the mini-disc. I assumed it was one of those small CDs although I haven't seen one for years; I didn't think it was one of those Sony jobs. Went over there and discovered - the mini-disk was the SD card from the camera. (Explanation of problem - some application installed by BiL - allegedly - had taken control of the card reader but wasn't popping anything up when the card was inserted.)

Doctor Syntax Silver badge

Re: Pressing the foot pedal

and how would you get them to watch the video... "click on the video button"

Perhaps, like the grannies who've never seen a computer mouse, you've never encountered this thing called a"projector".

Acronis: Ransomware protection! Get yer free ransomware protection!

Doctor Syntax Silver badge

Re: I've asked before, but:

"How resistant are NAS boxes to Ransomeware attacks?"

What's an NAS box? Serious question.

If your idea of an NAS box is just something that serves up a directory exposed in your file system with all the semantics of a normal disk then it's not going to be resistant at all. Ransomware sees files on a drive, ransomware encrypts them.

OTOH if its something like Nextcloud which operates by WebDAV then ransomware sees files, encrypts them and writes them back alongside the originals. The V in WebDAV stands for versioning. Ditto if, as someone else points out,the box uses ZFS and takes advantage of snapshotting.

Here we go again... UK Prime Minister urges nerds to come up with magic crypto backdoors

Doctor Syntax Silver badge

"How did this incompetent, brainless, insipid excuse for a human being become prime minister?"

By standing around doing nothing whilst the others knifed each other in the back.

Doctor Syntax Silver badge

This is something May's wanted for years. If she wants it so badly she could just roll up her sleeves, learn coding, learn maths and deliver this wonderful idea herself. After all, if she wants a thing done right who else could she rely on but herself? I wonder why she hasn't.

Intel alerted computer makers to chip flaws on Nov 29 – new claim

Doctor Syntax Silver badge

Re: And how is the other way looking

"I'm wondering if people are putting two and two together and getting five"

We're using Intel processors to work out the sum. Are you saying there's something wrong with them?

Doctor Syntax Silver badge

"Total coincidence: That's the same day Chipzilla's CEO sold off his shares"

That's right. Total coincidence. Anything else would be quite improbable.

EU bods up GDPR ante: Threatens legislative laggards with ‘infringement procedure’

Doctor Syntax Silver badge

"the best anyone can do is familiarise themselves with GDPR itself, and wait for the national implementation to come into force."

That's going to be too late. Look at the GDPR itself and start acting on it. The local legislation is going to have to be an implementation of what's already available give or take a bit of gold-plating so it's not as if there should be any surprises.

Doctor Syntax Silver badge

"Err, who else are you expecting to write your code other than you?"

Quite. But coding - if any only follows a decision as to what to do. I wonder if this is what Agile has brought us to. The specification (GDPR) exists. The first step is surely to start with that and then do some analysis of how it fits the situation. Then specify any changes and then get coding. It's Waterfall. And out there that seems to be so unfamiliar that people are gazing at it and seeing nothing.

Doctor Syntax Silver badge

This seems to be the general approach - lots of talk about abstract descriptions of processes without any "here's what needs to be done".

And why would it be different. People who are writing such descriptions don't work for you. They don't know your business. They don't know what data you hold. They don't even know if, to coin a phrase, you're holding it right. So how can they tell you how it specifically applies to you.

You're going to have to work that out with your knowledge of your own situation. (I'm going all Bob with italics here but the emphasis really is needed.)

The text was published long ago. The various legislatures are, presumably, at some stage of rolling out the local implementations; the UK Parliament certainly is. Sitting on your hands waiting for someone to come along and shout "Go!" isn't going to help you. You need to be up and running by now.

Doctor Syntax Silver badge

"Here in Sweden there is a complete blackout on information for us who actually is supposed to write the code for systems."

How's that? Has the EU site been firewalled?

"Q: What should I do to make my code GPDR-compliant?"

Wrong question. The question should be "How does my business handle data compliantly and what might I need to code to help that?"

A big hint as to how far off the mark you are: data held on paper in filing cabinets and in little black books is still governed if it contains personally identifiable information. Code won't help you with that.

Your best starting point is to get a business analyst looking at how you hold and process data and compare that with what the GDPR says - someone already posted a link to help you find out.

Doctor Syntax Silver badge

Re: Does anyone really know

"Then again, we've always made a point of treating personal data sensibly."

Good for you. In the long run it pays to do things right.

Doctor Syntax Silver badge

Re: Does anyone really know

Oh for crying out loud! GDPR is published. You can go and read it at the EU's site.

It has to be implemented in each jurisdiction. Th UK's version is going through Parliament and you read about it at https://services.parliament.uk/bills/2017-19/dataprotection.html In its progress through Parliament it's called a Bill. When it receives Royal Assent it'll become the new Data Protection Act.

You can read here what it currently looks like https://publications.parliament.uk/pa/bills/cbill/2017-2019/0153/18153.pdf and that will be the finished article give or take any amendments made in the Commons.

All these surveys seem to be right. Lots of people just aren't paying attention.

What's GDPR? Survey suggests smaller firms living under rocks as EU privacy regs loom

Doctor Syntax Silver badge

Re: Great! No more spam!

As I said in a previous comment - for those of us who marketing have spent years pissing off it's going to be payback time. <Robs hands in glee>

Doctor Syntax Silver badge

Re: Might be of interest if you're puzzled

"There may be a cultural aspect to this -- what I'm hearing from the comments here is that people have faith that the courts act in a reasonable fashion with things like this."

Although there are comments here about the ICO not handing out big enough fines when someone is acting badly I think the tradition of the ICO has been to help do things right. Certainly that was my experience when the DPA Mk 1 came out. The then Information Commissioner was doing the rounds speaking at various events. I had a particular concern so I went along to his talk at the local University. Afterwards I was able to button hole him to ask his advice on my particular issue and found him very helpful. Your perspective might involve more than one regulator, however, and my experience is only with one. If anyone else is following this they might be able to weigh in on this if they've experienced other regulators.

Legal advice may well be part of the evaluation that's needed but I'm not sure that a lawyer is the right individual to lead it. Certainly a large part of this is being able to grasp what data you are holding and analyse how it fits against data. Perhaps a business analyst or a data analyst is the right background. It also requires a person who is used to making decisions.

From your reactions it sounds as if you weren't the right person for the job but I'm not sure that handing it over to legal is the ideal solution, or at least not the whole one; there is going to be a strong technical element to it.

You are right about there being a different cultural approach. The European approach is to take privacy as a right and that doesn't seem to be the US attitude at all. For instance one thing we've read about here is concerns of equality in US corporations and the solution, govt. mandated IIRC, is to require reports of analyses of this which, of course, requires the recording of race and gender.

That doesn't go down well here. As a straight white male I'd take great exception to being asked to fill that in on a form. I'd probably react by asking some pretty pointed questions about definitions of race (which, AFAICS are somewhat asymmetric in in the US) and if really pushed insist on being Elmetian on the basis that some research into DNA in England showed that those with roots in the area covered by the sub-Roman kingdom of Elmet showed variations from the bulk of England. I don't know how a US corporation with European employees is going to handle that situation.

Doctor Syntax Silver badge

Re: Strange that nobody's mentioned...

"Strange that nobody's mentioned the UK Data Protection Bill currently before Parliament."

That's simply the local implementation of GDPR. Each EU country is going to have its own legislation to implement it. The real problem is going to be for businesses in non-EU countries doing business with the EU and not having a similar legislative framework. At least you know that if you're following the current Bill when it becomes law you should be compliant. If you're in an environment where your current legislation is counter to some provision of the GDPR you're between a rock and a hard palce.

Doctor Syntax Silver badge

Re: Might be of interest if you're puzzled

" If my judgement call turns out to be wrong, it's my head."

As per my previous comment. Proceed systematically and document it. You don't make judgement calls out of the blue, you make them on the basis of analysis of available specific information. If you've done that you're in a good position to make the right calls and even if you don't get everything right you stand a better chance of being heard sympathetically by TPTB. If what you recommend isn't followed and it all goes pear-shaped your arse is covered. That's a consideration if you're worried you're being set up as the fall guy.

"So, when it comes to complying with the law, I strongly prefer that the law be very clear and specific."

The law can't be specific. It can't say "don't steal such and such a specific thing", it just says "don't steal".

Do you have some background in data analysis? I think that's needed because it really is going to be a matter of picking through the detail and making a set of mini-decisions based on what you find and a set of principles.

Doctor Syntax Silver badge

Re: Still trying to figure it out

"My issue is precisely what I said in my comment: there seems to be a lack of specifics."

Of course there's a lack of specifics. The ICO don't know what sort of business you run or what sort of data you hold so how can they give you specific advice in their notes?

Start with the section on principles of data protection. Look at them in the light of your business and your data. You have two choices: knuckle down and do it yourself or get someone in to do it for you.

It's not legal advice but in your position this is how I, personally, would start, YMMV:

1. Do an audit of the various PII data holdings in your business including who owns them,. Who owns them will probably be the manager of the department which uses the data. Establishing the owner is important because it will be they who higher management or the board will depend on to ensure compliance. (Anyone from BT who got lumbered with Argent a couple of decades ago will remember this one.) The data sets you'll need to look at aren't just customer data, they'll include supplier data (your people almost certainly have contact lists), HR and any data your business processes on behalf of others.

2. One of the many things I disliked about ISO9000 back in the day was that although it documented what you did it omitted why you did it. Why you do things is as important to document as what you do. You start doing this now.

Go through the lists you've collected and document why your business collects and holds such data, how long you should hold it and the reasons for that length. The sorts of reasons might include practical - what you need to deliver goods and/or services - regulatory, statutory or contractual.

This is where you might need guidance but the guidance isn't going to be from some self-certified GDPR expert. If, for instance, you need to know what and for how long you need to hold stuff as an audit trail the person to ask is an accountant who can cite HMRC or whoever's rules to you. And make a note of the rules cited. Similar considerations apply to industry specific legislation or regulation.

If need be take professional help outside of your business, especially if the internal advice is from someone who you think is playing safe and saying "keep everything": keeping everything might not be safe under GDPR. You might need a budget for fees for that. If you don't have one then ask. Document asking. If you don't get, document that. CYA.

You might need to document down to column level if the need arises. You won't need to document the reason for each element of an address but if there's a column for gender you will certainly need to document why your business thinks it needs that.

3. Go through your documentation and decide whether the reasons are valid, whether the durations for which you hold data are valid etc.

4. Write out what needs to be done to eliminate the discrepancies thrown up in 3 and policies to say how this has to be done in future. As far as possible agree this with the data owner

5. Present this, quoting your documentation, to higher authority. Write up reactions. You may need to be circumspect: say something like "In view $stuff I recommended $recommendation but $data owner responded $response. This was submitted to $bigwig who decided $whatever on behalf of the business". CYA.

Why do I say have it all formally written down? You're trying to protect your company but also yourself. Hopefully the two will amount to the same thing but if they don't ensure your're protected. Proceed as if you might, at some point, have to defend your company or yourself against an ICO investigator or, worst case, in court. Having it documented will show that even if some decisions weren't right, you'd made a genuine effort to find out what you thought you should be doing and why and by whom the actual decision was taken. If you can show that everything was done with the best of intentions but some of it was wrong you're more likely to avoid a penalty and have it sorted out courteously if not affably with the ICO without it ever coming to court. And having it written down contemporaneously will go down much better than having it obviously cobbled together yesterday.

Doctor Syntax Silver badge
Happy

Re: Might be of interest if you're puzzled

"it's basically just summarizing what the text of the GDPR says."

But in geek-speak ;)

Doctor Syntax Silver badge

Re: Still trying to figure it out

"The whole thing seems pretty vague and seems to require an uncomfortable number of judgement calls."

This isn't legal advice so just take it as a guide for your research.

1. Have a valid reason for any PII you hold. Don't collect any PII other than what's necessary to deliver the goods or services you provide or to fulfil any legal obligations. For example, you'll need someone's name and deliver address if you have to deliver goods; you don't need to know the named of their spouse and/or children. You don't need to know their age unless that has legal implications for your business. Even if you need to know their age you don't need to know their birthday. Distinguish between needs and wants; however much someone in your business wants some information unless you need it, they can't have it. If your database currently holds data it shouldn't, getting rid of it between now and May would be a good idea. If what you read seems vague it's because nobody giving general guidance knows your specific situation. It's up to you to decide what's necessary for practical reasons, what's necessary for legal reasons and what's not necessary but the 4-year-olds in marketing insist they want. Remember also that employees are also data subjects so, with appropriate amendments, the above applies to information which HR hold. And holding information includes what's on paper - in files or in little black books.

2. Only hold the information for as long as you need it, to deliver or to fulfil legal obligations. Again, you need to look at what this means in your situation.

2a. If you are holding information longer than you need, delete it on demand unless there's a legal reason not to. You should review what you need to hold for accounting purposes; there's a need to retain some data for a long time but you still shouldn't hold more detail than you need It will be easier if you have a process in place. No, you don't need to delete if from backups but you'll need to retain the delete requests until the backup has been superseded in order to re-delete if you have to restore the backup. You can justify holding the request for that long as it's needed in order to ensure you can permanently execute the deletion.

3. If you wish to use the PII for any purpose for purposes other than which it was collected you need explicit permission to do so. That includes passing it onto third parties. You can't refuse to provide your goods and services on the basis that a customer refuses such permission. Building that into your data collection now would be a good start. If you want to use existing data in this way use the time between now and May to seek such explicit permission. If you don't have that permission, make sure its tagged as not having permission. Sales and marketing and HR - this includes you.

4. Have a means available to report on what data you hold if a data subject requests it, have a process available to apply corrections if they request it.

I think the ICO site has detail but I'm not going to look for it to spoon-feed you. As I said, do your own research; the above is just a guide.

Doctor Syntax Silver badge

Re: Bug < Windscreen

"Working on the basis that most law is lightly enforced, wheres the scene in spending mega bucks if the outcome is a low probability of a manageable fine?"

Remember that the ICO or equivalent in your jurisdiction isn't likely to come checking if you're compliant, they'll be responding to complaints from data subjects. So if you want to minimise your risks don't, as a company, stick your head above the parapet.

Your biggest risk takers in this respect are likely to be your sales and marketing department. Historically such departments have failed to grasp the fact that what they call valuable marketing information when they send it out is regarded by the recipients as junk. If your S&M department has spent the last few years pissing off people in this way it's going to be payback time for those of use who they've pissed off.

So go through all their digital assets with a fine tooth comb making sure they aren't holding any PII that they haven't obtained with explicit consent to use for marketing purposes. They'll probably complain that they can't do their job. Tell them that their job isn't putting your business in line for big fines. If you business is headed by somebody with the instincts of a double-glazing salesman it's best to start looking to jump ship now, especially if your job title or responsibilities include anything along the lines of compliance officer.

Biker nerfed by robo Chevy in San Francisco now lobs sueball at GM

Doctor Syntax Silver badge

Two final thoughts on this.

If the car was so close to the van as to be compromised by the van's braking then it was too close, shouldn't have got itself into that position. If being that close was a consequence of the arrangement of vehicles when it started to change lane then it did so either too soon or into too small a gap.

Secondly, whatever the arrangement was ascribed to: proving, data gathering, testing, experimental this was an item clearly still under development. Allowing, for sake of argument, for a need for it to be on public roads putting it there elevated the risk to other road users. The cost of developing the product would be collateral damage to other road users when that risk materialised. In such circumstances GM should have made financial provision for compensating victims and been proactive in offering such compensation rather than not only waiting to be sued but defending the suit when it came.

Doctor Syntax Silver badge

"Problem is, in this case, the self driving car ended up with 2 choices"

Is this the case? Did it have an option to move over a bit, straddle both lanes and leave room for both the minivan and the bike? Did the car's S/W overvalue being completely within a lane? Did it have the option to brake within the minivan lane and avoid a collision there? Did the S/W overvalue the lane that it was leaving relative to the lane it was entering? Or steering over braking?

I've said here, on this topic, that accidents are the results of corner cases and that humans are usually better at handling those than computers. Was this a corner case that a human driver would have handled better than the car?

Doctor Syntax Silver badge

@Charlie Clark

There are two separate issues here. One is the the legal liability for the particular accident. The other is the implication that the self-driving car may have failed to take sufficient action to avoid a collision. GM might be pleased from a liability point of view if they win on the first. If that leaves them pleased with the outcome of the second then it's bad news for all of us.

Doctor Syntax Silver badge

"Regardless of who's legally in the right or wrong, a self driving car hitting another vehicle is a problem."

The extra twist with a self driving car is that it's repeatable.

Doctor Syntax Silver badge

"IF the biker was lane-splitting, then GM's account is totally legit because lane-splitting is only legal if it's safe."

There's a circular argument at play here. If the car had completed its initial manoeuvre it would have been safe. It could be (and was) made unsafe by an action outside the motorcyclist's control. That could describe just about any movement, including continued movement forward within a lane, in heavy traffic.

I believe that in this case the car driver attempted to take over but was too late. If that's so then he thought that the collision was avoidable. And yet we're assured the autonomous vehicle will be so much safer.

Doctor Syntax Silver badge

Re: The car will have video of the incident

"So if the motorcyclist tried to split lanes past the car before it had completely left the center lane, then he's at fault."

And are you then saying that the car was in the right to continue regaining its lane and side-swipe him?

Doctor Syntax Silver badge

"Regardless of who's legally in the right or wrong, a self driving car hitting another vehicle is a problem."

That was my point exactly. And immediately it turns into an argument of what's illegal in whatever state - about which, as a UK driver I know nothing.

If the car doesn't make best efforts to avoid an accident and its maker thinks that's OK because the other driver was in the wrong then we can forget about all those arguments about how they're safer and their proponents can stop going on about "meatsacks", gain some respect and start addressing drivers politely.

Doctor Syntax Silver badge

So if the S/W thinks the other guy's doing something illegal it's OK to hit him? Surely accident avoidance shouldn't rely on what ought to be happening instead of what is.

GitHub shrugs off drone maker DJI's crypto key DMCA takedown effort

Doctor Syntax Silver badge

Re: one experience ...

"Since the security group takes at least 6 months to even start looking at anything we were in the clear."

That's good to know. Especially if you're attempting to break into the company.

Doctor Syntax Silver badge

"workflow features that are unavailable in git, and combine together to increase productivity, eg issue tracking, pull requests, 3rd party tool integration to do CI, deployments, packaging"

And making it publicly available when not intended. Has that offset the productivity gains?

Doctor Syntax Silver badge

Re: one experience ...

"It took 10 minutes to spin up an Azure VM."

How's the VM being paid for? If it's on somebody's credit card being claimed back on expenses what happens if that somebody leaves? Is there anything important on it?

Doctor Syntax Silver badge

I can understand a company using git as its source control software but why, for code which is essentially the company's crown jewels trade secret, why use Github as the repository rather than run their own? It's somebody else's computer.

Supermicro is, like, totally harnessing green energy sources to churn out servers, dude

Doctor Syntax Silver badge

Green as in "not producing sulphur and nitrogen oxides". Not green as in "not using fossil fuels".

IT 'heroes' saved Maersk from NotPetya with ten-day reinstallation bliz

Doctor Syntax Silver badge

"This is where Infrastructure as code comes into play. If you can blow away the entire lot"

Would that be the entire lot as "including whatever tin the infrastructure as code was running on2?

Doctor Syntax Silver badge

Re: I hope

"cancel the refresh program"

It looks as if the refresh programme was brought forward.

Microsoft whips out tool so you can measure Windows 10's data-slurping creepiness

Doctor Syntax Silver badge

"Our commitment is to be fully transparent on the diagnostic data collected from your Windows devices, how it is used, and to provide you with increased control over that data,"

Assuming it does what they say the first bit makes sense. But how does it provide increased control? And wouldn't full be better?

Trans-Pacific Partnership returns, without Trump but more 'comprehensive'

Doctor Syntax Silver badge

Re: Here we go again...

"If enough people say hold up this isn't right then the MP will start to wonder if they will be reelected should the treaty be signed"

Presumably the MPs are also being kept in the dark on the basis that what they know can't harm them.

Schrems can't throw collective sueball at Facebook but individual action OK

Doctor Syntax Silver badge

"Schrems celebrated the fact he was now able to sue Facebook in Vienna, rather than having to go through the courts in the nation the business is based."

I wonder what bearing this has on the Privacy Figleaf. That, AIUI, requires the European data subject to take action for a breach in the US in the US courts. If the data had originally been trusted to a European party who shipped it overseas then maybe they also are able to take action in the jurisdiction where they live. Not being able to do so is a major failing of the Figleaf.

Even now the Figleaf might be shrivelling up and ready to drop.

H-1B visa hopefuls, green card holders are feeling the wrath of 'America first' Trump

Doctor Syntax Silver badge

Re: Go Trump Go.

"You should have taught him the Remark command 'rm'"

Along with the safety arguments -rf *

Doctor Syntax Silver badge

Re: i am wondering about unintended consequences

"I think that's partly why the culture splits tend to be along class and wealth lines more than geographic ones."

If only southerners didn't persist with that C18th affectation of drawling out the letter a in words such as bath or grass.

Look on the bright side, Pebble fans. At least your gizmo will work long enough for you to get beach body ready

Doctor Syntax Silver badge

"Now, Fitbit says, it has extended that cutoff date another half-year, allowing Pebble watch owners to get a little more out of their gizmos – and maybe perhaps consider buying a Fitbit armband."

Yup, cutting off support for one of your products is a real encouragement to trust them with your money for another.

PACK YOUR BAGS! Two Trappist-1 planets have watery oceans, most likely to be inhabitable

Doctor Syntax Silver badge

Re: Food chain

@LeeE

"most likely to be inhabitable...Doh!"

Doh indeed. Inhabitable is a perfectly good word meaning the same as habitable. You seem to think it isn't.

Cold calling director struck off for ‘flagrant’ breach of duties

Doctor Syntax Silver badge

Re: Struck off as a director

"Have you any idea how inconvenient it is to get a partner to set up a business for you?"

It's not an area of company law that ever impinged on my activities but might using 3rd party directors actually be included in the ban given, I assume, that beneficial ownership could be proved?

Biting the hand that feeds IT © 1998–2019