* Posts by m0rt

750 posts • joined 11 Jul 2015

Page:

Open justice FTW! El Reg fought the law – and El Reg won

m0rt
Silver badge

Re: Nicely Done Reg!

I mean well done is deserved.

But I don't see why we have the term 'Open Justice'. Justice is justice, surely?

If there is something nefarious going on behind closed doors, if something is just it still is just, if it is affected then it isn't justice.

Actually that reads weird. You know what I trying to say? Meh.

Too much GDPR documentation going on.

8
2

Yes, people see straight through male displays of bling (they're only after a fling)

m0rt
Silver badge

"and Frutal has positive connotations which obviously wouldn't influence the results."

Frutal?

Was he from the Flumps?

2
0

IETF: GDPR compliance means caring about what's in your logfiles

m0rt
Silver badge

Legally mandated requirements are that. Legal requirements. So if you run a Telco, you have to comply with the the data logging requirements for running that Telco.

After that GDPR and the ePrivacy directive take hold.

SO if you are legally required to keep a record of what phone calls where made through your system for 7 years, then you keep them for 7 years. But on the first day of the 8th year, you better have your data deletion policies in place.

8
0
m0rt
Silver badge

"But a normal website owner should have no further need for the data after it has been in the logs long enough to check for unauthorized access, which should be same-day or next-day (3 days if there is a weekend between), is what I'm reading from the IETF. But that does seem rather short. A few weeks seems more reasonable."

You won't necessarily know about an instrusion until Troy Hunt mentions your domain. Bad things™ happen even to those that do take precautions. Ever hear of the rogue employee? And you need to find out what occurred so you know that particular hole is shut down and the ICO will want to know what you are doing about the data breach. You can't do that if you dispose of your logs too quickly. When you are aware of it, you don't know how or when it occurred yet so you need to check.

Those that think they are that secure that they can't be hacked in anyway are, for the most part, deluding themselves. You have to assumed you will be hacked at some point.

“The processing of personal data to the extent strictly necessary and proportionate for the purposes of ensuring network and information security, i.e. the ability of a network or an information system to resist, at a given level of confidence, accidental events or unlawful or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted personal data, and the security of the related services offered by, or accessible via, those networks and systems, […] by providers of electronic communications networks and services and by providers of security technologies and services, constitutes a legitimate interest of the data controller concerned. This could, for example, include preventing unauthorised access to electronic communications networks and malicious code distribution and stopping ‘denial of service’ attacks and damage to computer and electronic communication systems.”

https://gdpr-info.eu/recitals/no-49/

So a few weeks for logs? Fine. Do it. You may never need them beyond that. But if you do need to know what happend a couple of months ago?

17
0
m0rt
Silver badge

" Full IP addresses should only be stored for as long as needed to provide a service;

Logs should only include the first two octets of IPv4 addresses, or first three octets of IPv6 addresses;

Inbound IP address logs shouldn't last longer than three days;

Unnecessary identifiers should not be logged – these include source port number, timestamps, transport protocol numbers, and destination port numbers;"

I don't agree. The way the internet works means that ip addresses are a necessary use. Yes, IP addresses can be Personally Identifiable Information when combined with other data, or you are using a fixed IP at an individual address, but if you access my services I can't help but know your IP address. My logging is fine to record your entire IP address. It is what I then do with that information that is important.

Also, I am bound to provide suitable protection against any intrusion, or notify ICO if I suspect an intrusion. This aso means potentially sifting through logs to try and locate that source. Three days? That is just silly. 6 Months, sensible. 12? Maybe they have a point, unless regulatory requirements state otherwise.

This would come under legitimate interest. If you come to use my online services, then I have to store the above information to allow me to satisfy the requirements that come from operating online services in the EU. If I then decide to do something funky with that data, then that is another thing entirely.

I am wondering if INTAREA felt that they hadn't yet made any statement regarding GDPR and rolled out the first thing that sounded press friendly. They certainly are not showing a deep understanding of the issues involved.

"Logs should be protected against unauthorised access."

And remember, Kids, don't take sweets from Strangers...

47
6

UK's Department of Fun seeks data strategy head – experience not needed

m0rt
Silver badge

Re: Not the first time

Well isn't this a usual trick of a ruling elite?

IIRC some officers pay in various forces was so low that the only people who could afford to become officers were those that had a seperate income.

Colour me cynical...

4
0

Guess who's still most moaned about UK ISP... Rhymes with BorkBork

m0rt
Silver badge

I noted the same thing.

I'm sticking with Zen. Not cheap but the odd time I do need to call them, it is a fine experience.

15
0

HPE donates 3 mini-supercomputers to UK universities boning up on Arm

m0rt
Silver badge

Re: But

Upvote because, in a few thousand years and the universe's first antimatter linked Hypermegascalon Dimensional Thread TZR + goes online*, I hope the first reported enquiry at whatever passes for a press event then, consists of:

"So...does it run Crysis?"

*I say online. What I really mean is it pops up in your consiousness.

4
2

Apple leak: If you leak from Apple, we'll have you arrested, says Apple

m0rt
Silver badge

Re: Leaking the anti-leak memo to Bloomberg

"Leaking Apple’s work undermines everyone at Apple and the years they’ve invested in creating Apple products… The impact of a leak goes beyond the people who work on a particular project - it’s felt throughout the company."

The impact of the leak? Really?

I suppose the impact on your unsold stock of current iShiny may be hit. But really, Apple, you truly are just another self righteous, narcissistic, lifestyle wannabee, tax dodging, grubby little American corporate.

Who else would make so much out of a thin laptop, then promptly allow root access without a password?

68
5

Sysadmin’s worst client was … his mother! Until his sister called for help

m0rt
Silver badge

"Has doing tech support for your family ended in tears?"

Pretty much every other time.

For some reason, I was expected to know their passwords to things until I insisted they wrote their passwords down. Or develop a system for generating passwords.

17
0
m0rt
Silver badge

Depends.

If I am speaking and saying 'Go to the root of your C:\ drive." the ':\' is silent.

30
2
m0rt
Silver badge

"“The first task, that took about two years, was to stop her saving everything to the root of C:/.” "

Isn't that root of C:\?

45
0

Modern life is rubbish – so why not take a trip down memory lane with Windows File Manager?

m0rt
Silver badge

Re: life extension - file extension

The trick is not to show anyone anything that might upset them.

Hence the ubiquitous search on modern OSes that helpfully fail to show you the location of the files it finds unless you click on the bugger first.

Unless that is just MacOS.

Ever get the feeling we are moving backward?

18
0
m0rt
Silver badge

Pfawwwww..

Xtree Gold ftw.

48
0

Birds can feel Earth's magnetic fields? Yeah, that might fly. Bioboffins find vital sense proteins

m0rt
Silver badge

Re: Magnetic Puns?

Your pun pole-axed me with its hilarity.

7
0

It's baaack – WannaCry nasty soars through Boeing's computers

m0rt
Silver badge

Re: "If you don't trust it for critical systems, should you even use it at all?"

"Do you expect your car is being built with the same level of reliability of an aircraft? It would cost much more and with far higher maintenance requirements."

I expect the core OS to be, yes. The rest of the software, however, of course not. I was pointing out that what constitutes an OS these days is far overreaching.

0
0
m0rt
Silver badge

Re: Aircraft do not use Windows for critical systems.

This should tell you more about an apparent OS than anything else

If you don't trust it for critical systems, should you even use it at all?

That way it would prevent the kind of useless bloat that seems to be the symptom of some kind of industrial disease infecting large organisations.

Hey, supposed tech companies. Sort your core OS out. Everything else should be optional.

*mutter mutter*apple*mutter mutter*iTunes*mutter mutter*

5
2

Wanna work for El Reg? Developers needed for headline-writing AI bots

m0rt
Silver badge

" but I won't post it until this afternoon."

Now that just doesn't make sense, either in context or encrypting it.

2
0

Brit cloud slinger iomart goes TITSUP, knackers Virgin Trains, Parentpay

m0rt
Silver badge

"have no fear - the Web Wizards are on the case! "

Devops gone too far in this case, methinks.

6
0

Slap visibility beacons on bikes so they can chat to auto autos, says trade body

m0rt
Silver badge

Re: Really?

"it's those stupid flashing lights that some cyclists insist on having 'to make themselves more visible'."

The reason they exist is that if you are in traffic, oncoming traffic will not make out a bicycle light in most cases. The flashing gets attention. As you have proved.

Also having a single source of light being used as a way to estimate movement when coming toward you is prone to massive error. Basically it is safer for the cyclist by far. When it comes to 2 tonnes of steel vs a lone cyclist, I think it is better to err in favour of the cyclist. If you really want to talk about lighting issues, then a far greater problem is the colour temperature of modern headlights causing serious night vision issues for other drivers.

7
1
m0rt
Silver badge

Re: Great...

"(lets face it there are dickheads using bikes, motorbikes, cars, vans trucks, mobility scooters, skateboards, feet.......)"

So you get it, yet you still try to start a pointless, silly argument thread?

Yet the important this this brings up is actually that again lack of appropriate installed technology is being used as an excuse for issues not being solved, yet the real issue is attitude in most cases. What next? Same thing for pedestrians? All footware to have a transponder?

This is why we have the age checks being brought in online, pushing the responsibility away from those who should know better to making the State responsble for seeing that everything is 'safe'.

The worse thing is it is the relatively small amount of outliers that cause this lovely 'outrage' that then gets transmogrified into 'something is being done' that affects everyone.

The future is not bright, the future is decidedly grey and ominous.

18
1

NASA fungus problem puts theory of 'Martian mushrooms' on toast

m0rt
Silver badge

Re: Suggested title...

Badger badger badger badger badger badger badger badger.....(alltogether now...)

5
0

UK's data watchdog seizes suspected Scottish nuisance caller's kit

m0rt
Silver badge

Could be the end of the line for this Scottish company.

9
2

Brit MPs chide UK.gov: You're acting like EU data adequacy prep is easy

m0rt
Silver badge

@VinceH

" "Hey, it looks like you're trying to leave the EU! Would you like some help with that?"

Note to El Reg: We need a Clippy icon!"

Why hurt me?

0
0
m0rt
Silver badge

So a Microsoft Brexit as opposed to a hard Brexit?

16
0

We need to talk, Brit Parliamentary committee tells Mark Zuckerberg

m0rt
Silver badge

So on the one hand "How dare you abuse your position and allow our Citizens' data to be used in this fashion!" to the other "How dare you refuse us unfettered access to our Citizens' data!"

So guess what the free gift facebook is going to give the UK gov to make this go away?

12
0

Space, the final blunt-tier: Binary system ejected huge 'spliff' asteroid, boffins reckon

m0rt
Silver badge

" It has a radius of 200 meters"

I know that got bandied about, but what does that refer to? The spin radius? Because other figures suggest 80m radius, others say it is 35m in diameter and 230m long.

Whichever way...it is still one hell of an unflushable.

13
0

UK mobe network Three's profits hit by IT upgrade costs

m0rt
Silver badge

Re: Ka-shing ...

My pocket makes that sound, sometimes. But I am certainly not rich.

0
0

Taxpayers chuck burnt-out Bongs* millions of pounds to 'decelerate'

m0rt
Silver badge

Re: Unbelievable

Yeah. Unfortunately those they deem to have proper credentials say complete shit like this:

"Consultancy Accenture says 81% of executives it interviewed think that within two years AI will be working next to humans in their organisation as "a co-worker, collaborator and trusted adviser"."

From the equally bs article: http://www.bbc.co.uk/news/business-43259906

Basically, this isn't going to change. The inmates run the asylum. There is no sensibility, there are only gradiose claims and ridiculous deadlines.

We are fscked.

Unless, here is a thought. How about starting a political party?

16
0

Uber hopes to butter up Brit transport chiefs with lots of lovely data

m0rt
Silver badge

"unlocks innovation and creates economic and social value"

You know that sound created when you drag your nails down a chalkboard? (If you don't, you must be under 35 and you should go out and do it, now.).

8
0

Fermi famously asked: 'Where is everybody?' Probably dead, says renewed Drake equation

m0rt
Silver badge

Re: Obligatory DNA

"He's using Bistromaths...."

Ahhhhhhhhhhhhhhh......

4
0
m0rt
Silver badge

Re: Obligatory DNA

"It is known that there are an infinite number of worlds, ... However, not every one of them is inhabited. Therefore, there must be a finite number of inhabited worlds.

False logic. ∞ - x is still ∞"

Actually, the false logic is assuming there are an infinite number of worlds. You may postulate that there is an infinite amount of 3d space for things to exist in, but that is not the same that there is an infinite amount of matter.

Assuming we are not getting into dimensional discussions.

6
1

Former Google X bloke's startup unveils 'self flying' electric air taxi

m0rt
Silver badge

Re: Waaah!

Says in the video, if you can stand it. 100 miles.

1
2

Your manhood is safe, judge tells ZX Spectrum reboot boss

m0rt
Silver badge

Re: Bit like the Vega then

Would explain a lot.

1
0

Fear the wrath of robots, for their judgement is final and irrevocable

m0rt
Silver badge

Correction

"Pre-crime is a neologism from Phillip K. Dick's The Minority Report,"

At least attribute it to the originator...

28
1

Europe is living in the past (by nearly six minutes) thanks to Serbia and Kosovo

m0rt
Silver badge

Re: Time Is Terribly Slow Until Pub

This is why you say 'Bar' time.

Translation issue. :)

14
0

Slack cuts ties to IRC and XMPP, cos they don't speak Emoji

m0rt
Silver badge

Re: "Good luck meeting that deadline, Slackers"

You, Sir, are wise.

Prophetic, even.

9
0

British military spends more on computers than weapons and ammo

m0rt
Silver badge

Re: IT equipment and weaponry aren't mutually exclusive

Want a hug?

21
0

'Quantum supremacy will soon be ours!', says Google as it reveals 72-qubit quantum chip

m0rt
Silver badge

Re: The three states of Schnroedingers Cat

You forgot:

Riding invisible bike.

5
0
m0rt
Silver badge

They are sure until they are asked the question: "Are you sure?"

6
0

So the suits swanned off to GDPR events leaving you at the coalface? It's really more IT's problem

m0rt
Silver badge

Re: Always changing goal posts

Easy way to sort this.

Get management to tell you who the Data Office is. If they feel they don't need one then they still need to nominate someone responsible. (Hint - it can't be a Board member).

Then when you get that person - scare the shit out of them if they don't take the responsibility seriously. Unless they name you as Data Officer, in which case you are now a legal person and you can tell them exactly how it goes down and they have to listen to you or they are breaking the law and you are forced, by law, to inform the ICO.

14
0
m0rt
Silver badge

No.

This has been an issue, regardless of GDPR and the ICO recognise that this isn't always straightforward.

https://ico.org.uk/media/for-organisations/documents/1475/deleting_personal_data.pdf

See page 4.

So, outside of data kept for regulartory purposes which you have no choice over, and your normal backup policies (you do delete old backups, don't you? You don't keep them forever, do you?).

So - scenario: You go back to back from yesterday beause something nasty happened. Yesterday after the backup was taken a set of records were removed. As long as you know, somehow, that theses were removed you can reapply the deletion. So the deletion process will be need to stay *live* for as long as you feasibly keep backups that may be used to restore from for your day to day running.

It most cases, I would argue this is a week or so for most with Daily changing data. If it is a month, then you will need to keep the deletion process longer than that to ensure you can meet your duty. As long as *this is documented* the ICO should see that as endeavouring to comply with the spirit.

If you ended up using a backup from a while back, which may be the case in some scenarios, and some data was resurrected that shouldn't be, and this got out and the sh1t hit the fan, then it comes down to why, the impact, what procedures were in place etc.

There is no black and white answer to a lot of scenarios. You can't help seeing an IP address. And you can't know if this is a piece of Personal Identifiable Information (eg, fixed IP and you have the name and address of this person) or not (temp IP or company firewall). You can't dump this (if a breach you will need to go over your logs) and you can't anonymise it in most cases, or even be sensible to do so. So it comes down to what you do, how you document, don't generally piss take and *show evidence* of what and why you do.

Personal data should be sacrosanct. It is about time it is treated as such. By both the users of that data, and the general public who are, for the most part, pretty clueless. That isn't their fault mostly, it is just that industry has beguiled them with promises, free stuff and The Shiny™

16
0
m0rt
Silver badge

The business I am in has a lot of contact with other businesses whose primary is not tech related. It is suprising just how many of those businesses are quite blasé considering the fact this is possibly the biggest thing to hit any kind of data processing since the introduction of the Data Protection Act. Or just reel off Legitimate Interest when asked about how they are going to sort out opt-in on their website and the various marketing tools, tracking tools, for starters.

Going to be a fun time. GDPR I am quite for. I think that it re-addresses the balance that has been lost regarding sanctity of peoples data. On the other hand, it is also showing the issues that previously defined terms or situations relating to DP have never really been tested in UK Law and can be interpreted in so many ways. If you have ever approached the ICO for advice on how best to do something and remain compliant.....you will know exactly what I mean.

20
0

Drones replace models on Dolce & Gabbana catwalk

m0rt
Silver badge

Re: Why oh Why oh WHy?

Some pretty influential and powerful people in that audience, probably. Imagine what would happen if something went wrong and a drone or two went berserk.

Would you take that risk? :)

3
0
m0rt
Silver badge

Underwhelmed.

And that is an overstatement.

A huge overstatement.

14
0

Apple: Er, yes. Your iCloud stuff is now on Google's servers, too

m0rt
Silver badge

Re: PMSL

"Make yourself a dinner-party pest"

I am probably that person.... :(

12
1

Intellisense was off and developer learned you can't code in Canadian

m0rt
Silver badge

Ahem: "Biased"

21
1

Boffins: If AI eggheads could go ahead and try to stop their code being evil, that'd be great

m0rt
Silver badge

@stumpy Re: phishing mails

"As a race, yes. Just look at how many people still read the Daily Mail to see how dumb we are."

Reading the Daily Mail is ok. You can't judge someone for reading it, unless you are as guilty as the people you point fingers at of being quick to judgement based on little substance. I have read it, at times. But, like anything else I read I am able to spot jingoistic rhetoric, sensationalism, and down right innacurate bullshit when I read it.

6
2

Bad news: 43% of login attempts 'malicious' Good news: Er, umm...

m0rt
Silver badge

Re: What's wrong with Anthrax Candy?

Same here. I use fail2ban but surely if you take a superset of All Login Attempts, then the automated SSH attempts must make a massive chunk of those malicious ones?

7
0

Flight Simulator's DRM fighter nosedives into Chrome's cache

m0rt
Silver badge

Re: Idiots...

Well they are coming back down with a bump.

4
0

Page:

Forums

Biting the hand that feeds IT © 1998–2018