* Posts by EnviableOne

517 posts • joined 28 Jan 2016

Page:

FACE/OFF: Australian Criminal Intelligence Commission bins NEC-built biometrics project

EnviableOne
Bronze badge

so AUS has the same formula we have in uk

.gov + IT = C*ck-up in the making

1
0

Cisco Talos reveals inner depths of now-patched Windows disk image security flaw

This post has been deleted by a moderator

The only way is ethics: UK.gov emphasises moral compass amid deluge of data plans

EnviableOne
Bronze badge

not a county east of london

The Data reveloution is a minefield

Loads of people are asking can we

very few ask Should we

from a Data Security point of view, and in light of GDPR, its the most important question.

2
0

Scrapping Brit cap on nurses, doctors means more room for IT folk

EnviableOne
Bronze badge

if its anything like my org,

we tried to hire local, but they were more intrested in rate they could get as agency,

we tried to hire from spain, italy and holland, but they didnt want to come cos brexit,

now we have had to go to the Philippines, and they cant get visas

this might atleast mean we can get some of the empty nursing posts (some for more than 4 years) filled.

I think our visa system post-Brexit needs to morph into something akin to the Aussie one, where if we need your skils, no probs, if we dont, you have to tick all the boxes under the sun, and we might let just you in and not the rest of the family..

1
1

Trump's ZTE deal challenged by Senate

EnviableOne
Bronze badge

Who Are We?

oh just the largest manufacturer of telcoms equipment in the world and the backbone of most countries Broadband networks, and the only way normal americans are going to get decent cheap broadband anytime soon ....

but if your wondering where cisco's cash pile just went, i'd be checking Republican Tom Cotton, and Democrat Chris Van Hollen's campaign funds and where they just got new cars/houses/boats from.

0
0

No fandango for you: EU boots UK off Galileo satellite project

EnviableOne
Bronze badge
Boffin

GALILEO - Here we go ....

So 1 bn Euro down the swanny and nothing to show, sounds like a standard UK.gov project.

Despite the fact that UK based companies and institutions own a lot of the IP in the constelation and developed much of the hardware, and according to Airbus (Its Surrey Satellite Technology subsidiary makes the payload for the current generation of Galileo satellites and ground services are managed by Airbus in Portsmouth,) being essential to the project.

Despite its posturing the UK military alongside France are still the most effective in europe, and the shock troops for NATO operations. the idea behind Galileo was to make the European military not dependant on GPS or GLONASS or soon to be unvield Chinese alternative, Allowing the US/Russia/China to go off and prioritise their system outside the North atlantic theatre and have little to no effect on the Europeans.

having paid approximatley 10% of the cost and done about 15% on the project, we have probably actually achieved some benefit from it.

I am not going to add to the brexit debate, FMPOV nothing has changed since the referendum, there were four courses of action, 49% voted for one and 51% voted for one of the other four, and were sold on the least damaging "Norway Option" so where this obsession with Hard Brexit, that has been proven detrimental to the UK, has come from I dont know.

2
3

Thought the AT&T Time-Warner tie-up was scary? Comcast says 'hold my beer'

EnviableOne
Bronze badge

Last seen looking down the back of the sofa

Looks like mickey needs to raid the lucas film merchandising fund and up their offer.

Not sure who I'd rather have the controlling stake in SKY?

0
0

Dixons Carphone 'fesses to mega-breach: Probes 'attempt to compromise' 5.9m payment cards

EnviableOne
Bronze badge

OK so they had simillar hapen and ICO hit them with a £400k fine

this is their second breach with Credit card data

I can see two potential consequences:

the ICO hit them with a BIG GDPR fine (last years t/o £10,580m makes max fine £211.6m/£423.2m)

PCI suspend their payment processing rights (no card transactions - All their online business and presumably most of there in store)

1
0

Microsoft reveals which Windows bugs it might decide not to fix

EnviableOne
Bronze badge

Re: These bug fixes... Or not

thats when they issue a service pack with a whole new bunch of bugs features to find

1
1

US govt mulls snatching back full control of the internet's domain name and IP address admin

EnviableOne
Bronze badge

ICANN

ICANN needs to be brought under a more enlitened juristiction, I'm all for california, but US.gov...

It does need its governance framework re-written to accutally make it accountable, but US.gov should have forced this before they gave them the IANA contract, but there is little they can do now .....

I'd suggest making it a UN agency, except for all the issues we've seen with them lately. The ITU dont have a clue, IETF are just about independant enough and have the right people (depending on which working group you talk to)

4
0
EnviableOne
Bronze badge

Re: Have you really thought about it???

Cos the Swiss did such a great job with FIFA

9
0

Ex-CEO on TalkTalk mega breach: It woz 'old shed' legacy tech wot done it

EnviableOne
Bronze badge

The issue was bad systems integration, the server that was hacked was a relic of the Tiscali takeover

3
0

'Tesco probably knows more about me than GCHQ': Infosec boffins on surveillance capitalism

EnviableOne
Bronze badge

What TESCO Know

Tesco are a huge conglomerate, They have operations in much of the world, and investments in many

Theses are some of the brands you may know:

Bookers

Londis

Dudgens

Dunhumby

Onestop

Dillons

Day & Nite

Budgens

Londis

Euro Shopper

Premier Stores

outside of this they have fingures in many pies and access to insurance, finance and telcoms data, they have holdings in fuel and ventures with Esso. at one point in the 1990s 48p in every £1 spent on the UK Highstreet was spent at TESCO, they still hold 27% of the UK Grocery Market giving them an effective monopoly

FYI(Sainsbury and ASDA have approximatley 16% each and Morrisons has 10%, ALDI, Co-Op, Waitrose and lidl all have about 5%)

0
0

You blithering Ajit! Huawei burns Pai for FCC sh*tlist proposal

EnviableOne
Bronze badge

This is going to cost them

The largest manufactures of Tellecoms equipment are:

Huawei, Erricson, Nokia(Alcatel-Lucent,) ZTE, Cisco, samsung

By excluding Huawei and ZTE they are unfaily discriminating, Nokia has large holdings in china and joint ventures with state owned companies, the same with Erricson.

Samsung manufactures a lot of its kit in china, as does cisco, and neither produce as good carrier grade as Huawei

2
0
EnviableOne
Bronze badge

Re: I never thought I'd say this but...

But most of your iPhone is built in china

10
0

IETF wants packets to prove where they've been, to improve trust

EnviableOne
Bronze badge

Freudian Slip?

The Proof-of-Transit daft offers

0
0

The glorious uncertainty: Backup world is having a GDPR moment

EnviableOne
Bronze badge

Article 17 AKA RTBF is Qualified

Usually it is only applicable if processing is based on consent.

so providing you are storing data for a legal, contractual or other allowed method (not requiring the individual's consent) and only retaining it for as long as is nessacary, then RTBF does not apply

2
0

Hello, this is the FTC. You have been selected for a free lawsuit... Robocall pair sued

EnviableOne
Bronze badge

Sounds like the US need PECR and TPS

0
0

Internet engineers tear into United Nations' plan to move us all to IPv6

EnviableOne
Bronze badge

Re: 30 second ipv4 redesign?

BGP route space is not an issue, we went passed that ages ago the issue is IPv4 only has space for 16bit or 65535 AS numbers and we are using 61140 advertising 724500 routes (agregated to just under 400k in the core)

we went over the 512k routes a few years back and no-one missed a step TCAM tables on modern routers have space for 2048k entries, which should keep us going for some while yet.

Talking v6 adoption, there are 52k routes and 15320 ASes in the current BGPv6 table and the v6 header has room for 32-bit AS numbers or upto 4294967295 ASes

4
0
EnviableOne
Bronze badge

Re: 30 second ipv4 redesign?

I've spent a little more than 30 seconds on it, but i went with 6 octets with the IPv4 space in the top 255.255.IPv4, taking on board some of the usefull refinements from the IPv6 spec

IPv8

a.b.c.d => X.Y.a.b.c.d Decimal

00:00:00:00:00:00 Hex (48bit)

0.0.0.0.0.0 = Unspecified

0.0.0.0.0.1 = Loopback

0.0.0.0.0.192/42 = discard block

0.0.0.0.1.0/40 = APIPA

0::02:00-00F::F = Reserved

010::0-01F::F = IANA

020::0-04F::F = Reserved (IANA Future Use)

050::0-05F::F = APNIC

060::0-08F::F = Reserved (APNIC Future Use)

090::0-09F::F = ARIN

0A0::0-0CF::F = Reserved (ARIN Future Use)

0D0::0-0DF::F = RIPE

0E0::0-10F::F = Reserved (RIPE Future Use)

110::0-11F::F = LACNIC

120::0-14F::F = Reserved (LACNIC Future Use)

150::0-15F::F = AFRINIC

160::0-18F::F = Reserved (AFRINIC Future Use)

190::0-19F::F = Private Address Space

20::0-3F::F = Future Use

40::0-5F::F = Future Use

60::0-7F::F = Future Use

80::0-9F::F = Future Use

A0::0-BF::F = Future Use

C0::0-DF::F = Future Use

E0::0-EF::F = Future Use

F0::0-FF::F = Future Use

FFFE0::0-FFFEF::F = Multicast

FF:FF:0::0-F::F = Ipv4 Migration

F::F = Broadcast

IPv6 address space is stupidly large, IIRC there is enough for 7 addresses for every atom in every person on earth an when you are talking frame headers, they become stupidly large, even with the header optimisations.

From my POV, The Issue with IPv6 adoption is security, no-one wants their internal addresses globally routable and the only reason the core is going to IPv6 is the lack of AS numbers, nothing to do with network addresses. I can see us developing a two tier internet, with an IPv6 core and an IPv4 edge with large orgs/lower tier ISPs doint the v6 to v4 NAT

2
4

Cold call bosses could be forced to cough up under new rules

EnviableOne
Bronze badge

thats nothing, the Thameslink 2000 project (started in 1989) is finally going to be delivered in 2019

0
0

Who had ICANN suing a German registrar over GDPR and Whois? Congrats, it's happening

EnviableOne
Bronze badge

Controller and Processor

I think many are missing the point ICANN are the controller in this case, and tucows (and their subsiduary) the processor.

ICANN contracts tucows to run the .de registry

ICANN contract requires they collect the said information

Tucows as processor must perform the duties they are requested by the Controller.

What ICANN does with that information, is not Tucows responsibility, however dodgy and against the law it is.

It is the responisbility or the registrant to gain Consent from the technical and admin contacts to publish this information.

I agree ICANN need hauled over the coals for the privacy implications in Whois, but this case isnt about WHOIS and GDPR, its about contracts.

0
1
EnviableOne
Bronze badge

Re: At the heart of the issue is the fact that the Whois service was developed 20 years ago...

RFC 812 was obseleted twice, RFC3912 (the current whois Spec Published Sept 2004) states

The WHOIS protocol has no provisions for strong security. WHOIS lacks mechanisms for access control, Integrity, and confidentiality. Accordingly, WHOIS-based services should only be used for information which is non-sensitive and intended to be accessible to everyone. The absence of such security mechanisms means this protocol would not normally be acceptable to the IETF at the time of this writing.

2
0
EnviableOne
Bronze badge

Re: I hope ICANN loses completely.

That may be the litteral translation, but it doesnt have the right tone or severity of language, I hope a native german speaker can chip in, but rules of good etiquete prevent me from exploring the depths of my german vocab for a better phrasing.

0
0

GCHQ bod tells privacy advocates: Most of our work is making sure we operate within the law

EnviableOne
Bronze badge

Re: Destroy All Monsters

Privacy shield hasnt colapsed yet ... (but its on its way)

Schrems VS Facebook killed Safe Habour

Privacy Shield was supposedly a "better" replacement, but is still so full of loopholes and get-out clauses, along with the US.gov survelence, that it too will get ripped up, untill the US introduce a GDPR of their own.

and EU-US data sharing as part of FIVE EYES hasnt stopped.

E2E crypto and HTTPS ubiquity have helped, but we're still nowhere near there.

and calling NCSC head a GCHQ bod is technically tue, but NCSC are a very different part of the organisation, with a completley different mindset.

1
0

How much is the drone biz worth to the UK? How's £42bn by 2030 sound? – PWC

EnviableOne
Bronze badge

Re: Net net of what?

Bearing in mind the Chinese respect for IP rights, and the speed at which factories can churn them out, the money wont be in making and selling, but in operating and using.

and no doubt the majority of the money is in replacing Bob and his cherrypicker, etc. and dumping him on the unemployment line.

Oh BTW Airliners already effectivley fly themselves, the Human "Pilot" is pretty much a failsafe.

0
0

Ex-staffer of UK.gov dept bags payout after boss blabbed medical info to colleagues

EnviableOne
Bronze badge

Hey ICO might want to look at this

Sounds like the Manager needs to be done for breaching DPA, but seeing how beusy they are at the minute, it might just get swept under the rug.

but from previous prosecutions, it would be a fine for the individual, and probably lead to loss of job.

0
0

Cloud is a six-horse race, and three of those have been lapped

EnviableOne
Bronze badge

So In summary

AWS is in the lead

Azure is catching up

Google is trying, but needs to put more money in to catch up

Alibaba is to china focused, but if you get all the features is ok

Oracle is paying cursory attention to the market, cos someone said they need a cloud

and IBM is trying and failing with its usual competence

Are these things we need to pay Gartner for?

4
0

Businesses brace themselves for a kicking as GDPR blows in

EnviableOne
Bronze badge

Re: Yes!

Sorry JJ - its UK law (Data Protection Act 2018) and is fundemental to getting a data security equivalence decision to keep trading in the EU. Oh and by the way, GDPR applies to anyone world wide holding any EU citizen's Data.

Personally, i feel the fines are a big enough deterent, if the DPAs hit one of the big boys hard early on. But i would have liked the DPA to go further and make directors criminally responsible for their companies privacy and security practice.

13
0

FPGAs for AI? GPUs and CPUs are the future, shrugs drone biz Insitu

EnviableOne
Bronze badge

Re: Not an expert on AI

for any implementation, an ASIC will be the fastest, depending on the FPGA design, it could be the next fastest, but GPUs can do Maths far faster than CPUs.

In AI, its normally about number crunching, and if you are doing several specific optimal tasks, being able to switch the silicon to optomise for each in turn, with FGPA, will give you some advantage.

The reason they are looking at off the shelf silicon, is cost and compatability. If every device has a custom FPGA running custom code, then every function they develop, needs to be translated to each individual spec device; with COTS silicon in everything, they can write once, and deploy the function to any device.

6
0

Brit water firms, power plants with crap cyber security will pay up to £17m, peers told

EnviableOne
Bronze badge

Re: "Perhaps they'll also penalize the idiots who ...

Please See Directive (EU) 2016/1148

http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.194.01.0001.01.ENG&toc=OJ:L:2016:194:TOC

The majority of its content is now codified in UK law through the DPA2018

0
0

Blood spilled from another US high school shooting has yet to dry – and video games are already being blamed

EnviableOne
Bronze badge

The Only difference that makes sense

The US has almost twice the amount of firearms per capita of any other nation, and atleast 4 times as many as any other devloped nation.

In other countries, there was one Sandy hook type event and legislation was passed, and it never happened again.

Until Americans Grow Up and accept the Facts, nothing will change.

Afterall, the nation was formed by those that couldnt hack the change going on in europe and moved rather than evolve.

Europe has been evolving for 250 ish years since then, attitudes have been enlightend, evidence is required, blind faith is no longer a justification.

2
1
EnviableOne
Bronze badge
Boffin

The NRA are a JOKE

This is an edited version of a previous post, but if the US media can trot out the same old story every time .....

on average 100 US citizens own 101 guns this is a bit on the skewed side as 3% of the population own over half the guns (at least 17 each) and 57% of housholds don't own one.

the NRA has 5 million members (or less than 1% of the population.)

7.7 million Americans own over 40 guns, so theres at least 2.7million people who own over 40 guns who arent NRA members.

So how do they claim to speak for US gun owners?

No other nation owns anywhere near as many guns as the US the next closest are Serbia 58.21 guns per 100 people and Yemen 54.8, the world average including these is 10.2 (canada 30.8, AUS 24.1, UK 6.2)

Oh and all this second ammendment stuff is really a reach, here it is in all its glory:

"A well regulated Militia, being necessary to the security of a free State, the right of the people to keep and bear Arms, shall not be infringed"

so its basically saying that the individual states have the power to retain an armed force that can be used to defend the freedom of the people and this will not be infringed by the forming of the United States. the NRA et all like to forget the first part of it.

The NRA try to whip up the gun owners by saying gun regulations will remove their right to own any, but even talking to NRA confrence delegates or Trump supporters, they accept that some people shouldn't have guns, and that some controlls are nessacary.

These are my suggestions:

limit legal arms to Hunting rifles and Handguns, except where stored secureley at a licenced gun club, that is inspected and controlled.

Mandatory check on applicants for mental illness, violent convictions or other relevant crimes.

Mandatory training on safe use and storage

That will not impinge the averge gun user, apart from the time to carry out checks, but but any sensible person will build that into their scheduling.

0
0

Signal bugs, car hack antics, the Adobe flaw you may have missed, and much more

EnviableOne
Bronze badge

ICE AI system

Did anyone else think ICE had been watching "Person of Interest" When they read that one

1
0

Seriously, Cisco? Another hard-coded password? Sheesh

EnviableOne
Bronze badge
Coat

PC going madder

now the word person is not permited as it has the male noun son at the end, the PC lobby would have you use the term perkin.

Personally, it think we should keep MITM, and change the definition to Mallory In The Middle or if we want a new term either:

Transparent Interstitial Transition Strike

or Network Re-routing Attack

(answers on a postcard)

0
0

You know me, I don't know you: Hospital reportedly raps staff for peeking at Ed Sheeran data

EnviableOne
Bronze badge

As I currently workin Information Security in the NHS i can confirm this is how it is dealt with.

Basically anyone can access a patient, as the time taken approving someone's access in the case of an emergency may be the difference between life and death, but this is heavily audited and we check those logs on a regular basis.

NHS policy states that all staff are bound by the common law duty of confidentiality, and that individual records should only be accessed for direct patient care

If anyone is discovered having accessed patinet records outside this specific purpose, they are subject to discaplinary, and as seen in this story, it is treated seriously, and always reported to the ICO.

This does not only happen for celebrities, if you look at the ICO website, you will see that several former Healthcare employees have been prosecuted.

https://ico.org.uk/action-weve-taken/enforcement/?facet_type=Prosecutions&facet_sector=Health&facet_date=&date_from=&date_to=

15
0

Brit prosecutors fined £325k after losing unencrypted vids of police interviews

EnviableOne
Bronze badge

Re: "lost" - "unencrypted" is worse.

but its one hell of a deterent.

The DPO is not criminally responsible if they advised against it and the board ignore them.

1
0

Britain to slash F-35 orders? Erm, no, scoffs Lockheed UK boss

EnviableOne
Bronze badge

Re: Govt. spending

its been longer than that, 1920s is when it started ... the Washington Naval Treaty and the repeal of the Naval Defence Act that lead to the breakup of the Empire and the current sad state of affairs, as no-one worked out we couldnt maintain 3 fleets with that number/tonnage of ships.

1
0
EnviableOne
Bronze badge

Re: Platform use

Thats providing they can keep them out of the sea, which appears to be an issue.

Also we built those two huge things with the option of running Type C, with Cats and Traps, which BAe made an exorbitantly expensive conversion. If we were going for steam, we'd need room for the generators (which isnt there) or if we awere going EMALS, we'd need plentiful electricty, which a reactor would be rally useful for but ....

Also the fact that anyone else running the type B is doing so from an Invincible class size ship (i.e. our old ski-jump enabled 20kt ships.) The whole F35 program was an abortion from the start, the BAe next gen harrier, origonally proposed for the FCBA, was a much better option and would have outclassed both the F35-B and the Rafale.

3
0
EnviableOne
Bronze badge

May have been 15% when RR were going to supply the second engine option, instead of just the lift gear for the B variant

4
0

I got 257 problems, and they're all open source: Report shines light on Wild West of software

EnviableOne
Bronze badge

Re: The particular issue around Open Source licensing

The same clauses are in the GPL, MIT and Apache licences especially the "As Is" and the "without warranty"

the issue is, dont use it if you dont know what its doing ...

I admit to re-using code, but everything in any of my programs, i have read through and worked out the whats and wherfores and can be reasonably sure its not doing something stupid

6
0

How could the Facebook data slurping scandal get worse? Glad you asked

EnviableOne
Bronze badge

Security by design

The only way they will get me to Trust them with any data, is if all profiles are locked down by default, but that'll never happen and would never be free!

as a wiser man than i said "if you're not paying for a service, you (or your data) are the product"

6
0

Wah, encryption makes policing hard, cries UK's National Crime Agency

EnviableOne
Bronze badge

Fundemental rights

Article 12 of the Universal decleration of human rights, one of the core treaties of the UN that All members must sign up to:

No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.

Encryption is essential to privacy of communications.

as for the money laundering, has anyone else noticed that the worlds hot spots for dodgy money dealings are all UK overseas teratories? Jersey, Caman Islands, Bahamas ...

4
0

Hacking train Wi-Fi may expose passenger data and control systems

EnviableOne
Bronze badge

Par for the course with PTP

but depending on the architecture, it may be possible, like it is with the way they integrated stuff into cars.

4
2

Second wave of Spectre-like CPU security flaws won't be fixed for a while

EnviableOne
Bronze badge

Re: Untrusted Code?

JavaScript has a far from strict security model, and its a BS language anyway. Its Java ripped down to within an inch of its life and a mess of commands. the other problem is sanboxing this code inside the browser, when the OS is basically a patchball, even though it has been clean sheeted atleast twice!

If you dont need to game or run data analytics etc, a thin client is all you need, which is why for most people I have been recommending the Chromebook for a while.

Oh and Thin Clients are everywhere and a great thing for desktop security: you get a new machine every morning, thats patched and up to date, and if your VD server is man enough, you dont notice the limitations.

5
1

New Monty Python movie to turn old jokes into new royalties

EnviableOne
Bronze badge

Re: I'M BRIAN!

He's not the Messaih HE's A VERY NAUGHTY BOY!!!!

1
0

Risky business: You'd better have a plan for tech to go wrong

EnviableOne
Bronze badge

OK if hardware failure is only 4% of outages and UPS is 25%, is there a point in UPS?

0
0

UK Ministry of Justice knocks down towers, brings IT BACK in-house

EnviableOne
Bronze badge

Re: Who??

Would That be what used to be CAP Gemini, then CAP Gemini Ernst & Young, then Capgemini. the lovley people who brought about the Aspire contract at HMRC

1
1

UK age-checking smut overlord won't be able to handle the pressure – critics

EnviableOne
Bronze badge

Re: Insecure by design

yeah but thats the system they have been using in the states to enforce COPPA and how many under 13s do you know of with a Facebook, twitter, insta, snap, or <insert latest here> account?

Also its the same on pr0n form some locations, are you 18? (or 21 in sone juristictions) and any 14 year old with a modicum of sense, knows what the answer is.....

6
0

Page:

Forums

Biting the hand that feeds IT © 1998–2018