* Posts by IamStillIan

32 posts • joined 10 Apr 2017

Microsoft Azure gains Availability Zones and Immutable Blobs

IamStillIan

Re: "can be created and read, but not updated or deleted"

Presumably it's intended for legally required retention, and as such subject-delete request's will be refused.

4
0

You want how much?! Israel opts not to renew its Office 365 vows

IamStillIan

Re: £££££££££££

"That seems like an edge case to me. I'm purely speculating here, but it seems to me that an org that is so small that it can't sort out infrastructure is probably also so small that the infrastructure it needs is simple enough that they could sort it out themselves."

As someone in this position, I see both sides. We use o365, but that's because we're a dev shop working on MS stuff and get it free though the partner program. If we weren't a dev shop we'd likely not have the infrastructure / skills in house run something like that ourselves.

It takes care of a lot of bits of stuff - AD, Fleet admin, E-Mails, OneDrive, Office, various resilliance and audit issues.. so it probably would be worth the full cost if you were starting out with none of that. Once you learn a little bbit about it, there's also various approahes around to avoid the full costs (I mean the legal ones).

6
0

Here's why AI can't make a catchier tune than the worst pop song in the charts right now

IamStillIan

You could just use the Harrington 1200

https://www.youtube.com/watch?v=rqkUISJej2o

1
0

Farewell then, Slack: The grown-ups have arrived

IamStillIan

Slack has the more aggressive privacy policy - basically that they can share everything in every message with third parties....; that was a problem for us.

Teams doesn't take that stance.

13
0

Things that make you go hmmm: Do crypto key servers violate GDPR?

IamStillIan

Re: How about blockchain

We had slighlty mixed messaged on that.

On one hand you've got "required to function" granting exception, and a clause (somewhere, can't find it right now) pharsed as "…taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures".

On the other hand, you've got the ICO publishing things (I think it was clarification statement about backups) that say "technical difficulties doing it aren't an excuse".

3
0
IamStillIan

In which case, see standard process for someone who releases something into the public domain without your consent; liability lies with them, not the key server. Once in the public domain, there's not a lot that can be done.

I could have a local cache of your key recorded from the key server, which I did on the understanding you'd consented to typical use of the pgp system. Is the onus on me to monitor the key server for status changes?

1
0

DXC execs to investors: It's say-on-pay time. Give us a bump, would you?

IamStillIan

Re: Well you can't buy morale

I can second that from folks I've interviewed. I've had numerous DXC ppl applying for jobs and there typical reason for wanting to leave their existing job is (subject to business lingo gumph) "I need to get off the sinking ship".

9
0

Smyte users not smitten with Twitter: APIs killed minutes after biz gobble

IamStillIan

So what they're saying is they bought the company, got access to the deatils of what they were doing, realised it was probaly illegal / in breach of something or other somewhere, and put a stop to it?

Sounds like the due dilligence failure was before the aquisition..

12
0

Lib Dems, UKIP's websites go TITSUP* on UK local election launch day

IamStillIan

I think you're suffering optimism bias towards the rest of the net.

Sure, it's all lies, but not below average.

1
0

Microsoft: Yes, we agree that Irish email dispute is moot... now what's this new warrant about?

IamStillIan

US legal position

So complying with a US law will mean violating EU law. That comes with a set of follow up quetsions:

1. Is there anything in US law which permits "we can't do that, it'd be against someone else's law" as a defence?

2. If Microsoft refuses to comply, gets fined, and still refuses to comply, can it continue to be punished or is that the end of the matter?

3. Is there a limit to what they could be fined? Basically, on a pure buiness costs basis, what makes more sense, breaking GDPR or braking CLOUD?

13
0

Microsoft's Teams lights solitary candle, hipsters don't notice

IamStillIan

Re: My users are loving Teams!

The MS terms are still stronger than Slack offer with regards to compliance. One of my colleagues blogged about it: https://gavurin.com/privacy-that-is-slack-with-your-data/

1
0

Oi, drag this creaking, 217-year-old UK census into the data-driven age

IamStillIan

Re: Data protection.

That exemption is a Member State Derogation. ie. Member states can execute discretion to legislate over these areas. The UK won't be a member state, so we won't be entitled to derogations of our own making unless we obtain an agreement to the contrary, dispite the fact we're pretty likely to stiill have to comply with thme.

0
0
IamStillIan

Re: Data protection.

Won't get away with that under the GDPR changes, which will be full in force by 2021, unless there;s a Brexit based get out put in place.

5
3
IamStillIan

Missing the point

One of the really important points of the census is to validate all the other data excercises going on day to day. ie. is the admin data any good, or does government miss big sections of the population (always shows that it does..).

This move threatens to render missed groups off the radar indefinately, which has all kinds of knock on in service provision, democracy etc.

Doing bits of it online to save postage is seems fine form that this point of view, but not doing it at all is a huge failing.

12
1

Private browsing isn't: Boffins say smut-mode can't hide your tracks

IamStillIan

Re: I dont believe there is ever likely to be full privacy on the internet

"I dont believe there is ever likely to be full privacy on the internet"

That'd basically be oxymoronic. The internet exists to communicate data. "Full privacy" for everyone about everything would mean don't communicate any data... As you say, it's about agreeing boundaries. The system is still relatively immature (compared to walking down the street..), opinions vary, the scope is wide, and enforcement is difficult. We're a long way off.

You walk down your street with knowledge of the area / community, and having decided the risk is acceptable; there maybe some streets you don't walk down because you don't feel that's true.

The real difference vs the down the street analogy is the scale and extent at which it can happen. People elsewhere in the world can do it en-masse in your street, and every other street. That changes the discussion because you no longer know which streets are safe, or what communicty you're interacting with, so your ability to choose is being eroded. Oddly enough that's an inverse privacy problem, where those doing the monitoring have too much privacy.

5
0

Ubuntu wants to slurp PCs' vital statistics – even location – with new desktop installs

IamStillIan

Creative thinking

Data Canonical seeks "would include" the following:

- Network connectivity or not

So in the case of not, how does it report back? Print it out and ask you to post it?

5
0

Uber: Ah yeah, we pay women drivers less than men. We can explain!

IamStillIan

That's rather mixed bag then:

"due domestic demands" - that would indicate the issue is socital bias in domestic responsibilities; not really within an employers scope to mitigate, but clearly a route cause for various other gender issues.

"gaming the system" - seems to be about experience rather than gender. It's probably still something Uber should address; presumably through tweaks to the pricing model to try and minimise the advantages so all fares yield equvilant rewards. They'll never get that perfect, but can probably do better that an current. This however, would be primarily for the benefit of the customers rather than the

drivers.

5
1

UK Home Office grilled over biometrics, being clingy with folks' mugshots

IamStillIan

Re: "Computer says no..."

What you've overlooked is that they've deliberately not assigned any ids or dependable reference data to anything, in order to make sure nothing like this could be forced up on them.

5
0

Serverless: Should we be scared? Maybe. Is it a silly name? Possibly

IamStillIan

Re: Oh, shit...

JavaScript for infrastrucutre? Anyone can use it; but no one can use to make anything you'd be confident in..

4
0

UK.gov denies data processing framework is 'sinister' – but admits ICO has concerns

IamStillIan

That's my assumption as well, and I see the point of that; otherwise any crook can just turn round, claim to be a researcher and simply "not have reported it yet".

Whether 72hrs is the right number is a fair question, along with how extensive the report is.

If it's a simple "Dear ICO, I believe that combining X with Y can reveal Z, but I'm sitll working on. Cheers" then that could be reasonable. If we're talking about an indepth analysis, then that's a different situation.

5
0

Up, up and a-weigh! Boeing flies cargo drone with 225kg payload

IamStillIan

Just think what Joseph Barbera could do with that.

1
0

Braking news: Nissan Canada hacked, up to 1.1m Canucks exposed

IamStillIan

Re: Not too bad, all things considered

I'm inclined to agree with jmch.

While there is some residual risk fo taking 10 days to notify, it's probably better average for something of this size.

it practice it does take a bit of time to confirm it's actually happened, evaluate exactly what data has been taken, and which people need notifying.

They could have used the 2 step-model; of a general "something has been breached, be alert, details to follow", followed by a "this does/doesn't actually imapct you peronsally, in this way...", but I guess that's being balanced vs reputational damage risk of broadcasting a worse meessage than they actually need to.

I guess

5
0

Oi, force Microsoft to cough up emails on Irish servers to the Feds, US states urge Supremes

IamStillIan

Re: It should be about where the user was, not the server, it seems to me.

It's more than difficut to manage. In infeasibly problematic without effectively a new interational agreement on it and a huge wodge of policy everyone has to find ways to implement.

There are issues around how to record such information, confidence in such information, burden of proof.

Then there are ambiguities around things made in multiple juristrictions (collaborative authoring), out of duristiction (international waters), the list goes on and on.

0
0

No more mister nice GUI: Visual tools stapled to Azure Data Factory

IamStillIan

"Because, yeah, devs hate code and love GUIs."

I actually think that's a misunderstanding. There's quite a mix of people who do this knida stuff.

Devs who write it themselves where there's an off-the-shelf solution available have special circumstances or are doing it wrong.

The data science crowd prefer to save their smarts for the analytics bit, they'd probably rather just push some buttons and have the data automagically become available.

0
0

Slack re-invents the extranet and shared Notes databases with cross-company teams

IamStillIan

Interesting timeing, I believe Microsoft Launchers this features on Teams yesterday..

1
0

So much data, so little time: How to not flip your wig processing it

IamStillIan

I concur; usecase is everything.

Additional reporting servers are a cost; not all systems need to be so timely; why make things more expensive when there's no benefit?

0
0

If Machine Learning is the question, open source is the answer. Right?

IamStillIan

Re: So "Tensorflow" is going to be like VBscript for machine learning?

They tried that, but it worked out it was unquiely capable and started demanding a ludacris salary.

0
1

Numbers war: How Bayesian vs frequentist statistics influence AI

IamStillIan

Re: "How can you possibly do statistics on a guess!?"

I think the response is "How can you possible do statistics without a guess!?". Given that there are no comprehensive models of the world, and practically nothing is truely independant, you always assume something, whether you realise it or not.

3
0

UK Tory party pledges 'digital' charter, wants Verify to back online gov

IamStillIan

Re: One must ask ones self

"Usually the last time you announce it."

Do you have evidence to back that up? We often see already assigned funding being reannounced under new guises again and again...

0
0

Nest leaves competition in the dust with new smart camera

IamStillIan

"If you already have a Nest device set up in your house, the new camera won't require you to enter any login or Wi-Fi password details, but will grab the information through your existing account."

How exactly; they're broadcasting your local network credentials out of your house into the www? Why?

8
0

Health data 'vault' app floats into UK.gov's G-Cloud. *cough* GDPR *cough*

IamStillIan

Re: Compliant?

It's a wider process thing, you can't just buy a bit of "compliant" software for it anyway. That doesn't, of course, mean you can't market a bit of "compliant" software for it.

0
0

How their GDPR ignorance could protect you from your denial

IamStillIan

Re: Purging convictions

I believe the view is that it's their data, and you're not entitled to hold it.

Even if you aren't using it, you're still exposing them to risk as it could be disclosed, mistakenly used etc.

0
0

Forums

Biting the hand that feeds IT © 1998–2018