Posts by John_Ericsson

The register final catching up on the news.

I thought GDPR requires the data controller to notify the ICO within 72 hrs of being made aware of a breach. Is oracle the data controller (“owner” of data) or a data processor?

In this context, what is a reseller?

To be fair, we never hear of the thousands of NHS IT projects that are delivered on time and to budget.

I often wonder if an off the shelf trusted and established application, with internal support staff can create a better and MORE FLEXIBLE service. My experience ends in 1997 when the benefit agency brought in consultants to look at the IT services, and they scrapped in house solutions and contracted out. The results were as you would expect. I remember we could not ask for bugs to be fixed because it had been signed off and we could only make a handful of “feature requests” per year

Lots of reasons. However the primary reason is managers not one taking responsibility/accountability by suggesting something they could be blamed for. Once someone has suggested “X” then X it is, and we know who to blame when it al goes wrong. This attitude runs from top to bottom on the management hierarchy. In my experience poor project management is something the UK excels at.

“Suspicion of burglary and criminal damage”. Now the staff at the British Museum know how it feels.

The worst case scenario is going to happen. Both wayland and Xorg are going to have to be installed side by side for decades to come. Wayland is a vanity project. They pride themselves in doing it their way with little regard for real world needs

Hold your horses. You do know that a hack to allow positive discrimination is to declare a diverse workforce as a requirement of the organisation. The organisation (HR) will produce lots of graphs about the financial benefit of diversity. Points will be awarded to select candidates and at interview based on what they can contribute to the companies diversity.

Hopefully those dealing with the DDOS received support from a hotline that had no options related to the issue, and did not have an option to speak to someone.

On second thoughts, for IT staff that care, dealing with attacks is a fairly bad experience, hope that they do get appropriate support

They have ridiculous job titles to sound impressive when they leave. I must admit an application from a " Lead Cyber Security Expert" at GCHQ would go on top of the interview pile.

My young colleagues tell me that "job cat fishing" (or is it phishing) is also a thing, where employers big up the role that does not reflect what you will be doing.

"Penn State abandoned its contract with **government-compliant** cloud host Box in favor of OneDrive, which doesn't meet NIST's CUI security requirements, to save money"

I've been there countless times with UK universities, that get IT to do their Information Governance. IT make a decision without consultation and when it all kicks off when they tell users to move data to the new repository they off the advice "go back to the stakeholder, explain that there is no difference in security". I can guarantee IT would have said "will it be okay if you encrypt the data on one drive?".

Keep an eye out on pen testing companies even those based in the UK.

I have audited companies that have employed a third party pen testing company to do their pen test (fair enough), and while the pen testing company is genuine and none malicious, they are often unable to provide meaningful assurance on the contractors they employ.

So more reason to remove the air gapped networks and have all the sensitive information "on the internet". WSUS requires just two ports to be open, what's the betting that the cloud "alternative" requires a whole host of URLs with ever changing IPs and multitudes of ports for our on prem servers to access them.

I will miss typing "wuauclt /reportnow and /detectnow" (although one of them didn't work, but I can never remember which so I used both.

Further evidence as to what the answer is to "Do they ever stop to think?"

lets jump to v8, with it being like ipv4 just bigger.

What really grates is he smug anti-EV youtubers were right.

My plan was to get an EV when I could charge from home. While that happened this year, I had already witnessed friends describing it as their biggest financial mistake (apart from getting married).One friend waited six months for a "part" before being told they could not source the part and they would buy the car back of her for .... 20% of the purchase price (after two years). This is NOT "eco"!

There is to much kid-ology going on and we all need to admit we were duped (like with 3d TVs)

The windows Control Panel is one of the few things the Linux users can't get enough of. Why did MS even consider getting rid.

Not so many years ago at a university in the UK did our first phishing exercise. I can't remember the text but it would have been along the lines of "funding issue with your fees". The following day HR raised complaints at the highest level and were demanding discipline be considered. Time and time again they were telling us that "lying to students is totally unacceptable" and how the damage done will take many many years to repair. No further exercises were ever run.

The briefest of research (google), would have shown the school failed on the most basic data protection requirements.

Additionally I would argue that consent in these circumstances can not be freely given.

So where do we go from here?

What is going to be the flavor of the day for next years auditors when they prod our resilience policies. What are they going to be looking for?

I had a (very) successful career in IT all thanks to WordPerfect. As an office junior for a company of 10,000 users I wrote some automation process (macros?) on WP and shared them amongst other staff. Six months later various people came into the office looking for me, and asking "show me what you did". They went away with a "hmmmmm" . A week later the CEO said "we are creating a PC dept and we need someone who knows about computers". (and yes they did ask me to create their web page, it had music and a flashing banner, it was a site to behold.)

Surely it is only right and proper to give the chatbot a right to reply on this article. Has it been approached?

Why is the SIRO replying?

"Sir, what were trains like when you were a child?"

"What? Steam trains? Well let me take up half the lesson with my reminiscences and opinions"

"Patch Tuesday" broke our outlook. Probably the same thing.

If it does not need to be on the internet it should not be on the internet.

"Danish critical infrastructure ..... Some were forced to enter island mode operation, where they had to disconnect from the internet"

DareI suggest critical infrastructure should remain isolated?

I hope the spokesperson said it in a whisper.

While I don't deny such circumstances could occur, there is something that does not ring true. Pass me the Sodium Chloride.