Re: Do your own - it's safer
Really? You have your own cable laid? And your own connection at LINX? And your own power station? Duplicated in case of fault. And your own oil refinery for that power station? Wow!
2010 publicly visible posts • joined 18 Jun 2009
Is it? Supports 2FA, supports removal of downloaded files from devices, can lock out devices, can enforce device patch level and anti-virus policy, supports immediate lockout of expired users, supports restrictions on download and print. Logs every file access, and whether it was downloaded or just viewed in a browser.
"armed police were dispatched before the first 999 call came in because of CCTV monitoring"
Might be true, but can't find anyone from the Met saying that. It would explain the very quick response.
"IIUC the guy was brought down by a minister's bodyguard before"
Again, can't find any evidence of this. PC Charlie Guenigault was an off-duty unarmed response officer - what most of you would consider a normal policeman - and something of a hero.
"standing police presence was enough to ensure that 999 was redundant"
This is definitely wrong. Granted Police presence is much higher than you'd find most other places in the UK but there is no standing presence on Borough High St or Borough Market. Nor indeed was there any at the time of these attacks.
See your point there, thanks.
Still not entirely sure why Mr Putin from Moscow buying ads is more sensitive than Mr Redneck from Texas if both are declared. And acknowledged that they weren't declared this time. Does US law require everyone to declare their influence? If it does Facebook look to be in trouble.
Wanting to nail Kushner on a technicality I can understand.
I don't see the relevance of the Russian connection, other than to evoke memories of McCarthyism.
Some people bought adverts to affect the election. Either that's ok or it isn't, doesn't really matter who they are unless there are rules about limited spend or nationality.
Lots of lawyer fodder in May. Which I guess is why they're changing.
But it's not just aptitude, Windows Update and Play Store do the same. Heck Play Store forces an update everything on a new Android version. Technically that's all illegal at the moment but nobody cares. The publicity around GDPR and the closing loopholes will make it much easier for the sueballs. And I consider that a good thing.
Depends. Some people do. We do, or at least try to. It's tricky because it's almost impossible to get a reliable control group or even a reliable sample but you can produce long term trends.
We know, for example, what the optimum rate of ads is before they start to be a turn off. We also know how long it takes you to forget and forgive. Both are averages and will vary by person, so we tend to model by clusters.
And then there's whether your annoyance affects your purchasing behaviour.
Sounds like a good reason to avoid Facebook corporate accounts. Just look at the potential lawsuits - my employer required me to share all the intimate details of my social life with Facebook in violation of God knows how many human rights and data protection laws.
In the old days you could put all sorts of rubbish on your box safe in the knowledge that it wasn't routable from the Internet.
Nowadays everything is port 80 or 443, even file access (e.g. s3) and microservices mean every little thing has a REST over http endpoint visible from the Internet regardless if the inefficiency that creates.
Putting everything on http is the equivalent of not having a firewall.
"The fact that AWS was said to send out reminders of misconfiguration"
I'm not sure how often AWS do this in all honesty. I've had one, about a month ago, in 5 years of using AWS (and we've had deliberately open buckets for about 2 years, because we have developers who can't cope with authentication and we're publishing it to the Internet anyway).
Securing s3 buckets properly is hard though. Configuring vpc access only involves modifying the subnet routing table and setting deny rules on the bucket security groups. I bet I'm one of the very few have actually done this.
And then a whole load of AWS stuff stops working (lambda, for example, until recently - the new AWS toys are released without VPC support initially).
And then you get into all the Big Data and EMR stuff, which doesn't support application level encryption.
Redshift Spectrum, a Data Warehouse technology, launched without (and still doesn't have) encryption or VPC support.
The combination of AWS products not understanding encryption and not understanding VPCs leads the lazy to rely on just IAM, and IAM is so easy to get wrong. As I've said before here, their documentation often recommends grant * to *, which isn't helpful.
Security comes through multiple layers. In their rush to get products out AWS tend to start without those layers.
It is possibly worth looking up what Corbyn said and in what context. Neither of the above statements appears to be correct.
Corbyn's mostly anti-war, which pretty much leads him to supporting negotiated settlements.
El Reg commentards seem to quite like their war-porn, but then IT workers rarely have to collect the burnt and bloody remains of their colleagues or watch them slowly drown to death in a flooded ship.
"Yep completely agree. There are so many ways an ill-disposed IT worker with admin rights could get bulk data access "
My bet would be IT too. Not sure why you're all so keen to assume it's the Indians, could just as easily be anyone anywhere in the world.
Personally I'd just have a trigger in the CRM pushing records to SNS, but that's a bit easy to stop and trace. Fits the real-time profile though.
It might not be BT's leak - they could just be playing the probabilities with data scraped elsewhere we haven't heard from everyone who didn't fit the profile.
"'that being in prison is a violation of their right to a family life'
Which has no relevance to the ECHR. This example is worthy of the Daily Mail."
Exactly. Every other country is subject to the ECHR and nobody else has this problem and no other country's press and politician's whip up this sort of hysteria. It's almost as if the gutter press is concerned about being unable to invade privacy whenever they want. If fault lies anywhere it's with the English judiciary for it's occasionally bizarre rulings.
" I think El Reg has misinterpreted this ruling."
The Reg article is awful. But it does link to the ruling, which is an excellent piece. Reg's article is, thankfully, better than the Reuters piece most new outlets copied.
There's a large mass of opinion that seems to think that human rights law prevents the state protecting it's citizens in some way. This view is widespread amongst Police officers and the military.
Nobody seems able to explain why the ECHR fails to prevent the Gendarmere, the Guardia or the Carabinieri operating in robust ways that the UK Police only dream of. I bet the Romanian Police aren't soft and cuddly either (my Romanian friends advise me to cross the road to avoid the Police, some habits die hard).
Theresa May feeds off and fuels this paranoia. It's hard to see how she, as an intelligent woman, can be acting anything other than fraudulently.
Not sure who you are having a dig at, Apple or the Chinese government, but:
Chinese Law limits the length of the working week to 5 days at 8 hours a day with a maximum 36 hours per month overtime. That's substantially better than the EU working time directive (48 hours/week over 17 weeks and which the UK allows employers to opt people out of by default).
Health and Safety precautions and policies are mandatory, just as they are in the UK. And they have occasionally executed people for breaking them.
There do seem to be some employers that allegedly flout the rules. You may be suggesting that Apple picks and chooses which laws to respect.
Silverlight was a good idea, just implemented horribly. A decent cross-platform implementation and a watertight promise not to litigate could have killed Flash years earlier and put a fatal dent in the mess that is JavaScript. And we wouldn't need things like Coffeescript, Dart and Typescript.
I still maintain that .Net 2 is one of the best and most consistent APIs ever created. Especially when you consider it side-by-side with Swing.
"the lists are already readily available so it not as if the really bad guys could not get their hands on them on a lazy Saturday afternoon"
I dispute this. First off this rainbow table didn't exist until these people created it, some might have had it but not everyone. Secondly the lists might have been available in theory but in practice it's a bit tricky. Tricky enough to stop your casual script kiddie finding them. What Troy's done is make them available to everyone. A bit like the difference between my mother's maiden name in theory being available to anyone who cares to look at the records office and being available to anyone to download easily on a Saturday afternoon.
So whilst there may have been a hundred or so potential users of these leaked lists there are now millions.
It's not good to rely on obscurity but having it helps, as anyone who does more than parrot back mantras knows.
Why release the passwords? The hashes are already out there and that's all you need for real-time filtering.
If you just want an individual user to change theirs then (a) they won't be reading a tech site and (b) you only need to tell them the site that was compromised, as in "change your Ashley Madison password and anywhere else you used the same one."
It's getting very hard to tell the good guys from the bad guys these days.
I can't see who on the "good" side this helps. If you have a stash of unsalted sha1 passwords then no amount of scanning against a list is going to change the fact that you have a problem, it's only the baddies that are helped here.
Yes, but your Garmin will break every time your phone gets updated or your watch gets updated and every so often Garmin Connect will kill your phone's battery for no good reason.
I will grant you that it's the best of the smartwatches. The "just look on the watch for a grid reference" trick never stops being amazing. Needed it Monday when the main Garmin satnav decided to crash miles from the nearest road.
"But here in the US Detained means stopped then let go Arrested usually means"
Similar here. Although grounds for arrest are much weaker in the UK than the US. Since Theresa May clamped down on detention the requirements for both are pretty much the same (reasonable grounds to suspect), so new constables tend to arrest or turn a blind eye. Arrest carries with it broader powers than detention so is safer, legally, for the officer. Obviously it's more intrusive for the person being arrested, but that just shows you Theresa May's thought process - she wanted the ability to say she's done something rather than actually doing something useful. It also means almost nobody is detained for a search for knives any more, which is why knife crime is rising.
An arrest warrant is cast-iron grounds to arrest (technically speaking not arresting is contempt of court but I don't think it's enforced).
As a gentle aside, the UK forces are switching to Windows Phone right now.
They are allegedly more secure than the alternatives, and if you've already got a secure system up and running on Windows (which they do have) then it makes sense to extend that system rather than create a whole new security model.
Really simple things, like being able to take a photo and email it (rather than have to wait for someone with a camera to arrive, take it back to the station, download and then email), can make an officer dramatically more efficient.
The Linux zealots won't like it, but unless you want to rip out an entire infrastructure and start again (and with what? Firefox phone?) then it's a very sensible option.
Those that want to can read up on the history of Sea Shepherd here:
http://m.greenpeace.org/international/en/high/about/history/paul-watson/
If you get all your information from this article (and other Reg articles on the subject) then you'll be somewhat misinformed.
"and so all of the cards have likely expired"
This but doesn't help much. It's fairly easy to retry the same card adding two or three to the expiry year.
If that fails then the credit card companies offer services to update expired cards - card refresher from Amex, Account Updater from Visa and Billing Updater from MasterCard - and some merchants will helpfully call those for you.
So let me get this straight. Someone said something someone else didn't like. And another someone else defended their right to say it. And now a whole load of other people are upset that that person upholding someone's right to an opinion is offensive to some other hypothetical victims. And to express their discontent at a possible uncomfortable situation they've decided to create an even more uncomfortable situation by taking their toys away and moving to a different playground.
Would someone call a grown up please?
You need to understand the difference between reporting an incident and reporting a recordable crime.
You can report anything you want, but it will only get recorded as a crime under very defined circumstances. That's important because response targets (those targets that Theresa May says don't exist) are based on crimes not incidents.
In the case of fraud your local Police standard procedure will be to ignore it and wait for the victim to report it. Act on Fraud might deal, because they are the national body designed to investigate systematic fraud. Those are the rules. If you don't like it, don't blame the messenger lobby your MP or Police Commissioner. Perhaps using these statistics. But bear in mind the six officers on your local shift will be run off their feet sorting out everything else from parking disputes to lost children to murders and won't have the time to do any sort of serious investigation.
Think about data protection law. It's still a crime, you can report it to the Police, but the national body to investigate is the Information Commissioner so the Police won't do anything.
The Police aren't interested when you report it because YOU ARE NOT THE VICTIM. Crime recording standards generally only allow crimes to be reported by the victim or an officer.
In general the fraud should be reported by the bank or insurance company that is actually being defrauded.
I wish people and sloppy journalists wouldn't talk about identity theft victims, because it's bollocks legally and gives banks an excuse to fob people off.