Posts by Adam 52 2010 publicly visible posts • joined 18 Jun 2009
"the local police station is to close to save money"
It's not really to save money. What's been happening - and Sara Thornton is as much to blame as anyone else - is that Police buildings have been sold off and the one-off income used to cover the gaps in operational funding.
This is clearly an unsustainable funding model.
I see opportunities, and I think there's still enough Dev in me for it to count.
Like Bombastic Bob I think that Visual Studio 2000 was an excellent Dev environment. The current CI environments are mostly awful.
So imagine a github extended with a decent, Microsoft designed CI that takes your code, builds and deploys to a container in Azure. Yes, it'll be clunky if you're self hosting or on EKS and you'll have to script the deploy yourself but you'd hope for something better than Jenkins or CircleCI. It could easily even be better that Heroku and if Microsoft can hijack Heroku's market then they'll make their billions back.
"Occupation/husband's occupation? Not sure how my supermarket shop could give this away, unless you buy a specific magazine for that occupation (how many of those are there?)"
Like JohnFen says, they buy that bit in. From somewhere like here:
http://www.experian.co.uk/marketing-services/solutions/targeting/consumer-data.html
"at least as much as Tesco as they can bulk purchase data from the same commercial sources as supermarkets do, and then add their drag-net surveillance to that"
Well they can order Tesco to provide everything they know, and then add everything your bank knows and then add everything your ISP knows and then add everything your doctor knows.
So I think GCHQ certainly do know more than Tesco.
It's not the right thing. Police action to suppress lawful activity on the basis of a campaign speech made by a politician isn't the right thing. Especially when that politician is tapping into anti-Semitic sentiment.
It might be an outcome that you approve of, but it isn't right.
The right thing to do would be to wait for the outcome of the pending court cases on whether Uber's D-2 licences cover their activity and whether Uber is complying with the licence; and then enforce or amend the law. And use the Police to protect citizens from being physically attacked.
At the moment github has got one of the least complicated set of terms out there. If Microsoft take it over then those are going to change, which means that thousands of end developers are going to be asked to sign up to something to carry on doing their job.
In effect thousands of employment contracts are going to get unilaterally modified by a third party.
If those changes are materially detrimental, for example Microsoft may run "telemetry" and share the results with "partners", then I'm curious what the legal position is.
Welcome to the world of SaaS.
"When the cleardown is run, the unique id for the person is stored, and the date it was deleted. This cannot be tied to any personally identifying data by itself. Nothing else is retained"
This only works for very, very simple organisations. Most organisations will be worried about being sued or regulator investigations. Those organisations will have to store somewhere the identity associated with the unique id in order to defend themselves.
As soon as you do that your data subject can be reidentified from information which can reasonably be expected to be... whatever the precise wording is.
Storing a list of erased people is legitimate. There are plenty of reasons to do it (protection from non-compliance claims is the obvious one).
Just because it's trivial not to erase on restore doesn't make it non-compliant. It's technically trivial to make your s3 bucket public visible but as long as you don't do it you're OK.
What a dire article.
"the primary choice is between PostgreSQL and MongoDB"
No it isn't. Really it isn't. On AWS it's Aurora, Oracle, Postgres, SQL Server, Dynamo, Redshift, Athena or MySQL. Probably more I forget. And then there's all the prepackaged servers in the AMI library.
"MongoDB, gets picked when a developer is refactoring her application and needs a significant boost in developer productivity "
Only if your developer doesn't understand data models...
"The database they elect to use then follows from the options made available by that cloud platform"
Nope. I run BigQuery on GCS, Redshift, Dynamo, VoltDB and Aurora on AWS and Azure Analysis Services. Use the right tool for the job.
"Please explain. The IPv6 network is already a great deal larger than IPv4 was 20 years ago, and is growing daily"
If that's your measure of success then great. But it wouldn't be mine. v6 has roughly double the number of hosts that v4 had 20 years ago but it's still 0.2% of the Internet, and most of those will be dual stack.
So v6 can continue to grow at that rate and it will take 10,000 years to displace v4, assuming v4 doesn't grow too.
I call that a failure.
Well the old guard have had 20 years to get v6 to work and have failed dismally. Maybe it is time to let someone else try.
Doesn't really matter if you knock 50 years off of the life of v6 if it would have taken 50 years to get v6 adopted or if v6 will be obsolete well before it runs out of space.
"releases the kinetic energy of the train. Which at those speeds and at that mass is enormously greater than any reasonable terrorist bomb."
Which is great if your terrorists are keeping score measured in joules. We should encourage that approach. Unfortunately most terrorists seem to use other performance indicators.
I would dispute that the article relates specifically to target advertising, primarily on the grounds that it only mentions advertising once and processing data a lot. But that's by the by because...
I don't see anywhere in GDPR that requires consent for targeted marketing. See GDPR recital 47 “The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest”.
People have a right to object - but that's an opt-out, not an opt-in. Or, as the ICO puts it:
"The GDPR gives individuals the right to object to the processing of their personal data in certain circumstances. Individuals have an absolute right to stop their data being used for direct marketing You must tell individuals about their right to object. An individual can make an objection verbally or in writing. You have one calendar month to respond to an objection."
Salesforce is interesting. On the one hand it's tempting to move all those spreadsheets of customer details into Salesforce, send all your email through Marketing Cloud and let Marketing Cloud manage opt-outs.
On the other that puts all of your personal data in one place where any salesman chasing a target can use it, even if your lawful basis for processing doesn't cover sales. Salesforce's permission model isn't usable enough to enforce the lawful basis rules and it's a right pain to do data minimisation.
So I'm curious what other people have done?
If your IT is encouraging people to do this in Outlook then IT is the problem. Customer comms should always be done from a dedicated tool (one that enforces consent and respects opt-outs), and customer email addresses should never be available in bulk outside of that tool.
And of your IT department doesn't provide that tool... well these days it's easy to bypass them. Sure it'll cause long-term problems but if you don't then you'll get short-term and long-term term problems.
"common sense comments on The Reg by the number of downvotes"
Every so often, here and on other Internet forums, there's a topic on which I've genuinely got an informed opinion (in that it's on a subject I have substantial personal experience of or have a degree level qualification in). My posts on those subjects tend to attract the most downvotes.
It's a start but not really a considerable incentive to avoid what was a gross dereliction of basic medical ethics. Losing medical records is about as bad as a data confidentiality breach as is possible.
With GP partner pay at £100k, it's an effective fine of about 10% of annual salary, taking into account tax.
Hopefully their patients will sue for damages. Too much to hope that the GMC will do anything.
The Court of Appeal has already ruled that people concerned about tracking by Google in Safari without consent are entitled to damages; Google Vs Judith Vidal-Hall Case No: A2/2014/0403 is the thing to search for.
Since then there's been precedent in other Data Protection cases.
One more thing to thank the European courts for providing precedent for.
"So, what happens when 10,000 European citizens write to Microsoft withdrawing their consent"
Microsoft politely write back explaining how lawful basis for processing works in GDPR.
Then a handful of those 10,000 complain to their local regulator; and then, if the regulator is in Belgium or Germany and not in Ireland, the fun starts.
I took a photo of that screen too, because I think it's dodgy.
But I think your argument is wrong. Opt-out is only forbidden under GDPR for processing which requires consent. Microsoft are clearly relying on legitimate interest here - "to help keep Windows secure...". The question is therefore whether Microsoft's rights override the individuals'.
Some would argue that keeping Windows secure is a legitimate aim because, as we saw, a Windows flaw can take out the NHS. Others might say that Microsoft should design and test their code properly and that the public shouldn't be unwilling malware bait.
"The ABS should only kick in when a wheel locks up. There is no suggestion the car is leaving huge rubber skidmarks during the tests."
If it is incorrectly calibrated and kicks in too early then you wouldn't get a locked wheel and you would get poor braking performance.
Presumably the calibration is more complex that "wheel moving yes/no".
"Sample size of 1. Conclusive proof then."
One sample is enough to disprove the hypothesis that Avast is to blame.
Now if your hypothesis was that some versions of Avast in some configurations and in some combinations with other software is to blame then it wouldn't be, but that wasn't the allegation.
That's a good point, I'd forgotten that there's no case law on whether a phone is a computer yet.
Does the Facebook app run on tablets?
Of course if it's a phone then data stored on it must be communications, and accessing them without permission is what put those gutter dwelling slimeballs from the News of The World in prison.
I put a WiFi access point on an old fashioned Ethernet hub and run wireshark from a PC on the same hub.
That's not going to work forever but my new gigabit switch allegedly has a packet trace function, haven't tried it though.
Computer Misuse Act 1990 s1:
(1)A person is guilty of an offence if—
(a)he causes a computer to perform any function with intent to secure access to any program or data held in any computer, or to enable any such access to be secured;
(b)the access he intends to secure , or to enable to be secured, is unauthorised; and
(c)he knows at the time when he causes the computer to perform the function that that is the case.
Section (c) might be an issue, but a simple letter can easily sort that.
He's right. You want to learn IPv6, you take one look at those address representations and a set of crazy rules about address shortening and abandon it.
Those who plough on and get stuck in a wall of rubbish about auto assignment of addresses, translation services, IPsec, privacy concerns, something about your MAC address being your IP address and give up too.
These are real concerns, and most/all IPv6 proponents just dismiss them, as the second AC did, rather than address them.
Google clearly has dominant market power in advertising. That much should be obvious from the last couple of weeks where it has been able to push three billion dollars of GDPR liability onto publishers with one non-negotiable change in their terms. In my view that's a clear cut abuse of market power because they know that there's no alternative. The fact that the publishers have had to accept it (OK, some have stopped running adverts) shows that there's no choice.
"One is explicit authorisation through an act of parliament"
Explicit authorisation is not legally necessary. May is not must. Therefore legally necessary does not apply.
"The Secretary of State may by regulations"
Secondary legislation (regulations) is subservient to primary legislation (acts of Parliament). So GDPR (Data Protection Act) wins.
"argue that national programmes of cancer research are not in the public interest"
Many things are in the public interest. They are not all legal. Moreover just because cancer research is in the public interest does not mean that using personal data for cancer research is in the public interest. Only a fraudster or politician would attempt to conflate the two issues.
Those who downvoted might well note that the previous post is effectively echoing the views of Professor Michael Baum, Professor Susan Bewley and Dr Fiona Godlee.
Cancer screening has become a political football where science is drowned out by those profiting from the status quo.
"Only if you're processing exclusively under consent as your justification. The NHS, from a GDPR perspective, is very unlikely to ever use consent as its justification."
Hmm...
"Mainly because it doesn't need to,"
What's your reasoning here? Not legally required, not necessarily in legitimate interests, the vast majority is not vital interests, not public task (because this isn't a public task) and not necessary to fulfil contract.
Consent is all that's left. Same as everyone else.
"The NHS would still need to gain consent for anything it's doing with your identifiable data, but that's grounded in medical ethics and the Caldicott guidelines, rather than GDPR."
Sadly the NHS abandoned medical ethics long ago. Doctors routinely hand over patient data to all and sundry, including Google, without consent.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
