Re: Let's call it the "GPDPR"
That’s the bit I don’t get. How can it be informed consent when it’s auto-opt-in?
Posts by Gordon 10
3618 posts • joined 22 Jun 2009
Page:
BMA and Royal College of GPs refuse to endorse NHS Digital's data grab from surgeries in England
Ofcom gets new CTO as UK regulator welcomes Amazon Alexa Smart Home exec
Ubuntu, Wikimedia jump ship to the Libera Chat IRC network after Freenode channel confiscations
AWS Free Tier, where's your spending limit? 'I thought I deleted everything but I have been charged $200'
Friday 28th May 2021 11:08 GMT 
spending limit cannot be applied to pay as you go ...in production,
For the above I think this is reasonable of MS here.
By definition the act of releasing your code into Production should include impact analysis of the changes which should include a pretty robust assessment of the charging/scaling expectations, followed up by a period of aftercare where things like resource utlliization are monitored more closely than usual.
TL:DR. - Dont use the production tier if you dont use/understand SDLC.
SDLC along with real robust test plans are what separates software professionals from gifted* amateurs imo. Just because you have the job title and the pay grade don't mean you are, and lets face it we've all met even some very senior people who fall in this bucket - and take their colleagues/teams down with them.
* I leave it the reader to define what this means.
Snowden was right, rules human rights court as it declares UK spy laws broke ECHR
Let us Play: Smartphone brand Honor lets slip it has gained access to Google Mobile Services licences
UK data watchdog fines 'pandemic partner' biz £8k: It sent 84,000 marketing emails to people who'd given info for track and trace
Wednesday 19th May 2021 17:03 GMT
Re: "it had faced technical difficulties"
Whilst I dont disagree with your point I came here full of the same piss and vinegar only to discover reading between the lines that these guys had effectively set themselves up as a MITM generating QR codes to be passed along to the NHS.
So this was essentially a MITMA *on* NHS Track and Trace not *by* Track and Trace. I leave it to the reader to decide if the enabling of a MITM is a deliberate action by the Govt to enable some arms length Pork Barrelling.
Parliament demands to know the score with Fujitsu as Post Office Horizon scandal gets inquiry with legal teeth
Unit4 handed police ERP deal after 'significant deficiency' found in Oracle Fusion system
Are you ready to take a stand? Flexispot E7 motorised desk should handle whatever you dump on it – but it's not cheap
Mammoth grab of GP patient data in the UK set to benefit private-sector market access as rules remain unchanged
NHS-backed org reacted to GitHub leak disclosure with legal threats and police call, complains IT pro
Friday 14th May 2021 11:49 GMT
Im still unclear on why he needed to keep ANY data other than a couple of screenshots.
Using the leaked creds once is technically unauthorised access even if just checking they work. Using them to exfiltrate data (which is what appears to have happened) goes way beyond the pale regardless of how well intentioned he might have been.
I do think from a technie point of view the company over-reacted but that just human nature and security "researchers" should be aware and prepared for this.
FWIW I think the guy went from White Hat to Grey Hat when he stopped confining his work to disclosing the hole, and instead appears to have appropriated the data as "evidence" either to avoid the company covering it up, or for academic curiosity. It wasnt his job to investigate the extent of the breach.
Regardless of how egregious the hole discovered making moral judgements about a companies response or potential response is out of the scope of White Hattery and emotionally and corporately naive. You shouldn't be doing this activity for anything more your own satisfaction, and should not be expecting anything more than a grudging acknowledgement and cover up, and if such a thing occurs - unless that breaks a local disclosure law - you dont get to judge.
Man paralyzed from neck down uses AI brain implants to write out text messages
Thursday 13th May 2021 12:21 GMT
Re: Getting there!
Indeed. It almost sounded like the medical types were at risk at applying the same standards to the software as to the hardware which might be overkill in a read only application like this.
Get the hardware right (and safe and certified!) and the software will come along behind it. I'm guessing there would be plenty of people willing to spend an hour a day retraining the ML if it lets them communicate well for the rest of the day if they knew the implant is safe.
App Tracking: Apps plead for users to press allow, but 85% of Apple iOS consumers are not opting in
Another week, another issue: Virgin Galactic mulls test flight restart as VSS Unity fixed – but VMS Eve might be borked
UK's Department for Work and Pensions continues to move off Oracle Enterprise Data Warehouse in pursuit of a single version of the truth
Wednesday 5th May 2021 10:51 GMT
Re: So a recuction of privacy then ?
Thats a rather naive and blanket statement.
On prem is fractionally safer if done well in your own wholly owned DC or Cupboard (are you checking the minimum wage cleaners access?) - but how many companies actually do that? Let alone a Public requirement contracted out to the lowest bidder or an MP's bestie.
However by default a lot more effort has gone into making the the Cloud DC's and their services secure by design, and they are unlikely to be addressable to a random Googler.
With a State actor all bets are off anyway - I would go out on a limb and say they are equally at risk as the compromise is probably at the network/infratstructure/factory level.
UK government resists pressure to hold statutory inquiry into Post Office Horizon scandal
Tuesday 27th April 2021 16:45 GMT
Re: It's not just an IT scandal
You need to be clearer on where to direct your ire. Which is on the current Government who are failing to enact a series of recommendations to clean up Private Prosecutions made by the relevant Parliamentary Committee 6 months ago. I encourage you to Google for it - makes good reading.
Tuesday 27th April 2021 16:41 GMT
Re: Statutory inquiry
I think you are misunderstanding the role of the judge in the proceedings. The question you should be asking is how the PO was able to deny/bury material that should have been available to the defence team.
I suspect but don’t know that a number of cases did not proceed when a savvy defense solicitor or barrister was involved and it was dependent on luck of the draw and financial resources for the SPO’s involved.
NASA comes up with COVID-19 infection detector that's out of this world – E-Nose built from space station gear
Tuesday 27th April 2021 07:55 GMT
BBBZZZTTT WRONG!
Complete fail.
Manufacturing beats breeding & training.
Once you come up with a way of mechanising something you can scale up kit as quickly as you can get the raw materials and equipment to make it.
Breeding & training a new sniffer dog takes over a year and if similar to guide dogs has a high washout rate.
Unless you are suggesting mass scale puppy farms and industrialised training? That would go down well with the public.
Its one of the reasons we are driving cars rather than still riding horses. That and the vast quantities of poop. Which come to think of it is an issue with this idea too.:D
39 Post Office convictions quashed after Fujitsu evidence about Horizon IT platform called into question
Starlink creates risk of internet investment doom cycle, says APNIC researcher
Friday 23rd April 2021 07:54 GMT
Utter cobblers
Headline grabbing cobblers.
My academic attention whore alarm is going off.
The same can be said for any broadband service, which is why they have lots of ways of dealing with it, most of which will be applicable to Starlink.
I would also note that the solution for Starlink is to throw more birds in the air and on a per user basis it’s probably cheaper than digging holes in the ground.
Capgemini scores £150m contract to help Student Loan Company overcome its IT problems 5 years after £50m superfail
University duo thought it would be cool to sneak bad code into Linux as an experiment. Of course, it absolutely backfired
Thursday 22nd April 2021 09:11 GMT
Re: Place your bets...
Thats a naive statement. Its possible to get quiet co-operation for these sort of activities if the approach is right. It happens all the time in corporate environments.
This was lazy unethical behaviour - I suspect because they couldn't be bothered to get co-operation or were frightened of being told no.
Satellite collision anticipated by EU space agency fails to materialize... for now at least
Monday 12th April 2021 14:53 GMT
Re: Looking forward to full reusability & refueling
Hmm.
Given that SpaceX is also throwing up entire satellite constellations in volumes few others can match, I think this is a score-draw at best.
I'm no rocket scientist but if a couple of Starlink birds collide I reckon we are right royally f*cked.
How do we stamp out the ransomware business model? Ban insurance payouts for one, says ex-GCHQ director
Friday 9th April 2021 13:45 GMT
Dumb and Dumberer
Since when have GCHQ been good at anything other than electronic eavesdropping or lobbying for encryption backdoors? Its a disingenuous statement from a former member of an organisation who has contributed to the problem by hoarding and not reporting zero days and the like. The intelligence agencies are a large part of the problem.
Banning coverage or payouts is a dumb suggestion. Its no surprise to see technocrats trying to avoid the problem (partially of the industries own making) and ignore fundamental human and business realities that are much much harder to fix.
If this starts hurting insurances companies bottom lines then they will start taking action - such as setting minimum standards for coverage - but that wont address the core of the problem.
Its predicated on the false assumption that people buy the insurance rather than fix their legacy software and hardware estates, and its also predicated that IT is the fundamental reason a business exists rather than a useful tool like accounting or sales people.
There will always ransomware vulnerabilities just as there will always be fire risk in a physical premises. Suggesting that tackling a consequence rather than the multiple causes (human nature, Government behaviour, Vendor software development practises, designed in obsolesce etc etc) is just lazy and clickbait-ish.
Airline software super-bug: Flight loads miscalculated because women using 'Miss' were treated as children
Ex-Geeks staff lose legal bid to claw back withheld training costs from final paycheques
Thursday 8th April 2021 14:42 GMT
Re: I have seen this before
Not entirely sure what your point is. They got a substantial payrise post year 2, maybe not as much as they might have got on the open market, going from the one sample we know about, but they only had to stick it out for a few more months to get off the debt scott free.
They got a career jump start thanks to employer A, and Employer A doesn't appear to have put them into serfdom to do it. They may not like it but it appears the judge also thought the company had been pretty even handed.
I suspect they jumped ship before realising how much they would be clobbered then attempted a tribunal as a way of getting back.
My sympathy for these 2 guys is limited tbh.
Thursday 8th April 2021 14:36 GMT
Re: What about the quality of the training?
Presumably the complainants could have documented this lack of quality prior to the Tribunal. Either they didn't or the Judge wasn't convinced.
Not sure I have much sympathy for them tbh. It was well documented in their initial contracts and they knew what they were getting into, especially as they only had to stick it out another year to get the debt written off. I definitely have no sympathy for the guy who got a £10+ payrise upon leaving.
Privacy activist Max Schrems claims Google Advertising ID on Android is unlawful, files complaint in France
Post Office awards Fujitsu a £42.5m contract extension for the IT system behind wrongful subpostmaster prosecutions
Mullet over: Aussie boys' school tells kids 'business in the front, party in the back' hairstyle is 'not acceptable'
Director, deputy director, CTO of Free Software Foundation quit after Stallman installation
Wednesday 31st March 2021 11:17 GMT
Re: I met...
@Jake. I dont think Occam's Razor says what you think it says. The simplest explanation, with plenty of "prior art" to back it up, is that Stallman is/was has some douchebag opinions towards women - particularly young ones. It takes very little to assume that attitude bleeds over into actions.
Under threat of judicial review, UK.gov agrees to consultation before extending Palantir's NHS role beyond pandemic
Deloitte settled HPE's Autonomy lawsuit for $45m back in 2016 and agreed to cooperate with US DoJ
Monday 29th March 2021 12:32 GMT
You got that wrong-ish
Deloitte didn't assure HP of anything specifically, other than assuring *the world* the books of Autonomy had passed their yearly IFRS audit. A bad audit doesn't necessarily follow that a valuation for an acquisition was wrong.
HP hired KMPG to do due diligence on the acquisition of Autonomy, then their CEO failed to read the preliminary report (the CFO appears to have been fired for reading it and advising against the acquisition), then failed to wait for KPMG to complete their due diligence before signing on the dotted line with Autonomy.
The rest of your supposition seems plausible though. With one extra - if HP were hurt so badly by Deloitte's alleged dodgy auditing - why did they settle for $45m?
Mac OS X at 20: A rocky start, but it got the fundamentals right for a macOS future
Everything you need to know about the HPE v Mike Lynch High Court case
Thursday 25th March 2021 19:49 GMT
Re: Why so pro-Autonomy?
0. Anyone who was anyone knew HP overpaid. If you look at the comments section of the Reg stories at the time they are either OMFG or PMSL about HP.
1. Funnily enough the UK Fraud authorities declined to prosecute in this this case which suggests that a) at worst there wasn't enough evidence to prove fraud or b) at best everything was above board.
2. Auditors - see above. Plus the value of the deals highlighted is some tiny fraction of Autonomy revenues at the time. From memory it was essentially immaterial in a financial sense, a couple of % of sales but nothing that was justified
3. GAAP <> IFRS. HPE appear to have had very little understanding of the differences.
4. The due diligence wasn't even completed AND the preliminary report never read. HPE had literally no idea wether they were buying a Tesla or a Model T.
Anyone of these points alone puts HPE on dodgy ground, all 4 would make me very surprised if they succeed.
Also some nuance for the USians. This is a civil case - where judgement is made on the balance of probabilities of something alleged being true, the burden of proof is lower than a criminal trial. If this goes against HPE, Lynch will have a mega strong argument against extradition, as it begins to look like Uncle Sam the bully again.
Chairman, CEO of Nominet ousted as member rebellion drives .uk registry back to non-commercial roots
Richard Stallman says he has returned to the Free Software Foundation board of directors and won't be resigning again
Being asked to rate fake news may help stop social media users sharing it, study finds
Friday 19th March 2021 13:17 GMT
Gaming
What happens when the reviewing process starts getting gamed? Either by Bots or by some faction who manages to pile a load of reviewers in under the radar.
A sticky plaster at best....
This is all the result of the friction of sharing communication being reduced to near zero. Our social and intellectual models haven't evolved to cope yet. Metaphorically we are still at the point of pointing and grunting on the plains of Africa as far as our ability to handle electronic communications is concerned.
