Re: Let's call it the "GPDPR"
That’s the bit I don’t get. How can it be informed consent when it’s auto-opt-in?
3618 posts • joined 22 Jun 2009
For the above I think this is reasonable of MS here.
By definition the act of releasing your code into Production should include impact analysis of the changes which should include a pretty robust assessment of the charging/scaling expectations, followed up by a period of aftercare where things like resource utlliization are monitored more closely than usual.
TL:DR. - Dont use the production tier if you dont use/understand SDLC.
SDLC along with real robust test plans are what separates software professionals from gifted* amateurs imo. Just because you have the job title and the pay grade don't mean you are, and lets face it we've all met even some very senior people who fall in this bucket - and take their colleagues/teams down with them.
* I leave it the reader to define what this means.
Whilst I dont disagree with your point I came here full of the same piss and vinegar only to discover reading between the lines that these guys had effectively set themselves up as a MITM generating QR codes to be passed along to the NHS.
So this was essentially a MITMA *on* NHS Track and Trace not *by* Track and Trace. I leave it to the reader to decide if the enabling of a MITM is a deliberate action by the Govt to enable some arms length Pork Barrelling.
Im still unclear on why he needed to keep ANY data other than a couple of screenshots.
Using the leaked creds once is technically unauthorised access even if just checking they work. Using them to exfiltrate data (which is what appears to have happened) goes way beyond the pale regardless of how well intentioned he might have been.
I do think from a technie point of view the company over-reacted but that just human nature and security "researchers" should be aware and prepared for this.
FWIW I think the guy went from White Hat to Grey Hat when he stopped confining his work to disclosing the hole, and instead appears to have appropriated the data as "evidence" either to avoid the company covering it up, or for academic curiosity. It wasnt his job to investigate the extent of the breach.
Regardless of how egregious the hole discovered making moral judgements about a companies response or potential response is out of the scope of White Hattery and emotionally and corporately naive. You shouldn't be doing this activity for anything more your own satisfaction, and should not be expecting anything more than a grudging acknowledgement and cover up, and if such a thing occurs - unless that breaks a local disclosure law - you dont get to judge.
Indeed. It almost sounded like the medical types were at risk at applying the same standards to the software as to the hardware which might be overkill in a read only application like this.
Get the hardware right (and safe and certified!) and the software will come along behind it. I'm guessing there would be plenty of people willing to spend an hour a day retraining the ML if it lets them communicate well for the rest of the day if they knew the implant is safe.
Thats a rather naive and blanket statement.
On prem is fractionally safer if done well in your own wholly owned DC or Cupboard (are you checking the minimum wage cleaners access?) - but how many companies actually do that? Let alone a Public requirement contracted out to the lowest bidder or an MP's bestie.
However by default a lot more effort has gone into making the the Cloud DC's and their services secure by design, and they are unlikely to be addressable to a random Googler.
With a State actor all bets are off anyway - I would go out on a limb and say they are equally at risk as the compromise is probably at the network/infratstructure/factory level.
You need to be clearer on where to direct your ire. Which is on the current Government who are failing to enact a series of recommendations to clean up Private Prosecutions made by the relevant Parliamentary Committee 6 months ago. I encourage you to Google for it - makes good reading.
I think you are misunderstanding the role of the judge in the proceedings. The question you should be asking is how the PO was able to deny/bury material that should have been available to the defence team.
I suspect but don’t know that a number of cases did not proceed when a savvy defense solicitor or barrister was involved and it was dependent on luck of the draw and financial resources for the SPO’s involved.
Manufacturing beats breeding & training.
Once you come up with a way of mechanising something you can scale up kit as quickly as you can get the raw materials and equipment to make it.
Breeding & training a new sniffer dog takes over a year and if similar to guide dogs has a high washout rate.
Unless you are suggesting mass scale puppy farms and industrialised training? That would go down well with the public.
Its one of the reasons we are driving cars rather than still riding horses. That and the vast quantities of poop. Which come to think of it is an issue with this idea too.:D
Headline grabbing cobblers.
My academic attention whore alarm is going off.
The same can be said for any broadband service, which is why they have lots of ways of dealing with it, most of which will be applicable to Starlink.
I would also note that the solution for Starlink is to throw more birds in the air and on a per user basis it’s probably cheaper than digging holes in the ground.
Thats a naive statement. Its possible to get quiet co-operation for these sort of activities if the approach is right. It happens all the time in corporate environments.
This was lazy unethical behaviour - I suspect because they couldn't be bothered to get co-operation or were frightened of being told no.
Given that SpaceX is also throwing up entire satellite constellations in volumes few others can match, I think this is a score-draw at best.
I'm no rocket scientist but if a couple of Starlink birds collide I reckon we are right royally f*cked.
Since when have GCHQ been good at anything other than electronic eavesdropping or lobbying for encryption backdoors? Its a disingenuous statement from a former member of an organisation who has contributed to the problem by hoarding and not reporting zero days and the like. The intelligence agencies are a large part of the problem.
Banning coverage or payouts is a dumb suggestion. Its no surprise to see technocrats trying to avoid the problem (partially of the industries own making) and ignore fundamental human and business realities that are much much harder to fix.
If this starts hurting insurances companies bottom lines then they will start taking action - such as setting minimum standards for coverage - but that wont address the core of the problem.
Its predicated on the false assumption that people buy the insurance rather than fix their legacy software and hardware estates, and its also predicated that IT is the fundamental reason a business exists rather than a useful tool like accounting or sales people.
There will always ransomware vulnerabilities just as there will always be fire risk in a physical premises. Suggesting that tackling a consequence rather than the multiple causes (human nature, Government behaviour, Vendor software development practises, designed in obsolesce etc etc) is just lazy and clickbait-ish.
Not entirely sure what your point is. They got a substantial payrise post year 2, maybe not as much as they might have got on the open market, going from the one sample we know about, but they only had to stick it out for a few more months to get off the debt scott free.
They got a career jump start thanks to employer A, and Employer A doesn't appear to have put them into serfdom to do it. They may not like it but it appears the judge also thought the company had been pretty even handed.
I suspect they jumped ship before realising how much they would be clobbered then attempted a tribunal as a way of getting back.
My sympathy for these 2 guys is limited tbh.
Presumably the complainants could have documented this lack of quality prior to the Tribunal. Either they didn't or the Judge wasn't convinced.
Not sure I have much sympathy for them tbh. It was well documented in their initial contracts and they knew what they were getting into, especially as they only had to stick it out another year to get the debt written off. I definitely have no sympathy for the guy who got a £10+ payrise upon leaving.
@Jake. I dont think Occam's Razor says what you think it says. The simplest explanation, with plenty of "prior art" to back it up, is that Stallman is/was has some douchebag opinions towards women - particularly young ones. It takes very little to assume that attitude bleeds over into actions.
Deloitte didn't assure HP of anything specifically, other than assuring *the world* the books of Autonomy had passed their yearly IFRS audit. A bad audit doesn't necessarily follow that a valuation for an acquisition was wrong.
HP hired KMPG to do due diligence on the acquisition of Autonomy, then their CEO failed to read the preliminary report (the CFO appears to have been fired for reading it and advising against the acquisition), then failed to wait for KPMG to complete their due diligence before signing on the dotted line with Autonomy.
The rest of your supposition seems plausible though. With one extra - if HP were hurt so badly by Deloitte's alleged dodgy auditing - why did they settle for $45m?
0. Anyone who was anyone knew HP overpaid. If you look at the comments section of the Reg stories at the time they are either OMFG or PMSL about HP.
1. Funnily enough the UK Fraud authorities declined to prosecute in this this case which suggests that a) at worst there wasn't enough evidence to prove fraud or b) at best everything was above board.
2. Auditors - see above. Plus the value of the deals highlighted is some tiny fraction of Autonomy revenues at the time. From memory it was essentially immaterial in a financial sense, a couple of % of sales but nothing that was justified
3. GAAP <> IFRS. HPE appear to have had very little understanding of the differences.
4. The due diligence wasn't even completed AND the preliminary report never read. HPE had literally no idea wether they were buying a Tesla or a Model T.
Anyone of these points alone puts HPE on dodgy ground, all 4 would make me very surprised if they succeed.
Also some nuance for the USians. This is a civil case - where judgement is made on the balance of probabilities of something alleged being true, the burden of proof is lower than a criminal trial. If this goes against HPE, Lynch will have a mega strong argument against extradition, as it begins to look like Uncle Sam the bully again.
What happens when the reviewing process starts getting gamed? Either by Bots or by some faction who manages to pile a load of reviewers in under the radar.
A sticky plaster at best....
This is all the result of the friction of sharing communication being reduced to near zero. Our social and intellectual models haven't evolved to cope yet. Metaphorically we are still at the point of pointing and grunting on the plains of Africa as far as our ability to handle electronic communications is concerned.
Biting the hand that feeds IT © 1998–2021