Posts by alain williams

OK: Facebook is a bad boy ...

MPs (appear) to finally understand that. What about the rest of them ? How about starting with Google.

Most of the public, unfortunately, will have tut-tutted a couple of times and continued as before.

Optional, related reading

If you enjoyed this El Reg article then you will enjoy this book.

Ah, to be a school boy again!

How long before forced upgrade ...

when google decides that it will no longer support that model and wants you to buy a new one ?

The lock in my front door is 30+ years old ... will this Nest product still be working in 30 years ?

So, as I understand it ...

Apple has outsourced development of FoundationDB and expects the outsourcers to work for free.

I wonder what would happen ...

if I told a government department that I would not obey the law because ''my IT systems made it technically impossible" to do what I was supposed to do ?

Could we have a 'Cell' for 'phones

a unit near GCHQ that would check/validate mobile operating systems and apps to ensure that they did not have back-doors/spy-ware in them. I would want their results (& checksums published & end-user verifiable) by equivalent Cells in China & Russia - I doubt that the 3 would collude enough to agree common spy-ware.

Hmm: thinking about my last sentence -- I'm not sure.

No money in it

the user has paid for the 'phone ... the ROI on security updates is zero. Far better to encourage the user to buy a new model that has got lots of shiny new (useless) features.

No manufacturer brags long term patch availability, so punters do not think about it as a purchasing criterion.

The only way to get them to do it would be to make the manufacturer liable in some way - as with motor cars. That will be a long time coming.

The same applies to all IoT stuff.

Have someone with nouse ask the questions

Eg get someone from EFF (Electronic Frontier Foundation) or similar to ask the questions.

Second best is to get EFF to write them so that the politicians can still look clever by asking them; the trouble with this is that they won't be able to ask the right follow up questions - to the obfuscating answers.

"the after-market support"

Oh yeh ... in my experience Samsung abandon 'old' handsets pretty soon after a new one is released, no operating system patches - leaving users vulnerable to exploits.

They should provide lifetime support - where lifetime means as long as they continue to work - which should be 6-10 years.

That is what I care about - not the number of pixels in the camera.

Usual suspects again

What were those fine words a few years ago about giving more contracts to SMEs ? I doubt that they would do worse than Accenture & gang.

Irony alert: politicians attack facebook ...

over intrusive monitoring that invade privacy ... the same bunch that approve of even deeper data sweeps by the likes of NSA/FBI/GCHQ and this data is then available (often without oversight) to the police, local councils, government departments, ... In the UK DRIPA (RIPA predecessor) has been ruled by the High Court & ECJ - RIPA is worse but T May is doing little to roll this back.

It is a shame that Zuck did not have the balls to point this out -I would have given him a big thumbs up for that.

Is SAP trying to become Oracle ?

It is moving in the same direction.

Another mitigation strategy

is to not overwork people. When rushing to get something done quickly it is so easy to make mistakes, not take the time to check, ... The hapless employee is then held up to blame, not the manager who put them under too much pressure.

Mrs May: I have an idea that should work ...

please just employ me at the very reasonable salary of £200,000/year and I promise that I will try my hardest to code something that has a GCHQ only back door.

It is not a lot of money for the government to save us from evil terrorists & drug dealers (do think of the children), but will bolster my pension fund nicely - I only have a few years before retirement.

If we get a good designer who can make the app look pretty then all these nasty people will be seduced into using it rather than some free open source stuff.

Please, pretty please!

A focus on security I hope

This is going to want a copy of all the information that is needed to open a bank account & similar. If someone can compromise it there are going to be many unhappy people.

Making this run on a mobile phone might be trendy, but is it secure ?

Hmmm

"who uses a laptop’s speakers these days"

I do.

Not very often, but sometimes I come across a video clip that I want to watch, eg off BBC news. For something short I don't want to fish around to find some earphones to plug in.

It is not just lost VAT ...

but since they can charge 20% less than a native vendor (ie UK based who does pay VAT) they can undercut them and so UK jobs, etc, are lost. Thus the true loss to the UK is much more than the £1.5 billion VAT.

NHS & Google

So has this brouhaha finally woken the NHS to the fact that giving patient data to Google is not a clever idea ?

Has Google deleted the data or just said that they have ?

Could but won't

The Norks are rational enough to know that if they nuked the UK or anywhere else then they would be reduced to glowing embers -- look at their recent actions. The summary of this report says as much. They will huff & puff and carry out more missile tests just enough to worry people in other countries.

Does the number matter even approximately ?

What they are trying to do is to distract the focus from ''they abused personal information'' to ''how many ?''

This is not too far from how political messages work these days -- sod the facts, produce vague, emotional messages that most listeners will interpret differently as being good for them.

OK: politicians have always done that, it used to be called 'spin'; but these days it seems more deliberate - we are in a 'post truth' era where people believe things despite clear evidence to the contrary.

X-T&C header

It might be worth making your browser add a X-T&C header that said something like ''If you misuse my data then you pay me £1,000,000''. It might be hard to make it stick in the courts, but part of the problem is one way T&Cs, you either get to accept it down to the last comma or nothing at all**.

This is part of the Internet 'wild west' that is well overdue regulation; there should be standard T&Cs++ that have been prepared by even handed (consumer/business) lawyers - that people could thus trust.

IETF might even make an official T&C header.

** I admit to being one of the few who I know who does read T&Cs and frequently refuse to accept and thus not use some web site.

++ With schedules to specify things like delivery dates, etc.

Log files ...

Log files should be kept to monitor access, specifying who accessed a system and why, and these should be available to national data protection agencies and the European Data Protection Supervisor on request.

They should also be made available to the individual who's records are being looked at. It is s/he who is really going to take an interest and ask why the ex's brother is looking at their record.

What to tell BT ...

You do not have fixed line Internet; Virgin provides you with a TV connection and chucks in some Internet.

I can see why BT might offer cheaper to non Internet people - the line can be cheaper & the card in the telephone exchange is POTS only (so cheaper), no load on its ATM network, etc. Well if you get Internet via Virgin/who-ever-cable then BT do not need to provide any of the expensive kit either.

This is what GDPR was designed to kill

and I hope that it just does that - stone dead, wooden stake through its heart.

No joined up thinking at all

Individual government departments each seeking to save a few bob off their own budget; whereas, maybe for a little more, they could 'buy British' - which creates jobs, etc, in the UK that DO pay tax, that DO build up UK expertise, that DOES make them better able to complete internationally, that DOES keep British data within our borders, ...

Overall a few different choices ends up benefiting Britain overall.

But politicians won't do that: each trying to bring their departmental budgets down and, anyway, the benefits of beefing up British business probably won't be noticeable until after the next election -- so they don't give a toss!

Bait & switch

Trading standards should get involved ... except that they have little money do to what they should these days.

Trouble is that most will soon forget that HP are liars by the time that they next buy something.

What motivation car manufacturers ?

A car stolen leads to a replacement being bought.

Like IoT the cost of a security failure is borne by the consumer; the cost of making secure is borne by the manufacturer.

No one will read this new report ...

other than a few nerds. However at the time the politicos made great hay of it being the Norks - which suits their political ends of portraying Kim Jong-il as being the current root of all evil and a great nuclear threat - not ½ as many words spoken when Putin did the same last week.

I'm not saying that Kim is a nice bloke, but lets start to compare him to Bashar al-Assad, Robert Mugabe, ...

New business ...

generate made up IDs by the dozen and flog them off. Getting a good reputation in the first place on the dark web might be hard.

Do it too many times and someone might order me some cement overshoes, but I would have thought low risk.

The vendor to the consumer should be liable ...

otherwise they will simply refer customers to the manufacturer; which is probably somewhere in China that ignore complaints. This will ensure that resellers will sell stuff that causes them least problems, ie kit that it well designed, tested and is well supported, etc. If a manufacturer cannot provide assurance, etc, they won't get sales - simples.

Also product (support) lifetimes should be reasonable. This does not mean 'until the next model is released', but the real lifetime that one expects. So: for a fridge - maybe 20 years, light switch - 50 years.

Can we take gender out of computing

Let's be completely blind about speakers' irrelevant human attributes: weight, height, skin colour, gender; .... What matters is: do they know their stuff; is it relevant; can they speak in an engaging way ?

Why do people still use 123reg ?

I suppose that their customers must be those who are new enough to this to have not realised that, as far as 123reg in concerned, cheap means expensive in terms of time lost.

Typed 'Reboot' where ... ?

Telnetted into various Unix machines, wanted to restart the one in the server room. Whoops - I forgot which machine I was logged into and typed 'reboot' to a machine on the other side of the planet. It did not come up, had to wait until teatime for the guys there to come in and push a button :-(

This stuff terrifies me ...

can we please have it removed from the EU web site.

Access via the sea in a boat ?

OK: not for everyone, but has anyone done that ?

Exorcism

is the catholic church's equivalent to the E-meter