* Posts by Disgusted of Cheltenham

56 publicly visible posts • joined 15 Mar 2013

Page:

Windows 11 migration? Upgrade engine revs up, enterprises have no choice

Disgusted of Cheltenham

Re: Big if

So when will there be a system upgrade available for home users (without games) to go from Windows 10 to, say, Ubuntu?

Google cuts ties with Entrust in Chrome over trust issues

Disgusted of Cheltenham

Re: It's Widespread - even HMG

https://assets.applytosupply.digitalmarketplace.service.gov.uk/g-cloud-13/documents/709217/287037250953500-service-definition-document-2022-05-17-1441.pdf

End-to-end encryption may be the bane of cops, but they can't close that Pandora's Box

Disgusted of Cheltenham

Re: And good does not always triumph.

Do you have any evidence for this claim?

Council claims database pain forced it to drop apostrophes from street names

Disgusted of Cheltenham

Re: Does anywhere in Wales have accented letters?

Malaŵi isn't in Wales, but..

In Cambridge there's St. Bene't's Church

We never agreed to only buy HP ink, say printer owners

Disgusted of Cheltenham

Paper next

My HP dates from when it played nicely with linux, but it was a surprise to find that they are now offering a paper subscription too since they know how many sheets have been used, and so for 'just' £1.99 a month you can get...knotted.

NHS England published heavily redacted Palantir contract as festivities began

Disgusted of Cheltenham

Re: poor redaction

But why redact it anywhere? Unless Docusign will give you the document if you can quote it, what information does it or could it give away? Perhaps it's just someone told to redact the signature and not quite understanding that a digital signature is not the same as a scan of a wet one.

Disgusted of Cheltenham

Redaction?

Can anyone explain why the DocuSign Identifier is redacted on most (but not all) pages, e.g. page 9 or page 40? Although not simply black on black, this redaction seems to have been done manually given that it does appear where large amounts of the body text are missing and there's also one case in Doc1 on page 64 where the final E of the header is not redacted.

Why is the page number 26 redacted? (It comes between 25 and 27.)

More generally, how do you verify the digital signature on a redacted document?

BT misses deadline for removing Huawei from network core

Disgusted of Cheltenham

Re: So...

The reports of sloppy development also mentioned that finding this in the equipment they had looked at did not mean it wasn't in that of other suppliers. Note also that the UK was not in the vanguard of bans (just a limit on coverage), indeed HMG only acted when the US export controls on China made it impossible to get repairs, upgrades and fixes.

UK convinces nations to sign Bletchley Declaration in bid for AI safety

Disgusted of Cheltenham

Re: It's simple really.

Alongside these opportunities, AI also poses significant risks, including in those domains of daily life. To that end,.... (i.e. posing significant risks?)

we resolve to intensify and sustain our cooperation, (i.e. be seen to do something, but not sure what)

All actors have a role to play... (yes, Equity rules. Surprisingly Euro-English)

development-orientated approaches (makes a change from customer)

We encourage all relevant actors to provide context-appropriate transparency and accountability on their plans to measure, monitor and mitigate potentially harmful capabilities and the associated effects that may emerge, in particular to prevent misuse and issues of control, and the amplification of other risks. (The light peppering of commas is always interesting in international paperwork, and a pain for translators. That last comma means amplification doesn't go with prevent - it seems to be provide... accountability...but is certainly unreadable on first pass)

scientific and evidence-based (tautology?)

The countries represented were:

Australia

....

European Union (no, it's not a country, but the footnote indicates

international organisations acting in accordance with their legislative or executive competences.

So which is the other such organisation?)

UK voter data within reach of miscreants who hacked Electoral Commission

Disgusted of Cheltenham

Re: Ubiquity

The focus on just a single technology remains a bad idea, although cards could be part of the mix as the Irish have deftly done: allowing one of the two forms for the passport allows that travel document to look and feel like an ID card and offers the functionality without igniting panic. A compulsory unique physical token offers scope blackmail and control (e.g. over wives and daughters) that may not have been a significant issue when the German Ausweis was introduced (in the same year the UK wartime ID card was scrapped).

Disgusted of Cheltenham

Re: Ubiquity

Instead of adopting the Australian system of ensuring that everyone gets a chance to vote, our politicians have been keen to increase the participation rate in elections. So instead of the ‘head of household’ registering everyone, the onus was on people to do it themselves; those with no intention of voting would not bother, so the rate would go up. Not appearing can be a problem for credit reference, but still it was optional until the House of Lords (with unusual ignorance) stepped in with an amendment to put a civil penalty (i.e. fine that couldn’t turn you into a news item by being jailed for failure to pay) for those not registering when asked to by a registration officer.

If there was any thinking behind this it may have been in relation to jury service, where you stand a chance of being called for each place in which you appear on the register. Some small business owners would rather not take this risk and thus be encouraged not to vote. (They might also not want to walk near the court to avoid “praying a tales”.) It’s time we threw out the electoral roll, with all its accumulated out of date but explicit data protection oddities, and had a jury status list for all residents, with uniqueness, preferably by extending the settled status register to include everyone.

Meanwhile what will happen if what is being called ID is needed for postal vote? Getting a civil penalty for not having it is not acceptable.

Whilst not remotely surprised by the attack, and just waiting for the same on one.login, the response that we should "remain vigilant for unauthorised use or release of [their] personal data" is spectacularly unhelpful. What, exactly, should we do, especialy now we can't play the trick of adjusting the postcode (before they were used - last two digits showed where it was copied from it you were careful to note which digits you gave to whom)?

UK.gov bans TikTok from its devices as a 'precaution' over spying fears

Disgusted of Cheltenham

Re: Wrong decision

https://www.ncsc.gov.uk/guidance/social-media-how-to-use-it-safely is, rightly, published and not specific to MPs, officials, nor any other group of folks who would prefer not to be ignored.

60% of Germany's 5G network is Huawei, says Chinese embassy

Disgusted of Cheltenham

Re: Proof???

GCHQ's early published comments on Huawei kit gave specific examples of very sloppy and insecure programming, but also noted that this did not mean it was worse than that from any other source since the others had not been scrutinised to the same level of detail. For more recent see https://www.ncsc.gov.uk/information/hcsec-ob-report

It's worth recalling that the UK ban came in response to the US/Trump controls which would make it impossible to repair the infrastructure.

Why ChatGPT should be considered a malevolent AI – and be destroyed

Disgusted of Cheltenham

Doesn't this count as libel?

At least under the Australian definition of publishing this would sound like libel - and should start a lawyer feeding frenzy over 'intent'.

(To first approximation the dead do not have data protection rights either, so maybe missing evidence for 7 years counts as a presumption of decease?)

Traffic lights worldwide set to change after Swedish engineer saw red over getting a ticket

Disgusted of Cheltenham

Re: How many engineers does it take to change a light?

Once upon a time the Swedish lights had amber+green before green, but they had to change to comply with the Common Market. For a really clever system, badly implemented, look to Quebec, where the shape of the light can be used by the colour-blind: Square red, triangle amber, circle green. It would have been much safer to have a red circle to avoid the rest of the world's red circles being mistaken for go. Presumably zero engineers involved in that choice of light change.

Careful now, UK court ruling says email signature blocks can sign binding contracts

Disgusted of Cheltenham

Re: The law on signatures

See also Stephen Mason's work, freely available from

http://ials.sas.ac.uk/about/about-us/people/stephen-mason

Brussels changes its mind AGAIN on .EU domains: Euro citizens in post-Brexit Britain can keep them after all

Disgusted of Cheltenham

Bananas

It was the EEC long before the EU that made special provision for 'dollar' bananas. This bit of history shouldn't be assumed to be a lie just because it was pre-internet:

https://www.cvce.eu/en/obj/treaty_establishing_the_eec_protocol_on_the_tariff_quota_for_imports_of_bananas_rome_25_march_1957-en-3bcfd762-ac40-422d-90a3-1bef6b69d255.html

Red flag: Verify to be marked 'undeliverable' by gov projects watchdog

Disgusted of Cheltenham

Since half the people who try can't get in, how would compulsory help? Those are a cumulative 5m accounts, not people; whatever the position on fraud (which we are told is both out of control and none detected), it's designed so one person can have many, and no doubt some of those with providers who have gone will have taken out a second one, not to mention those who try to put in a tax return 366 days after the previous one.

Australia has lots of good ideas, like compulsory opportunity to vote so there's no intimidation to keep people away and no opportunity to masquerade as someone who will not turn up. (They even invented the secret ballot.) In this case, better to look to NZ or Canada. 'Platforms', we are told, have canonical registers; Verify doesn't. Much better either to have a proper distributed Jury service status register or to make the compulsory EU resident's database optionally available for UK citizens.

We knew it was coming: Bureaucratic cockup triggers '6-month' delay of age verification block on porno in the UK

Disgusted of Cheltenham

Re: "the holdup is due to DCMS having failed to notify the European Commission in time"

The 50th was on a Monday, and what would have been the first May 1 bank holiday to be on May 1 was switched to Monday 8th. Perhaps you should put 100th in the diary now; banks may be a thing of the past by then, but I imagine we'll still want the holidays.

Disgusted of Cheltenham

1234 5678 901 - is a string of random numbers

It may be an arbitrary choice, but it doesn't look remotely random.

UK taxman falls foul of GDPR, agrees to wipe 5 million voice recordings used to make biometric IDs

Disgusted of Cheltenham

Why does it always take so long to fix?

It was obvious from when this was turned on that it was not being done with consent or any other legal basis, so how in their world of agile development did the issue not get noted, considered, and resolved rather than needing such effort to accept it was a mistake? It's not as if there's some political mandate like Universal credit under which jobsworths can hide. Of course most of us only need to phone then because we have a slightly more complicated case than the simplified big-font online information covers; this enforced attempt at enrolment came after the usual annoying exhortation to use w w w dot gov dot uk forward slash ... which not only adds to the delay and frustration of the caller but makes it harder for those answering the pre-grumpified 'customers'. I don't see any costings for taxpayer's wasted time, but, like a quarter of an hour each for 6 million failed attempts to use Verify , it starts to add up.

Edtech will save our schools from cuts and spare our teachers from burnout, booms UK.gov

Disgusted of Cheltenham

Re: What schools are for

But there are a few things that could be done. Teaching touch-typing, for example.

UK.gov's Verify has 'significantly' missed every target, groans spending watchdog

Disgusted of Cheltenham

Re: Estonia

The Estonians have kindly provided their service to anyone else who wants it, and in English...

https://e-resident.gov.ee/

On the first day of Christmas, Microsoft gave to me... an emergency out-of-band security patch for IE

Disgusted of Cheltenham

Re: Really?

And how else do you use an employer's system that calls for silverlight?

Cambridge Analytica dismantled for good? Nope: It just changed its name to Emerdata

Disgusted of Cheltenham

Re: Suggestion for a new name

Just Merde.

UK's Department of Fun seeks data strategy head – experience not needed

Disgusted of Cheltenham

Re: a salary of up to £65,535

Surely you would want a bit more?

£12k fine slapped on Postman Pat and his 300,000 spam emails

Disgusted of Cheltenham

Re: Junk confusions

Are you, perhaps, confusing the Post Office and Royal Mail?

US govt staffers use personal gear on work networks, handle biz docs on the reg – study

Disgusted of Cheltenham

Re: Simple but bad explanation

Once upon a time I recall sending any incoming emails with .docx home so I could convert them to .doc or .rtf or something that we could read at the office.

Huawei claims national security is used as plausible excuse for 'protectionism'

Disgusted of Cheltenham

Re: National Security is by definition protectionism

No, NSA don't do drinks at the bar.

How do you explain the completely different UK and US positions on use of Huawei equipment in broadband networks?

Yorkshire cops have begun using on-the-spot fingerprint scanners

Disgusted of Cheltenham

Digital?

The help finding next of kin is an interesting digression, but this whole system only works for those with a criminal record or non-EU immigrants. Any idea what proportion of the population of West Yorkshire that is?

I never carry ID - the grey beard says over 18, but then it's rare to even see police in rural Gloucestershire; What powers are being used to demand it?

NHS OKs offshoring patient data to cloud providers stateside

Disgusted of Cheltenham

No, Sam, GCHQ is not part of MoD

Anyway https://www.gchq.gov.uk/privacy is quite clear

We store your data on secure servers in the Republic of Ireland.

UK.gov slammed for NHS data-sharing deal with Home Office

Disgusted of Cheltenham

Re: Definitely not the Data Guardians of the Galaxy

Explicitly just 'no surprises for the citizen'. Not sure how anyone could be both a citizen and an illegal immigrant.

And then 'choice' includes Hobson's choice.

Comodo CA acquired by Francisco Partners ...

Disgusted of Cheltenham

But then we couldn't pay fines...

Comodo is the trust anchor for

https://penaltynotice.direct.gov.uk/

(If, for some reason, you don't like this, please offer a better suggestion for HMG.)

Computers4Christians miraculously appears on Ubuntu wiki

Disgusted of Cheltenham

Zero days

No, it's on the third day, i.e two days later.

Turnbull's Digital Transformation Office is actually working!

Disgusted of Cheltenham

Quick work

This seems unlike GDS. Have they come up with an app in their first 7 years? The IPS prototype passport checking app wasn't theirs, but has gone and HMPO doesn't seem to have anything expected soon. There are NHS apps, but lo, so does gov.uk: First published:

27 March 2017 Asian Hornet Watch - new app launched to help people quickly and easily report sightings of this invasive species.

Awkward. Investigatory Powers Act could prove hurdle to UK-EU Privacy Shield following Brexit

Disgusted of Cheltenham

No, it's about humans, not citizens

'Citizen' does not appear in GDPR; it is about "data subjects who are in the Union" or any processing done within the Union. Unlike the citizen's rights in the US, Europe including UK takes a starting point under human rather than citizen's rights. Knowing someone's citizenship(s) is not very easy (so hardly surprising NSA is having trouble answering a question). Long may it remain irrelevant for almost everything.

Since UK companies will want to provide services into the EU, it's hardly unreasonable for them to comply with the law where the customers are, so getting an agreement is clearly important, but it would seem rash to assume that the EU-US Privacy Shield will still be in its current form in two years. And there will presumably be the need for a UK-US agreement as well.

IBM used dud DoS shield for failed online census says Oz PM

Disgusted of Cheltenham

And DTO?

Where was DTO when ABS needed them? Surely the friends recruited from GDS could have warned them about previous recent experience in the UK, such as DVLA, DEFRA, HMRC, and Electoral Registration?

IT analyst: Oz census data processed as plain text

Disgusted of Cheltenham

Re: I'm Batman

Presumably related to John Batman, the founder of Melbourne (hence Batman Avenue, Station etc.)

Time to re-file your patents and trademarks, Britain

Disgusted of Cheltenham

Re: And so it starts.

No, there was a threat about Calais, until someone checked and found it was a bilateral and not EU agreement, similar to the position on the border between US and Canada.

Just because we can now do stupid things doesn't mean that we will stop seasonal workers or make it harder for tourists. Our current mess is partly because of the refusal by the head of the civil service to allow it to consider plan B on the grounds that it wasn't government policy - ignoring the point that the government had, for better or worse, pushed this one over to the people. Of course we now hear that the Bank of England and Treasury have been working on it. But the last budget should have had in and out options.

EU GDPR compliance still a thing for UK firms even after Brexit

Disgusted of Cheltenham

Re: Pop!

Four more provinces of Canada would be a much better fit.

Can whole countries claim asylum?

Why you should Vote Remain: Bananas, bathwater and babies

Disgusted of Cheltenham

Surely there comes a point at which it is fair to say that we have been trying to reform the EU from within, but have not managed to do so and have no new ideas on how we might? Even the (dubious) changes agreed are conditional on the UK staying, .i.e. were not accepted as worth doing anyway. We gave it a good try, and, as Churchill said, we wish it well.

Those who lead saying it's the wrong time chose the time. Gus OD thinks two years is not long enough, but what was his job when the Lisbon treaty was signed? People could do silly things and over-react; some of the threats have been quite creative, but the EEC banana problem dates from 1956.

Who'll guard your personal data post-Brexit?

Disgusted of Cheltenham

In name only

GDPR is called a Regulation, but to get it though in the time given it has at least 40 places where national variation is allowed (e.g. an age threshold somewhere between 13-16), and presumably in each case there's at least one state that will have a variant (otherwise they could have agreed a common line), so those expecting a single set of rules will be sorely disappointed.

Cash-strapped English and Welsh cops prepare to centralise all 43 forces' websites

Disgusted of Cheltenham

Perhaps something useful could arise?

How hard is it to have a 999 app: Here's a picture of what's just happened, and my phone will tell you exactly where I am? Call back if you want more details, but you can probably already tell that we need a fire engine, or whatever. If twenty people call you can tell from the location it's the same incident.(Meanwhile, I'm trying to help the victims rather than waiting for an incident number.)

A UK digital driving licence: What could possibly go wrong?

Disgusted of Cheltenham

Re: It Bodes

We aren't talking confidentiality here, just integrity, so the data (picture and a few attributes) is 'secured' with a good 1970's digital signature which any fool can check is from DVLA. Small market for trusted checkers, but the data has to be available in a convenient form: read from NFC phone, your website, on a plastic card, a QRC tattoo (but please don't) or any other method of your choice, so that it can be offered to the checker.

(Likewise, power of attorney needs a pdf digitally signed by the OPG, not an online system of any sort.)

The DVLA policy in 2009 as presented on the No2ID threads was impeccable; presumably someone has quietly changed it.

Gov to pull plug on online ID verification portal Gateway in 2018

Disgusted of Cheltenham

Re: GDS to the rescue!

A4? If it doesn't fit on a POST-IT they aren't interested.

https://www.gov.uk/personal-tax-account makes it clear that the deadline-missing award-winning open but never-explain-delays Verify is insufficient for some of the 'services'.

They already manage a billion stamp duty transactions per year, and many other surprisingly large volumes https://www.gov.uk/performance/services

UK.gov is about to fling your data at anyone who wants it. How? Why? Shut up, pleb

Disgusted of Cheltenham

Re: Not compliant with GDPR

But under GDPR the public sector should not use consent as the legal basis for processing (see recital 43).

UK government looks to harness the potential of open data through APIs

Disgusted of Cheltenham

Does anyone recall the 2nd data protection principle in the law?

Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.

Silicon Valley fights European Court of Justice ruling with small print

Disgusted of Cheltenham

Re: Makes no sense

Privacy is not absolute but about balance, at least as defined in the ECHR, but would these clauses be the ones including:

Clause 5: the data importer agrees and warrants.. that he has no reason to believe that the legislation applicable to him prevents him from fulfilling his obligations...?

Those who needed the Safe Harbor rather than any of the other exemptions can no longer do so, but presumably can now sue the Commission for any costs in relocating to Bulgaria or Argentina and losses during the transition that are directly attributable to not correctly implementing a directive. That sounds like a large bill for the Commission, or rather for EU taxpayers.

Hillary spillery finds half-hearted phishery

Disgusted of Cheltenham

The occasional response from phishing@cityoflondon.police.uk that your e-mail forwarded to them has not been delivered because an attachment contains malware should be on the list of inept responses.

Page: