Posts by a_yank_lurker 4138 publicly visible posts • joined 16 Nov 2013
Documents have had a habit of leaking off site for decades now. I remember some security training years ago that emphasized that internal documents, even unclassified ones, stay on site. So the real question is not that they are on the Dark Web but how did they escape.
Legacy products have a bad habit of becoming commodity or semi-commodity products. Leisure Suit's primary products are based around a relational database; a product that is semi-commodity at best. There reasons why migrating to another database engine is not trivial but there is no reason to automatically sign up with Leisure Suit if you do not have to. There are plenty of very good engines available and for some applications alternative databases to chose from. Many of those purveyors treat their customers much better than the poor sods stuck with Leisure Suit.
Not that the incompetents with the IRS will ever do it, how about a root cause analysis? One of the issues that makes them a target is the income tax as it requires all sorts of PID to process correctly. If there is no income tax, admittedly a different tax scheme will be needed, then there is no need to collect this treasure trove of information nicely centralized.
My approach is to use a whitelist type approach. Any random call not from a number or identified as someone I would talk to, etc. goes automatically to VM. The only exception is when I am expecting a 'random' number from someone like the pizza delivery driver to possibly call where I am not likely to know the actual phone number.
The certification is an audit of process, procedures, etc. which says they are complaint to the applicable standard. The company has been found to meet the standard not that they are invulnerable or do not have issues which were probably noted at the time. Audits often find deficiencies in the systems and procedures that need addressing, nothing unusual even when you are complaint. The findings must be addressed typically within a specified time period to ensure they do not reoccur. In some fields, it is a fact of life that you will be routinely audited and sometimes dinged by the auditor.
It sounds like the insurance companies are looking to pad their balance sheets at someone's expense. They are probably relying on the public's ignorance about the purpose of an audit to win a judgment.
Showing my antiquity here, but how many remember going to the library and using a card catalog to search of books manually? Various methods have been developed to allow for search data stored in paper files relatively efficiently. All a computerized system does is make the searches more flexible and much faster. More flexible because you are not limited to the predefined searches like in the old card catalog (title, author, subject were typically all you could do). Now you could search on other possible information (publisher, year, edition, etc.) that could easily be stored in a database. The basic point is various permutations and adaptions of electronic searching have manual predecessors which should be considered prior art as the basic idea has been around awhile.
It is how they phrased the claims that made it 'patent-able'. In reality, what they are describing has been done manually for millennia and electronically since real databases existed. So the prior art is very old. The electronic implementation can take numerous forms, mostly depending on the specific database engine used. But even there it is still prior art or obvious to anyone skilled in the arts. Taking an idea and reimplementing it is not worthy of a patent and the Nine Seniles even managed to get that one right.
It sounds like the your fleecers are what we call minor leaguers over here. They need to take a few lessons on fleecing the tax-payers as we have a couple who are extremely good at it.
Seriously, why do most governments seem to think outsourcing IT projects are always a good idea? It is as if they have no internal competency to undertake any projects internally. This would mean they probably have little competency to manage an IT project as there is no one internally who can point problems, review specs, and call bullshit when the vendor tries to pull a fast one.
Foundational documents of the US include the Declaration of Independence, Articles of Confederation, Common Sense by Thomas Paine, The Constitution, and the Federalist Papers. I wonder how many of these documents would be flagged as hate speech because some them refer to taking up arms against George III or slavery. The problem is the Fraudbook, et. al. can try to hide behind a bot which can not determine context or probably does not check if a post is from a historical document.
On a contingency fee basis, the legal beagle will get 1/3. So the beagle has an incentive to get a punishing award under the applicable laws, he gets more money. Also, in the US most civil cases do not have caps on the award, so one could pay a rather hefty chunk of change. As this in not a class action suit, the plaintiff will see most of the award.
@AMBxx - Having worked directly with vendors in my career I have found those sales persons who were the most effective were knowledgeable, honest, 'boring', and 'safe'. The most knowledgeable also typically had grey hairs or bald spots and had bounced around for a number of years; that is they had some mileage aka age on them. Experience is an excellent trainer but to get experience takes time thus experienced = older.
The problem for many companies is they fail to understand sales is as much about relationships as it is technical competence. Both are needed but a good relationship with the customer will get sales. Technical competence might get you in the door but a good relationship will keep the door open. Looking back at all the good sales persons I knew they were had solid technical/business competence and they worked at keeping the personal relationships good. Thus the door was always open for them when they called.
Fire the competent and replace them with ignorant incompetents is a great way to drive sales - down. The claim older workers can not learn new technologies is false. The real problem is I am similar age as he is we have seen many fads and fetishes come and go. And we have scars from being burned by a few of them. So we may be more wary of the list PHB fad and the experience to realize that it may be a repackaged failure from 15 years ago. And it will fail again for the same reasons it failed earlier.
The bigger problem Itty Bitsy Morons has is the top PHBs have not been willing to adapt to market changes in a timely manner. Plus their execution often has been atrocious. Now trying to be hip; 'have the age balance', etc. can fix that short of the board of directors cleaning house; not going to happen.
A case of 'shooting the messenger' and not fixing the problem. The general problem with data logging and phoning home is it requires access to the network (same problem with IoT). Once you have a network connection the originating device can be discovered and hacked. Once hacked all sorts of nasty scenarios can play out, even if they are fairly rare. The best solution is to rethink the 'need' for many devices to have a network connection (including planes and cars). If some devices must have a network connection, limit the connection and access to underlying systems. (GPS has no need to access engine controls to be effective.)
Many non-experts in security refuse to consider the implications of 'always on and connected' for security and safety. So they are satisfied with inadequate security, if any. And much like the safe, security is more theater than effective.
The original post is talking about an informational page with the company's contact information such as phone number. Many small businesses do not need to collect any customer information on the web and do not. HTTPS makes little sense for these sites. And there are lots of these sites on the web.
Anyone who obtains personal information from the an user obviously needs to take security very seriously; the whole point behind the GDPR.
Having seen a couple of cycles of this where a new company gets very large and powerful in a poorly regulated area and abuse their power it seems like Suckerberg is heady to a nasty wake up call. There is a cycle to these things: Wild West Era then the Great Awakening followed by some form of regulation. The Wild West Era is ending as it always does. During the Great Awakening the public and politicians get an education of how badly they have been lied to. Regulations and laws will follow with their severity a reaction to the arrogance of the target. Suckerberg is too young to have really been through a couple of these cycles and his arrogant bravado rubs others the wrong way. This will make the regulatory regime harsh; probably harsher than necessary.
The tears are real because a couple of well crafted state laws can become the basis of a federal law. It takes a couple of states to start the ball rolling. The real risk for Suck and Chocolate Factory is they could end with 50 similar but different enough laws to make get sales taxes correct look trivial. If they had any functioning grey matter they need to take CA law and have it become the federal toot suit. But that assumes intelligence.
"Why did they store email addresses/passwords in one place and useful info like credit cards in (presumably) another database? Haven't they heard of normalisation?"
Normalization is database design paradigm. Also, they may have normalized the database and split the data into separate tables for security purposes. Normalization does not mean all the data that is common to an entity must be in the same table; it just means that data is not duplicated between tables. So splitting the data up for an entity between different tables may be done for a variety of reasons including security.
Java is a poor teaching tool because of its unneeded verbosity and overly verbos way of doing simple tasks. I would say pick on language like C to show low level stuff (pointers, memory management, etc.) and another like Python or Ruby to show them basic concepts of computing. Concerns about syntax is more due to incompetent teaching; syntactical families are much like foreign languages. Groups share similar syntactical features like language groups share similar grammatical features and basic vocabulary. Expose students to 2 or 3 common languages that have different strengths and weaknesses early so they are used to the difference early. And explain the strengths and weaknesses of each language.
@Bombastic Bob - Chipzilla made their bed. It looked good for many years. But as time passes, markets change and decisions made many years ago can be a longer term albatross. Chipzilla can fix the problem but is would mean untangling themselves with Slurp. Also, it would mean not being dependent on OS manufacturer to drive the market for new kit. But it would also mean they would need to recognize the device market has fundamentally changed; phones are more apt to be bought on a shorter time frame that PCs.
One problem in the US is the legal beagles tend to be in two idiotic interpretation camps: Literalist and Living. Both tend to extreme views of interpretation; one ignores the effect of technology and modern society on individuals and the other wants to reinterpret relatively plain English into logical pretzels only a shyster could love. The basic problem is both ignore the Constitution and its amendments are written to limit the power of the government and should be interpreted with this in mind. Gorsuch is stating that most of the constitutional problems the Nine Seniles have created for themselves comes their own stupidity in ignoring the fundamental intent of the Constitution.
The arguments about search and seizure, guns, abortion, etc. would be mostly settled if one took the view the Constitution is intended to limit the power of the government. If the power is limited then what the government can do or regulate is limited. Thus, the government has very limited authority to regulate both gun ownership and abortion in this view for example. And when the local Stasi want to conduct and investigation they will need to follow very strict rules about getting search warrants and limits on their actions.
These devices are sold to people with the implication that security is properly taken care of. Even knowing to change the password by the more aware does not mean they have necessarily properly secured the device. To make matters worse, the typical set up of these devices is done by a simple wizard which implies you are finished securing once the wizard finishes.
This is compounded by the fact that most people view networks, microwaves, computers, etc. as black boxes with varying levels of complexity. They do not really understand how their coffee maker works so expecting them be an expert on computer network security is idiotic in the extreme.
Writing script triggered by an email on something this critical is below stupid. The correct procedure is is HR should send out an email directly to the sysadmin and security to cancel accounts, badges, etc. when employment ends. The sysadmin should be using the termination email to the employee as it may be sent prior to the official last day depending on the circumstances.
@Criminny Rickets - Where are they shipping from? Amazon ships from within the US and does charge US sales taxes right now. If shipped from overseas the goods are dutiable (another can of worms) which may be more than the sales tax. Collecting from an overseas company sales taxes might a bit difficult but duties would be easy as they customs paperwork will be required upon entry.
Not going to work by zip (postal) code. I know of one local zip code that straddles the county line (30076 for Roswell, GA - Fulton and Cobb Counties). The two counties have different local option sales tax above the state tax. If you went by zip code some Cobb county residents will be taxed at the wrong rate; Fulton is a higher. To add to the local confusion, the Atlanta proper is in two counties: Fulton and DeKalb. I have looked the Atlanta zip codes to see if any straddle the county line but would not be surprised if a couple did.
The only way you can accurately determine the proper tax jurisdiction is by geolocation using the street address. This assumes the address used is the location of the buyer. Another wrinkle is if one buys something online while away from home, what is the taxing jurisdiction and how is it determined? Depending on how it is done, a VPN service might cause all sorts of fun (honest I was in Finland when placed the order).
States can set their sales tax rates to whatever they want and some states allow local sales taxes in addition to the state tax. The major complaint is between the states and local sales taxes there are several hundred different rates to charged based on the buyer's location. Note, the buyer's street address might be mislead one into assigning the buyer into the wrong tax jurisdiction as US zip (postal) codes do not always align with the local boundaries.
Compounding this jurisdictional problem is each state has different rules about what is taxable which is another sources of problems. Again, local sales taxes may not follow the state rules for what is taxable. The dissenting Seniles are correct, no matter how wrong Quill was, the correct place for a major policy shift like this is by Congress even if they are less than stellar examples of humanity.
Writing a program to correctly calculate the sales tax is fundamentally not difficult in concept but it is the myriad of local inanities that will make code details a nightmare. This software would have to be updated regularly as new state tax regulations come into effect.
The actions of Mozilla and Slurp speak volumes about the organizations. One acknowledges reports and deals with as fast as possible. The other seems to be either too disorganized or suffering from bureaucratic infighting to react. Firefox will get patched in a reasonable time period without prompting; Edge might get patched when some slob bestirs himself to actually do something possibly after several months of harassing.
It is obvious which browser should be trusted: Firefox.
@DagD - The US security clearance rules require one to take very seriously the security of any information that might be useful to an adversary. The actual security classification is not relevant. This is from someone who had US security clearance training. The issue with Hildabeast was she did not follow the requirements that someone like me would be looking a few years in Club Fed for doing lesser stupidities.
Once observed it is not they 99% AI gets right but the 1% it gets wrong. What is the false positive and false negative rate? How big a tumor will it miss not how small a tumor it can see. Also, the legal liability of a wrong diagnosis; is it the MD or the software vendor who is responsible. Right now it is the MD who is on the hook.
While the class definition may have been too broad, Slurp still has a problem of defending idiotic staff rating practices aka 'Stack Ranking'. Slurp's implementation was a lawsuit waiting to happen as it required the bottom performers in a group to be canned without regard to the quality of their work. An idiotic policy by definition. This leads to a tense, brutal workplace with a lot of politics being played to avoid being in the bottom group. The politics will inevitably lead to unfair practices that are at least borderline illegal if not illegal cropping up over and over.
@hungryman - Excellent synopsis of the problems of EVs since 1884. I would quibble that range is a solvable problem with bigger battery packs using high charge density batteries. But the recharging time is the Achilles heel for EVs. This effectively limits a day trip to one charge; not always practical. The problem of connectors really only requires the industry to pick a set of standards for different voltage connections that every will use; something done in other industries.
"our family is settled... relocating every 2 years, assuming that IBM is going to cover all of the costs... is still going to be a deal breaker for the older employees. (Try buying and selling homes every 2 years....) " - Back to the old days of I've Been Moved when this was done on about a 2 or 3 year cycle.
They are getting "pressure by pocketbook" as 3 of the more prominent US retailers are not carrying them anymore. That will hurt sales as they are harder to find. The pressure does not have to come from consumers directly but by retailers not carrying it. If the product is too difficult to find from a reputable retailer their sales will die. Also, for many semi-casual purchases, many may not bother to search for it if is not available at well retailers.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
