Posts by Doctor Syntax

Re: Love it!

"demand blood sacrifice from any mortal working on them in the machine halls."#

That's why the metal-work has sharp edges.

Re: He's right, but no one here will accept it

"One solution would be to mandate that copies of all private keys be kept in escrow where only trusted law enforcement could access it."

You are, of course right. But you just move the problem to ensuring that only trusted law enforcement could access it and only in appropriate circumstances*. And a few others such as if the product is sold outside the US's jurisdiction how do you ensure that the private keys for those customers don't also go into escrow.

That, of course, applies to US products. It doesn't do anything about software produced overseas or open sourced; you know, the software that anyone wanting to do anything remotely dodgy would then turn to. That software would be made illegal? Let me repeat what I've said before. You do not inhibit someone intending to break laws by providing them with more laws to break.

* For avoidance of doubt appropriate circumstances don't include checking up on the neighbours and going on fishing trips. They do, however not just include but require due process of law to obtain a warrant.

Re: This is all wrong on so many levels...

"If you're a doctor, lawyer etc and have identifiable information about patients / clients then dropping your computer off at PC World is likely a breach of data protection legislation."

If there were a problem with it it would have to be handed over to a technician somewhere. That technician has to be trusted. The technician at PC World will take his medical ailments to his doctor and trust that he will be treated ethically. Why shouldn't it work the other way around?

PC World should be subject to the DPA and/or any other relevant regulation just like any other business handling data.

"Yup, however if a file name or image is seen that is suspicious"

File name, maybe in limited curcumstance. Image - why are you looking at images on a customer's computer?

Let's presume the customer to be innocent of anything, an old-fashioned assumption admittedly but an essential one if we wish to live in a free society. So what might be on the computer? All manner of personal stuff if it's consumer machine, all manner of commercial material if it's a business computer.

The default assumption must be that it's confidential to the owner and/or user. In the case of personal stuff, at least in Europe, it will arguably* be protected by existing personal data legislation and even more so under GDPR. In the case of a commercial machine there's likely to be commercially sensitive material on there, some of it subject to various regulatory regimes: financial, medical etc. To go poking around in contents, even listing file names, of anything not immediately relevant to the work that's being done is at minimum a breach of confidence and quite possibly a breach of other legislation or regulation.

TL;DR A tech has no right to go poking around in the PC's contents.

* There must be an argument that anyone accessing a PC is at the time the processor of any day data file they open.

Re: No password reset

"4) Owner stuffed."

Not necessarily the worst outcome. If Owner stuffed happens often enough and publicly enough we then have:

5) Vendor gains poor reputation.

6) Vendor fails to sell product in the future.

There is then an incentive to produce secure stuff.

Re: Spoof traffic entering the Intelligent Traffic Signal System

"It's not really user generated data; it's data generated by the vehicle system, and there's no reasonable presumption such a system would wilfully lie if working as intended."

There is, however, an unreasonable presumption that the system will work as intended and that nobody will get at it to make it lie.

Re: Braking News !!! :) <==== NOT a Typo !!!

"snarl up the Roads as a diversionary tactic "

Sounds like an Italian Job.

"Microsoft already have a security model that blocks the ability for their US employees to access data in other jurisdictions without local data custodian approval"

The only place I've read of this being used is in Germany. If it's deployed elsewhere they seem to have kept quiet about it. There's also a question of whether it would survive the CLOUD act whose purpose appears to be to make extra-territorial jurisdiction explicit.

Re: Oh, the hyperbole

"Earliest forms of life on Earth had very little to do with oxygen, IIRC."

The organic compounds which living organisms are built of do contain oxygen. What the earliest forms didn't do was use molecular oxygen as part of their energy systems until, as you say, the blue-greens evolved photosynthesis which produced it as a by-product.

Re: I think I even have a script for that.

"No unsolicited scripts. What a surprise."

Now think what the BOFH would do in that situation. He'd tell a Brit commissioning editor that Netflix were interested but taking their time and there was a small window of opportunity if the editor could make up their mind before the pubs open.

"Clicked their link to view the changes, and got asked for personal details (with no apparent way to skip), so I'd not (until now) seen what the cretins were planning on doing."

Are they keeping that running until after GDPR becomes operational? AFAICS that will be a breach in its own right.

Re: So UK addresses require UK residency?

"Can't speak for .org.uk though."

My registrar seems to think either applies. I'm not sure what happens if .co and .org have different owners. I have a .org and the corresponding .co is owned by a completely unrelated business. However, if they want the .uk they're welcome.

"not-quite-global businesses would be having you declare that you are not an EU resident and make it a condition to let them know if you become one (possibly causing a termination of your business relationship). "

I think such weaseling behaviour would increase the fines.

"Am I still covered by GDPR even though the address is in the states and I am in Europe"

The GDPR protects the personal data of people resident in the EU to the answer would appear to be "yes".

Re: I'm all for it

So at what point are you a real web publisher who should a public address and "just a individual website" ?

There are quite a few issues wrapped up in that.

If you are an individual registering a domain you will be entitled to keep your details confidential. You're not obliged to do so.

If you register your site for commercial purposes you lose the entitlement. That would, AFAICS, include operating as a sole trader. On the whole you'd probably not want to hide your identity unless you're a cowboy; regular traders want people to contact them.

If you're operating a business as a Ltd company you'd register under the company name and the registered address would be the appropriate address to use. However Companies House would register the names and addresses of the officers of the company (director, company sec etc) although the addresses given are often enough the registered company address. Even if you want to keep your identity confidential you can't if you're an officer of the company; it has to be on the company returns, those are public as a matter of law and as such they're excluded from any protection GDPR provides.

Re: So UK addresses require UK residency?

"Perhaps now is not the time to tell someone that I own a second-level .uk address"

If you're setting up something like example.uk there's supposed to be a UK residency requirement. Presumably it's up to the registrar to check. example.co.uk wouldn't need residency. Ownership of example.co.uk would give you preference in gaining example.uk if you wanted that as well.

Maybe you owned the .co.uk or .org.uk version and then gained the .uk on those grounds and nobody thought to check?

"How would icann know to hide the information?"

You wouldn't be dealing with ICANN, you'd be dealing with a registrar. It's up to the registrars as to whether they hide everyone's data by default but if they restrict that to the EU the address you give should be a big clue.

Re: I'm all for it

"Can companies and publishers decide that it is outragous that the address of the manufacturer of something you bought be available to you or the address of a newspaper office be available to complaints"

This has nothing to do with addresses of manufacturers or newspapers. It's to do with personal information, the addresses of individual people who have their own domain, that's all.

Fear that you can be wrongly recognised by the mostly shite low quality cctv available in the UK.

FTFY