Posts by Doctor Syntax 42029 publicly visible posts • joined 16 Jun 2014
'Recall: "Symantec was forced to fire 3 employees after Google's engineers found rogue SSL certificates issued in its name used in the wild."
Was anyone prosecuted for that? No? So it was a government backdoor, you don't fake an identity document like that and it doesn't even get investigated.'
Prosecuted for what? Could you name a statute or a piece of common law which this violated?
"As much as I abhor this Government there's such a thing as Voter Fatigue"
I used to live in N Ireland where there were local parliamentary elections and a referendum which IIRC was timed to fall fairly close to at least some of the others. The motto there is "vote early, voter often". Being dead was no impediment to voting.
"If Corbyn isn't kicking up a fuss about this then he personally is fine with it"
It's Burnham's remit. He's Shadow Home Sec & it's a Home Sec bill. That said, I wonder if there's a big clue half way through the article. The NUJ objects. Got to listen to their masters in the unions.
"relevant and proper court orders to the extent they can, with compensation for the direct cost of doing so"
Who gets to decide on relevance and propriety? (Note that you wording suggests the possibility of irrelevant and//or improper orders.)
What about indirect costs which could vastly exceed direct costs if such compliance affected the marketability of the company's products?
"They can show ... but they will not reveal how they obtained the evidence"
If they will not reveal how they obtained the evidence then we don't know that they didn't simply invent it. If they invented it then it isn't evidence. If they don;t have evidence then they can't show anything.
Revealing how they obtained the evidence is a link in the chain of proof every bit as essential as the evidence itself. No chain, no proof.
"If Brexit happens, the corporations and the UK government will be free to violate our privacy without any of this annoying interference from the CJEU."
True but they'd still have the European Court of Human Rrights to interfere with them. I don't think May would get very far with trying to resile from European Convention of Human Rights (damn them for having the same initials - it means I have to type out both in full). She might be reminded of Churchill's part in that.
"Between the fire, house and car insurance issues and cyber crime, there is certainly one chasm of difference and that is one of intent. If someone intends to attack you in a targeted attack, then it is very difficult to draw a parallel with fire insurance except in the case of arson."
OK, you spotted the arson aspect. But houses and cars are also subject to targeted attack. Even shipping is subject to piracy. The insurance industry has been dealing with insurance against crime for a long time.
Although cyber attacks might in some cases be down to nation state organisations they can also be perpetrated by teen-age skiddies.
“We have 350 years of fire data and 100 years of motor and aviation data, but we have just a few years of cyber data,”
They may have all those years of fire etc. data now. Initially they didn't. They coped then. They'll need to cope the same way now.
Of course there are some interesting aspects to this such as the way risk is affected if the CIO goes to the board and says "we need to improve security" and the board hears him say "I want to throw money away.".
"when we were kids we used sugar and weed killer or black powder from fireworks to blow up all kinds of stuff"
We had a method of inflating balloons from the gas supply. We constructed fuses from a length of paper impregnated with sodium chlorate (weed killer) with a few matches taped to one end and then taped to the balloon. Lit the fuse (NOT with a match) and released. A hundred foot or so in the air the balloon burst, the gas exploded and burning matches scattered across the sky. Being in a narrow valley echoed the bang.
Lovely, but nowadays you'd probably be put into care.
I used a stateless dataless thin client years ago. It was called a VT100.
I can also add a suggestion about accumulating data on humanity for advertising purposes. In fact I can be more ambitious that you; I can cover all humanity. Just start with a couple of defaults:
1. This person is capable of going to look for things when they decide that they want or need something.
2. This person is likely to be so annoyed by being advertised at that they'll go and buy whatever it is from someone who's not advertising at them.
You can then update this in a person-by-person basis for those for whom you have clear evidence that the defaults don't apply. Simple.
"Data controllers should make sure they have adequate safeguards in their contract terms with processors, even if that processor is a large US cloud company which trades on its own terms."
Under current US legislation no such safeguards are possible. That's why the shield doesn't shield the public, it simply shields the transferrers and, probably more importantly in their minds, the negotiators. As the article implies, it will last no longer than it takes to get to the EU Court of Justice. That's why it's better to call it a fig-leaf.
"I can't understand why people keep paying for these fecking things though, you'd think someone would have a clue by now."
They keep paying for these things because they're easy to measure - the call centre equipment will do the measuring for you. Even excluding test calls, assuming the equipment can differentiate, won't help because the consequence would be hanging up live calls to take new ones.
Time to answer is probably a good measure if used sensibly. If you get towards the failure limit it tells you you're getting to the point where you need to add resources but, of course, this is going to be resisted by whatever management entity is going to have to pay. Turning into a target makes it useless as a measure (Goodhart's law rather than the Cobra effect).
Setting targets based on outcomes, which is what should be done, creates a very much more difficult measuring task.
"You could cram the racks closer together if you didn't need to fit humans in between them to replace faulty hardware."
Now there's an idea. Ever seen document archive shelving like the stuff in the picture at http://www.mobileshelving.org.uk/ ? The racks of shelves run along a track which is a bit longer than the space the shelves need when they're closed up. You just roll them apart when you need to access a given shelf. To do this with servers you'd need to be able to provide enough wiggle room in the cabling. I don't know if anybody's tried this with servers - posted here as prior art just in case there's an attempt to patent it later.
