* Posts by mbiggs

50 publicly visible posts • joined 23 Apr 2016

Eurozone plans to formalize passenger data, improve security


Re: Border, what border?


Quote: "...An honest person is not going to book a flight for Berlin and Rome on the same day.."

True. But a criminal with money will have three passports in three different names......you know....three tickets in three names going to Berlin Rome and Madrid. How will this proposed invasion of privacy help find this criminal? ....whose real name is a fourth name??

Of course it won't!! But the people in Cheltenham and Fort Meade will just love the invasion of the privacy of millions (billions?) of honest citizens!

UK's National Health Service will roll existing Palantir work into patient data platform


Re: Whoever wins the contract ...


Link: https://nopalantir.org.uk/

Can confidential computing stop the next crypto heist?


Is "protection" actually needed? Private keys can be transient, random....and never stored......

CTO Idan Ofrat commented on the need to "protect the private key itself".

Here's the thing.....this implies that the "private key" is persistent somewhere....stored....so it needs to be "protected".

If a Diffie/Helman transaction is exchanged between peers, the only exchange will be two random tokens.

The crucial part of this is that the shared secret key is calculated by each peer, then thrown away.

Note that a D/H implementation provides that:

(1) The token exchange can be used to calculate multiple secret keys, and so enable multi-pass encryption/decryption

(2) The token exchange tells a snooper nothing about the secret key(s), and nothing about the encryption algorithm

(3) The tokens and the secret key(s) are unique to each transaction

(4) The secret key(s) are calculated locally when needed (i.e. not stored), and can (and should) be thrown away after use

If this D/H protocol is used, it would seem that, since keys are never stored, there would be no need to "protect" keys.

What am I missing?

UK govt refuses to give up on scoring Arm dual-listing for London


Move along....nothing to see here...

TSMC -- a 100 Billion dollar (note the "B") in seven new chip foundries in Arizona

Intel -- a Billion dollar investment (exact size unknown) in new chip foundries in the US

Now if we were seeing Billion dollar INWARD investment in the UK....well I might just stop and look.

But in the meantime ---- ARM.....just noise!!

Actual quantum computers don't exist yet. The cryptography to defeat them may already be here


Obsessed With Mathematics, Randomisation, N-bit Keys......

......but suppose the encryption is designed in some other way:

* only designed to handle text

* with an algorithm using some sort of word-substitution, based on a custom dictionary

* implemented by a very limited group of participants

Perhaps I'm just an ignorant, under-educated old fool, but (assuming it isn't a hoax), two of the three documents in the Beale Papers are still secret after more than a century! ....and these papers use a cipher which avoids the utilisation of Mathematics, Randomisation, N-bit Keys. Will quantum computers be any better at deciphering the two secret papers?

See: https://en.wikipedia.org/wiki/Beale_ciphers

See: The Code Book, Simon Singh

DARPA says US hypersonic missile is ready for real world


Re: Sooo...


Quote: "...a battle-ready system..."

The criteria for "a battle-ready system" are VERY, VERY low.

(1) F35

Link: https://www.defensenews.com/air/2021/01/20/the-defense-department-still-isnt-meeting-its-f-35-readiness-goals/

....and this is after years and years and billions and billions of dollars.... Will they ever work properly? Who knows?

(2) Type 45

Link: https://www.independent.co.uk/news/uk/royal-navy-ministry-of-defence-russia-pip-tobias-ellwood-b2009369.html

....the cooling system for the "advanced" gas turbine power plants fails and leaves a destroyer "dead in the water"

....and this is after years and years and billions and billions of pounds (sterling)

(3) Type 45 (part two)

....and the folk at BA Systems/Babcocks who built these failures also got billions more to fix the vessels. Will they ever work properly? Who knows?

Hah!!....."battle ready".....Lockheed Martin and Babcocks have their snouts in the (taxpayer funded) trough....and they really don't care about "battle ready"!!!

Cooler heads needed in heated E2EE debate, says think tank


Re: Misdirection about E2EE -- again!!! Please read the literature!!!

"That's not true"

Really? If the DH exchange is done by two software clients, the secret key will be calculated twice, once by the sender SOFTWARE, and once by the recipient SOFTWARE. In both cases, the secret key will exist only for a fraction of a second....before being destroyed.

......and of course, the SOFTWARE does not need to disclose the secret key to the human user.

......and of course that means that when PC Plod turns up demanding disclosure of the secret key, there will be quite bit of bother, and quite a bit of confusion.

Hackers weigh in on programming languages of choice


Advanced Hacking....the software development kind!


Quote: "....use a resident compilation tool on that system, something that should never be allowed on a system on a boundary...."

Quote: "....ban high function interpreted language runtimes on boundary systems..."

Sensible, reasonable advice.

.....but self-evidently advice NOT taken by the development folk at SolarWinds!!

.....and one wonders how many other developers of enterprise software don't even understand the advice!!

.....and then there's Ken Thompson's observations (in 1984!): https://wiki.c2.com/?TheKenThompsonHack

Why Nvidia sees a future in software and services: Recurring revenue


Subscription Services -- You forgot to mention "Privacy"!!!


So....without registering your name, address, and credit card number....it's almost completely impossible to be a subscriber for anything at all...!!!!

Not only does the subscription service have all these personal details....but when the service provider is hacked, who knows who else ALSO has your personal details?

It gets worse. Someone bought a Jaguar SUV last year. They bought the vehicle privately. Some time afterwards they found out that Jaguar/LandRover still had the vehicle on their books in the name of the previous owner. It gets worse. The new owner was told that the only way to get the records changed was to ensure that you buy a second hand vehicle from a Jaguar/LandRover agent! Really? The legal owner can't get registered with Jaguar/LandRover!! The previous owner still gets maintenance notices!!

Lapsus$ extortionists dump Samsung data online, chaebol confirms security breach


Hackers are capable of misdirection too....


Quote: "...it's written by competent security engineers..."

Sorry Ken, it's not the CURRENT security software that's the problem........maybe to 190GB dump is cunning misdirection for other types of misdeed....

(1) The Ken Thompson Hack: https://wiki.c2.com/?TheKenThompsonHack

(2) The SolarWinds Hack: https://www.csoonline.com/article/3601508/solarwinds-supply-chain-attack-explained-why-organizations-were-not-prepared.html

So.....the hack on Samsung precludes the hackers WRITING BACK their own code as part of the hack?

Would Samsung know this has happened? (c.f. SolarWinds)

And suppose Samsung's development infrastructure were to be compromised, how long would it take to find out? (c.f. SolarWinds)

And what about future Samsung customers buying product with third party hacks embedded in the product?

UK government starts public consultation on telco security


STASI....Plausible Deniability.....welcome to 1984 and 2022!!!

Quote: "....the British government has quietly dropped a requirement for mass surveillance of UK internet users ...."

....looks like a lie to me!! I suppose if it's true, then they are about to shutter Cheltenham and make thousands of snoops redundant!!

Then again, if it really is a lie, what does it actually mean? Probably that "mass surveillance" is on going...but "plausible deniability" has now kicked in big time!!!

Welcome to STASI 2022!!!!

UK think tank proposes Online Safety Bill reviewer to keep tabs on Ofcom decisions


Re: My Buddies Use Salsa20...Snoops Are Welcome To Decipher.....


Apologies, but the message was built using a Diffie/Helman handshake BY THE SOFTWARE.

So....the key was a one time random key built for this message only and then thrown away.

The sender and the reciepient HAVE NO PART in creating the key, and they certainly have absolutely no knowledge of the key.

I wonder what sort of society contemplates "jail time" for citizens using software to mediate perfectly legal PRIVATE messaging.

Please tell!

Plumspace's Smart SFP TAP can monitor, capture or relay gigabit-speed comms – for legitimate business reasons


......but it's not clear whether the monitored traffic....

1. .....is being routed OVER the wired network (using a separate IP)....

2. .....or whether it's being sent wirelessly to some remote listener.

The USB cable with the built in phone is obviously doing #2. Not so obvious for the Plumspace device(s)....even after reading the documentation!

Now....if BOTH devices were to snoop via wireless.........

US lawmakers want to put NSO Group, 3 other spyware makers out of business with fresh severe sanctions


Is this a step in the right direction....or just more misdirection?

OK.....the NSO product is bad for anyone carrying a smartphone, whether Apple or Android. So far, so good.


But what else is going on in Forte Meade, Cheltenham, and elsewhere in China, and Russia, and Saudi.


I think we should be told!!

Computers cost money. We only make them more expensive by trying to manage them ourselves



Quote: "The cloud has shown us that consumption-based models work."

Quote: "So surely it makes more sense to put the responsibility on someone else..."

Both these quotes imply that users of computing can subcontract some (maybe all) of the responsibility for user activity to someone else.

Ask yourself a couple of questions:

- Who is responsible for data management, data security, backups? Answer -- "the user".

- Who is responsible for application availability? Answer -- "the user".

The ultimate responsibility for the use of an application and its data rests with the end user. In the old days, the user had some sort of face-to-face relationship with an IT organisation, and the subcontracting of specific tasks (availability, data security, backups) to the IT organisation had clearly delineated boundaries. Today, if the user subcontracts these things to a "cloud" supplier, the relationship (and the the technology) is MUCH more "cloudy".

Just look at the MegaUpload farago. Just think for a minute about "cloud": user equipment, network supplier(s), cloud suppliers -- all these have to be reliable for an end user to get a reliable service. If the user chooses "on premises" service, at least there's someone to hold accountable. It's seems clear that this is NOT true in the "cloud".

I'd love to hear stories which show that "cloud" is ALL OF: cheaper, more reliable, more resilient, more flexible, more secure.......than traditional arrangements.

No change control? Without suitable planning, a change can be as good as an arrest


Re: Level 99: Managment actively tries to stop controling changes.


Quote: "....management wanting speed not quality...."


In a financial service company, long ago and far away, the Operations Director told me that "We don't need any f***in' process."


Ah.....now why is is that there are no comments here about "agile", "scrum", "devops".........

.......and other "modern" practices?

Staff and students at Victoria University of Wellington learn the most important lesson of all: Keep your files backed up


No....not 3.....but 4......

Quote: "... three important learning experiences ...."


No there are actually four:

4. Make sure you test backups.....to make sure they WILL ACTUALLY RESTORE WHEN YOU NEED THEM


In my experience, RULE 4 is widely ignored!!!!!

As Uncle Sam continues to clamp down on Big Tech, Apple pelted with more and more complaints from third-party App Store devs


A Suggestion.........

.....which takes some time an some determination.....but gets you well away from the Apple "eco-system".......


1. Buy a consumer grade PC (laptop, workstation.... whatever)....maybe less than £500 compared with £thousands in the "eco-system"

2. Install "elementary OS" -- overwrite that other "eco-system" from Redmond, WA -- and send elementary a few dollars

3. Get used to a LOVELY Ubuntu-based environment -- with an Apple look-and-feel and with LOTS of work-alike applications


There.......Tim Cook can just suck it up. I hope more folk follow this simple three step procedure....and save themselves a LOT of money!!

Why should the UK pensions watchdog be able to spy on your internet activities? Same reason as the Environment Agency and many more


Re: Sunset clauses and jury oversight are needed.


Quote: "....the wider public don't give a crap...."


True. But there's a flip side....the so called "bad guys" DO give a crap. They use burner phones, VPNs, internet cafes, hijacked WiFi, private ciphers.....and who knows what other tools to avoid the STASI.


If you wonder about just how efficient the STASI are TODAY at identifying "bad guys", just recall that almost all the recent terrorist outrages were perpetrated by individuals "already known to the authorities". So much for the power of snooping!!! And the STASI will be LESS efficient under the newly proposed avalanche of new snooping.


So....the public in general are indifferent to STASI snooping and the loss of privacy. At the same time the so called "bad guys" are no doubt looking forward with anticipation to more opportunities to hack all this new STASI information.....while at the same time the STASI have even lower capabilities than today. Unintended consequences!!!!

In deepest darkest Surrey, an on-prem SAP system running 17-year-old software is about to die....


Just wondering....is the SAP software HEAVILY CUSTOMISED?

Once upon a time, in a land far away, a huge retail organisation bought Peoplesoft and then had it HEAVILY MODFIED. For the next ten years, it was almost impossible to apply any patches issued by Peoplesoft. Duh!!

Then -- when the penny dropped -- said huge retail organisation paid a fortune to RE-IMPLEMENT the latest version of Peoplesoft with NO MODIFICATIONS.

Guess what.....huge consultancy bills at the beginning, during the ten year life of the modified sotware, and during the conversion back to "standard".

Why am I not surprised?

New British Army psyops unit fires rebrandogun, smoke clears to reveal... I'm sorry, Dave...



One star -- can't read or write

Two stars -- can either read or write, but not both

Three stars -- gets to talk to journalists


Plus ca change......

Germany mulls giving end-to-end chat app encryption das boot: Law requiring decrypted plain-text is in the works


Re: So encrypted posts to USENET it is ...


Quote: "...general best practices (i.e dont roll your own crypto)..."


But what about the asymmetry for the "good guys" vs. the "bad guys"? Even if the "roll your own" is only passably strong, the "bad guys" communicate in real time, while the "good guys" will have to wait, maybe quite while, to find out what the message said, maybe too long to be useful! See Beale Papers.....one of them secret for over a century!









Data-spewing Spectre chip flaws can't be killed by software alone, Google boffins conclude


Paranoia about the NSA.....

Quote: "We now believe that speculative vulnerabilities on today’s hardware defeat all language-enforced confidentiality with no known comprehensive software mitigations..."

Lots of folk believe that the NSA has weakened public encryption standards. Maybe they have a hand in chip design as well. Just saying!

New era for Japan, familiar problems: Microsoft withdraws crash-tastic patches


Re: Looks like MS cannot actually patch its own code properly any more


Well said.

....but you forgot to mention "fashion". In the past M$ had no excuse for never doing any testing, and leaving the testing to the (paying) users. Well...they are still doing this, but now they have an excuse.


Namely -- "agile", "scrum", "devops", etc etc. Today these fashions mean that there isn't a comprehensive requirements statement AGAINST WHICH TO TEST THE PRODUCT.


Of course, the fashionistas will tell us that they "test the patch". I though that excuse had been thoroughly discredited years ago.....but -- hey ho -- we need to remember what Tallyrand said about the Bourbons all those years ago: "They forgot nothing and learned nothing".

Resident evil: Inside a UEFI rootkit used to spy on govts, made by you-know-who (hi, Russia)


Re: NSA has been subverting encryption since 2006,

Always wonder when I see this sort of comment why no one seems to realize that the bad guys can use some home brewed cipher on top of everything else. The key is speed to crack. The bad guys can message in real time, while plod has to wait, maybe for quite a long time, to read a message. Likely too long. Here's a book code example:















Australia's Snooper's Charter: Experts react, and it ain't pretty


Re: *wince* -- but still not getting the point....

@AC posted earlier under the title "Still Puzzled!".


Alice and Bob only copy enciphered text (say from a thumb drive) when they send their enciphered messages. Plod can undo the end-to-end-encryption, and all they will find is Alice's enciphered message! There never was plain text on the end-point device!


The *wince* is not needed -- the flaw is in the assumption that everyone using public communication services is using their end point device for encipherment AS WELL AS FOR COMMUNICATION. Bad assumption!

Leatherbound analogue password manager: For the hipster who doesn't mind losing everything


Does anyone remember the game called Hangman?

....helped along by a pinch of repetition.


Notebook entry: E _ _ _ _ _ _ _ _ R N _ _ _ _ D

Musical user's password: ELGARELGARNIMROD


Seems pretty secure against a notebook stolen by a random bad guy....especially if the user uses non alpha characters in some patterned manner:

Notebook entry: E _ _ _ _ _ _ _ _ _ R N _ _ _ _ D

Musical user's password: ELGAR-ELGARNIMROD


Notebook entry: M _ _ _ _ _ _ _ _ _ _ _ _ _ _ _L W _ _ _ _ _ _ S

Racing fan's password: MANSELL92MANSELLWILLIAMS


Can this scheme be broken quickly by a random bad actor?

Shared, not stirred: GCHQ chief says Europe needs British spies


EU Partnership - Fleming needs a history lesson

Quote: ""Almost everything that we achieve in GCHQ is dependent on our partners," said Fleming..."


Yup...but not including GCHQ hacking Belgacom:

- https://theintercept.com/2014/12/13/belgacom-hack-gchq-inside-story/

With friends like the folk in Cheltenham, who needs enemies?

'Moore's Revenge' is upon us and will make the world weird


NEWS ROUND UP - June 2020



A toaster has told this newspaper that an attempt was made to toast a bagel by an unauthorised person. The toaster did not recognise the (human) toaster, but was able to identify the person from the public face database. The toaster phoned the police to complain, and then told the human "I'm sorry Dave I can't do that".


Yesterday a toilet cistern at the main station incorrectly identified a customer as a suspected terrorist when it matched the customer's face with police information about wanted persons. The senior toilet cistern immediately locked all toilet seats, all cublicle doors, and the main door to the toilet facility. The facility was fitted with equipment supplied by a major technology company, which refused to accept responsibility, and refused to pay for the clean up. A spokesman told this paper "S**t happens".

Tufts boffins track device location without GPS or towers


Quote: "...their location “relative to each other"...."


Don't understand....even if ALL the devices know their position "relative to each other", at least ONE of them needs an absolute position so that the others can figure out where they are.


Oh, and by the way, there will never be any IOT devices here at Linux Mansions....so no probs here!

Critical infrastructure needs more 21qs6Q#S$, less P@ssw0rd, UK.gov security committee told


Quote One: "Under a government crackdown, national critical infrastructure companies could be liable for a £17m fine if they are found to have inadequately protected themselves from cyber attacks."

Quote 2: In addition, last week the National Cyber Security Centre (NCSC) and the Federal Bureau of Investigation warned that Russian state-sponsored cyber actors are targeting network infrastructure."

[Quote 2] Pure misdirection, hypocrisy and lying. The biggest source of cyber attacks from mainland UK is.....guess...GCHQ, which is spying on the sixty million citizens who are paying for this anti-democratic outrage. GCHQ is also spying on our EU "partners" -- see:

- https://theintercept.com/2014/12/13/belgacom-hack-gchq-inside-story/

....and that's one we know about....there are likely many others.

[Quote 1] "....government crackdown..." is a similar piece of s**t to the over-used "keeping us safe". If the government wants to do something about "cyber attacks", it should start by shutting down GCHQ in Cheltenham...and save billions of pounds which could usefully go elsewhere....say to the NHS!

Time to ditch the front door key? Nest's new wireless smart lock is surprisingly convenient


Then there's users who have configured other IoT tools....

....allowing anyone to shout through the letterbox "Alexa, open the front door".


....and most likely other (more technical) hacks on the IoT infrastructure.


By the way, who (exactly) needs to manage their front door lock from Outer Mongolia?

Twenty years ago today: Windows 98 crashed live on stage with Bill Gates. Let's watch it again...


Re: Bill Gates and QDOS

....or the people from Stac Electronics who had their technology stolen by M$.

Latest F-35 flight tests finish – and US stops accepting new jets


Billions for an "aircraft carrier"....

.....with no aircraft! An aircraft carrier, which even when the aircraft turn up (when?), doesn't have enough support vessels to form a decent "carrier group".


All this would be fine if the UK had billions to spare after we've paid for unimportant things -- like the NHS!


So (exactly) what sort of austerity is it we're living through? Philip Hammond may know....but he's in a minority of one.

Accenture, Capgemini, Deloitte creating app to register 3m EU nationals living in Brexit Britain


Ah...Scrum of Scrums, Agile, DevOps.....

Quote: "The groups running the programme will work in small scrum teams together..."


...a recipe for an "app" which will perform differently every day....the "App of a Thousand Days"!


God help the three million users!

F-35B Block 4 software upgrades will cost Britain £345m


F-35B Block 4 Software.....

It's worse than that. The combat pilot hears the F-35 telling him(or her):

- "I'm sorry Dave (or Davida)....I can't do that!"

Intel adopts Orwellian irony with call for fast Meltdown-Spectre action after slow patch delivery


Re: Fit for what purpose?

So......a computer company doesn't have simulation capabilities to model their own products????


Or perhaps they DO have the appropriate simulation capabilities....and didn't bother because as a monopolist, they don't really give a toss about quality.

FBI tells Jo(e) Sixpack to become an expert in IoT security


Re: Rules of IoT


Yup.....let's rewrite the Phil Knight/NIKE advertising slogan:









IoT gateways get a benchmark from the TPC


Ah...a standard written by....

...the NSA and GCHQ....making spying on the world's population even easier.


And of course, because this standard setting is an anorak activity, no one will notice. Cute!

Google will let cloud customers use plain-old-Internet links


...and then there's the NSA to consider....

.....but they already monitor "Premium"....so no diff!!!

Firmware update blunder bricks hundreds of home 'smart' locks


Re: Lovely

I recently bought a Linksys EA7500 WiFi access point/router. The only easy way to set up this device is to subscribe to the Linksys "cloud" so that ALL CONFIGURATION is done via the Linksys cloud account.


This is so that "you can manage your router using your smart phone from anywhere on the planet".


So your home LAN is open to hacking from "anywhere on the planet"......REALLY?


It took a day and a lot of research to find out how to configure the device in the old fashioned way -- using a laptop and a CAT5 cable (and NO INTERNET ACCESS).


In the future it may be impossible to manage a computer-based device without "the cloud" -- if idiots like Linksys have their way.



Australian govt promises to push Five Eyes nations to break encryption


Why the focus on point-to-point communications?

So Alice and Bob (and their circle) develop their own cipher. Suppose that the cipher is a book cipher. Any message sent will be encrypted twice -- once in their private cipher, and once in some backdoored public cipher. How does the backdoor help the government (or anyone else who is listening)? The metadata in this case says Bob is messaging Alice...but so what? And in the case that Bob simply posts the message on The Register -- then the recipient(s) are likely completely unknown!!


For example, here's a (real) book cipher message. What does it say?


sforzato pharyngo- woadman mecometer semihysterical veratrize fiercenesses Ranquel lepidotic Kawaguchi eyeservice fringiness half-plane piligerous saskatoon straddle-fashion sharecroppers colibertus bilobular unsacrilegiousness Gallicolae snake-eyed hydrophorous rain-soaked entoplasm eschewing brulyiement Erastianize acetphenetid recheat hout alada superaffiuence sweet-scented Altingiaceae researchful unegregiously unregenerately blighted Marlette nonbeauties Ossetian perversite artcraft Staley physiognomonic keawe kentallenite acroataxia yodles Rhabdomonas mournfulness VC loose-lived self-purifying tornadoesque uroo slopmaking annalists undeferrable ammonitic WAN pokable limbs Composaline gasified Chibcha elephantiases guerdonless orchestras whoop-de-doo commercialised periclean half-reclined naturata haemonchosis bug-juice theorically demonstrant premarrying honduras knickknack Adrianople -aceous inductees counter-faller cervicorn yowe adenomata kutch jardon eradicable nonfervidly cribriformity totoaba Marduk Muscadine mangrate Californian Mignonette Stroessner fisherpeople So. gibble-gabble cayuses Wallinga squab-pie fancywork niftiness


Mozilla to Thunderbird: You can stay here and we may give you cash, but as a couple, it's over


Re: Thunderbird users?

In the early Nineties, corporate email systems existed on internal networks, and users were using, for example, cc:Mail over Novell Netware.


I'm continually amazed that there are people who think that it was the stone age before the Internet became pervasive....not so!

Sorry, Dave, I can't code that: AI's prejudice problem


Who decides?

Here are a few concepts where human beings can't agree on a definition:

- "rich"

- "beautiful"

- "fair" (as in even-handed between cases)

So if the humans can't agree about reasonable definitions, why should we believe that computer programmers and computers can assess these concepts "correctly"?

US Air Force networks F-15 and F-22 fighters – in flight!



The next "improvement" will be nuclear armed aircraft as part of the ever expanding "internet of things". So now we can adjust the temperature at home, close the garage door, and drop bombs -- all at the same time.

Brexit means Brexit: What the heck does that mean...


Re: Codification of existing practice?

@Norman Nescio Quote: "...the Snoopers' Charter is 'simply' codification of an existing practice..."

This is, at best, naive. Who knows what the "existing practice" actually is at places like GCHQ or the NSA? I for one am pretty certain that the hacking and snooping going on for years now has paid absolutely no attention to the law. I'd point out that Theresa May as Home Secretary wanted to abandon the European Convention on Human Rights -- I wonder why. I'd also point out that in the last few days Philip Hammond has announced another 1.9 billion pounds for the GCHQ budget -- a sum which almost certainly buys a huge amount of snooping into the legitimate activities of 60 million UK citizens.

In summary, "existing practice" is almost certainly illegal, and is absolutely certainly damaging to personal privacy and to the democratic rights of citizens. The STASI is here, and no one cares.

Software bug costs Citigroup $7m after legit transactions mistaken for test data for 15 years


Re: Plus ca change...

Yup...also been there, this time during an AS/400 upgrade. We needed some stuff off a recent backup. It turned out that the backup was corrupt. It also turned out that no one had ever tested the restore process, and that all the carefully taken backups were unusable!!

Lesson: Do the backups....but test the restore process too.

Don't doubt it, Privacy Shield is going to be challenged in court


.....but before we discuss Safe Harbour or Privacy Shield......

......why has no one commented about the fact that no one actually knows what information is held about them and by whom!!!!

Personally, I don't want to know anything about the data held concerning anyone else, but I would like to know:

- a list of all the organizations who keep records about me

- for each of these organizations, exactly what information they keep about me

I'd also like to see copies of all these records about me, so that:

- I can demand deletions for records no longer relevant

- I can correct all the mistakes in what is left

But all this is moot:

- I don't have any legal right to know

- Many of the organisations will never have had a direct relationship with me, so I would never guess that they had relevant records

- Many of the organisations who have records about me (say, perhaps GCHQ) would either deny having the records, or would deny any access outright

.......so worrying about Safe Harbour or Privacy Shield seems to me to miss other, much more fundamental issues.

MoD contractor hacked, 831 members of defence community exposed


Re: Yawn. . . .


Quote: "I have faith that UK Gov can produce a truly catastrophic blunder if they try"

1. Absolutely correct....but how do you know that there have not been MULTIPLE "catastrophic blunders" already????

2. And as for Theresa May....well....she is clearly determined to re-build the STASI, but in the UK and in 2016 -- and she and her colleagues in government and in the so called civil service are clearly determined to keep us all in the dark about what's going on (see item 1).