* Posts by Drew Scriver

389 posts • joined 28 Sep 2017

Page:

Microsoft: After we said we'll try to promote more Black people, the US govt accused us of discrimination

Drew Scriver

Re: Just do what I do.

Aren't you essentially saying that finding the best talent may require extra effort so ensure that the net is cast wide enough because some candidates may not be represented in narrower searches?

If so, you wouldn't you still be focusing on merit? If the best-qualified candidate happens to belong to a certain group of which you would like to see greater representation within the company that would merely be a side-effect, wouldn't it?

Drew Scriver

Re: This is just because of Trump

I am quite certain that your statement ("block companies that do business with the government from having any diversity training") is factually unsound.

However, I'm always open to learning more and adjusting my conclusions accordingly. Can you provide some URLs with information about this ban?

IBM manager had to make one person redundant from choice of two, still bungled it and got firm done for unfair dismissal

Drew Scriver

Re: "involuntary separation"

Funny story about those euphemisms.

I spent ten years in a state that has a lot of military bases, so we always heard about people being deployed to various conflict zones across the globe. Often this would be their second or third tour, so we were used to redeployments.

Then I moved to another part of the country for a job at a progressive company. Pretty soon we had a major round of lay-offs and people were getting the axe left and right. In the midst of this my boss told me that one of his best friends just got redeployed. Thinking that this meant that this friend had been spared and moved to another department I told him that I was very happy for him...

Turns out that "redeployed" was this company's euphemism for "laid off".

Drew Scriver

I never worked for GE...

If I'm not mistaken GE got rid off that rule after Welch left. Company I'm talking about is another Fortune X company.

They also believe in 360-reviews, where you're supposed to obtain (written) reviews from other employees. Oh, and the feedback cannot be submitted anonymously and is visible to the subject.

Well, you say, only get/give positive feedback. They thought of that, too. Some directors have stated that all feedback will be ignored unless someone also has negative feedback.

Drew Scriver

Company I have first-hand experience with:

"We only hire the best and the brightest."

"We know ahead of time that 15% of our employees will perform unsatisfactorily. They will have six months to improve, or they will be dismissed."

Drew Scriver

A previous employer used a system that ranked everything on a scale from 1 to 10.

"On a scale from 1 to 10, how well did you meet the following goal?"

Goal: Obtain certification XYZ.

Since I had gotten the certification, I ranked myself a 10. Only to be told that nobody could possibly rank "perfect".

Too many staff have privileged work accounts for no good reason, reckon IT bods

Drew Scriver

Re: .. all the access they ask for ..

Years ago we had a developer who needed a lot of code releases to Prod to get things right. We flagged it to management and the situation became a bit tense.

Then one day he happily submitted a change and said that this would be the last one for sure - he guaranteed it.

Suspicions duly awakened, I scrutinized his code even more than usual and discovered that he had cleverly changed his code to include a reference to an external file that resided in a repository that he had write-access to.

If we had promoted his "last and final version" he would have been able to self-deploy future changes with that one include statement...

And Developers wonder why Production Engineers don't trust them...

Drew Scriver

Re: .. all the access they ask for ..

Hi Julie* - didn't realize you read El Reg... guess it was you downvoting my lamentation?

*not her real name

Drew Scriver

Re: .. all the access they ask for ..

Ah yes - the standard/template changes. No peer review was needed for those until recently.

One of them accidentally ended up in our review queue recently and we started scrutinizing it before we realized we weren't supposed to.

Turned out the change itself far exceeded the scope the template was approved for, was missing required supporting documentation, and so forth.

The engineer was hopping mad (still is) when we hit the "reject" button on it. She still doesn't realize that we could have reported her for falsification of record, I think.

We did bring it up with the coordinator, who promptly put the kibosh on all standard/template changes until proper controls can be implemented (i.e. peer review).

Now the engineer is even more mad at us... Of course, it doesn't seem to dawn on her that she brought this on herself.

As for non SMEs reviewing changes, that's often a real problem. In a previous job our changes had to be approved by close to 40 (!) people - about 50% of the entire IT-staff.

Just to prove the point I once wrote a change in such technical jargon that I was certain that I was the only one who could understand what I was even going to do.

Only one reviewer objected and demanded clarification.

Not long after that I wrote another change and deliberately added some PROD network devices in it that were managed by another team and that I was not allowed to touch.

As I expected, it sailed right through the CAB. Even the owners of those devices signed off. There was one reviewer who objected and refused to approve it: the same guy who had asked questions about my earlier change.

To this day I often sneak what I call a "control bug" into work that has to be peer-reviewed. Serious enough to cause harm, obvious enough that it is spotted easily, but obscure enough that anyone who rubber-stamps it will miss it.

Drew Scriver

Re: .. all the access they ask for ..

I'm the lead of a CAB, and you wouldn't believe the amount of grief I get when I push back on changes that don't meet the security requirements - including bullying, complaints to management, escalations to VPs - you name it.

Some of their favorite replies:

- We've always done it this way and nobody has ever pushed back.

- Chicken Little

- It's been vetted and approved by the Engineering Council.

- You're going to cause us to miss our deadline.

I often wonder why I don't just give in (as are the change requesters!) and approve such changes, but since my job requirements include safeguarding the integrity of the systems I don't see how I could.

Drew Scriver

Sounds like an ad hominem attack to me. It really doesn't matter what this company sells; it matters whether they're right.

Quite frankly, the percentage of people with too much access that they found is an average. From experience I can tell you that some companies are much closer to 100%...

As for your statement that "locking everything down is rarely a good idea", that's simply misguided. Access should be based on "default deny", not on some expectation.

Regarding your complaint about "systems are so locked down that you really struggle to do your job", you may be surprised that such an approach is not considered to be secure.

Security has three requirements: Confidentiality, Intergrity, and Availabliity. If you can't get to the stuff you truly need to get to it cannot be considered secure.

Unfortunately, and you are right in this, too many people think that full security means locking everything and throwing away the key.

Oh, how I wish companies would require everyone (including the brass!) to take basic cyber security training. Just an hour or to convey the basic principles would put an end to a lot of the issues.

Director of nuisance-calls company ordered to cough up £114k after ignoring £40k fine from UK data watchdog

Drew Scriver

Re: Attainder

It was one of the grievances that resulted in the American colonies declaring independence from the Crown and it is considered relative to involuntary servitude.

Curious that the UK, Canada, and other still have it.

Four years after Europe sorted this, America is still going around in circles on data privacy in stuffy hearings

Drew Scriver

Re: Interesting interpretation

No, I downvoted because in the end it's not nearly as democratic as it is billed to be. The consensus bit is also not reflective of the current status, unless you are referring to consensus among the politicians in Brussels.

I maintain that the consensus is not found among the citizens, especially if they were fully cognizant of all the rules and regulations that come out of the EU government.

Which, of course, is why the Brits seceded.

Drew Scriver

Re: Interesting interpretation

Downvoted for this statement:

"Those would be laws made by concensus, by democratically elected members."

The average EU-citizen has no idea what's being legislated in Brussels and a significant percentage would be aghast if they knew...

I heard somewhere that one of the EU-members recently left the Union because of this, and others are apparently stirring.

Drew Scriver

Re: Interesting interpretation

The thing is that as a UK Citizen the fact that each US state seems to have their own laws appears to be total madness.

It's not that strange if you consider that the US are not a country; it is a union of 'countries' (or states, if you will). Much like the EU, or even Germany.

Now if each state had hard boarders with a wall around each and strict border controls and visas to enter each state then that might make some sense,

States do have borders. For instance, if you drive from Nevada to California you may be stopped at the border to check whether you are importing fruit (which is not allowed). And State Police are generally not allowed to cross the state borders - even if they are in hot pursuit. In addition, if you commit a crime across state borders it generally would become a federal issue. And you'd end up in federal prison, not a state prison.

States even have extradition agreements for suspected criminals. Each state has its own government, a court system (including a supreme court), its own constitution, its own tax system (in addition to the federal taxes), even its own version of the FBI (e.g. the Colorado Bureau of Investigation).

Taxaction apears to be deliberatly complicated so that no-one actually knows how much tax they need to pay. You can have a state or city or county tax that can change on a weekly basis. for a single type of product!

That is simply because local tax revenue is used for local expenditures. Regarding "nobody knows how much tax they need to pay", it's really not all that difficult to add approximately 10% to the sticker price. I'd much rather have that than having 20-21% invisibly included in the price. It's quite healthy for the tax rates (if you believe in lower rates, that is) if there's some level of sticker shock at the check-out. Imagine buying something for €100 and having the cashier tell you to pay €121.

Or, in the case of gasoline/petrol, buying €20 worth of fuel and being charged €60... (that last example isn't entirely valid since the taxes are in fact included in the price across the USA).

Drew Scriver

Re: Should have hammered it home

Sort of.

He would be in thin ice since, generally speaking, the politicians (Californians included) tend to limit "we need to do it because the people want it" to issues where the people agree with the politicians.

When "the people" are not in favor they'll ram it through anyway under the guise that it's "for the good of the people". The people only disagree because they don't understand that it's best for them...

Drew Scriver

Re: The same old answer

Maybe...

But isn't it just as likely that such a new law would apply only the "the powerful, the rich, and famous"?

Inflated figures and customers who were never there. Just another data migration then

Drew Scriver

Oh - so many examples to choose from!

1)

We once did a validity check on a customer newsletter list. Dropped the number of valid e-mail addresses from 76,000 in half. Informed the internal customer, who asked us to hold off on deleting them until after the weekend, since they had already scheduled a party to celebrate the 75,000-subscriber milestone for Friday night...

2)

Consulting firm created a new flagship web site. We had required performance testing, which they did. During the big presentation they brought up the test and told the brass that no errors were encountered during the test. They were not very happy when I pointed out that a) the web servers were configured to respond with a redirect instead of an error code and b) more than a couple of dozen concurrent visitors would increase the page load times to double digits...

Already mad, they also mentioned that they had done usability testing and moved on with the meeting. I interjected and asked what the outcome of the UX-test had been. I already knew the answer, but it was fun to watch them try to spin "everyone hated it" into something less critical.

After that they made sure to keep me off the list of invitees.

3)

Then there was the time when we were looking for another hosting company. The Finance Dept, Legal guys, and the brass had already approved the contract when my manager gave me a copy of the response to the RFP.

That's when I discovered that they had listed some incidental sales under recurring income, thus inflating their annual revenue by $7M or so - doubling their actual numbers.

On my day off I sauntered into the office in my road bike gear to drop off the annotated proposal. eliciting the expected stares. My manager took one look at my notes and escalated it to the VP-level. They swiftly cancelled the signing ceremony with the vendor, which had been planned for noontime that very day...

A couple of months after that I found myself at some Microsoft training, sitting behind three lead engineers of this vendor. It was a wee bit awkward, to say the least...

Bad boys bad boys, what you gonna do? Los Angeles Police Department found fibbing about facial recognition use

Drew Scriver

Re: Fibbing about facial recognition use?

Not everyone. We signed up one of our children for little league soccer last year and of course the league requires that all parents download the 'free' app that they use for communication.

This particular app was provided 'for free' by Dick's Sporting Goods, a fairly large chain in the USA. In their lengthy, draconian Terms of Use and 'Privacy' Policy they did in fact state that they reserved the rights to use any and all information they collect, and combine it with all the information they collect when you visit their stores.

This included purchase information and images from security cameras.

Ancient telly borked broadband for entire Welsh village

Drew Scriver

Re: Need a rubber hammer

Depends on the problem. I shared a flat with some other students back when I was in college and we had an old CRT TV in the living room.

Occasionally the image would flatten to a single bright line in the middle. Tried cleaning the variable resistors to no avail.

Then I brought in an old-fashioned wooden mallet that I had made in shop class in secondary school. Worked like a charm - we'd just whack the top of the cabinet with it. We kept it on top of the TV, next to the (acoustic!) remote control.

Oh, those were the days!

Family wrongly accused of uploading pedo material to Facebook – after US-EU date confusion in IP address log

Drew Scriver

Re: Not just dates get confused

Not quite sure how this is confusing:

23:58

23:59

00:00

00:01

00:02

...

11:58

11:59

12:00

12:01

12:02

...

12:58

12:59

13:00

13:01

13:02

Drew Scriver

Re: Not just dates get confused

Sure, but in the 24H system 00:00 is always midnight - the start of a new day.

Drew Scriver

Re: Not just dates get confused

Since I grew up in Europe the 24H system is second nature to me.

After I moved to the USA I figured it was just my European background that caused me to have a hard time with the 12H-system. Until...

1) A colleague showed up for work on Monday, although I thought he was supposed to have flown out to our European office the previous day. "Yes, but I got to the airport at night instead of in the morning."

2) A key server went down in the middle of the day. Somebody had confused am and pm when they created the cron-job.

Of course, the usual complaint was that the 24H-system is just "too hard". So far I've resisted the urge to tell them that my six-year-old niece knows that her favorite TV-show starts at 18 hours...

Personal data from Experian on 40% of South Africa's population has been bundled onto a file-sharing website

Drew Scriver

Re: The $128 million dollar question

Personally charging the brass is the only thing that will compel companies to take this kind of thing seriously, I'm afraid.

Years ago Massachusetts had a bill that would hold executives personally responsible if they either knew about security issues, could/should have known about them, or failed to implement proper measures to counter them.

Unfortunately, the bill did not pass.

Drew Scriver

Didn't they fire that one guy whom they said was solely responsible for the previous breach?

Thought that was going to ensure it would never happen again...

Even with a 49% uplift in sales and a 46% drop in expenses, Slack still can't turn a profit

Drew Scriver

Slack has been a pretty decent solution for our team

We've used a slew of different messaging products over the years, but so far Slack has been a much better platform than the others.

The feature set is quite extensive and the UI is relatively well-suited to collaboration. We also have hooks going and coming from various other tools like PagerDuty and Service Now. The extensibility is not bad either. The options for formatting code as well as the thread-feature are essential options for me that are missing in some of the competing products.

There certainly are some shortcomings. Just to name a few:

- images are not optimized / reduced

- it's not possible to add people to an existing ad-hoc group chat

- search is counter-intuitive

My company uses both Hangouts and Slack at the moment, but the latter is by far my favorite.

50%+ of our office seats are going remote, say majority of surveyed Register readers. Hi security, bye on-prem

Drew Scriver

Re: Seriously?

Looks like El Reg couldn't resist the dig at the US. Granted, the federal administration hasn't provide very strong and clear leadership, but that's not a whole lot different from what I'm seeing in some European countries. Of course, those leaders don't use Twitter so it's not as bad as it is here.

However, El Reg is showing its ignorance here:

"Just over one in two respondents, or 54 per cent, said at least half of their seats are going remote, with North America (NA) leading the charge, which may be linked to the US government's handling of the pandemic."

Each US state is pretty much independent and the federal government (including the president) is quite limited in what it can mandate.

So permit me to fix it for El Reg:

"Just over one in two respondents, or 54 per cent, said at least half of their seats are going remote, with North America (NA) leading the charge, which may be linked to the US governments' handling of the pandemic."

Drew Scriver

Re: Not here

The US company I work for spent tens of millions of dollars on converting from cubicles to an open environment. Now they're converting back (more or less)...

In the meantime, we've been told to expect to work from home until 2022 (yes - that's twenty-two).

Drew Scriver

Re: I rather like the current situation

I can get a 3 GB connection - if I'm willing to pay the ISP $72,000 to run a cable less than half a mile.

Until then (or until Starlink gets up and running), I'm stuck with 3 Mbps DSL and a cellular hotspot that usually, but not always, gets 20 Mbps.

The state of rural internet access is continuing to be a boondockle (sic) in the USA. No real effort being made either at the federal level or the state/local level.

Intel NDA blueprints – 20GB of source code, schematics, specs, docs – spill onto web from partners-only vault

Drew Scriver

Re: Intel123

Two years is pretty good compared to other companies...

Worst I've heard so far is 10+ years.

Drew Scriver

Re: Note to self...

Reminds me of when I was an Ops Engineer (App Delivery) and we were interviewing people for an open position on our team.

One of the candidates was a guy who used to be a developer at the company. For years I had been busy plugging his backdoors and information leaks (let's hear it for BIG-IP) almost as quickly as he introduced them.

During the interview I asked the infamous question, "What makes you the best candidate for this job?"

Without missing beat he replied, "I know all the backdoors in the applications."

Drew Scriver

Re: Intel123

I had a CISSP challenge me the other day on my insistence that root and admin passwords should be unique to each device, and most certainly cannot be the same for Lab, Dev, QA, and Prod...

Please stop hard-wiring AWS credentials in your code. Looking at you, uni COVID-19 track-and-test app makers

Drew Scriver

Re: Nope

What about high schools? It's likely that this tracking application will be used there also.

Should mobile phones be a requirement there also? Will the schools (i.e. the taxpayers) provide them to the students? If $10 is an unreasonable burden for voting IDs, how could requiring a smart phone be considered reasonable if the parents have to incur the cost? It would certainly disenfranchise certain groups.

Not to mention parental objections to smart phones in the classroom, or the adverse effects they often have on the education itself.

Not that there is much of a risk of lowering the academic level of many schools in the USA. It's already near the bottom.

Geneticists throw hands in the air, change gene naming rules to finally stop Microsoft Excel eating their data

Drew Scriver

Re: Happens in Google sheets as well.

I work in the tech department of a Fortune 500 company in the USA.

Can't even get people to use 24H clocks, let alone ISO 8641 date format...

Having grown up in Europe, where even a six-year-old knows how to tell time in 24H, I'm baffled by the insistence here on using am and pm. At first I thought it was just my unfamiliarity with the system, but it wasn't long before I noticed US-born colleagues oversleeping because they thought the dot on their alarm clock meant am, not pm. Or missing planes because they got to the airport 12 hours late. Or setting up a cron job to restart a server in the middle of the night, only to have it go down at 15:00.

And if I got a penny for all the times I've been asked if 00:00 is the end of the day or the beginning of the day...

Drew Scriver

I must be missing something...

Geneticists find it easier to rename genes than to format a cell (or column) as "text"?

This kind of problem will keep hounding them. I doubt gene names are the only issue.

Days after President Trump suggests pausing election over security, US House passes $500m for states to shore up election security

Drew Scriver

Re: Its too late now

The government system in the USA is multi-tiered, and each tier has quite a few responsibilities that the other tiers are not able to affect (much).

In a nutshell:

1) Federal

2) State

3) Counties

4) Cities

The authority the higher levels have over the lower ones is relatively limited. For instance, legally the federal government has no real jurisdiction in education - that's up to each state. Within each state the counties and even school districts have a lot of leeway.

States operate largely independently from each other. Each has its own tax structure, for instance - separate from the federal tax system. Legally, each state has its own legislature, courts, etc.

It would be impossible for the federal government to run the elections.

Regarding voting in person, more and more states are dropping the requirement for voters to identify themselves at the polling stations.

Also, the reliability of the USPS is not very impressive. It's one of the reasons I'm very hesitant about mailing in my ballot.

My life as a criminal cookie clearer: Register vulture writes Chrome extension, realizes it probably breaks US law

Drew Scriver

Re: however on the good side

Looks like I might be the first (and only?) one to point this out, but this is about more than potentially breaking the law. What about ethics? Seems to be that it's a case of misplaced entitlement. It's available, so I should be able to get it for free.

Here's how I see the situation. Content provider (say, a magazine or newspaper) offers products (articles) for purchase. After all, they've got to eat too. First five or so are on them. Then you're supposed to pay.

How is this different from a food place that hands out free samples to passers-by - one per visitor, please? Do you just keep coming back in a different disguise?

If you want to down-vote this, fine. But it'd be good to also drop a comment on your rationale.

You're testing them wrong: Whiteboard coding interviews are 'anti-women psychological stress examinations'

Drew Scriver

My company considers itself to be a tech company and the execs tend to be highly technical.

To their credit, they don't usually speak up during incident calls. For that matter, there are very few people who talk on these calls.

However, the Incident Response Coordinator will solicit feedback from various engineers and there generally are conversations based on this.

My point is that if one cannot handle the stress of a panel interview the likelihood of being able to contribute during these incident calls is in question.

Drew Scriver

My (Fortune 500) company now has a policy that states that panel interview is no longer acceptable. It unnerves the Millennials and Snowflakes too much.

We're wondering what will happen if we have a major incident with hundreds of stakeholders, engineers, managers, and executives on a conference call and they're expected to contribute live...

As the FCC finally starts tackling its dreadful broadband maps, Georgia reveals just how bad they are

Drew Scriver

Re: fine the companies for gaming the metrics in their favour

It's not just the FCC. The Census Bureau's question on internet access lumps DSL in with fiber and cable.

Question 11

Do you or any member of this household have access to the Internet using a -

a) cellular data plan for a smartphone or other mobile device?

b) broadband (high speed) Internet service such as cable, fiber optic, or DSL service installed in this household?

c) satellite Internet service installed in this household?

d) dial-up Internet service installed in this household?

e) some other service?

Notice the complete absence of any speed indications or specifics. Apparently, gigabit Fios = gigabit+ cable = 1 Mpbs DSL.

Hughesnet's geostationary sat service, with its infamous data caps and 500-750 ms latency, would be considered the same as Starlink's LEO service.

And how exactly does one "install" dial-up service?

The FCC uses the Census data, and the next Census won't take place for another 10 years...

IBM job ad calls for 12 years’ experience with Kubernetes – which is six years old

Drew Scriver

Re: And so it ever was.

"But yeah if you can at least get to the interview"

Not if you run into a qualified interviewer. Couple of gems from candidates I interviewed.

1)

During a phone interview we thought we heard typing whenever we asked questions, so I suspected that we were interviewing Google rather than "John". My boss thought my suspicion was far-fetched, so I asked "John" a question in a specific way that would likely lead to the wrong Google result.

We heard typing again and I turned my laptop toward my boss. "John" read the first search result - verbatim! Since we weren't in the market for a narrator we kindly thanked him for his time and ended the call.

2)

Another candidate claimed to be an expert in HTTP. Understood it inside and out, he said. So, I asked him to give me the meaning of some response codes. Difference between 301 and 302? He had no clue. I asked about 401. No idea. 403? "Eh - can't remember."

At that point I couldn't resist and I remarked that he seemed to have trouble finding the answers. He didn't get it.

Figured I'd ask him one more. 200?

"Eh - okay..."

I started to think that he might still redeem himself when he continued:

"eh - server error, I think."

If only he had stopped talking after "Eh - okay"...

Linux kernel coders propose inclusive terminology coding guidelines, note: 'Arguments about why people should not be offended do not scale'

Drew Scriver

Re: Loaded words replaced by euphemisms

Doing "something" may in some cases set the stage for repeating the very evil that it is claiming to object to.

Case in point is the removal of the auction block on a street corner in Fredericksburg, VA. No more will children be asking their parents (or school teachers) why a stone block is sitting in the middle of the sidewalk. No more will people be almost tripping over it and perhaps find out what happened on that very street corner not all that long ago.

And no more will people's consciences be troubled by visible reminders of an ugly past.

Out of sight, out of mind.

"Those who forget their history are bound to repeat it."

Dems take a crack at banning Feds from using facial-recog tech. Congress will put it on todo list after 'learn Klingon'

Drew Scriver

Re: Regarding Facial Recognition Systems

It's interesting that this legislative effort isn't bipartisan. As recently as last year both Democrats and Republicans banded together in their concerns about facial recognition.

Could it be that the DNC wants all the credit in light of their effort to shift all the blame for anything 'racially' charged to the GOP?

NPR headline: Facial Recognition Leads To False Arrest Of Black Man In Detroit

Drew Scriver

Re: Im not in the data set..

Who is "they" in "they won't have a picture of me"?

I'm willing to bet half my stash of TP that pictures of you have been stored on servers far and wide.

Drew Scriver

Re: A correction

Unfortunately, your finding out means that the percentage of people who understand the system in the USA has been increased by a measurable amount.

The vast majority of Americans have little to no knowledge of civics. That's somewhat curious as it's considered a requirement for voting - if you were not born a US-citizen.

Yes, Prime Minister, rewrite the Computer Misuse Act: Brit infosec outfits urge reform

Drew Scriver

Re: The law is fine and doesn't need changing

One of the problems is that customers currently have no recourse if they find (or suspect) a vulnerability and that companies care very little. How about a branch manager of one of the top-3 banks in the USA who had never even heard of PCI-DSS...? Or one of the top-10 banks I called to report that it was possible to gain access account holders' accounts - only to be told that they had no process for escalating my findings to their Cyber Security department?

Worse, if a customer suspects an issue they don't have a legal means to dig a little deeper to see if their data may in fact be at risk.

To compound the problem, some companies go to great lengths to hide their problems rather than to address them. Remember the bank (!) that formally asked (forced?) Qualys to disallow the public from running an SSL-test on their main domain because it kept returning an "F"?

I would propose three actions as part of fixing the general security legislation:

1) A (government) clearinghouse/database where the public can report issues. Reports are to be automatically made public after x days, or at the very least it should be public where the company is failing. Receiving even general flags like "PCI-DSS violation, OWASP-violation, NIST-violation, unpatched systems, runs EOL-software", would most likely spur companies into action.

2) A (government) agency where members of the public can register themselves, report suspected issues and be given clearance to investigate (within white-hat boundaries) a specific issue.

3) Make executives personally liable for breaches that are the result of demonstrated decisions to do due diligence. That should all but eliminate those instances where people "on the floor" are flagging an issue only to be rebuffed by the corporation.

Facebook accused of trying to bypass GDPR, slurp domain owners' personal Whois info via an obscure process

Drew Scriver

Re: What do you think it is about

It's been like that forever.

Try explaining to people that commercial television is NOT about showing entertainment, but that their main goal is to show commercials.

People believe that the programming is interrupted by commercials, when I fact it's the other way around.

Oh - and people complain about the commercials. A lot. But yet it doesn't compel many of them to stop watching...

Having grown up in Europe (where it was illegal to interrupt programs for commercials) I was fascinated to find out that a show that lasted 25-35 minutes would take 45-60 minutes to watch in the USA...

Drew Scriver

Re: What do you think it is about

While I share your experiences regarding sales reps selling non-existing features, I have seen enough to assume that this particular rep was right about how much can be deduced from all the aggregated data.

The data is there, the tech is there, the incentive is there. Motive, means, and opportunity.

Occasionally we get to see a glimpse of how much 'they' know - usually when authorities use it to solve a crime.

One of the axioms in the (marketing) industry is that they (or at least their systems) know you better than you yourself do. Unfortunately, they're right.

Drew Scriver

Re: That’s not the answer that’s going to work for us.

Hmmm.... good point.

I'm afraid I read the article while trying to pay attention in a Zoom meeting. Looks like the meeting won.

I'd down-vote my own comment if I could, but El Reg won't let me...

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2021