918 posts • joined 6 Jul 2009
Re: Killing the patient
The way to prevent the inappropriate use of the data is to stop using it inappropriately; not, to stop the data being collected in the first place. That is backwards.
It's actually the same argument as gun control. Yes you can try to stop people using guns inappropriately, but it is far more effective to not give them guns in the first place. And especially not give guns to people who already have a lengthy history of using them inappropriately.
Re: obvious solution ...
Smooth Newt - are you serious? A huge amount of effort has gone on over the years in networking scanning equipment such as this. They use a standard called DICOM?
The problem addressed is that the diagnostic equipment is on the Intranet and so is exposed to security risks, possibly via something else on the network getting compromised. Mitigating these risks seems insurmountable if the code cannot be regularly updated. By far the best solution for keeping a system secure is to air gap it. It isn't perfect but it is the best there is.
I am sorry if it is "sheer drudgery" to vastly decrease the likelihood of the devices being compromised, but it is hardly a "waste of time". And it is less tedious than many other activities which take place in hospitals.
How would you propose to do this? Writing DICOM studies to removeable media then a radiographer puts the media in another terminal and reads it in to the PACS system?
Yep, pretty much.
Re: obvious solution ...
The article conflates confidential data on hospital networks with remote access to diagnostic equipment, and these should be separated.
I don't see why the MRI machine needs to networked. Transferring the data from the MRI to the hospital Intranet via sneakernet makes it significantly harder for hackers to gain unauthorized remote access to the machine, and is the work of a few moments. Securing the data on the hospital Intranet is then a different issue that is simplified because it doesn't involve trying to get the MRI scanner to issue security related patches.
Any jobs for a PhD in red herrings?
No it isn’t - the whole point of this story is that the NHS isn’t capped.
There is no shortage of STEM grads, there are 100 PhDs chasing every post-doc position let alone professorship.
That will be because every STEM graduate is a PhD and every PhD is a STEM graduate. And the only jobs that STEM graduates want are in academia. Plus, STEM graduates are completely interchangeable - someone with a biochemistry degree is highly skilled in areas like mathematics, chemical engineering and psychology.
So let me get this straight. Brexit will destroy jobs. But because Brexit, we need loads more workers. Something seems fishy.
Different types of workers obviously aren't equivalent or interchangeable. If you are an experienced automobile component production line worker, then you are surely screwed. If you are a company insolvency practitioner or an experienced Jobcentre worker then you might want to start thinking about asking for a rise.
The Department for Bad Grammar
The Department for Digital, Culture, Media and Sport's (DCMS). So "digital" is now a noun?
Blind keeping the public in the dark
It concerns me that there are questions in the workbook like:
Have you spoken to your organisation to find out if you can speak about your project openly?
The question seems framed by the assumption that everything should be secret unless there is some reason for it not to be. Why isn't the question the other way round, e.g. any reason why your project should not be spoken about openly?
decimate - remove one in ten (decem)
undecimate - remove one in eleven (undecem)
But that immediately causes the problem that there is now no verb for reversing a decimation. Even worse, a company which announces a decimation, followed shortly by one of an undecimation, is announcing that things are even worse for the their serfs. Whilst El Reg readers are clearly clued up on Latin, the same cannot be said of Sun and Daily Mail readers, or even parliamentarians, so this neologism will serve to have catastrophes praised as U-turns.
Having an elderly relative who has had a number of serious bone-breaking falls but seems to be wilfully courting further disaster on a daily basis, having a reliable means of knowing when to summon another ambulance that doesn't depend on having the entire house under video surveillance would at first sight seem like a wonderful idea.
This sort of stuff has been around for years, albeit without the new added artificial neural networkTM that seems obligatory these days as an alternative to any sort of statistical analysis (because that would involve actually thinking about the problem and gaining insight into it from the data instead of just pumping loadsadata into a neural network). See for example http://www.jpier.org/PIERB/pierb20/09.10022206.pdf
As for detecting when your granny has fallen over, as opposed to having a sit down or crawl around, false positives are a big nuisance and false negatives a disaster. Neural networks need to be trained with a great many test cases. So unless you are prepared to push your granny over a few thousand times to generate the necessary training data, making it reliable is going to be problematic. Getting some poorly paid PhD student to pretend to fall over a lot is unlikely to work either, since real falls don't look anything like pretend falls.
This is not the case with a single-seat, single-engined fighter jet, which, aside from having no creature comforts except for a seat and an air supply, is a lot riskier (from the planning point of view) to fly over the sea for long periods of time.
But don't carrier-based aircraft have to spend a lot of time flying over the sea?
Re: Tesco Does Not Know More About Me
Tesco would know more about me than GCHQ because they are more interested in me than GCHQ.
You have no idea how much GCHQ know, or do not know about you. Perhaps they know at least as much as Tesco as they can bulk purchase data from the same commercial sources as supermarkets do, and then add their drag-net surveillance to that. "Know" is also a very loose term, in this case it is about data pertaining to you spread across databases rather than, e.g. collated information in a written document.
There are good reasons to do this
Please note... even a judge has a barrister.
There are good reasons to do this.
The main one being that only judges get paid enough to afford a barrister?
Re: Blockchain ?
Worth noting that once data is in a blockchain, it's there forever, unless the blockchain was designed to remove data before creation.
Yes, all the banks and other people getting excited by blockchains recently mostly haven't considered this at all. Other than suggesting that blockchains should be exempt from GDPR!
Re: Im confuzzled
One option would be for all existing mobile networks to be forcibly merged into a single national network, and every provider (Vodafone, EE, etc) becomes a virtual network on top (like Tesco, GiffGaff are OTT providers on someone else's network). That would give you "operator agnosticism" simply by making it so that there is only one physical network, really.
4G simply cannot provide excellent coverage, especially inside buildings, without a high density of base stations. Physics. The signals have to reflect and diffract through small openings within buildings having already been attenuated. You need long wavelengths, high power and low data rates. 4G uses short wavelengths, low power and high data rates.
I am not sure why the Government ever thought this was a good idea. Maybe they should have had a word with an RF engineer first.
Re: Default password ?
Wrong question. How did they fix the OS so that the root password was unchangeable? They made a very special effort to mess it up this badly!
If there is all this obvious stuff, then what more subtle problems will remain after these have been fixed? If there really has been little thought of security in the software, then bolting it on later is probably not going to be successful without considerable re-engineering.
Re: Security is critical, but
I don't want to be called a "Tech Lead" when this crap exists. I don't want the FBI holding me for questioning when all the data and money is gone.
Document it and forget about it. If you have told your management, in writing, and they decide to do nothing about it then it is not your problem any more. They can do the explaining.
Then the other f*ckers (to use your language) invited a load of their poor relatives along and told me I had to pay the lion's share for a bigger pool because I had more money than them. I couldn't believe it when they started telling me I had to had to let them and their mates use my house for parties.
We were the "poor relative" when we joined, described at the time as the Sick Man of Europe.
And you conveniently forget that existing EU rules allow states to deport citizens from other EU countries if they have become a burden on the welfare system of the state.
Re: Or more accurately..
4. UK tries to come to sensible agreement to the benefit of all parties
Who could possibly not want sensible? It's like motherhood and apple pie.
The problem of course is that "sensible" is such a loaded word. What is "sensible" depends on where you are standing. As far as the EU is concerned, the UK agreed that third countries should not be allowed to develop the system or have privileged access to it, then decided to become a third country and now wants to renege on that agreement.
As far as the UK is concerned, it paid towards it, so it should use it.
But in most negotiations, including Brexit, the party with the biggest stick wins. So from all that has happened so far in the Brexit negotiations, the UK will huff and it will puff, and then accept the EU decision. That's what the sovereignty that the Brexiters want actually means - the EU, the US, and China get to shit on us, and we get to shit on Tuvalu and Tonga.
Re: Anti-missile missile at home?
But it's OK because we will soon be able to deploy a single very nice aircraft carrier, as long as the entire RN combatant fleet's available to protect it, for the vital defence task of... uh...
Of hosting cocktail parties. An aircraft carrier without any aeroplanes isn't much good for anything else.
There should be no legacy systems anywhere near the internet, that's just standard best practice.
"Legacy" is a word invented by salesmen who want to sell you some expensive new bit of crap. "Older than something I'm selling" is not a justification on its own for replacing something.
Within Arm's reach: Chip brains that'll make your 'smart' TV
a bit smarter even more creepier
P.S. How about trying good old detective work instead of lazy data-slurp grepping.
Remember who it was that broke this - encryption became the default when the public found out about huge and outrageous abuses done by the same sort of people who are now whinging about it.
That the Ministry of Defence still uses such outdated, uninspiring names for its warships.
Agincourt for a warship dates from the fashion for all things medieval and classical heavily in vogue in the 18 and 19th centuries. It actually meant something to Georgians and Victorians brought up on tales of English medieval daring do. But how many 21st century crew etc are going to be inspired by an obscure six hundred year old battle that almost no one has ever heard of. Might as well call it HMS Dull. Was going to write we should be grateful they didn't call it HMS Agamemnon (who the hell is he?), but then I noticed that they have one of those already.
e.g. If they wanted something that begins with an A, then e.g. the battle of Arnhem has modern resonance and there are enough films, books and memorials that people will have some clear idea about what it was like to be there. But it is hopeless for Agincourt unless you are a medieval historian.
Re: But what happens to the existing installs?
Can Canonical push an update? Surely there's no way of informing the victims.
And do Canonical know enough about the identity and location of this individual for some chance of prosecution under the Computer Misuse Act or similar? If not, then why not?
Decades of experience
The "fake news" theory accounting for Trump's victory requires us to believe that voters discarded decades of experience of the two national figures leading the race, and have their minds changed in an instant by something they saw on the internet.
Where does the decades of experience come from? Most people don't spend decades assiduously following politics, usually they don't give a shit until election time and then get quickly bored, and many haven't even been alive long enough to accumulate decades of anything.
GDPR Nirvana versus reality
The reality of the GDPR is that there will just be a whole load more terms and conditions attached to every website and every agreement that no one will ever read, at least past page 97.
The same as the EU Cookie Law, loaded with good intentions but the actual result is just a rather pointless click through message on most websites.
And around page 390 it will say something like "please note that if you withdraw consent for data about you to be processed by ourselves and the people we have flogged it to, and the people they have flogged it on to, it may take up to a millenium for this to be actioned". I paraphrase, of course, as it will all be in the most impenetrable legalese.
Re: Sex Education
Please explain why only schools can educate children about sex & relationships. What about these things called "parents".
There is no intellectual capacity or social responsibility needed to become a parent, so you can't assume they are willing or capable of anything apart from the ability to shag.
There is even less required of a voter, since they don't even have to be able to attract a solitary member of the opposite sex and be able to shag it. Hence stupid government policies designed to appeal to narrow-minded dolts, like this (and Brexit).
Re: Sites sharing passwords with each other?
Why it is necessary for sites even to know what the user passwords are?
Why do they store the password and not just its hash? That's just asking for trouble, i.e. screwing all their customers at the same time, as someone can steal the file containing all the passwords.
But maybe there is some psychological profiling data to be extracted from people's password choices and monetised.
Re: An Interesting Indent.
Consumer drones are here to stay, and if this is a fishing expedition for some wonder tool to jam drones hows that going to work?
Its the same strategy with encryption. Find a couple of obscure edge cases and use that as leverage to ban everything.
Time to ditch the Facebook login: If customers' data should be protected, why hand it over to Zuckerberg?
Re: Corporations promote their Facebook-URL way above links to their own websites
People need to actively boycott corporations that rely on social media as a primary point of contact...
People don't actively boycott. You might, but your granny and your kids won't. It needs legislation.
Re: Binding Protocol?
So if a guy in an assault helicopter is firing missiles and lumps of lead at you, and all you have is a crappy laser pointer from eBay, is it going to make you a war criminal if you try to shine it in his eyes?
If you are a non-combatant, which is probably the case since you don't at least have a rifle or a sidearm, then the guy in the assault helicopter is also a war criminal for targeting you.
Re: Excuses Excuses.........
For the first time I can remember, a sitting government admitted to a fuck-up without the slightest attempt at dodging.
You mean after ministers spend two years denying there was any problem at all, when it finally exploded into a front page political crisis the minister in charge of the Home Office tries to shift the blame to her staff for actually implementing her Government's policies? “I am concerned that the Home Office has become too concerned with policy and strategy and sometimes loses sight of the individual.”
And it's nothing to do with going for the low hanging fruit to meet targets of people deported because we don't have targets. Until a memo is leaked which reports progress on the “path towards the 10% increased performance on enforced returns, which we promised the home secretary earlier this year”.
How is that not dodging?
Re: Stupid Boy
Cheap LEO satellites are becoming a commodity these days. MEO are a tad harder and more expensive to launch, but in no way overly complex.
With exquisitely accurate atomic clocks that are capable of surviving launch accelerations and the harsh environment of space - atomic oxygen, vacuum, ultraviolet and continuous large thermal radiation changes - and then operate unattended in it for many years? That's a bit more than knocking up a cubesat containing an Arduino. Sure UK companies can build it, but it ain't going to be cheap.
Re: Chokes with laughter
The Prime Minister will task engineering and aerospace experts in the UK to develop options for a British Global Navigation Satellite System that would guide missiles and power satnavs.
If it is comparable with Galileo, a British satellite navigation network would cost ten billion quid in capital costs and then about a billion a year to run. Money that could be spent on the NHS instead. I don't remember seeing that written on the side of that bus.
Re: The real question is...
Based on a 2012 study, for every 10,000 women screened 129 will be false positives.
So in half a million "not inviteds" that's 6,450 who weren't unnecessarily treated.
Puts the number of, purely theoretical, deaths into perspective,
I doubt you would consider it a "purely theoretical death" if it was your wife or mother who died because her breast cancer went undetected until it was too late.
Re: And as for how long...
>I expect they keep the records for six years
From memory, in the UK it is 30 years, which is laughable, as it meant my Dr could not refer to the details of various conditions, first diagnosed and treated in childhood.
Six years after the patient died, because a civil claim against the health authority will be out of time if not started before then. It is only three years if the claim is that the health authority injured the patient.
Remember health records are explicitly for the treatment of the patient, not for any other purpose like later research unless the patient consented. So you can't use them for DNA studies even if the patient is now dead.
Re: And as for how long...
Totally missing the point which was to do with retention of records, rather than confidentiality and public access, but carry on...
Well retention is sort of irrelevant if you want to trawl through dead people's medical records looking for interesting historical facets, as you put it. Because you can't except in a particular exceptional circumstance. I expect they keep the records for six years, the time limit for most civil claims the health authority might be faced with. There is no reason, but there is a cost, to keeping them longer.
Re: And as for how long...
Surely the "personally identifiable" bit dies along with the subject?
No. This is covered by other laws. e.g. under the Access to Health Records Act (1990) medical records are closed to access whether the person is alive or dead. Executors and dependents are allowed access, but personally identifiable medical data certainly don't become public property the moment that the death certificate is signed.
Re: Journos and info wars
I always thought it was better to try to stop an arms race rather than ratchet it up. Cyber warfare and propaganda are both areas where limitless resources can be pumped in by both sides to the ultimate benefit of no-one.
Re: The problem lies deeper
The problem is that browsers now are so incredibly complex that you need a large corporation to support them.
Browsers don't have a life of their own with web browser development corporations running behind them desperately trying to catch up. In fact, these outfits keep adding loads of unnecessary bells and whistles so that browsers are now a prime example of massive code bloat and feature overload.
Giving British citizens rights that the British Government, and the Parliament it owns in our broken system, wants to take away.
You're certainly not OK
I'm OK as I was born here - so could get copy of birth cert if needed, but I would be screwed if I was a Windrush person (or if I was offsppring of windrush legal who had no papers).
Except that just being born in the UK doesn't automatically make you British. e.g. If you were born in the UK between 1 January 1983 and 1 July 2006 then you can only be British if at least one parent was British and living in the UK. If your mother wasn't British but your father was, then this only works if he was married to your mother. https://www.gov.uk/types-of-british-nationality/british-citizenship
So, you will have to obtain your birth certificate and a parent's birth certificate and possibly your parent's marriage certificate. And then prove that they all refer to the same people - i.e. your father listed on your birth certificate is the same person that "his" birth certificate describes. And prove that you are the person that "your" birth certificate refers to. Good luck with all that, especially if your parents are dead, or even used different names at different points in their lives (which is surprisingly common). It is what the person verbally says their name is to the registrar when recording a birth that goes on the form.
Hope your not needing to use your car, any medical treatment, a bank account, any rental accommodation or a job. You may have been born here, and never left the country, but that knock you just heard on the door was the immigration service coming to take you away.
Hostile to ILLEGAL immigrants
You missed a word... "to make the country as hostile to ILLEGAL immigrants"
And everyone else who gets hurt is just irrelevant collateral damage?
It's like trying to catch criminals by locking up everyone who can't prove they have never committed a crime.
Because it would be insanely stupid for an academic at a university to do that. These people have pretty good jobs already, don't particularly want a massive payday (they are in academia after all, not known for its inflated salaries) and it would be fairly easy to trace it back to them.
This is a crazy overgeneralisation. It's a bit like saying all French people smoke like chimneys, and spend an inordinate amount of time shagging and drinking wine.
There are 194,00 academic staff in UK universities etc, and 81,000 PhD students. And that's just the UK. You can't make sweeping statements about the integrity, life goals and avariciousness of millions of people worldwide like that.
I'll point to the recent scandals about inflated vice chancellor pay as a banal example of academics who clearly do want massive paydays, and that the majority of postdocs in academia are on short term contracts and so lack anything approaching job security.
"Basically, the US has a monopoly of all smartphones and is prepared to use it in trade wars."
I don't think any smartphones are manufactured in the US. Almost all of them are made in Asia, along with most of the electronics and other components. And e.g. Samsung is a South Korean company and Motorola Mobility is owned by Lenovo, which is Chinese.
Re: Translation Required
Do I take it that "leveraging synergies across business units to be more than the sum of our parts" has gone the way of the dodo?
Yes, the new wank word bingo phrases are "strengthen [...] services and products" and "sharpen our focus on customer service". It sounds better than "sell stuff our customers want to buy" and "have less shit customer service", although it is maybe a little less honest.
Re: I wonder how this affects me...
Except, if you're at risk of being snooped on by spooks, they'll be foreign spooks. With no interest in what you're doing, and a very high hurdle to coming after you in the unlikely event that they do find connections between you and suspected terrorists, child-molestors, or general dissidents
Not so much that, it is having your router and any computer connected to it used as a surrogate for said spooks hacking activities. Much better to use your IP address rather than their own. It makes it less obvious that it is a foreign state doing the hacking, and means you have to issue the denials about being the source of the hacking from your cell instead of them from their comfortable foreign ministry.
Re: I wonder how this affects me...
"I own and use a ZTE z850, and have been using it for a couple of years.
What risks am I actually running?"
The people who pwn it will be Chinese rather than American.
Re: It only makes sense.
Being in the country Illegally SHOULD be treated as a serious crime.
Not every crime is a serious crime. Serious crimes cause major, life-changing harm. Things like murder, rape, torture, planting bombs, slavery, large scale theft. People must be strongly deterred from committing these crimes, and perpetrators stopped before they do even more harm, at almost any cost in Police resources.
Letting your dog shit on the pavement, nicking a Mars bar or overstaying your visa are not serious crimes. Fortunately for you, talking out of your arse isn't a serious crime either. Unless you are Boris Johnson, of course. What was the name of that woman in an Iranian slammer?
Re: Leaking the anti-leak memo to Bloomberg
In 2017, Apple caught 29 leakers. 12 of those were arrested
These figures are meaningless without Apple also giving an estimate of how many leakers they didn't catch. e.g. if there were 10,000 leaks in 2017 then the odds of being caught were pretty low; if 30 leaks then the odds were very high. I am curious why the company didn't think it would benefit from providing this essential figure.