Posts by big_D 6775 publicly visible posts • joined 27 Nov 2009
I'm glad I live in Germany.
Things like the Ring doorbell can't show public areas (road outside your house, or the driveway to your mailbox, for example). And, if you have a flat (apartment), you can't use it for the house entryway or communal hallways. If you have a video system it cannot record, only show live images to the screen in the apartment.
Exactly, and I'd say a vast majority still aren't clear about what they are giving up, when they use free online services or free wi-fi, hey, its free!
The technicalities of what is happening are so complex that even IT professionals and lawyers struggle to get to the bottom of exactly what is going on.
I like the planned eAkte (electronic patient folder) in Germany. I'll get a request from a doctor or a researcher who wants access to information. I can decide if they get access, and what level of access.
Diabetes research? Ok, blood values etc. but not my prostate scan or operations for various things, for example.
If I go to a new doctor or specialist at the moment, I have to sign a release form that they can order my information from other doctors, which takes a while. With the new system, I can give the doctor access on the spot, and access to what is relevant.
Our data is already bought and sold for profit. And we love it.
Er, that would be a big no! I block 2.5M known tracking domains on my network. I have de-googled my phone as much as is possible and block all tracking on the device that I can, don't give permissions that I don't think are relevant to an app etc.
My wife is non-technical, but is paranoid about being tracked. Without prompting, she came to me one day and ordered me to "de-google" her phone.
There is a growing minority of people on the Internet that treasure their privacy and don't want to be tracked and prodded at every turn.
interact with our “free” social media accounts, when we walk down the street, through a shopping centre or log on in a coffee shop, our data is grabbed. We give it up for free Wi-Fi.
Yeah, uh, no! Not me. Facebook & Co. are blacklisted at Chez big_D. Never use open Wi-Fi. Don't use any loyalty cards or apps etc. when shopping.
Good point, I'd forgotten we were talking about public personalities.
But that is more aimed at legitimate news services etc. reporting on them. Because they are a public figure, they can't ask for, for example, stories about them to be removed, a private person could.
If a company has information on a public personality that isn't considered public or is incorrect, the PP can still ask for the data to be removed or corrected, AFAIK.
As I worked as a DPO for a manufacturing company, PPs were not what I concentrated on...
The Germans take it to extremes as well. There was a missing girl, who was being searched for. At the weekend and on Monday, a picture of her was shown in all news programmes. On Tuesday, she was found, so they could only show here with her face blurred out...
Yes and no. That they should be compensated, yes, flawed. That these companies have a right to share and sell the information, no, that is covered under GDPR. If the player is identifiable, the owner of the information has to get permission from the player(s), before they can share or sell it.
The same is generally applicable for any PII. E.g. if you scrape email addresses from websites and correlate them to identifiable people, through the website and through, for example, LinkedIn profiles or whatever, you can use that yourself (as long as the information is restricted to only those that absolutely need access within your business), but you cannot share it with business partners or sell it on to third parties.
Yes, but if the information in the database includes PII under the GDPR definition, you cannot share the information in the database with third parties or sell it on, without getting the written permission of the identifiable parties.
The identifiable parties can also request that their information be removed.
The owner of the database, on the other hand, does not have any obligation to compensate the identifiable persons, unless they have breached the GDPR rules above - and that is also likely to end in a fine from the DPR as well.
The previous vulnerability was in the miserable multi-media library. Even the extra sandboxing they put in place (blastdoor?) was circumvented by the problem.
This is a totally separate exploit, direct in the Kernel. An app needs to already have access to the device to exploit it, but once on the device, it sounds like it is relatively easy to exploit.
Most malware, like Pegasus, uses a chain of unknown exploits to gain access, gain control and then achieve permanence.
The doctors here, in Germany, have been excellent so far. I've had a few problems and they have been dealt with quickly, efficiently and professionally. No spurious drugs and no unnecessary operations, they try to be pro-active and tackle problems before they need to be operated upon and if there are non-invasive options, they will usually try those first.
And, when it has been an emergency, they have responded swifty and in a friendly manner and sorted the problem out quickly and without fuss. In one instance, I was at the dentist and they suspected a stroke (it wasn't, just an inflamed nerve) and called an ambulance. The receptionist called my wife a couple of hours later to find out my current status and was thankful that I called back later in the day to tell them everything was okay and it was a false alarm.
The German system is opt-in and it is being expanded to an eAkte (eFolder or electronic medical history) sometime soon (it was planned for 2021, but looks like it will slip into 2022 at the moment).
The system will give the patient control over their information. When they currently visit a new doctor, they have to sign a piece of paper giving the doctor authority to get the information from other doctors. That takes time. With the new system, the patient can grant access on the spot and the doctor can download the relevant information - the patient should also be able to define which bits of the medical record they can see; for example, if you are going for a prostate scan, you don't need to let the doctor look at your psychological problems or ingrowing toenail.
The same would be true for research, you could open up the relevant parts of your information to medical research. The researchers only get the information you release to them and you can retract that permission at any time - and legally, the researchers will have to delete any locally stored information they have.
All constantly running their own individual applications and hammering the I/O for data?
A website is very different to the typical load a minicomputer would run. It can cache most of the data, for a start. And it isn't doing constant processing of data, such as looking for oil in a seismic survey, or manufacturing processing loads, it is serving up the same pages with the same information time and again and not constantly, people load a page, digest, load a page, digest... On a mini, it is controlling the whole session.
A terminal server, with the ERP system running directly on the TS, along with its database, would be a better example. If you throw a big enough server at it, it is possible, but a Pi or even a desktop PC wouldn't be able to cope.
Yes, but boost that up to 100 connections or more, like old mini computers could handle...
In pure processing terms, a Pi runs rings around old mini computers. On the other hand, the pure processor speed was just a small part of what made them fast, compared to "much faster" PCs of the time, which crawled in comparison.
It isn't just the clock speed, it is also I/O and other things that were optimized for mutli-user and multi-process use.
The VAX 11/780 had a 5Mhz processor and ~4MB RAM, but could cope with over 100 concurrent users. Today, you would be hard put to find a PC that could handle 100 concurrent users. I worked for an oil exploration company in the mid-80s. They had dozens of geologists working on seismic plots and writing FORTRAN code to clean up the raw data, A0 digitising tables for marking areas of interest on printouts etc.
They even had a 2400dpi laser plotter (which used an Olivetti mini-computer as a dedicated print server).
The same for the PROTOS2000 ERP system, running on a VAX. We had that at a manufacturing company with hundreds of users in the back office and on the shop floor entering data or analysing results.
Even considering that was mostly 80x25 or 132x25 character terminal displays, that is still a lot of capture, storage, retrieval and processing of information that it had to do with those 5mHz. It had to have a separate process for each terminal, for example.
Modern computers have much more processing power, but I honestly don't know if they could cope with hundreds of users hanging off of them and using them to process information simultaneously. But getting hold of such an optimised operating system and a method of connecting a couple of hundred serial terminals to a Pi would be near impossible these days (yes, you could probably do 100+ Ethernet based terminal sessions).
Even the first PCs were, theoretically, "faster" than a mini computer of that age, in ram Mhz terms, but they struggled when you tried connecting more than half a dozen terminals to the back of them - I had to support a 286 running Xenix and an accounting package, with a dozen terminal hung off a multi-port serial card. It was very slow, even though its processor was faster than a VAX, in terms or clock speed. What the VAX could achieve in one clock cycle, on the other hand...
And? Nobody is saying you can't continue to use Apple Pay. They are just saying that it is a possible restrictive practice to not allow the user to select an alternative, if they want to. They are not saying that Apple can't offer Apple Pay any more and everybody will have to switch to another payment provider.
I live in a country that has very strong restrictions on what banks can and can't do and it is much more restrictive than what Apple could do with the data. Therefore, from a privacy viewpoint, I'd rather use my bank's payment app directly.
I'm not saying they will do anything with the data, but they have less restrictions on them than the banks, so they could theoretically do more with the collected data.
At the end of the day, nobody is talking about ripping Apple Pay away from you.
If you want to remain in Apple's eco-system and just use Apple Pay, you can. On the other hand, if you don't want Apple looking over your shoulder on every transaction, you can opt to use a third party app.
It is the same on Android, you can simply use Google Pay, or you can install your bank's NFC payment app, if you don't want Google mining your payment habits. Nobody has banned Google Pay from Android devices, they have added choice.
The bank is legally bound not to use or sell my transaction details. Apple not so much, they say they won't, but who knows what they do with the information. The same for Google Pay.
If I use my bank payment app, the whole chain stays with the card processor and my bank. With Apple Pay, Apple stick themselves in the middle.
In countries where banks aren't so strictly regulated, the extra step of everything going through Apple might be useful, but where banks are sworn to more secrecy than Apple, that is another weak-point in the chain.
The more links in the chain, the more points where something can go wrong or be leaked.
The POS terminals over here all support all standards and you just hold the NFC card or smartphone over the terminal and it automatically selects the correct payment method.
I use 2 different debit cards (different banks) and the bank payment app on my Android smartphone. The POS just takes the payment. I've seen people using iPhones as well and they work just the same, the POS automatically selects the right protocol.
PIN is required in Germany for transactions over 25€ (I believe, because of CORONA, they upped this to 100€ temporarily) or after a certain number of PIN-less transactions at a level below the limit. With my debit card and my bank payment app, I usually have to enter the PIN every 2 weeks or so on average.
But you are also opening them up to a skip load of problems by keeping them on an unsupported version of Office with known flaws that won't be patched.
If those PCs aren't connected to the Internet and all incoming documents are virus scanned, before they are let onto those computers, it might be an acceptable risk. If they need to be connected to the network, or, worse, the Internet, that is a very high risk factor.
If they don't need the latest Office 365 features, give them LibreOffice, it is free and should happily cover all their needs. If they need MS Office compatibility, get them upgraded onto something with support.
What is a couple of hundred dollars, compared to the loss of all data, because the PC was attacked through a known security hole that couldn't be patched, because the software was too old?
I would say Office 2003 for menu fetishists and Office 2010 for ribbon fetishist. Office 2007 was in a sort of no man's land. The ribbons weren't really all there and didn't always have a sensible layout, and applications like Outlook still had menus. Office 2010 corrected all the little errors in the original layout and made it a cohesive and usable whole.
What they should be blasted for is never finishing the damned job!
There was a makeover for Windows 95, a makeover for 2000, a makeover for XP, a makeover for Vista, for 7, 8 and 10... And now for 11.
But, if you scratch the surface, you will quickly find UI elements that date back to Windows 2000 or 95! Elements that haven't been overhauled in over 20 years and are still shown in their original form - for example the .cpl extensions and the MMC snap-ins. They don't follow any UI guidelines from the last 20 years and they don't even observe system features, like dark mode.
They put a tick on things like "rounded corners" for most windows, centre the taskbar etc. but actually going through and making everything conform to the new style? Nah, that's too much like hard work.
Customers and business partners often force you to use MS Office, because they want to share documents with you.
For all its benefits, LibreOffice is still crap, when it comes to accurately editing and saving MS Office documents. It has improved over the years, but it is still a long way from perfect.
If you only share documents internally or you are using it at home, it is a great option (I use it on my Linux PC), but if you need to regularly collaborate externally, there is often no other choice.
Standalone versions have needed an account for a while.
We set up a dummy account for each PC we buy a license for. The same with Apple/Google accounts, each iPhone gets its own iCloud account and Android its own Gmail account, which isn't set up on the phone, just used to set-up the phone. The user doesn't have access to the email account or the password.
We are in an industry, where it just has to work, full stop, end of story.
No devops, just working solutions that need to be stable. You don't mess around when mixing chemicals, so if the system suddenly goes tits-up mid mix, you better have your protective gear on and be able to leave Kris Akabusi in your dust!
Likewise, at a previous company, we wrote slaughter house software. If the system didn't work reliably, it was a no-go. If the system halts, you have a maximum of between 15 and 30 minutes to solve the problem and getting it running again, otherwise, everything that is in the cauldron has to be thrown away, so major costs.
In most industries, you can can't "devops it", you need stable, reliable software. Reporting, you might be able to get away with trial and error, but the important stuff needs to be rock solid.
My brother-in-law's website needed urgent changes, but the "friend" who had written it for him no longer spoke to him.
It needed doing quickly and didn't need much in the way of maintenance. I knocked up a CMS system in about an hours, using a couple of dozen lines of PHP and it simply loaded text files, with little or no markup in them.
Simple and effective. The menu structure was just another text file loaded into another DIV, a bit of CSS in the background, job done.
We could quickly add a new page or change the menu. It did what was needed. Putting WordPress or Drupal on the server would have taken longer and then there was the creation of the pages themselves...
For a nearly static site, that changed once or twice a year, it was more than enough. If you have a simple site, sometimes a bit of simple code is all you need.
It isn't just an iPhone malware, there is a version for Android as well. Just that the majority of victims on the list used iPhone and, due to the way iPhone and Android log system activity, it could be proven to have been on the iPhones, but the lack of logs on Android meant it was inconclusive, whether they had been infected.
The German police bought Pegasus for use in criminal cases and it supposedly works on both iOS and Android.
There are also driver shortages in most EU countries already. There is plenty of work to go around, here on the mainland.
What are you going to take? 2 - 3 months work for ungrateful people, who don't want you there and will kick you back out "their" country, once the Christmas rush is over, or long term employment on the same landmass as your family?
With increasing welfare rules coming into effect next year in Europe, there will need to be even more drivers over here... I think the UK is going to be in for a surprise.
I use a couple of tech forums and podcasts, where I explicitly pay for an ad-free experience. The problem is, I can't afford to that for every site I visit, and some sites I only visit every few months, so a regular payment is not feasible.
I am happy to view adverts at those sites, but not at the expense of my privacy. I block known tracking sites, including most of Google and all of the Facebook based domains (around 2,500 last time I looked). If they want to show me ads, show me ads targeted at the page I'm reading, don't infringe my privacy, it is very simple.
At a previous employer, the CEO was an old-school developer. He put RDP directly online, but on a different port, because that was "safe", because nobody would guess that RDP was running on a different port, or heaven forbid, port scan us...
After he left, the first thing we did was bring it behind the firewall, so you needed to VPN in first, with 2FA.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
