Re: Perhaps?
@lee
Not necessarily. The passwords may have been encrypted but their private key may have also been stolen. That's one of the many reasons that you want salted hashes, not encryption for password storage
2545 publicly visible posts • joined 7 May 2012
> Oh and to Java devs everywhere, writing everything including the kitchen sink to Log4J output files in not the answer to reliable systems
Log4xyz is a good thing™. Certainly beats the hell out of something went wrong somewhere and we have no logs or some half arsed attempt to write to a text file using code lifted from stack overflow which isn't threadsafe, isn't buffered and works by loading the whole file into memory, appending a line then rewriting the file. Oh and by a file, I mean hundreds of files in various folders with no cleanup mechanism.
Other than sensible defaults, it's usually not a developer's role to configure log4xyz (internal or custom software where you have full understanding of the deployment environment may be the obvious exception). That is why you can change the verbosity of the messages in a config file. It is why you can choose your own appender. If you use a rolling file appender then you can specify things like maximum size, number of files to keep and so on. Then it is just a discussion with business about how much storage they want to pay for vs the point where files get deleted. That's their decision, not yours, not devs. Your job is to make sure you explain the consequences of whatever set of numbers get thrown at you.
The other side of the coin is ensuring that the I/O can handle the volume you throw at it. If you have your loglevel set to debug on a multi threaded stack, it may not be adequate to dump log files to some slow HDD.
Wait, you made me defend Java you sneaky bastard. Is that the new Rick roll?
If the government really want ISPs to do this, they should do one of two things.
1. Cover the entire cost out of general revenue; or
2. Permit ISPs to charge a specific data retention fee to their customers every month.
The *last* thing you want is for ISPs to try to monetise that datastore in some way to recover costs.
"For most practical purposes, Parliament House is regarded as the only place of its kind and one in which the two Houses through their Presiding Officers have exclusive jurisdiction. Thus in Parliament House the police are subject to the authority of the Speaker and President and their powers are limited by the powers and privileges of the respective Houses. Such limitations are not based on any presumed sanctity attached to the building as such, but on the principle that the Parliament should be able to conduct its business without interference or pressure from any outside source"
- Advice of Attorney-General‘s Department, concerning powers of police within the precincts of Parliament House, 1967. And see Parliamentary Precincts Act 1988.
Whatever one thinks of the man with the red underpants on peoples' heads fettish, the AFP would be well advised to tread very carefully. These rules are deliberately designed to constrain the power of the police to interfere with the operation of the house.
>fter someone impersonating the CEO in an email had authorized the transfer of funds. The CEO and CFO have since been fired.
So they fired the fake CEO? Or was it the fake investigation team that reported back to the fake board that caused the fake HR to sign the no doubt golden parachute cheque*? OK Neo, the blue pill....
*Just because you can't spell authorised doesn't mean I have to misspell cheque.
Yes. As long as you can mount your laptop on the moggie, this should work fine. Unfortunately, you still need a Roomba on which you can mount the moggie, so it is really turtles all the way down.
> (and what's wrong with the SMTP/POP/IMAP Internet mail service, I'd like to know)
Plenty, but nothing that I believe auspost has the answers to.
On a side note, lots of e-commerce relies on physical package handling to some degree. Why they can't leverage their natural monopoly to turn a pretty penny there shows a real lack of imagination.
"International visitors
If you are visiting Australia on Census night, you are required to participate. Your accommodation provider will give you a form or details of how to complete the Census online."
- http://www.abs.gov.au/websitedbs/censushome.nsf/home/getonlinefaqcensus?opendocument&navpos=110
They did. No doubt a good first step but it isn't that hard to circumvent. You're really just playing whack a mole.
"Earlier attempts to frustrate the website led the ABS to block all international traffic at about midday on Tuesday until midnight. But that geo-blocking mechanism ultimately failed, government cyber security adviser Alastair MacGibbon said."
http://www.smh.com.au/federal-politics/political-news/malcolm-turnbull-defends-handling-of-census-as-privacy-commissioner-investigates-20160810-gqp45u.html
I have not seen any independent evidence that they were ddos'd. By now I would have expected anonymous to come out chanting something something legion something or other. All the media reports that I have seen this morning are sourced from abs alone who after a trail of fail have a lot of self interest to hide. Keep drilling. We haven't heard the last on this.
Scale is hard; really hard. A few small assumption errors can give order of magnitude load increase. A small config file error can cause load balancers to do the wrong thing even if you have provisioned the hardware on standby (just ask aws). A small query plan error can cause additional terabytes of ram to be allocated during sign in (just ask Microsoft).
Oh, and given IBM's track record in handling government IT services, it's not that you wouldn't trust them to organise the proverbial in a brewery, you wouldn't even trust them with the RSVPs to the said event.
If El Reg couldn't see this coming then I would be changing news outlets. Blind Freddy could see that provisioning for a million people per hour isn't enough when most families will get home from work, eat dinner, kids in bed then log in. The saddest part is that because they make names compulsory, the results will be less than honest, negatively impacting public policy decisions for the next 5 years.
> Have you tried turning it off and on again
Possibly the best researched piece of tech portrail we have seen in years. Pretty much every techo has at some point heard that line from a telephone *ahem* support attendant only moments after telling them how you have just reimaged the drive.