Posts by chrismeggs

Trojan Nest

Slowly marching to the abyss, yes, bring it in, switch it on, hook up your appliances, let it connect to wi-Fi, improve interface by installing a microphone, I mean speaker interface.

Foot: shooting of one's own

Stepping back and scanning the horizon - what can we see? Precious little onion approach to layering security and the obvious ones : using a bank account number or any other extrinsic part of the "what he knows" information or requiring persistent and continuous authentication.

Smart? Cards

Educate me please!

Since when has the possession of a token proved the continuous identity of the holder? Surely we should be heading towards a biometric possession that continuously identifies the holder?

Bank on this

As far as I can recall, none of the recent stream of operational features involves an actual bug with a real financial service, mortgage, debit payment, savings account. The features seem to reside in the bulk move or access to large splurges of data. This points much more to data management than it does to financial execution.

I will reiterate my call to remove bulk data management from the banks. Allow them access still, but take care of storage in an operation that has consistently demonstrated its ability to handle this kind of stuff. Expertly. Without failure. Cheaply.

And now, Banks!

It is to be applauded that the insurers of this world have at least a decade or so to claw desperately back from the cataclysmic edge of total systems failure, and even more so if, in the process, they recognise that they MAY not be the country experts in IT.

Now, is it too late to get the banking fraternity to make the same self discovery?

We hope not.

PS4?

I am personally incensed that I am unable to boot this on my Hollerith! V M? I don't think so!

Cloud, schmo id

Excuse my ignorance and general lack of awareness. This Cloud business has me confused. For a start, I believe that the cloud is really all the internet was supposed to be in the first place, but has been a long time coming to the show.

Granted, the entangled mess of backup systems today only serves to decrease the appetite to use them - a one click backup to storage no matter what the medium is certainly an attractive alternative. But the one thing a cloud solution will NOT address is the willingness of operations management to exercise their backup/restore on a regular and frequent basis. Try scheduling a cold metal restart anywhere right now. You will be laughed out of court and demoted by revenue earning projects. Even a token exercise in wiper-production is a virtual impossibility these days, yes, even virtual.

What would be needed for any tight and comprehensive set of requirements would be a demonstration of restart capability, but I suspect blood runs cold when this is suggested. It simply is not on for one or more of our major financial line-of-business applications to be out for days and recovered over the course of a month, running crippled in the interim.

A usual, the technology is bent to provide for a user deficiency. Let's get, the cart before the horse, shall we and state what we want when we are asked. Expensive? Maybe, how expensive is the reputation all risk that associates failure?

GDS

It would be a cynical whistleblower who asked which major consultancy promotes GDS and uses it to horn in on other suppliers projects.

Man and machines

While I accept the main thrust of this argument, I believe that we are gazing down the wrong end of the telescope.

It is arguable that machines will get or develop the initiative to start the governing process going, although here set Chasm Management we have developed apps that fire up on machine start and "discover" their role in a network and register themselves accordingly.

My major concern is the nibbling away that is being done on the intimate man/machine boundary closer to home.

We now have a digital music system that is comparable, and often beats, it's analogue competitor. Similarly with photographs and movies. It is then relatively easy to modify or create from scratch, these digital files and then present them to the human who cannot detect them from objects captured from real life. Google glass allows us to interrupt the channel between objects and their reception or analysis in the human brain.

We could, could, end up simply being carbon-based analogue processors of whatever "facts" the machine wishes us to.

Now, of course, if you link this scenario with the one expressed above, where those wishes are decided by arbitrary sets of rules or constraints we have imposed on the decision makers then I can go all the way to support the main thrust of the article.

Ask not for whom the bit flips.

*rs* About face

I really don't want or need this service.

I can envisage one corporation wanting to verify the "correctness" of anothe corporation wanting to communicate with them. I can equally envisage the requirement for the identity exchange to allow rich data to be exchanged, such as credit rating or the organisation's compliance with various standards, eg ISO270001.

What I Do want is not to have to identify myself to an organisation calling me at an inconvenient time, asking me to confirm shared secret information - to whom am I divulging this "secret" information? The corporation has my phone number and has called me, of course i concede there may more than me at the house they have found.

More to the point, how do I know that they are who they say they are? Why cant my phone have a display to indicatethe corporations verified identity?

Conspiracy?

I expect that the theorists are champing at the bit with this one!

What will any self respecting theory include?

NASAs lack of credible power units for ISS support and maintenance

USs lack of power to deliver warfare ordinance

Virgins use of Russian power units that it may be able to "give"to the US and NASA.

Prospect of the US relying on Russian technology to fight its war against, er, Russia

Too much money and too big outcomes to allow anything normal to happen without someone lining their trousers.

Cynical? Moi?

Sounds good to me

I see nothing wrong here. We already have pictures and movies that are not analogue but digital, with sufficient precision that we cannot tell that they are binary - the human eye/brain is fooled by those 12 frames a second. Audio is the same, except for those self-delusional so who rate CD records as less "real" than vinyl. I believe that we will soon live in a world divorced from reality and provided by digital I/O.

Now, if we configure each "Thing"in our IoT with a set of limit values for certain actions, then in a while we will end up surprised when the internet decides that we need to do action a rather than action b based on previous experience, bid data analysis of recent trends or how many beers I have extracted from that fridge. Do I want? No way. Not my circus, not my monkeys.

Well, 'Nuff said.....,

Except, of course, the detestable use of the phrase "value for money"!

Define value. I would it as satisfaction per unit cost.

In which case, we end up with satisfaction per unit cost per money. Not the English what I wrote.

CV

As a contractor, I am used to havng my CV inspected. References are taken.

Who on earth in the government did the same with this supplier and actually inspected their track record? And, if they did, how could they on earth reappoint them?

Straight out of the box, all this and more....

Memories from an old Notes user.

Big brother?

Oh, I know, but someone has yo say it.

How long would it be before life insurance schemes, credit agents and the like demand so many months wearable monitoring history before they advance services?

Not a government Big Brother, that's for sure, but an effective barrier to the great British public.

Difficulty in obtaining....

A bank account is, IMHO, nearly as difficult as getting a passport, but it is also a prerequisite. The breeder document for all this is the birth certificate and even that is less prone to fraud since the inclusion of the Elvis database to eliminate Day of the Jackal type occurrences.

As far as trusting the banks, this falls into two spheres for me, one the process - do I trust their KYC? - and their processing security - do I trust their operations? I do trust the process and now that the majority of their processing is or can be outsourced, I am beginning to trust their security.

Any trust model built on multiple sources, the federated model do instance, will be inherently more secure than a stand alone model, but difficult to establish and operate unless the banks and other financial institutions have a joint regulation construct, perhaps like the Payment Council for example.

Wow!

Certainly ticks my boxes, if not for this initial release, but for the implied direction. One to watch.

I am new to this group. I joined to enlarge my comprehension, scope and depth of the problems at hand.

This conversation thread has done none of those things, it has in fact made me wonder whether I could ever get that from a group with people like these contributors as it's members.

Please stop.

Now.

Oh Dear!

Now we have confused the transport mechanism with the security model.

Everything the article says and implies about SMTP security may be true, but what IS true is that a person's e-mail address may be as unique as their mobile number. If this is the case, then it can indeed be used as a to ken key to their bank account sort and account number. Of course, an e-mail address is more open and accessible in the public domain than a mobile number, but the required security may have to be introduced at the KYC point, in this case, as usual, the bank or account holder's issuer.

This conversation probably leads to one about LIABILITY, about which I have strong and controversial views, published elsewhere.

ipads in edukashun

Sounds like a long preamble to a Pi-based plug. which is cheap and programmable and british and small and grey or black or any other colour you want.