Re: So whose bright idea was it in the first place?
"Delivery is quicker, but commonly the wrong thing gets delivered."
https://miro.medium.com/max/2800/0*K9vXpKMfe6hNQQnw.png
33022 publicly visible posts • joined 16 Jun 2014
High pay is essential for a successful consultation.
The people at the bottom of the pile usually have a good idea of what's wrong and what needs to be done. But those who know the price of everything and the value of nothing will disregard such information - it can't be worth much because it comes from someone on a much lower pay scale.
Successful consultants aren't blinkered by this attitude. They ask those in a position to know best and present it to management with a high price tag on it. Because it cost a lot it must be worth a lot.
"Installation remains a pain point for many Linux distros"
I think the pain point is largely that it asks the installer to make choices about partitioning. This is not an issue for an OS that just tramples anything on the boot drive even if the partitioning it sets up becomes a problem for later updates.
Likewise in Debian land, run any updates due on the current version, switch the distro name in /etc/apt, run another upgrade and reboot. I'd hope that this is now expected across Linux distros. Perhaps, to appease the "Oh, it's the command line" mouth-foamers perhaps there should be a GUI version (maybe there is somewhere but as CLI is often the far slicker way to do things I stick to that).
However there's always the need to install on new H/W or to replace Windows. And on the matter of Windows, which Liam raised in the article, I think there's a need for an installer that starts out from a PoV of "Oh dear, I see you've got Windows. Let's make space, install something better but let you keep your old data available." and automate that. If, as I suggested earlier, it could use Wine or virtualisation to run any installed Windows applications that weren't going to be replaced with Linux ones, so much the better.
Having said that SWMBO's laptop threw a H/W wobbly so I dragged out an old one of mine, W7 vintage, only to discover that the resident version of Debian was so old that its repositories were "archived" as were at least the next two succeeding ones. So that did involve a reinstall of Devuan.
Criminal legislation tells you what not to do. What's needed is legislation that tells you what to do when you get something wrong, irrespective of whether it was deliberately, negligently or anywhere in between. Lack of that allows the gross foot-dragging we're seeing in operation there.
"but the good guys - still the majority hopefully"
I know you're thinking about businesses as a whole but you have to extend this to the people who work there. How far back do you have to go through el Reg articles to find a report of someone, possibly in public service roles who turned out not to be one of the good guys? If you collected this toxic waste on the basis that it's of value to the shareholders you'd better contain it very safely. If you don't then your shareholders should expect to be heavily penalised for your failure. At the very least they'll expect you to have insured against it and in turn your insurers will be weighting up the risk and charging you for it. Non-compliance shouldn't be a free ride.
"all the data they need for their advertising business"
There's another thing. If anyone wants me to view their advertising I'm prepared to do this provided I'm paid for my time which I price fairly high. There is, of course, very little likelihood that I'll but what they're advertising and a very considerable likelihood that I'd avoid it.
Although it might appear unrelated I'd like to think that the Post Office scandal would be the trigger for something like a Cyber Harms Act.
The principle would be that any harm a mistake by an online system should be made good by the system operator in full and that would include ongoing harm during any delays, interest and any legal costs incurred by the victim in demanding satisfaction. In the event of bankruptcy the victims would be first in line with the possibility of chasing directors' personal wealth.
Don't forget the cost of not complying. The more data is held the more there is to lose in the case of a leak.
We should be well past the stage where the cost to the leaker is a year or five years or whatever of "monitoring" by some business which is itself a data hoarder. If the leaked data enables bank fraud the leaker should pay the losses. If every data subject has to spend hours or days rearranging their affairs they should be paid a fairly generous sum for their time doing that. If someone loses their house or their livelihood as a result of the leak that should also be made good. At present these costs are likely to fall on the data subject. They should fall on the leaker, together with any legal costs the data subject incurs in claiming them. In principle companies should be looking at the prospect of being wiped out by a leak. In practice they'd probably insure but the insurers would undoubtedly take a close look at the risks they were insuring and charge accordingly.
TL;DR PII should be regarded as potentially toxic waste. The more you hold the more you have to spend onf containment.
"used for corporate hospitality events for some years afterwards."
Also to celebrate allegedly successful sales projects - but only if you were on the manglement side. If you had to make it work when told about it the morning it was going live you were too late, the places had already been booked.
It seems to have been the classic second system effect. Multics, of course, was the one you build to throw away,
Seriously, I think the reason Unix succeeded was that it was built simple so everything could be layered on top. The Unix design was and is flexible. By building stuff in that had previously been layered on top it would have become less flexible. Assumptions become limitations.
"Eighth Edition Unix didn't have much industry impact, and little if anything drew significantly upon the Ninth and Tenth Editions!
The initial industry interest - and wider interest in general - grew out of the releases, primarily into academia, of the early versions. When AT&T were allowed to sell it as a product they set up a separate division that went its own way with System III (Was there a System I or II? I never encountered anything between &th ed & III myself) and later In FOSS parlance they forked it.
" Likely some BSD + GNU would have replaced the commercial expensive Unixes for servers, routers, eink ereaders etc if Linux had never existed."
Alternatively SCO could have realised that it was competing with free but not, as yet, as good. If they had aimed for a mass market - cut the price for single use, provided a free student edition or whatever it's just possible we might all, and I'm not confining this to Linux, users, have been using Unix on the desktop now. Linux would have got the chance to become as good.
They released a developer's disk that was actually free, but I don't think it was available for long and was only licenced form 6 months' use. In practice that wasn't enforced so it was useful for anyone freelance supporting the paid for deployments. With a bit of prompting they got involved in the long running court case with Linux, took their eye off the ball and lost the SMB server market they'd dominated.
It requires a bit of thinking about what's an identity in terms of system access.
Phone numbers and email addresses are simply hopeful but uncertain means of communicating with a person. There's no guarantee that the person in control of either is the person you think it is. Phones can be lost or stolen, numbers swapped to other SIMs and the phone might also be the endpoint for email. Using either for TFA is less of a security feature than your bank or mine assumes.
Personal emails are re-used for all sorts of site that demand email as an identifier as well as means of communication. People being people they'll also reuse the password. The only place an email address makes sense as a login ID is the email account; even then it's best to have a number of addresses each feeding the mailbox which is the actual login ID.
And people will still shout 'if you've nothing to hide...'
They should, of course, read the small print they clicked through when signing up for their online bank account, online retail accounts, social media accounts or whatever. They'll find that those accounts all require them to keep their access details confidential - in other words, hidden. Yes, they have stuff they're contractually obliged to hide.
I think in your place I might have contact RM first. They're clearly the one's ultimately responsible for letting an employee walk off with the data. Assuming it was post GDPR they should also have reported themselves to the ICO.
Then I'd have told the new company that they had to report themselves to the ICO within the statutory72 hours.
And made clear that I'd report them both myself before the 72 hours were up so if they wanted to get in first to look good they'd better move.
Apparently they "apologized sincerely" and the police confirmed that all data had been deleted.
To whom? Not, I'll be bound, to the 79,000 whose email addresses were nicked and, presumably, spammed.
So the only penalty was that they lost their job but as they had started a new business it may well have been that they had quit anyway. The best that can be hoped for is that, having proved themselves untrustworthy to do business with and probably pissed off 79,000 potential customer with spam the business fails.
"Hardly post-Brexit UK being the master of its own destiny, rather just waiting and hoping that EU countries fumble the ball."
As carried out by the world leading ball fumblers.
Having written that it's just occurred to me that that might have been behind the whole thing. They're always going on about Britain being world leaders in whatever they realised that this was something in which they could really remonstrate they were world leaders.
"Now, can you repeat what I told you about this last week?" If they can have them make the effort to repeat it as exactly as possible. If they can't, you have the excuse to give them the explanation and make them repeat it back to you and to make it clear that you'll ask them to repeat it next time. The effort they have to make will help them to retain it.
I receive contact messages from a website emailed to me by the admin of the site's server. As the reply-to address is that given by the enquirer I can just reply. At the weekend I had a reply bounded with a message which said, translated into English, you'll have to play guessing games to try to work out what went wrong. The guesses are either that outlook.com is not a domain they recognise, they'll only accept emails that reply to an address previously used for an outgoing email or that the different from/reply-to addresses confuse it in which case it's either going to be even more puzzled by an email from my own domain or there's nothing much I can do about it.. Either way my view is that if the enquirer wants to use an Ionos hosted email system it's her problem.
That's an ex[expectation that needs to go. Huge cities as centres of employment dependent on long commutes are unsustainable dinosaurs. They need to be dealt with by converting some of the property to housing so those who want to live and work in a city can do so and, instead of building more homes on former business premises (AKA brownfield sites) in the surrounding areas, refurbish or rebuild those sites as business premises reachable without long commutes. It's not likely to happen without costs but, because of the unsustainably, given that it's a case of when, not if, those costs are going to have to be incurred sometime. It's arguable that it's the role of government to take the lead in that.