Re: How is Fujitsu not in the dock?
"doesn't have the option of buggering off to Israel to escape justice."
I'm sure other places are available.
33045 publicly visible posts • joined 16 Jun 2014
"And despite this being public knowledge and in the press for years, it takes a TV drama to actually get something done?"
Knowledge of a very limited public, I'm afraid, and for that part of the public that might have done something about it, it probably looked too much like hard work.
"Anything you try to make Fujitsu pay would have to have been in a contract with them or they'll just wriggle out of it "
If their staff were giving evidence that they knew was wrong then they might find such wriggling harder than you might think and they might wish.
"Appalling ignorance by the judges"
The judges can only go by what evidence was presented to them. If they're presented with biased expert witness on one side and none on the other that's what they have to go on. To an extent if they think something needs clarification they might question a witness but they don't have previous careers as Sysadmins to know that that would need clarification. They may well, along the way, have picked up knowledge of police procedures, criminal MOs, even (regrettably rarely IME) forensic science and have a typical users knowledge of PCs but not ystem administration
I'm labouring under the experience of having spent about a third of my working life in the 70s & 80s as a forensic scientist. I am probably even more appalled than you at that case and struggle to understand how it could have even got to court. I can only report my own experience but I think everyone I knew - colleagues, police and medical examiners - as well as myself were well aware of the difficulties involved in allegations of sexual assaults, the possibilities of miscarriages of justice in one direction or the other and anxious to avoid them. Personally I think the stress of that job affects me to this day.
Possibly the DPP/CPS are less aware and are sometimes under political (and even less aware) pressure to increase conviction rates as measured against complaints. I can only think of one case in my career where the local DPP's office seemed to have had a rush of blood to the head despite the police having located an eye-witness who demolished the complainant's story; the case was dealt with by the Crown counsel calling the witness but then handing proceedings straight over to the defence to take her evidence.
However whataboutery gets us nowhere.
This wasn't just one scandal, it was a whole stack:
1. The initial PO/RM prosecutions. I don't know if the problems were known from the start but it's clear that prosecutions continued when it was known.
2. That PO/RM didn't. of their own initiative, promptly seek to get the early convictions quashed as unsafe, once they became aware of Horizon's errors, including those where there were guilty pleas and drop all pending cases.
3. That when Fujitsu realised that there were problems and that PO/RM were conducting cases on faulty evidence they didn't alert defendants and make defence witnesses available.
4. That PO/RM didn't, on their own initiative, promptly seek to compensate those convicted, awaiting trial and who had paid to settle without prosecution.
5. That, when it became publicly known that Horizon was in error and that PO/RM had been carrying out prosecutions knowing that, the Ministry of Justice or any other official body didn't step in to get the convictions quahed as unsafe.
6, That, when it became publicly known that Horizon was in error and that PO/RM had been carrying out prosecutions knowing that, no official body stepped in to insist that PO/RM compensate those convicted, awaiting trial and who had paid to settle without prosecution.
7. That, when it became clear that PO/RM had been prosecuting cases knowing that their evidence was faulty, that prima facie cases of false prosecution and/or perjury were not investigated with dispatch and, where appropriate, prosecuted, possibly related to ...
8. That in place of 7 the government's attitude seems to have been that it preferred a public enquiry with not powers to prosecute
9. That, as those who have followed the saga of the public enquiry elsewhere will be aware, the enquiry has been appallingly dragged out by delays in making evidence available.
Justice delayed is justice denied.
The most chilling phrase in that report was "as standard". If they were to take a leaf out of the BMW script and make it pay to unlock it wouldn't be a problem. The same applies to all the rest of this S/W junk in cars.
I wonder if any of them will grok that there's real money to be made by a subscription to lock it instead.
"I think trying to weasel out of responsibilities with 'well, it's a project, not a product' is terribly convenient"
My classification into products and projects is simply an observation of what's out there. If you want an every-day workable FOSS system for web browsing, writing books or whatever it exists with S/W with the polish that entitles it to be regarded as much a product as an equivalent that's not free in either sense of the word.
If you want something that provides the Windows platform that might be regarded as a product (and I know there'll be substantial disagreement that it can be so regarded) then you have to go with what Microsoft provides under their terms. Nobody said FOSS has to provide you with that.
I think the GPL vs BSD argument is a distraction. In practice a Linux distro will include stuff with a wide variety of licences including GPLs 2 & 3 as well as BSD and others. From the point of the typical end user this makes no difference at all. The restrictions of GPL only apply to those distributing modified versions and they are not typical end users.
I do agree to quite an extent with the polish aspect. My thinking about this goes back the Chapter 1 of TMMM and Brooks' discussion of what is and isn't a product explained in this diagram this diagram Some development teams are content to stay in the top left corner but others do indeed produce a product. Those would include LibreOffice and various browsers and email clients. Add to that short list the tools you'd find in, say KDE - Dolphin (file management), Okular (PDF viewer), Kate/KWrite (simple text editor), Gwenview (image viewer), digiKam (image collection management) etc. - and you'll satisfy a lot of users and I'd rate all those as products. I don't think their developers can have considered raising them to that level as a thankless task, nor as one that doesn't involve solving interesting problems.
You also have to remember that there is not a single user audience to be pleased. Kate and vi, for example, are aimed at very different user demands for text editors (and even nvi and vim set out to meet somewhat different sets of expectations). The Kate user will undoubtedly find the vi experience stark and the vi user will find Kate bloated but both are nevertheless right for their respective users.
AFAICS your real gripes were with Wine and that is one I'd marked off as a project rather a product long ago; your comments suggest it still is although I think it has to be conceded that trying to recreate Microsoft's tar pit without getting caught in it will never be easy.
No suspended sentences for the CEO. Actual jail time. And why should the CEO be doing it on behalf of the directors. The directors can share the cell. As to shareholders - just whose money do you think is being used to pay ransoms? It's the shareholders. And as far too many seem to forget the shareholders are ultimately the holders of pensions, private and corporate, and of life insurance policies etc. They're you and me. We are the victims in these crimes.
And don't lose track of the fact that the object isn't really to strengthen the corporate defences although that would be a useful side effect, nor to punish CEOs or boards for being hit. It's to cut off ransomware by stopping it being worthwhile for the perpetrators.
At the moment we have a feedback loop.
1. Ransomware generates profits because businesses pay.
2.. Businesses pay because they get hit with ransomware and there's nothing stopping them.
3. That makes ransomware profitable so go to 1.
That feedback loop needs to be broken. From my past career I'd love to see that done by going after the criminals but in practice the most accessible place to stop it by removing that second term in the 'because' clause in 2. And without ransomware the shareholders get a better deal. You're forgetting that the ransom doesn't get conjured up out of thin air. It's the shareholders' money that gets paid.
It's not a question of punishing the CEO for letting ransomware in. It's punishing the CEO for paying a ransom. If the ransoms aren't going to get paid where's the motive for demanding them? A CEO who wants to protect their back and the company can ensure he or she is doing their best to run a tight ship although once the message gets through that ransomware's day has gone because there's no benefit to be gained from it then both back and company are better protected anyway.
"Nothing would please me more than investors/shareholders/stakeholders getting a kick in the bollocks"
You do realise, don't you, that this might include you via your pension fund?
"Ah yes because criminals are the moral type who will simply give up! God this is all so STUPID."
Do you think they're in it for a hobby?
And how are orgs going to find someone ready to go to prison for paying a ransom? It wouldn't be a case of calling for volunteers from the ranks. It would be defined to be the absolute top tiers of management and preferably the board would be included in that.
And while the CEO may not be directly to blame that's where the organisation's culture starts. If the CEO fails to appoint managers who take sufficient interest in security then it's ultimately their fault. However the CEO needs the board's backing so directors must expect to stand alongside the CEO in the dock.
It's probably not on the syllabus so the teachers don't know how to use it. It was very striking that after KCL had its big outage and lost goodness knows how much stuff they got all arsey about people saving stuff locally. I suppose it didn't look good if users were doing a better job about looking after their work then IT did.
I looked at your "very relevant link".
It's basically argumentative, not authoritative, in that it's almost the sort of thing that a defence lawyer might argue before a judge. Almost, because it would normally be supported by citations from cases that provide precedent. It would also be subject to arguments in rebuttal by the other side. In the end it would only carry weight if a judge agreed with it - and that would include falling for the notion of equating a record player with an ML training set. And outside the US it would fail at the words "First amendment".
"because they do have, legally, access to the images"
What T&Cs apply to that access. You may be legally allowed to view the image nd nothing else. You may not be legally allowed to copy and paste into some other work. You may not be legally allowed to scrape it into a ML training set.
"I wonder how many artists could define their own style?"
Why should they be able to? The answer would be along the lines of Louis Armstong's definition of jazz. I doubt that even the most successful human forgers would actually define in much detail the style of those they imitate, they just paint like them.
I think you may have missed the point of a ban. If it's illegal, and the ban reasonably well enforced, there's no reward for the attacker and no point in attacking.
Remember the point of bank robbery? Banks are where the money is. If banks had no money they wouldn't get robbed.
"Musk's bonfire of the staff means the new owner only needs to add back the costs they need without being burdened with the old corporate excesses of the listed Twitter."
It would be burdened by the law suits for all the old unsettled bills - or has he been paying them off in the interim?