Posts by logicalextreme

Re: Theft of data

Different orgs for different purposes. Theft and hacking would be the home office, fraud the SFO. This is about the legal (well, lawful I guess) obligations to secure personal data.

I'll analogise with cars (even though I hate them) because they seem to resonate with people. If you leave your car with valet parking and they leave the keys in it and it gets nicked by a third party, you'd likely pursue a civil claim against the parking operators. A crime was also committed, but if the plod catches the thief and the parking operator keeps leaving the keys in vehicles, not much gets better. Ideally you go after both with the appropriate organisations — no idea what chasing the perps would fall under in this case but probably Computer Misuse Act or some later addition if domestic.

That's the idea behind the ICO and such bodies and the associated laws and regs anyway. They're pretty crap when they meet reality. In the realm of the Internet at least you need PCI/DSS accreditation if you're going to be processing card data in any way, and you're at risk of having your accreditation revoked for an audit failure unless you're big enough to buy them off. That's a sidenote, but I can tell you that PCI/DSS teaches you to protect and freak out about 16-digit numbers.

There's a similar culture in healthcare about NHS numbers even though they can't directly identify much about someone (YMMV on how strongly people feel about this — I've worked for third party providers that guard them like gold, seen data sharing agreements with the NHS advising similarly, but OTOH have a local phlebotomy service, entirely understand the NHS, that wants you to email your NHS number plus other details to them to book a blood test; the alternative being a phone number that they only answer for a five-minute interval each time the moon is in waxing gibbous).

Re: Almost caused an accident due to music

Ahaha — I did similar things when I was in charge of an ex's MP3 player. There was a particular song that we had had recommended to us and both hated, so next time I loaded new stuff into the player I threw it on there for good measure. Once the trickery was discovered I protested innocence, planting several copies throughout the filesystem on the subsequent loadout. That obviously got detected pretty quickly (i.e. within the next commute or two), so next was a fallow period before I resurrected the joke when they wanted a newly-released album loading on — this time replacing a track in the middle of the album with the detested one, but changing the id3 tags for it so it looked legit.

After that pretty much all I had left before it got really old was to splice bits of the thing into a few existing tracks, tags intact…

"People who moan at the council about the streets being full of litter; not stopping to think that it is people who drop litter, not the council”

Life is a PBR

Re: Twitter?

that Godwinned quickly

Re: No servers

Same. Not worth the bother of trying to resolve conflicts for me. I sign up on the device with my RW copy and if I'm not near it I wait till I am. On the vanishingly rare occasion I do have to sign up for something somewhere else I'll set it to something I can remember (or sling it in an encrypted file on my phone) and change it when I add it to the RW copy later. Signup email stays in my inbox till that's done.

It also helps that I trust signing up and logging in from a phone way less than I do a desktop.

Re: First bus?

I could never figure out what they were spending all the ticket revenue on, their tickets could be easily three or four times the price of Finglands or even Stagecoach for a similar-length journey. Guessing they're capped at £2 for now

The sink thing has really started to get to me some days, when I'm doing the washing up. Makes me feel a part of my lower back that I'm usually completely unaware of. Something I'll address in the hilariously unlikely event that I can ever purchase my own home!

Absolutely with you on the chairs with armrests too…can't imagine anyone of any height using them comfortably in conjunction with a desk.

Re: Why does it even look in a link for commands?

I think what's actually being described is an agent shoving sensitive data into a URL, the preview functionality of the chat service hitting that URL, and the badnik controlling the URL's endpoint harvesting the sensitive data just from the URL being hit (could be in the path or the querystring; the URL wouldn't even have to return 2xx or indeed anything).

I don't see it as a massively "new" attack vector because I'd assume that an LLM chat agent up to shenanigans would already have internet access and be able to shit any data you e given it out to whoever it was asked to…

Re: Novelty?

Well yes, the output might end up making sense of being correct. If it ended up being used for AI Overview on Google I'd then have to go back to checking actual sources for information — as it stands at the moment I can get the correct answer to my queries by scanning the AI Overview and inferring the pole opposite of whatever it says.

Re: Lost for words

It irks me no end that I've now worked for (and been made redundant from) two healthcare software providers that thought they were doing God's own work WRT data security in scraping through the paltry audits that came their way, but at a previous (easy-going) employer we could regularly be in lockdown-investigative-battlestations mode because something that might have looked like a credit card number had popped up in a temp file or memory somewhere, overwhelmingly false positives.

PCI/DSS is, or was at the time, paranoid enough to get infosec at least partially correct. Healthcare in its current state from what I've seen is a free-for-all with a lot of sound and fury slapped on the top of it and labelled "secure".

Or my personal least favourite — opening behind all other windows and subsequently showing up at the very last position of the task switcher.

High DPI can still be a mess too.

Done that the once. Was my own deployment script, written and tested and safe, full ROLLBACK in case of things going amiss.

I was so confident of it I left it running and went on my lunch break. Came back to find chaos. I don't remember all the details now, but we'd been working with an offshore team whose code I'd plugged into mine as it had been peer-reviewed and approved. Turned out that it fell over because "Germany" isn't the name of a language and my code had a hard-coded list in it with no failsafe. Very much tail between legs for me, though it taught me to anticipate absolutely anything in your "sanitised" datasets. When we looked closer at the other values for language names that the outsourced team had shipped, we also found "DenMark" and "Janpanese". ¯⁠\⁠_⁠(⁠ツ⁠)⁠_⁠/⁠¯

Oh man don't get me started. I've had to field the same repetitive email queries as above — and I can't say for sure, but I suspect that automated report emails are significantly more likely to fall afoul of filters/rules, regardless of whether the recipient is the one who asked for the report in the first place. Ended up scripting something to pull all the "server accepted mail" IDs for a given report just so I could wave the bastards away quicker.

But in addition to that at one place I had to spend every single BST changeover explaining to the finance department why there was an hour's worth of sales missing from the reports and trying to explain how 0100 becomes 0200 without any seismic shift in the spacetime continuum. Also had to deal with the head of commerce at the same place throwing a wobbly with me about the fact that years don't all have 364 days with the weeks neatly numbered from 1 to 52. A week 53 was "just not acceptable" but every week had to have exactly 7 days. Literally threw something on the desk near me to express how unhelpful she thought I was being by explaining all standard week-numbering systems to her.

What is love?

Baby don't hurt me

Re: We said this was going to happen mere weeks ago

Aye. One that works and it used right is a good idea (though I think it should have a physical piece to it). The idea of an ID isn't the problem, it's the asinine Act that's been passed.

I'm in the process of being evicted and my local authority wants me to send proof of ID by email — if that's the only way they can accept it then they're not getting my passport but rather my provisional driving license that expired 10 years ago. In a world where a safe state-operated digital ID existed I could perhaps satisfy them with a simple key exchange.

Re: I doubt it'll happen

Windows 8 was still reporting itself as 6, but at least 7 and 8 had the balls to increment the major revision numbers.

Re: Google is just like Trump

Apple, Meta, TwiXter and Samsung.

and …

Re: When More of the Same Leads to Madness, Anything SMARTR is a Great "In The Beginning"

I'm having a bad day/year but seeing that you're still around and commenting makes it a little better.

Yup, that's the way I read it too. And for me it doesn't follow that you should therefore use MS.

Re: Fix the regional settings would help

I don't even touch the regional settings in the Control Panel anymore. It doesn't offer the e.g. formatting options I want for dates and times. I manage it all via the Registry, though the item names make about as much sense as you'd expect them to.

Re: Meanwhile, us introverts...

I wouldn't criticise AC's parenting style. Aaaa's older brothers Lorem and Ipsum are brick shithouses

Re: Hijacked

Oh I'm so absolutely fed up of the context menu key disappearing from various places the past few years. I'm already used to mapping that to something unused, though I've noticed doing so can sometimes make the resultant context menu appear in a slightly different place on-screen to where it would have otherwise. Laptops have been bad for removing the key for ages, but the keyboard that I bought recently also had nothing mapped to it and I had to poach one of the unused "option" keys to get a keycap that made any sort of sense for it.

Re: Something definitely to be really worried about, Mein Herr Parnes .....

Aha, got to "Unusual Singularity" before realising it was you. Glad to see you're still around, amanFromMars1.

Re: Pro tip for DELETE queries

Plot twist: bigtable_backup_todaysdate never got dropped. See also _copy, _temp, _deleteme

Re: Colo(u)r picker

Aye, or Instant Eyedropper as I used to use before PowerToys existed. It's crackers that you'd have it as a browser extension and give it access to various gubbins from the browser process(es). Makes you wonder if there's people installing browser extensions to tell them e.g. how much free disk space they have.

Cause they were twats.

Re: Moses?

Tablets, malware, I don't know where to begin

Re: Dragon cute

It's verbose, but not nearly unhinged enough.

Re: The Gartner write up is bollocks

Same with Snowflake. It's like using old MySQL with the default storage engines — it'll happily let you declare all sorts of essential constraints and then promptly (and silently) ignore them. Cue reams more code if you want to do even the most basic checks on incoming data.

They do offer something called "hybrid tables" which are essentially rowstore rather than columnar and offer a smattering of RI, but they're not really the point of Snowflake AFAICT and they're mysteriously not available in Azure. Like, at all. ¯⁠\⁠_⁠(⁠ツ⁠)⁠_⁠/⁠¯

Re: Alarmist?

I'm excited for this. I have a ThinkPad that I need to get over to Mint when I get the SSD upgraded; I'd settled into Win10 under duress but its time has come. I'm expecting to like one of the desktops Mint provides more than anything else, but used to use Kubuntu as my daily driver back when Windows 8 was trying to break everything (I do love configurability and a bit of transluscence). If they play this right they could turn the tables — I got onto KDE and Linux as a desktop through word of mouth back then; if they can get this manifesto out well then I have a reasonable chance of getting off Win11 at work!

Re: Correction

devmgmt.msc feels like home

Agreed, though I think in this case there's going to be a lot of rekeying the data from the last attempt to create a single health record's project management system into the latest attempt's project management system. And the data from the last attempt was in turn rekeyed from the attempt before that, and that in turn…

No elephant icon but you get the idea.

Re: There are alternatives.

Oh and WRT companies having their own stores on Amazon and eBay — a lot of them already do; some see it as "multi-channel" and some even end up closing down their self-run points of sale. I worked for a bricks-and-mortar entertainment (e.g. CDs, DVDs) retailer back in the day and by the time I left the company (2004 or 2005 I think) they were making most of their money selling things on Amazon Marketplace and eBay, because the overheads were lower and they could even sell the products for a higher price as customers assumed the eBay or Amazon price "must" be the cheapest.

As a mildly amusing aside, when I interviewed for my final job in their head office I got to eavesdrop on a meeting between the Accessories buyer and a supplier that was happening in reception due to lack of meeting space, wherein I discovered that the relaunched Chewits we had inexplicably been told to display in boxes at all the tills were in fact the highest-margin item in the company. ¯⁠\⁠_⁠(⁠ツ⁠)⁠_⁠/⁠¯

My personal trouble with it is that I refuse to use Amazon to the point that I've found manufacturers who literally only sell through Amazon and abandoned any hope of obtaining their wares. It must be a good business model for some as I always get in touch with them to ask if there's any way I can buy their stuff and the answer's always no. eBay I can live with though the interface is even worse than Amazon's.

Yep, I've been complaining about it for years. The default storage engines for MariaDB and afaik MySQL now support RI out of the box, but the damage was already done. You can't move these days for code-first stuff with questionable ORMs, attempts to hamfist everything with document databases and the resultant loss of any semblance of truth that goes along with it.

I know the most about SQL Server and it's a very competent RDBMS but I'd always advocate for Postgres based on license cost, love of FOSS and general de-MICROS~1ification.

The thirteenth Duke of Wybourne? With my reputation?!