There's nothing intrinsically wrong with using DVDs as the media; remember the old saying about the bandwidth of a lorryload of tapes. If they were full DVDs, that's - what - 12Gb of data? Not something you want to send over a typical WAN link unless you really have to. It's the lack of controls around the process of getting that particular data onto a disk, unencrypted, then into an uncontrolled insecure internal courier system.
From what the Chancellor said in his statement, the Chair of the Revenue approached him some time ago and said he accepted full responsibility and tendered his resignation. That is highly honourable in my book, it'd be by no means impossible for him to have argued that it was a junior official, blah blah. He has correctly assumed responsibility for the organisation allowing a junior member of staff to (a) read, and (b) export or save that data.
It makes me worry about who else has access to which servers containing all the other masses of government data. I know the way that a temporary short-cut in an emergency situation as a one-off timesaver can be the thin end of the wedge leading to really, really bad practices being accepted as completely normal, "just the way we do things" or "what I was told to do" or "yes, we know it stinks, but what can you do?"
Enlighten me please, I thought I knew basic economics and I certainly thought it was "taxpayers money". What other sources of income has the government got? (Yes-yes, bonds and whatnot, but those bits of paper only have value because they're worth more than their face value. Where does the interest or dividend or whatever it's called come from, or rather where does the Treasury get it from?)
I understand that tax doesn't get paid into a single large government bank account, from which they have removed this money. Ultimately it derives from the government's control of some fraction of economic activity in the country, which surely makes it *our* money?
They can just 'print' it of course but that's just devaluing the currency currently in circulation. I agree the use of per-capita figures is somewhat misleading, but it's a useful way to put some sort of scale on it that makes sense to the human mind. (Another way that it's about as much as the defence budget, which I find more useful.)
Am I right to surmise that's another American expression with which I am unfamiliar, roughly equivalent to the contemporary British colloquial usage "twat" or "arsehole"?
That's just the (obvious) tip of the iceberg. The real question is how was one person able to "download" (export) the entire contents of the database? Do the phrases "access control", "separation of privileges", "log reviews", "business rules", "sanity checks", and dare I say "access entitlement review" mean anything at all over there?!
(Obviously not yet... but I suspect a whole lot of ISOification, COBITisation and ITILement will heading their way real... soon... now. I wouldn't wish that on my worst enemy! (Yes, I speak from experience... you see these scars here? Statement of Applicability. Oh, those ones? That's from our ISMS Review Process. *shudder* )
It wasn't the government, it was HMRC Her Majesty's Revenue and Customs - for the constitutionally challenged, this is a non-political part of the apparatus of the state. Secondly, Darling's commons statement (which I watched) included the minor detail that it's 25 million, not 15 million.
Speaking as a security professional, this is fantastic news. I seriously doubt anyone's data is really at risk (the discs are almost certainly down the back of the metaphorical sofa, not in the hands of Dr Evil.) However it's the sort of incident that wakes people up to the importance of encryption of PID, of having policies, of educating staff on those policies,.. (the latter always seems to get forgotten for some reason.) Anyway, whilst this is undoubtedly a horrible blunder, I must salute the head of HMRC for resigning; and point out that it's nonsensical to blame the political party who happens to be in office at the time the fuck-up comes to light.
It's not going to help,a hrf="http://www.no2id.org">ID cards, either:)
I love this story, it's been popping up every now & then ever since my first accepted Slashdot submission on the topic more than five years ago... it's really very interesting, even if (as seems likely) it turns out the be a missing factor or inaccurate measurement somewhere, rather than a Whole New Physics[tm].
Even the crappy POSIX-compliant NT ACL model is far superior to the standard unix WRX model. No, before you start, as it happens I loathe Microsoft in particular (and proprietary vendors in general) and use Free software wherever possible even when it's technically inferior -- as is the case with filesystem permissions, where Linux has been behind Windows since NT 3.51, 1993 IIRC. Yes I know about the various security add-ons and kernel mods, grsec, SELinux, blah blah. Doesn't change a thing.
Netware was also better in this respect whilst it was still in mainstream use, despite being more of a runtime system than a real OS.
To the best of my knowledge there's no such thing as "U.N. climate models". The IPCC , which is a UN sponsored organisation, exists to draw together, collate, evaluate and present other studies - the work done in the field over the previous five years, in fact.
I had a crack in the engine block of my old 1989 Toyota Celica. The car was beaten up, and wouldn't accelerate quickly. In city traffic, I had a hard time breaking 35 miles an hour. I didn't want to invest any more money in the car, and so let it die peacefully of old age while looking around at Camaros.
Heh! I'm currently driving a 1988 Nissan Bluebird... MoT's due next month (an annual inspection of the condition of the basics for safety - dunno what the US equiv is called.) I managed to spin out and smack the verge the other day, so I've just got it back from the garage who found a buckled wheel, switched it for the spare, rebalanced and realigned all four wheels and it's as good as new again. There's no CD player, but central locking, electric windows, sunroof... and I can do something with it that non of my co-workers can do with their two year old BMWs and fancy Audis and whatnot - I physically boot it, not worry about getting minor scratches on the paintwork, polishing the damn thing every weekend, etc etc. It was a pretty bland vehicle in it's day, the epitome of the souless tin-can (an 'Econo-Box'?) but now that it's fairly rare, and given it's reputation for being the wheels of choice of the late middle-aged or retired types, it certainly stands out in the staff carpark. Cost me £400 almost three years ago, in which time I've done 40,000 miles in it.
I always prided myself on not being a sad petrolhead, have I now become that which I despised??! Oh, the horror!
Anyway - out of interest - would it have cost you huge lawyer fees to contest the ticket in court? If so, that sucks.
I dimly remember studying this strategy as a psychology undergrad, 20 years ago. IIRC it was first noticed in the field of sales (particular, salesmen (they were always men in the 50s.)) As a sales technique it was called "high-balling". You start by pitching an absurdly high price. The potential buyer recoils in horror. The salesdroid then starts hacking huge amounts off the price, until the seller believes the deal is a fantastic bargain - ching ching, sale made, for significantly more than the actual market price.
IIRC, the stategy was then found to be more general than that and used in lots of different situations. So, when the UK govt "allows" itself to be argued backffrom mandatory ID cards for everyone immediately, civil liberties activists and opposing politicians and so on tend to view it as a victory and relax - now the cards won't be mandatory... it's just that when you get a passport, all your data goes into the new ID card database. Say it rapidly and you'd hardly notice it amounts to the same thing in the long run.
Jesus christ, another cheese-brained smart-arse who thinks he knows it all. Listen son, I suggest you go hide in a hole somewhere for a couple of years with a few texts on commodity economics, because quite obviously you know FUCK ALL about it.
my 295hp car just got 28 mpg on a 3 hour trip today, in 1978 that car would have gotten about 6-12mp
Oh please, come on, stop living up to your sterotype... our car got 30-35 miles/gallon back in the late 70s. Is America _really_ that insanely selfish that people boast about "achieving" does dire fuel consumption rates? I can't believe that. Tell me you're taking the piss, please...
Word. (My first machine was a ZX Spectrum, the successor to the ZX81. It had *drumroll please* colours! *EIGHT* (count'em) colours! And an astonishing _16K_ of RAM! And it consumed me in a way I didn't understand until I encountered the phrase "larval phase" in the Hacker's Dictionary. (Alas my family didn't understand it either; with an Aunt who'd gone thru' Imperial College in the 60s, I was told politely but firmly that I wasn't good enough at maths to even dream of a career in computers, and that I should stop wasting my time with it - indeed my father used to burst into the room and tear out the power lead without giving me a chance to save work in progress:/
A couple of years later the PC was completely ascendent; the cover of PC World showed beige box after beige box,month after month, and the excitement was gone. (When I started reading it, there would be a different shaped machine on the cover of every issue, and each one usually came with it's own OS (or rather, 'run time system', as they weren't really true OSes.) The Atari ST was the last attempt to make a machine that could play games and provide a friendly introduction to some sort of programming. Then came the Megadrive and the Gameboy, and the rest was history, until someone told me about Linux and the Internet in 1992/3... (Update - I now have a mindblowingly fun, and *almost* glamorous (well, as glamorous as any IT profession gets) job that I really enjoy. I knew those long hours cracking Sabre Wulf first in my school would pay off eventually:)
I'm sorry, but if you care at all about the security of your site, you don't use PHP. It's that simple. (Disclaimer - I'm in security but come from a web development background. (No, not ASP - actual programming, as opposed to gluing together components in a paint-by-numbers style.)
Rats don't think because they don't have to, here in the UK anyway. They operate on the taxi-rank prinicple, i.e., they are compelled to take the first client who knocks on their door.
There is an expression in Japan that says "The nail that sticks out must be hammered down!"
"sleep can't hide the thoughts splitting through my mind / shadows aren't clean, false mirrors too many people awake / if you stand up like a nail then you will be knocked down / I've been too honest with myself, I should have lied like everybody else"
-'Faster', Manic Street Preachers (1994)
>It is based on Google for normal search but you can
>add extra panels and having it use diffferent vehichles.
>
Gosh, pluggable search-engine modules, what an innovative idea. Someone should tell Apple or the Firefox people about this, perhaps they could implement it on the client. Then your choice of search engines would be entirely up to the user, rather than being selected from a range pre-picked from selected partners of the search site...
Slashdot Mirror
There's nothing intrinsically wrong with using DVDs as the media; remember the old saying about the bandwidth of a lorryload of tapes. If they were full DVDs, that's - what - 12Gb of data? Not something you want to send over a typical WAN link unless you really have to. It's the lack of controls around the process of getting that particular data onto a disk, unencrypted, then into an uncontrolled insecure internal courier system.
It makes me worry about who else has access to which servers containing all the other masses of government data. I know the way that a temporary short-cut in an emergency situation as a one-off timesaver can be the thin end of the wedge leading to really, really bad practices being accepted as completely normal, "just the way we do things" or "what I was told to do" or "yes, we know it stinks, but what can you do?"
I understand that tax doesn't get paid into a single large government bank account, from which they have removed this money. Ultimately it derives from the government's control of some fraction of economic activity in the country, which surely makes it *our* money?
They can just 'print' it of course but that's just devaluing the currency currently in circulation. I agree the use of per-capita figures is somewhat misleading, but it's a useful way to put some sort of scale on it that makes sense to the human mind. (Another way that it's about as much as the defence budget, which I find more useful.)
Am I right to surmise that's another American expression with which I am unfamiliar, roughly equivalent to the contemporary British colloquial usage "twat" or "arsehole"?
yeah, they think "out of band" is what happened to Brian Jones and Roger Waters...
(Obviously not yet... but I suspect a whole lot of ISOification, COBITisation and ITILement will heading their way real... soon... now. I wouldn't wish that on my worst enemy! (Yes, I speak from experience... you see these scars here? Statement of Applicability. Oh, those ones? That's from our ISMS Review Process. *shudder* )
No, it's complete nonsense. What, the govt is going to shut down the economy? Do me a favour.
Speaking as a security professional, this is fantastic news. I seriously doubt anyone's data is really at risk (the discs are almost certainly down the back of the metaphorical sofa, not in the hands of Dr Evil.) However it's the sort of incident that wakes people up to the importance of encryption of PID, of having policies, of educating staff on those policies,.. (the latter always seems to get forgotten for some reason.) Anyway, whilst this is undoubtedly a horrible blunder, I must salute the head of HMRC for resigning; and point out that it's nonsensical to blame the political party who happens to be in office at the time the fuck-up comes to light.
It's not going to help ,a hrf="http://www.no2id.org">ID cards, either :)
I love this story, it's been popping up every now & then ever since my first accepted Slashdot submission on the topic more than five years ago... it's really very interesting, even if (as seems likely) it turns out the be a missing factor or inaccurate measurement somewhere, rather than a Whole New Physics[tm].
Netware was also better in this respect whilst it was still in mainstream use, despite being more of a runtime system than a real OS.
To the best of my knowledge there's no such thing as "U.N. climate models". The IPCC , which is a UN sponsored organisation, exists to draw together, collate, evaluate and present other studies - the work done in the field over the previous five years, in fact.
Nice free advertising on Slashdot. Any chance of equal exposure for some competing sources?
What the fuck is this doing on Slashdot?
Heh! I'm currently driving a 19 88 Nissan Bluebird... MoT's due next month (an annual inspection of the condition of the basics for safety - dunno what the US equiv is called.) I managed to spin out and smack the verge the other day, so I've just got it back from the garage who found a buckled wheel, switched it for the spare, rebalanced and realigned all four wheels and it's as good as new again. There's no CD player, but central locking, electric windows, sunroof... and I can do something with it that non of my co-workers can do with their two year old BMWs and fancy Audis and whatnot - I physically boot it, not worry about getting minor scratches on the paintwork, polishing the damn thing every weekend, etc etc. It was a pretty bland vehicle in it's day, the epitome of the souless tin-can (an 'Econo-Box'?) but now that it's fairly rare, and given it's reputation for being the wheels of choice of the late middle-aged or retired types, it certainly stands out in the staff carpark. Cost me £400 almost three years ago, in which time I've done 40,000 miles in it.
I always prided myself on not being a sad petrolhead, have I now become that which I despised??! Oh, the horror!
Anyway - out of interest - would it have cost you huge lawyer fees to contest the ticket in court? If so, that sucks.
IIRC, the stategy was then found to be more general than that and used in lots of different situations. So, when the UK govt "allows" itself to be argued backffrom mandatory ID cards for everyone immediately, civil liberties activists and opposing politicians and so on tend to view it as a victory and relax - now the cards won't be mandatory... it's just that when you get a passport, all your data goes into the new ID card database. Say it rapidly and you'd hardly notice it amounts to the same thing in the long run.
Jesus christ, another cheese-brained smart-arse who thinks he knows it all. Listen son, I suggest you go hide in a hole somewhere for a couple of years with a few texts on commodity economics, because quite obviously you know FUCK ALL about it.
Oh please, come on, stop living up to your sterotype... our car got 30-35 miles/gallon back in the late 70s. Is America _really_ that insanely selfish that people boast about "achieving" does dire fuel consumption rates? I can't believe that. Tell me you're taking the piss, please...
Word. (My first machine was a ZX Spectrum, the successor to the ZX81. It had *drumroll please* colours! *EIGHT* (count'em) colours! And an astonishing _16K_ of RAM! And it consumed me in a way I didn't understand until I encountered the phrase "larval phase" in the Hacker's Dictionary. (Alas my family didn't understand it either; with an Aunt who'd gone thru' Imperial College in the 60s, I was told politely but firmly that I wasn't good enough at maths to even dream of a career in computers, and that I should stop wasting my time with it - indeed my father used to burst into the room and tear out the power lead without giving me a chance to save work in progress :/
A couple of years later the PC was completely ascendent; the cover of PC World showed beige box after beige box,month after month, and the excitement was gone. (When I started reading it, there would be a different shaped machine on the cover of every issue, and each one usually came with it's own OS (or rather, 'run time system', as they weren't really true OSes.) The Atari ST was the last attempt to make a machine that could play games and provide a friendly introduction to some sort of programming. Then came the Megadrive and the Gameboy, and the rest was history, until someone told me about Linux and the Internet in 1992/3... (Update - I now have a mindblowingly fun, and *almost* glamorous (well, as glamorous as any IT profession gets) job that I really enjoy. I knew those long hours cracking Sabre Wulf first in my school would pay off eventually :)
I'm sorry, but if you care at all about the security of your site, you don't use PHP. It's that simple. (Disclaimer - I'm in security but come from a web development background. (No, not ASP - actual programming, as opposed to gluing together components in a paint-by-numbers style.)
Just a little spot on Monday morning humour...
> Changi, a POW camp run by the Japanese during WWII,.. Changi's a famous jail in Singapore. AFAIK it's still there. http://www.google.co.uk/search?hl=en&q=Changi%20ja il%20Singapore&meta=
>add extra panels and having it use diffferent vehichles.
>
Gosh, pluggable search-engine modules, what an innovative idea. Someone should tell Apple or the Firefox people about this, perhaps they could implement it on the client. Then your choice of search engines would be entirely up to the user, rather than being selected from a range pre-picked from selected partners of the search site...
Midichlorians