Here we go again, someone at Barnet Council decided to store unencrypted data about school children on CDs and USB sticks which were then stolen in a burglary and are out at large. Just another example of the incompetence that exists at every level in our public services related to the protection of data.
Firstly, the council say that the person in question has been suspended but why aren't they jailed? Why do we still not take data protection seriously. More importantly, the council says they have now blocked external drives to prevent this - why wasn't this already the case? Why, when there could be a simple 2-sided document on data protection sent to all public services in the country, was this a reactionary measure rather than a proactive one? Why do companies still assume that people can be trusted to do do something properly? People are not perfect, they do not always understand what they are doing, they sometimes act maliciously or to make their life easier so quite simply you must prevent people as far as possible being able to circumvent protection tools.
Interestingly, the data in its normal form was encrypted so the council presumably partly understood what they were doing but didn't go far enough.
"An independent review is underway". What's the point? We have enough of these already, let me give you some free very obvious advice and pass this onto the IT Services division of the Cabinet Office:
"Put together a small team of experts in IT security and decide what all public services must adhere to in terms of data security. Imagine all scenarios, lay them out, send the document to all public departments and make them follow it at pain of prosecution" Why is that so hard?
Wednesday, 31 March 2010
Monday, 22 March 2010
Friday, 19 March 2010
Amazing animation
I love music and I love animation, it still seems amazing to me (like videos used to before everyone got the kit to do it). Here is a youtube vid of a classic:
The beloved profile picture
I am finally getting to grips with something called "multi-media". I have for many moons been writing text with little design concern and wondered about doing something a little crazy so I added a profile picture. The thing is, I don't have many photos of myself since I mostly take them of other things so this is about 4 or 5 years old but I haven't changed (since I was 5) so should be fine. I might attempt a YouTube video next - yeah baby!
Thursday, 18 March 2010
Another example of government and knee-jerk
This story in the news relates the fact that Facebook and MySpace do not have a "panic button" which users can use to get to the National Online anti-Paedophile Agency and more worryingly that they are being summoned to the Home Secretary to explain why. A recent murder of a girl who met someone online has been used as the cause-celebre of this 'requirement' but AGAIN this stupid government does not understand that creating more red-tape/rules/requirements etc does not usually produce any measurable increase in protection - it just makes them look inept.
For example, the girl in question not only talked to the attacker on MSN which DOES already have the button, but the button, of course, is only useful if the person is suspicious of the attacker's activity. Presumably if she was, she wouldn't have met with the guy in the first-place so the button has almost zero value to achieve what they want to achieve. As with other attempts at protecting young people, the important thing here is education, parents talking to their children and monitoring internet usage such as having a PC in the living room rather than a bedroom. Sadly none of these will stop attacks, which if not online would be at a park or in a dark street at night etc but at least these have a genuine benefit.
As for CEOP CEO Jim Gamble saying that Facebook's policy was, "beyond logic", he needs to learn what logic means before he makes himself look like another headline grabbing but somewhat ignorant Suit.
Although Facebook and MySpace presumably could add the button, I support their objection on the grounds that it is a free country and it is a pointless exercise.
For example, the girl in question not only talked to the attacker on MSN which DOES already have the button, but the button, of course, is only useful if the person is suspicious of the attacker's activity. Presumably if she was, she wouldn't have met with the guy in the first-place so the button has almost zero value to achieve what they want to achieve. As with other attempts at protecting young people, the important thing here is education, parents talking to their children and monitoring internet usage such as having a PC in the living room rather than a bedroom. Sadly none of these will stop attacks, which if not online would be at a park or in a dark street at night etc but at least these have a genuine benefit.
As for CEOP CEO Jim Gamble saying that Facebook's policy was, "beyond logic", he needs to learn what logic means before he makes himself look like another headline grabbing but somewhat ignorant Suit.
Although Facebook and MySpace presumably could add the button, I support their objection on the grounds that it is a free country and it is a pointless exercise.
Wednesday, 10 March 2010
Self-service tills at Tesco
I had a go on these this morning, not for the first time, to buy a couple of boxes of Coke on my way to work.
"Scan to start"
OK, scanned the two boxes and pressed "Finish and Pay"
Then pressed Add Coupon and get a lovely loud message in the quiet morning supermarket, "You cannot add a coupon until you have scanned your clubcard". Nice, feel a little embarassed as all the people round me obviously think I'm a Cretan since I didn't know this. The menus are still a little all over the place because I think I had to exit, scan the card, click finish again and then add the coupon, then I have to pay again, select debit card etc. All-in-all a little too slow for my liking. Why not be able to scan whatever I want, whenever I want and then when I want to pay it can say, "please scan your clubcard" if I need to. This way it is all nice and simple and quick.
Think I will stick with the normal tills.
"Scan to start"
OK, scanned the two boxes and pressed "Finish and Pay"
Then pressed Add Coupon and get a lovely loud message in the quiet morning supermarket, "You cannot add a coupon until you have scanned your clubcard". Nice, feel a little embarassed as all the people round me obviously think I'm a Cretan since I didn't know this. The menus are still a little all over the place because I think I had to exit, scan the card, click finish again and then add the coupon, then I have to pay again, select debit card etc. All-in-all a little too slow for my liking. Why not be able to scan whatever I want, whenever I want and then when I want to pay it can say, "please scan your clubcard" if I need to. This way it is all nice and simple and quick.
Think I will stick with the normal tills.
Tuesday, 2 March 2010
Well is it law or not?
I was trying to find out a few things today. 1) Whether I am allowed to do gas work in my own house and 2) Whether electrical bonds were necessary across boilers.
Simple questions you would agree but the answers are not simple. The reason I wondered about 1 was that previously I had seen a legal statement saying, "If you carry out gas work for gain.." which implies (quite rightly) that someone doing it as a job must be registered, however, a friend of mine, a gas fitter/plumber, said that now you have to be provably competent to do the work anywhere at any time. A simple search of Google and I found my answers to question 1) Definitely, maybe, sometimes and never and 2) Definitely, sometimes, never. In other words nobody really knows.
Why is this a problem? Well two reasons for me. The first is that depending on the answers, particularly to the first, I might have to shell out £300 for a tradesman which I don't have and secondly it shows the complete irony that in the information age, we lack the ability to distill what is truth from what is opinion. Maybe the truth is not obvious, maybe a document is down to interpretation but what can you do if the people who need to know (like council/gas inspectors/electrical inspectors) don't actually know themselves? How can someone tell me that I must bond a boiler when they don't know the reason just because they have a badge and that's what they've always done. I realised that the problem with sites like Gas Safe which run the gas scheme use words like "Should". You do not use the word "Should" for legal requirements, you use the word "Must". Read the Highway Code (not a bad doc as it happens) and you will see a distinction between you "must obey a police officer's directions" because it is law and "you should use dipped headlights when it is raining" which is not in itself a legal requirement.
If only it was as simple as applying extra weight to the opinions of trained or qualified personnel, however as was clear from my questions, this didn't add much to the quality of the answers. A plumber might have been trained to do something without knowing why so to them, "you must" whereas a pragmatist might completely ignore the law and say, "do it yourself".
At the end of the day, you can try to a certain point to follow the law but if that law is obscured (sometimes deliberately by tradesmen!) I think that is a reasonable defence should legal action be taken against you. As long as you do it all properly of course!
Simple questions you would agree but the answers are not simple. The reason I wondered about 1 was that previously I had seen a legal statement saying, "If you carry out gas work for gain.." which implies (quite rightly) that someone doing it as a job must be registered, however, a friend of mine, a gas fitter/plumber, said that now you have to be provably competent to do the work anywhere at any time. A simple search of Google and I found my answers to question 1) Definitely, maybe, sometimes and never and 2) Definitely, sometimes, never. In other words nobody really knows.
Why is this a problem? Well two reasons for me. The first is that depending on the answers, particularly to the first, I might have to shell out £300 for a tradesman which I don't have and secondly it shows the complete irony that in the information age, we lack the ability to distill what is truth from what is opinion. Maybe the truth is not obvious, maybe a document is down to interpretation but what can you do if the people who need to know (like council/gas inspectors/electrical inspectors) don't actually know themselves? How can someone tell me that I must bond a boiler when they don't know the reason just because they have a badge and that's what they've always done. I realised that the problem with sites like Gas Safe which run the gas scheme use words like "Should". You do not use the word "Should" for legal requirements, you use the word "Must". Read the Highway Code (not a bad doc as it happens) and you will see a distinction between you "must obey a police officer's directions" because it is law and "you should use dipped headlights when it is raining" which is not in itself a legal requirement.
If only it was as simple as applying extra weight to the opinions of trained or qualified personnel, however as was clear from my questions, this didn't add much to the quality of the answers. A plumber might have been trained to do something without knowing why so to them, "you must" whereas a pragmatist might completely ignore the law and say, "do it yourself".
At the end of the day, you can try to a certain point to follow the law but if that law is obscured (sometimes deliberately by tradesmen!) I think that is a reasonable defence should legal action be taken against you. As long as you do it all properly of course!
Subscribe to:
Posts (Atom)