Posts by Matthew Poole
Last ←Newer Page 1 2 3 4 5 Older→ First
-
Hard News: The Righteous Humour, in reply to
he orates as he thinks
Unlike some aspiring leaders closer to home who unfortunately do the reverse.
Or some leaders closer to home, who do only the former because the latter is apparently outside their remit.
-
There's been call for a Constitutional Convention, which is the mechanism by which the entire Constitution could be redeveloped, but I don't think it's got too far. There are people who recognise that the entire system is broken, but their voices haven't yet reached a critical mass.
-
watch the whole episode
I love the auto-captioner. "Legalised" became "legal ides". And I'm only three minutes in.
-
Hard News: The Righteous Humour, in reply to
Wow. That's some serious fucked-up kind of crazy. Total lack of perspective.
That said, there's something special about libertarian types. I know someone who stood as a candidate for the Libz last year, and we got into a debate on FB the other day about tax. He said tax is extortion, which is standard libertarian fare, and went on to posit that because it's extortion one has a moral duty to avoid paying. OK, fine, but what if we get to a mythical state called Libertopia where the state only provides defence of the law and defence of the realm, both of which he accepted must be paid for from taxation. Would it be a moral duty to avoid paying tax in Libertopia? I never did get an answer. So someone with some standing as a libertarian cannot muster a coherent argument about taxation without delving into logical inconsistencies that are acceptable to them only because they understand, at least subconsciously, that their ideals will never be realised.
-
There's also this beautiful piece from Rachel Maddow:
The bit about getting the best ideas from the competition between the sides needs to be hammered into a lot of tribal voters who are unwilling to countenance the possibility of any valid idea originating from a party other than "their" party.
-
Has anyone been sufficiently brave/masochistic to go into the Kiwi Blergh thread and see the response of the usual suspects to their socialist demon stealing the Presidency for the second time? I'm just not in the mood for bile-seasoned venom with a side of fanaticism.
-
Computer terminals used for 13 years by job seekers at Work and Income offices had the same security flaw as the self-service kiosks at the centre of the major privacy breach at Winz.
But they're still quite certain there's been no privacy breach.
-
OnPoint: #WTFMSD: "Damning", in reply to
It’s more likely that the online records are backed up with the system data, rather than the reason for the backup of the system data
Which is what I was trying to say. They have to backup anything vaguely classified as records, and they have to backup systems. Since logs will fall into one of those categories over a short term, and it's much easier to develop a backup retention policy to support the most anal requirements that apply to your situation, the logs will almost certainly be available for much longer than just however long they're left sitting on a hard drive. And that's regardless of whether the logs themselves fall under the ambit of the PRA.
-
OnPoint: #WTFMSD: "Damning", in reply to
In practice, do all departments keep all network log files as if they’re records under the Public Records Act? They probably should for certain kinds of information able to be logged, but short of being prompted to think about it, I could imagine a situation where IT staff aren’t thinking in terms of the Public Records Act while Records staff don’t realise the information even exists, and are more focused on the obvious information used by the department is treated as records.
I wouldn't consider them to be public records, but my observation was more that it's generally easier to have a single backup retention policy for the entire organisational network than to split things up based on information servers vs management servers. The logs are very likely to be backed up as part of the backup of the server on which they reside, based on whatever the internal backup policies are, and then held for the necessary period to comply with the PRA.
-
OK. I've skimmed the Deloitte report with some degree of thoroughness. I think it is reasonable to conclude that there was no mass transfer of data in the same manner was was done by Keith, based on what's in the report. The requirements of the Public Records Act 2005 make it certain that there will be long-term backups available, and network logs take up so little space when compressed that trying to keep them out is just not worth the effort. Hell, it's entirely possible that the logs back to the installation of the kiosks are still on hard disk. Recovering them and checking for bulk transfers could easily have been accomplished in the time since Keith went noseying.
That said, there's still no certainty that there hasn't been a wider compromise of the MSD network. There's no audit trail, as confirmed by the report, there are only logs that will identify connections and transfers of data. Even if there were an audit trail it would still be unlikely to deliver up the identity of a miscreant. It is very unlikely that widespread compromise has happened, given that there's apparently no evidence of bulk data transfers (and most people inclined to take serious advantage of this vulnerability would be more likely to want data than access), but it's not impossible. What is impossible is saying so for certain without complete examination of every computer on the network; or "nuking from orbit".